
ansomware is the top cybersecurity threat to businesses today—and it is expanding at an alarming rate. In 2020, Alaska reported a record number of complaints about ransomware and other cybercrimes to the FBI’s Internet Crime Complaint Center (IC3). On a per-person basis, Alaska recently ranked as one of the country’s least secure states, according to Todd Clark, president of DenaliTEK and Cybersecure Alaska. “Per capita, Alaska had more cybercrimes reported in both 2018 and 2019 than any other state in America,” he says. “Alaska was 4th least secure in both 2020 and 2021.”
DenaliTEX | Cybersecure Alaska
Alaska Business Archives
In the past few years, cyberattacks in Alaska have trespassed a variety of entities: Ravn Alaska, the formerly-named Alaska Department of Health and Social Services, the Alaska Court System, the Matanuska-Susitna Borough, and the city of Valdez. As a preemptive move, the Alaska Division of Banking and Securities recently urged financial institutions and industries to monitor current events in Ukraine and Europe. “Events could pose significant cybersecurity risks for the US financial sector,” the alert said.
A ransomware infection can wreak havoc on victims, causing extensive business interruption losses, legal expenses, and reputational damage. The average cost of a ransomware breach was $4.62 million in 2021, according to IBM’s “Cost of a Data Breach 2021” report. That figure does not include the ransom payment, which represents only 15 percent of the total cost of an attack.
“By 2025, cybercriminals are expected to take home over $10 trillion,” says Keri Parsons, security culture and engagement manager at GCI. “These are not your teenage hackers hanging out in mom’s basement, rocking a dark hoodie, and drinking excessive amounts of energy drinks. Today’s adversaries are organized criminals, operating with nation-state backing and their own ‘call centers’ of employees. Many are becoming household names, like CONTI or REvil, but that isn’t their ultimate goal. Ideally, they want to make as much money as quickly as possible.”
With ransomware, that potential risk comes from all angles. Parsons explains: “Did you properly back up your data? Is it redundant? What happens if it is disclosed to anyone and everyone in the world? Can your business function and continue to operate without access to it for a week? A month? A year? How can you verify the accuracy and completeness of it once it is returned? Or, worst-case scenario, you never get the data back. Ever. Every organization needs to consider these real threats brought on by ransomware.”
GCI
President
DenaliTEK and Cybersecure Alaska
Virtually all ransomware attacks today are “double-extortion” scams that demand a ransom to unlock data and return exfiltrated or stolen data, according to IBM Security X-Force’s 2022 Threat Intelligence Index. Ransomware perpetrators used to launch malware and collect the ransom payment, and that would be the end of the attack, Clark says. Now they are apt to steal personally identifiable information and other data—to commit additional extortion later—and then ransom the system for an immediate payoff. However, so many companies today are prepared with backups and can avoid paying a ransom that cybercriminals are threatening to publicly expose the stolen data on the internet.
That’s exactly what happened with Australian health insurance provider Medibank. Unidentified hackers stole the health records of millions of Medibank customers in October and then released them on the dark web in November after the company refused to pay the ransom. The disclosed data also included personal information such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers, and passport numbers.
As another trend, there has also been an increase in attackers targeting service providers with ransomware, according to Cindy Christopher, director of managed IT product and sales for Alaska Communications. “Let’s say it’s a smart home device, which disables the service for end-user customers,” she explains. “The attackers contact the service provider’s customers saying, ‘We’ll restore your service if the provider pays the ransom.’ This type of attack is extremely devastating to your business reputation and would be hard to recover from.”
As a positive trend, Clark Logan, vice president of the nonprofit ArcticShield, is seeing a growing sense of urgency to spread the word—both in Alaska and nationally—about ransomware. “To give some insight, ransomware as a whole has been around since 1989, and only now in 2022 are we seeing this larger uptick in response and preparedness,” he says.
Clark launched Cybersecure Alaska to enhance cybersecurity awareness among business decision makers. The nonprofit organization is also working with lawmakers to foster some type of “safe harbor” legislation—as a growing number of other states have done—that would protect Alaska businesses that implement a cybersecurity plan. “Cybersecure Alaska envisions Alaska becoming the most cybersecure business community in America by 2026,” he says.
ArcticShield, which has a similar vision, also strives to help Alaska organizations circumvent cyberattacks. “ArcticShield aims to build and foster a thriving cyber-community where varied professionals from all backgrounds (technical and non-technical), as well as businesses of all sizes, can come together in unity to prevent and recover from not only the myriad of ransomware attacks but the entire gamut of cyber-related threats to the greater goal of educating and bolstering critical infrastructure,” Logan says. “We ourselves can run a thorough analysis of your infrastructure as a business owner in a simulated attack and report on where you have vulnerabilities while coaching/advising on best practices to help pave a path to success.”
ArcticShield
If ransomware does strike, Logan says, the best strategy for victims is not to pay the ransom. Instead, they should follow these basic steps:
Step 2: Contact their IT professional if one is available; otherwise, do the next step.
Step 3: Identify the domain controller and all attacked machines one by one and revert to the “gold” backup image. If no backup is available, reinstall the operating system.
Security Culture and Engagement Manager
GCI
It takes an average of twenty-two days to recover from a ransomware attack, according to global cybersecurity solutions provider Sophos. Businesses can take steps prior to a breach that can greatly improve their response, says Christopher. For example, companies should have an incident response plan that outlines response and recovery steps, and the executive leadership or business owner should understand the details of the plan.
Organizations should also think about business continuity. “Recovering from an attack can be a lengthy process,” Christopher says. “Your plan should outline how you’ll continue to conduct business and serve your customers or community during this time.”
Security Culture and Engagement Manager
GCI
Parsons agrees. She encourages companies to check with their legal team to see when and what they can share following a security breach. They should get in the mindset that law enforcement and the FBI are real assets when it comes to a ransomware attack. And, if they haven’t already done so, they should set up their data for offline backups. “And then don’t just leave it there,” she says. “Practice and test the restoral process to guarantee you can recover your systems when the time comes. So many organizations skip this step and discover at the worst possible moment that their data is somehow inaccessible.”
Alaska Communications
Also in October, the US Small Business Administration (SBA) held its first-ever Small Business Cyber Summit, which featured cybersecurity experts sharing best practices and practical defensive tools. During the virtual event, Microsoft Vice Chair and President Brad Smith urged people to employ multi-factor authentication, software updates, and cloud-based security solutions. He also advised business owners to rely on a local IT partner, instead of trying to tackle all the requirements of cybersecurity on their own.
Christopher concurs. “Your business needs an expert who does this for a living, and it’s not always feasible for small businesses to hire and maintain internal IT staff,” she says. “That’s why many benefit from working with a trusted partner who can put together a solution that meets your needs and budget.”
When selecting a provider, companies should look for a partner who understands their business and industry. “The more invested your partner is in your business, the better the outcome,” Christopher says. “In addition to being a trusted partner for security services, we recommend a third-party security audit at least once per year. Audits are a very important and worthwhile investment.”
Logan reminds all business owners that, as the decision makers, the responsibility for cybersecurity—thus the risk—ultimately falls upon them, not their third-party cybersecurity service provider. “As such, train yourselves and invest in your own knowledge.”
To enhance their knowledge, business owners and others can access free ransomware resources from the CISA (cisa.gov and stopransomware.gov), US Small Business Administration (sba.gov), and Global Cyber Alliance (globalcyberalliance.org).