The Coronavirus + Your Business

As the number of infected by the Coronavirus grows in the US, more local governments and businesses are taking action to prevent contracting the virus. Eight states, including Utah, have declared a state of emergency. Governor Herbert said about declaring a state of emergency: “Making this declaration simply opens up resources for Utahns and allows us in government to focus as seriously as possible on being prepared.”

Meanwhile Individuals are taking to the internet, preparing by doing their own research and watching Contagion (it’s okay, we did it, too) and buying face masks (even though the CDC says only the sick need to wear them). But what are businesses doing to prepare for the virus and how will it affect them?

Quarantined Consumers Versus the Internet

For businesses, the effect of the virus goes beyond employees asking for sick leave or working from home. Some companies such as Twitter, LinkedIn, and Microsoft (all together 75,000 employees working from home in the US) have already asked employees to work from home. Meetings and conferences are already being cancelled or delayed until the summer, like Rubrik Forward, which just made the decision to cancel all physical events and instead to make the conference digital. 

However, a more drastic change for businesses will be customer preferences as their customers work from home. As more customers begin to use services from home, they will be more reliant on internet services, and connectivity will become more important to them. Security incidents will be harshly critiqued, and loss of service, even for short periods of time, will be enough to convince customers to look for more stable options. 

“Businesses who are inadequately prepared won’t be able to live through cyber breaches as consumers become more dependant on reliable internet services while working from home,” says Lane Livingston, CTO of Trinsio. “Businesses need to prepare now for the shift in consumer preferences forced by the Coronavirus.”

And to add an extra challenge, as customers become more intolerant of service interruptions, scammers and spammers are taking advantage of the ignorance, misinformation, and fear of citizens. The internet has seen an increase in scams related to the Coronavirus, asking people to donate, buy supplies, or click on links to see updated lists of infected cities, etc., some even impersonating the CDC to add legitimacy to their messages. So while your customers are on you for service interruptions, malware operators are working double time to wreak havoc on your business and provide your customers with more reasons to leave. 

Steps Your Business Should Take

While problems seem to be coming at you from both sides, what can you be doing to protect your business from the consequences? Here’s five things you can do now to keep your consumers happy and the hackers at bay. 

1. Use a good spam filter. A good spam filter will prevent a lot of the malicious mail from even getting to your mailbox, giving you a lower chance of clicking on something malicious. 

2. Train employees. A spam filter will not catch everything, so it is important that employees are aware of what to look for in malicious email. 

3. Set up antivirus software and a firewall. In information security, the more layers between your company’s information and the hacker, the better. 

4. Keep software and hardware up to date. Updated software and hardware will have the least amount of known bugs, giving hackers less opportunities to worm their way into your systems. 

5. Back up, Back up, Back up. Having a good backup system is a crucial part of any IT infrastructure, so that when the other parts of your system fail, your business has something to lean back on. And with customer tolerances of down time decreasing, it is also crucial to have a backup system that you can recover from quickly, preventing unnecessary down time. 

To learn how you can try a state-of-the-art backup solution for free, visit our website, or call (385) 283 – 1810.

Education Sector at High Risk of Ransomware Attacks

According to CBS news, in January, a Michigan school district became one of the victims of a ransomware attack. Hackers seized control of its computer system, demanding $10,000 in bitcoin in order to release it. This attack “affected telephones, copiers and classroom technology.” As a result of the attack, several schools in the district were closed for a week so employees could attempt to resolve the problem. The Richmond Community Schools Superintendent explained that recovery of the data is a difficult process and they do not intend to pay the ransom. “There’s no guarantee we’ll get [the server files] back, and we don’t know if that’s $10,000 for each file or each server that they’ve taken.”

Education is one of the most targeted sectors for ransomware. One reason educational organizations are at such high risk is because of the valuable information they store. They have social security numbers, banking information, credit card numbers, birthdates, and other personal information. In addition, this information does not just stem from students, but from all employees and parents. Another reason the education sector is targeted is because typically their IT equipment is not always state of the art. The school districts have budgetary constraints that make it difficult to fund IT security investments. 

According to a study done by Emsisoft Malware Lab, in 2019, the United States was hit by a myriad of ransomware attacks “that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.” That number is astounding. Of these attacks, 89 were educational sectors which potentially affected 1,233 individual schools. These numbers demonstrate the severity of the issue and reiterate the need for a data backup and recovery plan. 

Trinsio knows how valuable your data is to the success of your organizations, and we are dedicated to helping you conquer the odds against you. That is why we partner with Rubrik, to bring to you the best in cloud data management.

US Natural Gas Facility Hit with Ransomware

Unsurprisingly, we have another ransomware attack on the books. Yesterday, a malicious link was sent to staff at a US natural gas facility. As a result, staff was forced to shut down the entire pipeline asset for two days.

Facility Inadequately Prepared

This organization was simply not prepared for this sort of an attack. CISA stated, regarding the issue, “The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning.” CISA encourages all organizations to have a plan that considers the effects of these attacks. Companies should see this as a warning of the ways that ransomware can affect operations.

What is ransomware?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim in exchange for access to the data. This kind of malware can be devastating to an organization, and recovery has proven to be a very difficult process. Some victims pay the ransom in an effort to recover the files, but even then, there are no guarantees victims will get their files back.

Ransomware Doesn’t Have to End in Disaster

In contrast to the incident at the natural gas facility, Kern Medical Center, a large Level II trauma healthcare organization in Bakersfield, California experienced a ransomware attack in June that penetrated their system, deeming it unusable. An attack on a healthcare facility obviously raises significant concerns because the systems need to be readily available at all times to ensure patient survival. Kern Medical Center had a data recovery plan in place, and as a result, they were able to get their systems up and running quickly while recovering 100% of their data. What could have been a devastating event, ended up being a situation completely under control.

Craig Witmer, CTO of Kerns Medical Center claims that “With our legacy system, restores could take hours— even if we had the necessary tapes onsite. Rubrik allows us to restore in seconds.” He also noted that an important feature of the technology, is the at-a-glance view. With Rubrik, they are able to check all their systems in just a few minutes.

The difference in the preparedness of these two organizations is significant. Ransomware attacks are becoming more and more deliberate. It would be highly beneficial for every company to have a plan in place in an effort to keep their data safe.

Ransom Demands Double While Ransomware Victims Bankroll Hackers

Alarming numbers from the last quarter of 2019 show that ransom demand payments doubled compared to the previous quarter, with the average ransom payment rising 104 percent from the previous quarter to $84,116 (Coveware), wrapping up a successful year for ransomware operators. From there, the numbers just get scarier. Coveware reported that organizations hit with ransomware suffered an average of 16.2 days in downtime which is an increase of over four days from the third quarter. 

Coveware’s CEO and co-founder Bill Siegel commented on the huge increase in ransom payments, stating, “The doubling of the amount was surprising. I think we expected it to rise, but had not expected the impact of large enterprise attacks to pull the average up as much as it did.”

Coveware’s reports also indicated that attackers’ techniques are changing, with increases in ransomware attacks which include data exfiltration and exposure techniques. Data exfiltration — the practice of exfiltrating data before encrypting it and threatening to leak it to the public unless the demand is paid — became a trend in summer 2019.

Why is this such a successful market for hackers right now?

Seigel explained that cybercrime is a business, and just like any other business, when costs are low and profits are high, business is booming. Nearly 60 percent of attacks last quarter used stolen Remote Desktop Protocol credentials, which are available on the darkweb for less than $100. Coveware estimated that hackers using ransomware only needed to get returns on about 2 percent of their attacks to make a hefty profit. “This will continue until the profit margins go down for these cheap and simple attacks,” says Seigel. “As of right now, the margins are great for cybercrime, so it marches on.”

But low costs aren’t the only things enticing cybercriminals to use ransomware. Reports show that victims are increasingly more willing to bargain with hackers. A recent survey of 600 security professions by Proofpoint suggests that a little more than half of the affected organizations in 2019 decided to pay the ransom. However, the survey also found that of those who paid, 22 percent were still unable to access their data, and 9 percent were hit with more demands.

What Can You Do to Avoid Paying the Ransom?

A secure infrastructure has multiple layers of security with working backups in place underneath it all. Seigel explained that the companies that agree to pay the ransom payments are usually the ones with compromised backups or without any backups in place. “Those who think paying a ransom will help them recover faster are incredibly mistaken,” he said. “In our experience that is absolutely false, and in practice it does not happen. Once companies realize the extent of the remediation work necessary just to cleanse their production network, such that you could safely decrypt it, they realize that on a risk and time adjusted basis, restoring from backups is always a better option.” Learn more about Trinsio’s fast and secure backups here.

Caucus Complications: Data Backup and Recovery

A new smartphone app, “Shadow”, was recently introduced as a way to collect the results of the Democratic Party caucus in Iowa. As Tuesday afternoon rolled around, results were still not reported due to a problem with the app. According to Alexis Madrigal from the Atlantic, “The shadow app struggled at the final step of the results-reporting process… while the app was recording data accurately, it was reporting out only partial data”. Shadow Inc. later confirmed this on twitter, “As the Iowa Democratic Party has confirmed, the underlying data and collection process via Shadow’s mobile caucus app was sound and accurate, but our process to transmit the caucus results data generated via the app to the IDP was not.” Although the technology issues caused a setback, “because of the required paper documentation, we have been able to verify that the data recorded in the app and used to calculate State Delegate Equivalents is valid and accurate”. Although the voting closed on Monday night, the party was not able to release the results until after 5:00 pm on Tuesday.

Shadow was unable to recover the data completely, and as a result, Iowa Democratic Party officials had to manually verify the data. The process of verification was both frustrating and tedious. Although the data backup and recovery technology differ, similar situations could occur in your own businesses. Consider your plan for data backup and recovery. Do you have a secure way to store your data? If disaster does occur, is there a quick and easy way for you to recover your data? This situation with Shadow has reiterated the need for data backup and recovery.

Trinsio powered by Rubrik offers a “set it and forget it approach” which simplifies the process of data backup and recovery. With near-zero recovery time and an easy-to-use cloud backup software, you can be sure your data is protected and easily accessible. One way that Rubrik technology makes your data easily accessible is the at-a-glance view that displays detailed reports and notifications about the data.

Las Vegas With Rubrik Versus Ransomware: 1-0

On January 7, at 4:30 a.m., the website and several city services were taken offline by a ransomware attack, which local press have speculated came from an phishing attack over email. A little over 24 hours later, the City of Las Vegas has returned to normal, almost like the attack never took place. The City of Las Vegas tweeted: “Following yesterday’s cyber compromise, we have resumed full operations with all data systems functioning as normal.  Thanks to our software security systems and fast action by our IT staff, we were fortunate to avoid what had the potential to be a devastating situation.” A follow-up tweet reassured followers that no data was lost and no personal data taken.

With more than 45 million visitors a year and over 2.1 million residents, the City of Las Vegas moved to Rubrik because it met their needs for flexibility, price, and speed. Lester Lewis, Deputy IT Director, said about their decision to use Rubrik over other services: “Rubrik is a very important partner in how we do business now because we made the decision to be a smart city and collect all this data, so we had to make a decision to protect all the data.”

The decision that they made to protect their data paid off. Because they switched to Rubrik, the City of Las Vegas was able to restore quickly and prevent any down time of critical services.

Ransomware has become the plague of the last decade, and is looking like it will be continuing to be an issue into the next. Each year, ransomware attacks cost businesses $75 billion (source: Datto). Ransomware is a type of malware that encrypts the users data on the computer that it has infected and holds the data hostage until the users pays whoever is responsible for the malware in exchange for the encryption key. Ransomware can be close to impossible to decrypt without the key and even if the user pays the ransom demand, it is not guaranteed that they will get all of their data back. If the user does not pay the ransom demand, the encryption key is deleted, and if the user doesn’t have any other technology in place, the data is lost forever. 

A month earlier, the Pittsburg Unified School District was also subject to a ransomware attack. However, they were not prepared, and consequently were unable to get services back in time for school to start weeks after the attack. The school district welcomed their students back without any laptops or internet. School emails were not accessible, so the school resulted to only using phones. 

Pittsburgs Unified School District is not the only organization to be affected. Baltimore City government was hit with a ransomware attack in 2019, with estimated losses at $18 million. Other cities like New Orleans, New York City, Riviera Beach, and at least 85 others were also subject to ransomware attacks and suffered losses in 2019.

Microsoft Releases Critical Security Vulnerability For Microsoft 10 and Microsoft Server 2016/2019

Windows administrators around the world are working overtime to update their Windows equipment after Microsoft released a patch on January 14 for critical security vulnerabilities in Microsoft 10 and Microsoft Server 2016, 2019, and more. Now, more than 900 million devices that run on these programs are in need of an update!

One of the critical vulnerabilities in Windows CryptoAPI (which allows organizations to “sign” their applications and validate the app’s authenticity) would allow malware to be disguised as trustworthy, effectively fooling users and antivirus software. Read about all the vulnerabilities here.

Let’s Recap: Where Have We Seen This Before?

The National Security Agency (NSA) discovered another vulnerability in Microsoft systems years ago and weaponized the vulnerability, calling it Eternal Blue. In 2017, the NSA disclosed the weakness to Microsoft, who then patched the bug and released the software fix to the public…. Is this starting to sound familiar?

Here’s where it went wrong: after Microsoft released the patches, Eternal Blue was leaked by a hacker group called the Shadow Brokers to the web. One month later, the worldwide WannaCry ransomware attack unfolded, exploiting unpatched computers.

The NSA seems to be trying to turn things around this time by disclosing the bugs to Microsoft. Imagine that day at Microsoft.

So How Can We Prevent WannaCry Part Two?

1. Update! Update all your computers using Microsoft 10 and your Windows Servers. Don’t make the mistake of holding off the updates for a more convenient time. Hackers are going to find that pretty convenient for them, too! Not updating your computer is like sitting in the road, seeing a car speeding towards you, and saying, “I’ll move later.” Later just might be too late.

2. Backup your data. Whether you are responsible for an IT infrastructure supporting 10,000 employees or you are managing your home computer, BACKUP YOUR DATA. If you have an existing backup system, check your backups. Ask yourself, Could my organization survive if we lost all of our data and had to restore our backups? Are our backups current and working? How long would it take us to restore from backups? If you are not satisfied with any of the answers to those questions, do something about it.

How We Can Help

As the industry-leading backup solution, Rubrik is quick to install, backup, and recover, so what otherwise would be a catastrophe is now just a quick restoration. Rubrik’s interface is also incredibly easy to use, having been built to be easy for users to manage all their data in one place. Also, with services like Rubrik Polaris, Trinsio clients get brand-new insight into data across their entire IT infrastructure, including ransomware and malware detection.

Try Rubrik for free on us! Learn how to start your free trial here.