As 2019 comes to a close, the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) would like to focus on this year’s top story — ransomware — which resulted in major operational disruptions and financial impacts for businesses and organizations throughout the US and New Jersey. State and local governments, healthcare institutions, and managed service providers and their clients were prime targets throughout 2019, with many small and medium-sized businesses irrevocably damaged by ransomware incidents. The number of ransomware incidents affecting NJ organizations and businesses reported to the NJCCIC this past year has increased, as has the sophistication of the attack methods used and the ransoms demanded. Developments in the tactics used by threat actors are forcing victims that would choose not to pay the ransom to consider the implications of their organization being publicly named and their data being released if they do not pay. In 2019, the most prevalent ransomware variants were Ryuk, Sodinokibi, Maze, and Buran, with the average ransom demand increasing from $12,762 in quarter one to $41,198 in quarter three. The NJCCIC advises organizations and businesses to reduce the potential impact of a ransomware incident by establishing a comprehensive data backup plan that includes having multiple copies stored off the network in a separate and secure location and tested regularly. We highly encourage the encryption of sensitive data at rest and in transit to reduce the likelihood that a cyber-criminal could publicly release stolen data. Additionally, users and administrators are advised to follow cybersecurity best practices to reduce their risk of a ransomware infection. The following resources can assist New Jersey businesses, organizations, and private citizens in safeguarding their networks and data:
NJCCIC
Ransomware: Risk Mitigation Strategies
Ransomware Threat Profile
Mitigating the Risk of Malware Infections
Supply Chain Security
Cybersecurity Best Practices
Statewide Information Security Manual
MS-ISAC
Security Primer – Ransomware
Security Primer – General Security Recommendations
Want to Keep Your Data? Back It Up!
US-CERT
Data Backup Options
