The Ransomware Menace
Ransomware is a concern across all industries. High-profile attacks make headlines and cause substantial disruptions. The reason these attacks are successful is often inadequate monitoring and a broad attack surface. Many organizations fail to implement best practices such as multi-factor authentication (MFA), change management, and proper access controls. This lack of stringent security measures makes it easy for attackers to use social engineering to walk in through the front door, gain a foothold, and deploy ransomware.
Take the example of MGM Resorts, which faced a massive ransomware attack in September 2023 that led to MAJOR operational disruptions. MGM’s ordeal began when hackers used social engineering to trick the company’s tech support into granting them network access. The attackers posed as legitimate employees, using stolen and harvested information to convince support staff to reset passwords and grant access. Once inside, the attackers breached system after system due to improper security configurations, too much privilege, unpatched systems and many more security missteps. Once their beachhead was established, the hackers demanded a ransom of $30 million dollars or they would launch a full-scale ransomware attack. MGM opted to not pay the ransom at which point the attackers kept their promise and launched the attack against MGM’s network. MGM had no choice but to take its systems offline to contain the scope of the attack and opted to rebuild its IT environment.
This breach resulted in MGM’s systems being offline for weeks, during which time guests experienced delayed check-ins, non-functional slot machines, and manual cash payouts by pit bosses. This attack ultimately cost the entertainment giant over 130 million dollars. Their competitor, Caesars, faced a similar attack a week earlier and chose a different approach, reportedly paying $15 million to the attackers to prevent their customer data from being leaked.
Similarly, the Los Angeles Unified School District (LAUSD) experienced a ransomware attack in 2022 that compromised sensitive student data, causing widespread panic and necessitating costly mitigation efforts. Change Healthcare, a major healthcare technology company, also fell victim to ransomware, highlighting the vulnerabilities in the healthcare sector’s digital infrastructure.
In all of these examples, the organization lacked the proper resilience plan, experience, and infrastructure to ensure it could continue its business operations in the face of digital disruption. Unplugging systems as a reaction to such attacks is not a sustainable strategy. Instead, organizations need to adopt a proactive approach to cybersecurity, involving continuous real-time monitoring, robust access controls, and stringent adherence to security best practices. By doing so, they can minimize the attack surface and enhance their ability to detect and respond to threats effectively and ensure business continuity.
