News and Music Discovery
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Cyber Bytes: How to Respond to a Cyber Attack

Lock icon over background of HTML code
Tracy Ross and Dr. Michael Ramage discuss how to respond to a cyber security attack in the first installment of Sounds Good's new series, "Cyber Bytes."

Sounds Good presents a new recurring series, "Cyber Bytes," featuring the director of Murray State's Cyber Education and Research Center, Dr. Michael Ramage. In the first installment of "Cyber Bytes," Tracy Ross speaks with Ramage about how small businesses should respond to cyber attacks.

Ramage begins by explaining that while many individuals think of cyberattacks happening on a personal level, they're often much broader. "Russia or a cybercriminal don't really care about me or you. If they could take down our electrical grid, mess up Kentucky Dam, mess up TVA or a chemical plant—critical infrastructure is what that's called." Ramage says that cybercriminals are more likely to target this infrastructure with directed attacks.

On an individual level, cyber-attacks are usually limited to ransomware. "[Ransomware] is increasing year over year anyway," Ramage explains, "but it's increased even more since the beginning of the Russia-Ukraine conflict."

Ramage explains that Russia is losing revenue due to international restrictions and sanctions. Cybercriminals are turning to ransomware attacks to make up for lost revenue. Because of the global scale of revenue loss, many ransomware costs are increasing.

"The average price of a ransomware attack has gone up to a few hundred thousand dollars. $400,000 is what one study showed not too long ago. The official guidance from the federal government is don't pay."

"If you are going to pay," Ramage continues, "just like if you go to a car dealership, don't pay sticker price. Don't pay the original ransom, either. This is a business. A car dealer would rather sell you the car for $1,000 less and get the sale. Same way with ransomware. They would rather lower that asking price and you pay than you not pay at all."

"Now, the recommendation is to get a trusted negotiator—an expert that has been dealing with these ransomware attacks to help your business negotiate down that ransom," Ramage says.

Small business owners will know they are victims of a ransomware attack because there will likely be a message on their computer screen that "tells you your information has been encrypted and you need to pay using this website. Usually, it's with Bitcoin or some cryptocurrency," Ramage explains.

"The first thing you should do is isolate the system or networks that have been infected. If you're an average user and you don't have administrative privilege to your network, then you don't have permission to access other things. It's only going to encrypt your computer. If you log on as the administrator and you have the rights to connect to all these other computers and servers, then it may encrypt everything on that network. It's going to encrypt everything it can get permission to encrypt, including your backups."

Ramage says the second piece—"and this is really important"—is looking for potential data breaches. "Nowadays, there are more and more companies that are starting to not pay the ransom that now, the bad guy has started to try to do something else. If they think there's a chance you're not going to pay the ransom, they'll steal some data first and then hit your system with ransomware."

"If you get infected with ransomware, and you just clean up after the incident, you may still have lost confidential information and don't know it. You need to make sure you can find out if any data was exfiltrated. If you're a small business owner, you may not be able to do that on your own. You may need to bring in an expert to do that."

This begs the question, Ramage says, "how did they get in? The most popular way into your network is by clicking a link in an email or opening a file, or going to a website you shouldn't. Phishing is still the way most bad actors are getting into your network. If they got in through you clicking a link and they installed something, if you decrypt or you restore from backups, that installed item may still be there. So, you're not really helping the situation."

"I hope even as a small business, you have an incident response plan," Ramage concludes. "The reason that plan is important is because if you're having a bad day at work and things seem to be spiraling out of control, things are almost in a fog. That's what's going to happen on that day. You're going to be in that fog, and you're going to start doing this and perhaps making a bad decision and making the situation even worse. Having that ahead of time is going to help."

For more information on MSU's Cyber Education and Research Center, visit its website.

Listen to the full interview here:

Michael Ramage - Cyber Bytes episode one - Responding to a cyber attack.mp3
Tracy Ross speaks with Dr. Michael Ramage about how to respond to a cyber-attack.

Tracy started working for WKMS in 1994 while attending Murray State University. After receiving his Bachelors and Masters degrees from MSU he was hired as Operations/Web/Sports Director in 2000. Tracy hosted All Things Considered from 2004-2012 and has served as host/producer of several music shows including Cafe Jazz, and Jazz Horizons. In 2001, Tracy revived Beyond The Edge, a legacy alternative music program that had been on hiatus for several years. Tracy was named Program Director in 2011 and created the midday music and conversation program Sounds Good in 2012 which he hosts Monday-Thursday. Tracy lives in Murray with his wife, son and daughter.
Melanie Davis-McAfee graduated from Murray State University in 2018 with a BA in Music Business. She has been working for WKMS as a Music and Operations Assistant since 2017. Melanie hosts the late-night alternative show Alien Lanes, Fridays at 11 pm with co-host Tim Peyton. She also produces Rick Nance's Kitchen Sink and Datebook and writes Sounds Good stories for the web.
Related Content