Protect your IT infrastructure from ransomware attacks

Properly safeguarding against ransomware strikes has never been more critical. In 2020 alone, the prevalence of ransomware attacks in the U.S. skyrocketed by 109 percent, according to the 2020 SonicWall Cyber Threat Report costing businesses more than $75 billion a year, part of which is attributed downtime expenses.

Experts attribute the rapid and dramatic increase of threats to the massive influx of home-based employees resulting from the COVID-19 pandemic.  In this new hyper distributed IT environment, the threats are everywhere and should not be ignored. With increasingly savvy and opportunistic attackers out in full force, you need every possible advantage to ensure your organization is properly protected, including your power infrastructure. 

Discover how power infrastructure represents a potential point of entry for ransomware attacks and the measures that can be implemented to keep cyber criminals from invading your systems.

If you’re wondering why your uninterruptible power systems (UPSs) and other critical power infrastructure need to be cybersecure, consider this: in 2013, attackers used a vulnerability in a Target HVAC unit to steal data on 40 million debit and credit cards belonging to customers of the retail giant. 

While many companies hadn’t previously considered power infrastructure as a potential point of vulnerability, the Target hack underscored the importance of safeguarding UPS systems, power distribution and cooling systems against these determined threat actors. As hackers continually attempt to overcome the cybersecurity mitigations businesses are putting in place, organizations must ensure that there is no point of access for malicious hackers through their connectivity products.

The first UPS connectivity device to meet the UL 2900-1 cybersecurity standard, the Eaton Gigabit Network Card (NETWORK-M2) safeguards against possible ransomware attacks, transforming an Eaton UPS into an enterprise IoT device with a focus on cybersecurity.  

By default, only essential services run on the network card and all communication is encrypted and certificate-based. The firmware itself is encrypted, preventing attackers from analyzing its structure. Even more, the firmware file is signed, making it impossible to apply altered or corrupted versions of the firmware to the card. For an additional security measure, access to the network card requires authorization credentials and all users are assigned role-based permissions based on their required level of access.

Eaton continually evaluates ongoing information security threats and security patches to the network card and firmware is released in a timely manner to ensure protection. The cybersecurity health of a business is only as strong as its weakest device and the Gigabit Network Card will be one of the strongest links in the chain of protection.

Successful organizations not only utilize the previously discussed mitigations to prevent becoming a victim of ransomware, but also have a comprehensive business continuity plan in place.

Follow these key steps to protect your organization:

1. Make sure that files are regularly backed up. In some cases, this simple process will allow victims to recover their data at no cost.
   
   It is possible that ransomware attackers will attempt to coerce a company to pay the ransom by threatening to publicly release sensitive information.
   
   
2.  Always encrypt your data to prevent attackers from gaining this type of leverage.
   
   
3. Maintain a copy of backups in a separate location that is isolated from your network as a last line of defense.

• IPM installs easily on Windows operating systems
  Automatically discovering and monitoring common power infrastructure and IT equipment and integrating natively with common virtual environments such as Nutanix vSphere and HyperV.
  
• Works in conjunction with an UPS and PDU
  Working in conjunction with a UPS and/or power distribution unit (PDU), IPM can trigger specific actions on a customized schedule. IPM has the capability to gracefully shut down the replication server, making it completely inaccessible during normally idle time periods.
• Completely isolating the replication server
  IPM can completely isolate the replication server from the rest of the network by gracefully shutting down the connecting network switch. When it is time to begin the replication job, IPM will automatically restart the network switch and replication server by cycling the PDU outlets that provide power to these devices.
• Ensures that data backups remain safe during a power outage
  IPM can also ensure that the data backups on the replication server remain safe during a power outage by gracefully shutting down the replication server when the UPS batteries reach a predetermined threshold. 

Eaton understands that today's customers require a multi-pronged approach to cybersecurity in order to minimize the threat of operational downtime, data loss, and impacts on lifecycle costs and brand reputation. Because cybersecurity incidents can cripple an organization in minutes, customers need suppliers who are willing and able to provide evidence that the products they sell comply with industry cybersecurity standards. Visit Eaton’s Cybersecurity Center of Excellence for details on Eaton’s approach to cybersecurity standards.

While ransomware attacks are a mounting threat across every business landscape, they are especially risky to small- and medium-sized organizations who tend to have smaller security budgets and less IT personnel/expertise. By deploying simple measures, companies can effectively safeguard their IT infrastructure against these expensive and detrimental attacks.