Colorado AG Warns Ransomware Could Have 'Disastrous Consequences' For Small Businesses

(CBS4) - The recent ransomware attack on software provider Kaseya served as a wake up call for many small businesses. Companies in more than a dozen countries found their data encrypted before the Fourth of July holiday weekend, in the single largest ransomware spree in history.

On Thursday, Colorado Attorney General Phil Weiser urged local businesses to review their data security practices.

"What the Kaseya attack has reinforced is that no institution is insulated from these attacks," said Weiser. "Any mistake by an employee—whether providing access to a contractor of critical information or clicking on a link that exposes a critical IT system can have disastrous consequences."

Nearly three weeks after the cyberattack, Kaseya announced it obtained a universal decryption key through a third party. In a statement on Monday, the company said it did not pay a $70 million ransom demand from REvil, a Russia-linked ransomware operation.

REvil was also behind the cyberattack in May that halted operations at more than a dozen JBS meatpacking plants, including the company's North American headquarters in Greeley. JBS confirmed it paid the cybercriminals $11 million in Bitcoin.

REvil has since vanished from the dark web and it's still unclear how Kaseya got ahold of the decryption key.

In May, President Joe Biden signed an executive order aimed at improving the nation's cybersecurity. The order includes the following recommendations and best practices to reduce the risk of a cyberattack:

• Multifactor authentication, because passwords alone are routinely compromised
• Endpoint detection and response to hunt for malicious activity on a network and block it
• Encryption, so if data is stolen, it is unusable
• A skilled, empowered security team to patch rapidly

Attorney General Weiser recommends that companies in Colorado mandate security training for employees. In addition, companies are encouraged to create an incident response plan, segment their OT and IT networks, regularly backup data, test the backups and keep them offline. Companies can also hire a third-party expert to test the security of their systems.

Despite these best practices, security experts warn that more action is needed in order to increase the risk for cybercriminals while decreasing their return on investment.

"Cybersecurity is hard. Organizations need to get it right 100% of the time, while threat actors only need for them to make a mistake once," explained Brett Callow, threat analyst at cybersecurity firm Emsisoft. "Working with other governments and using diplomatic and political leverage to disincentivize cybercrime need to be a part of the package too and, thankfully, we do seem to be seeing a stronger response from government."

Cybersecurity Guidance and Resources:

• U.S. Cybersecurity & Infrastructure Security Agency (CISA)
• Federal Bureau of Investigation (FBI)
• National Institute of Standards and Technology (NIST)

Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or Secret Service Field Office. You can also file a report online through the Internet Crime Complaint Center.