Ransomware Means Nonprofits Need to Protect Themselves
By Russell Greenwald

Russell Greenwald 2020
Russell Greenwald
Nonprofits, like organizations everywhere, are increasingly at risk of ransomware attacks on their essential electronic systems, and while these attacks can cripple organizations, there are active measures that you can take to protect your organization #147; and the sooner the better.

In 2019 alone, more than 140 local governments, healthcare providers, and nonprofit organizations reported falling victim to ransomware cyber-attacks. This includes the city of New Bedford which avoided paying a $5.3 million ransom by recovering their data from backups over a period of days, or the Athol police department, which was attacked on July 3rd last year and was shut down for 24 hours. They are still recovering months later.

What exactly is ransomware? It’s a type of malicious software, or malware, that threatens to publish the victim’s private data, or deny access to a computer system or data until a ransom is paid.

There are two typical ways people fall victim to this kind of scheme: they click on a “bad” link on a website or contained in an email message addressed to them, which immediately installs a virus on their device; or, hackers gain access to a user’s credentials and encrypt the data themselves. Generally, the only way to regain access to your files is either to pay a ransom or restore your files from backup drives that are housed elsewhere.

How Hackers Gain Access to Your System

The best way to protect your systems is to stay vigilant. It pays to know what techniques hackers are likely to employ and to keep on top of any new techniques being used to harm organizations like yours. Some hacking schemes include:
  • Using phishing emails. Phishing emails are emails sent by hackers that look like they’re from familiar sources, like your internal HR department, with the intention of getting personal information, such as bank account information.

  • Using brute-force. In this approach, an attacker tries many passwords or passphrases with the hope of eventually guessing correctly when attacking servers that are externally exposed, such as remote desktop/terminal servers, email servers, and web servers.

  • Trying credentials from another breach. It is possible your email and password have previously been exposed in breaches on other servers, such as your email providers or financial advisors. If you often use the same details for a variety of different platforms, hackers can potentially access all of them.

  • Targeting older systems. Nonprofits may be especially vulnerable as tight budgets may limit their ability to rapidly roll out updates to their platforms.

  • Tricking staff. Hackers entice users to click on bad links that install ransomware on their system.

What You Can Do to Protect Your Organization

As well as knowing what to look out for, there are some basic steps that you or your IT department can take today to ensure you’re as safe as you can be:
  • Require multi-factor authentication on all accounts in your organization. This is the single best way to protect your organization because even if hackers get working passwords, they won’t get in without the second authentication source.

  • Put all externally exposed systems, except servers meant to be available like webservers, behind a virtual private network (VPN.) Any externally exposed servers should be on a segregated network.

  • Ensure all accounts with remote access have a lockout and adhere to a password complexity policy to protect against brute-force attacks.

  • Ensure you are running updates on a regular basis on all your systems. Most exploits target vulnerabilities that have already been patched in recent updates.

  • Ensure you have offsite backups that are secured with a separate account. There have been instances where hackers have deleted backups as part of their ransomware attacks, making it impossible to restore access without paying. Consistently back up your files offsite, where hackers can’t find them.
  • This gives you the peace of mind that you have a failsafe if locked out.

  • Use a cloud-based file sharing tool such as Dropbox, Google Drive, or Box, which has the option of rolling back your files and folders to a specific point in time. That way, with a simple phone call you can restore your files as they were right before you were attacked.

  • Educate staff and your organization on what can be done to be more vigilant.
The most effective, least expensive way to combat malware is to take action before a possible attack. We recommend that organizations assess, identify and mitigate risks associated with ransomware and other potential threats to their computer and electronic systems on a regular basis.

Russell Greenwald is vice president of Insource Services , which provides expert solutions in finance, human resources, and technology, and focuses on the specialized needs of nonprofits. Contact him by phone at (781) 235-1490 or email insource@insourceservices.com.

February 2020