Repelling A Ransomware Attack: Therese Schachner of VPN Brains On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

A willingness to learn: Cybersecurity is constantly evolving, so having a career in cybersecurity generally requires staying updated on the latest vulnerabilities and advances in the field. In order to provide clients with useful advice, cybersecurity consultants need an updated knowledge about cybersecurity trends and best practices.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Therese Schachner.

Therese is a cybersecurity consultant at VPN Brains who is also working on her MS in Computer Engineering at Northwestern University. She has experience in software engineering through internships and research roles in several labs at Northwestern University.

https://www.vpnbrains.com/

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I had an interest in computers, technology, and engineering from a young age. I enjoyed my computer science courses in high school, which encouraged me to pursue Computer Science and Computer Engineering in college, as well as take courses and conduct research in cybersecurity.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

During my final project for a digital forensics course I took in college, I did an analysis of a corporate system that had been compromised due to malware. Over the course of this project, I realized the severity of the attack, which put customers at the risk of credit card fraud and resulted in financial losses and reputation damage for the company. I then became motivated to do what I can to help prevent these attacks by pursuing a cybersecurity role. There’s so much potential to positively impact everyday people through involvement in the cybersecurity field, whether it’s by discovering new vulnerabilities as a penetration tester, advising clients in cybersecurity trends and best practices as a cybersecurity consultant, or doing any other work in cybersecurity that ultimately results in the protection of digital security and privacy.

Can you share the most interesting story that happened to you since you began this fascinating career?

One time I was on an airplane and opened my computer to work on a cybersecurity project during my flight. (In retrospect, this definitely sounds like a bad idea, but I didn’t think too much of it at the time.) This project involved using the terminal window on my computer to run some commands. After a few minutes, I noticed a few nervous glances from some of the passengers seated near me. I then realized that the terminal window can appear to be a hacker-like interface to people who aren’t familiar with computer programming, cybersecurity, or related fields. Since I could tell that some people were assuming the worst that could happen, and I didn’t want to make them concerned, I put my computer away and waited until after I arrived at my destination to continue working on my project.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

1. A willingness to learn: Cybersecurity is constantly evolving, so having a career in cybersecurity generally requires staying updated on the latest vulnerabilities and advances in the field. In order to provide clients with useful advice, cybersecurity consultants need an updated knowledge about cybersecurity trends and best practices.
2. Creative thinking: Out-of-the-box thinking is useful for cybersecurity professionals such as penetration testers and digital forensics consultants. For example, white hat hacking requires thinking of innovative ways to compromise a system given the limited information and resources you have available and the many constraints you may have due to security measures that are already in place.
3. Team player: Finding and patching vulnerabilities, determining how to build secure digital systems, and analyzing compromised systems often involves collaboration. When multiple people work together on these tasks, they can leverage one another’s skillsets and ideas to come up with innovative solutions. As a result, working effectively in cybersecurity often entails being a responsible team member who communicates well with the rest of the team and contributes to a productive and respectful environment in which team members feel comfortable sharing their ideas.

Are you working on any exciting new projects now? How do you think that will help people?

I am working on a project for my MS in Computer Engineering in which I am helping to create a tool that allows users to configure Docker containers in a secure manner, using the least privileges necessary. This tool has the potential to prevent attackers from escalating their privileges inside Docker containers, escaping from these containers, deploying malware, and engaging in other malicious activity. Therefore, we anticipate that this tool will prove useful for safeguarding against cyberattacks.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

As a cybersecurity consultant, I stay up to date on the latest trends in cybersecurity so that I can communicate information about how these attacks are executed and how they can be prevented and mitigated. Since there have been several high-profile ransomware attacks recently, much of the research I conduct and information I communicate relates to how ransomware attacks are conducted, the impacts they have, and how to respond to them.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. Can you tell our readers about the different forms of ransomware attacks?

The two most common types of ransomware are crypto ransomware and locker ransomware. Crypto ransomware encrypts victims’ files and data, denying the victims meaningful access to these files. Attackers claim that the files can be unencrypted, allowing the victim to access them again, if the victim pays the ransom. Locker ransomware prevents victims from using their targeted computers almost entirely. Victims of locker ransomware often can’t do anything on their compromised computers, except for paying the ransom in hopes that the attackers will restore access to the computers’ functionalities and files.

Who has to be most concerned about a ransomware attack? Is it primarily businesses or even private individuals?

Organizations that handle sensitive data, earn high revenue, and have large numbers of clients or customers are generally among the most at risk for ransomware attacks. Large hospitals are prime targets since they have access to protected health information (PHI) and often have the ability to pay high ransoms. Supply chain companies, manufacturing companies, and utility providers are also frequently targeted because the disabling of their network infrastructure can impact millions of consumers who may not be able to receive goods and services if these companies’ operations are halted due to compromised network infrastructures. Attackers know that these types of companies have strong incentives to pay high ransoms in hopes of being able to resume their normal operations.

Who should be called first after one is aware that they are the victim of a ransomware attack? The local police? The FBI? A cybersecurity expert?

Generally, it’s a good idea to notify the FBI. The FBI can conduct an investigation to determine the identity of the attackers. If the attackers are discovered, there’s a possibility that the victim could regain access to their computers and their data without needing to pay the ransom. If the victim was targeted by a ransomware attack impacting multiple organizations or individuals, the FBI can use the information in the victim’s report to track the spread of the attack and determine how to prevent additional systems from being affected.

If a company is made aware of a ransomware attack, what are the most important things they should do to protect themselves further, as well as protect their customers?

The company can disconnect infected computers from their network, disable remote access to these computers, and change affected passwords, which can help block attackers’ continued access to these computers.

If the attackers could have gained access to customers’ confidential data, the company should notify their customers, as is required in the United States. This will allow customers to take protective action, such as canceling affected credit cards and changing passwords that could have been leaked.

Should a victim pay the ransom? Please explain what you mean with an example or story.

This is a widely debated topic and should be determined on a case-by-case basis. The FBI advises victims not to pay the ransom because paying the ransom doesn’t guarantee that damages will be reversed, and the more often ransoms are paid, the greater the incentive will be for attackers to deploy ransomware in the future due to higher expectations of receiving ransom money. In some cases, there are better alternatives to paying the ransom, such as using free decryption tools that may restore your access to your files.

However, if essential data has been lost and there are few plausible options for regaining access to it, victims may be willing to risk paying the ransom due to the chance that their data will be restored. Businesses may also be willing to pay ransoms in hopes of avoiding long-term financial losses caused by their inability to provide adequate services to customers and clients without access to their data or computer systems.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?

One common mistake in companies’ network infrastructures is the use of network infrastructures that don’t take sufficient precautions to prevent attackers from navigating through a network after infiltrating it. Therefore, if attackers succeed in entering a network, they can conduct lateral movement, establish persistence within the network, and escalate their privileges in order to collect and exfiltrate private data. A better cybersecurity practice is to use a Zero Trust architecture, which limits attackers’ movement into and across a network through practices such as requiring frequent user authentication, restricting Internet traffic from one area of the network to another, and giving least privileged access to users on the network.

Another common cybersecurity mistake that companies make is providing insufficient employee education regarding cybersecurity best practices. If employees aren’t adequately informed about how to detect and flag phishing emails or the importance of installing updates for the software on their work computers, they may unintentionally click on phishing links or use outdated software with security vulnerabilities, giving attackers the opportunity to enter the company network and deploy ransomware.

What would you recommend for the government or for tech leaders to do to help limit the frequency and severity of these attacks?

The government and/or tech leaders can establish cybersecurity standards and/or regulations that companies can follow to help prevent attackers from gaining access to company networks to deploy ransomware. Companies can follow these guidelines to make their networks robust, secure, and more resistant to ransomware attacks.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack” and why? (Please share a story or example for each.)

1. Adopting a Zero Trust architecture: Zero Trust architectures are difficult for attackers to infiltrate and navigate; therefore, these architectures are useful for protecting companies’ data and other digital resources. If attackers do gain access to a Zero Trust architecture, moving laterally within the compromised network to achieve their goals, such as exfiltrating or destroying valuable data, will be difficult for them. Since they help stave off and mitigate cyberattacks, Zero Trust architectures can help businesses avoid losing millions of dollars due to ransomware attacks and other cybersecurity breaches.
2. Staying up to date about the latest security vulnerabilities and software updates: Ideally, security updates should be installed as soon as possible to stave off cyberattacks that exploit security vulnerabilities present in older versions of the software. In one such cyberattack, attackers exploited an Adobe Fusion directory traversal vulnerability to gain access to private files, compromise a server, and deploy Cring ransomware.
3. Using network intrusion detection systems: This is useful for detecting and averting malicious network traffic that could indicate a ransomware attack. These systems can be used for anomaly-based detection, which flags web traffic that deviates from normal activity, as well as for signature-based detection, which monitors web traffic for file hashes, byte sequences, and other indicators of ransomware attacks.
4. Using spam filters to quarantine suspicious emails: Clicking on links or attachments in phishing emails can lead to the deployment of ransomware on a system. For example, the WannaCry ransomware attack, which infected hundreds of thousands of computers around the world, was initiated through phishing emails.
5. Educating employees about cybersecurity best practices: Through employee education, businesses can teach employees how to use company computers and networks safely. With knowledge about cybersecurity guidelines such as the protocol for handling phishing emails and the importance of installing security updates, employees can help stave off ransomware attacks on their company networks.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

It would be great if we could have a large-scale movement that fights food waste. If there were strong incentives and easy ways for organizations and individuals to donate surplus or leftover food to people in need of it, we could help address world hunger and the environmental impacts of wasted food.

How can our readers further follow your work online?

They can check out my Twitter account, @MissSchachner, which has lots of cybersecurity and tech content. They can also browse the VPN Brains website to stay updated on our work, as well as useful cybersecurity and tech information.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

You’re very welcome. It was a pleasure!