Ransomware: “It won’t happen to me…” until it does

/in

With ransomware, it is easy to assume, “it won’t happen to me” until it does. Dr. William Scalf and Dr. John Bizon became victims of this horrific cybercrime in March of this year. The two doctors own a small medical office in Battle Creek Michigan that has been operating for many years. Upon return from a vacation, Dr. Scalf found all computers shut down with patient information, schedules, and records seized. There was a single email requesting a sum of money in exchange for the stolen information.

The ENT and Hearing Specialist informed the FBI as soon as they could, where they were encouraged to do everything they could to not pay the ransom, as this only encourages criminal behavior. There is also a risk in paying the ransom because there is no guarantee that their data would be completely recovered. Rather than paying the ransom, the two doctors decided after a long career, the only option was to shut down the practice completely. Dr. Scalf describes the situation as a nightmare. Brookside ENT could not even inform the patients of the event that occurred because all contact information was lost. Patients were frustrated as they tried to schedule appointments only to find out that the practice had shut down.

Unfortunately, this small practice in Battle Creek Michigan is not and will not be the only small business to be affected by ransomware. In a report by Beazley Breach Briefing, a software insurance agency, 3,300 ransomware attacks were reported against U.S. businesses in 2018 and 71% of these attacks were against small businesses or organizations. 

Healthcare Industry at High-Risk for Ransomware Attacks

The healthcare industry is definitely an industry that cybercriminals are taking advantage of. Healthcare providers are oftentimes more likely to pay the ransom because people’s lives could be in jeopardy if the information is lost. According to HealthITSecurity, small healthcare facilities are also targeted because of their “lean security support.” Data shows 3 out of 4 small to mid-sized healthcare centers lack an on-staff IT security leader leaving cybercriminals a greater opportunity to successfully complete an attack.

Although oftentimes we hear about large enterprises falling victim to devastating ransomware attacks, it is important to consider the opportunity cybercriminals see within small businesses and organizations. Because small businesses are not typically equipped with the resources to withstand an attack, they can be the prime target for an attacker. Without a data recovery plan in place, many small businesses end up paying the ransom out of sheer desperation in hopes of getting their data back. The effects of these attacks are devastating and can lead to the complete shutdown of an organization, just as it did with Brookside ENT.

Trinsio Can Help Protect Your Business Against Ransomware

As small businesses and organizations develop a data backup and management plan, they may struggle to find a good solution because they do not have the budget or may be overwhelmed by their data and have no idea where to begin. Trinsio understands this concern and has developed a way to solve this problem. With immutability to fight ransomware, you can be confident that your data will be protected in the event of an attack, we will also walk with you step by step to understand your data and present the best strategy to manage it. As a Rubrik Strategic Partner, we offer the best data backup and recovery technology that is available. And with a monthly ‘pay as you go’ model, our technology is affordable and available to protect your organization.

Honda Battles Ransomware

/in ,

Honda, one of the largest vehicle manufacturers in the world, was hit by a ransomware attack on Monday, June 8th. News of the attack came after Honda tweeted a message informing the public that Honda Customer and Financial Services were experiencing technical difficulties and were currently unavailable. This ransomware attack disrupted Honda’s global operations, including factory operations. In a statement to The Verge, Honda said “There is no current evidence of loss of personally identifiable information… we have resumed production in most plants and are currently working toward the return to production of our auto and engine plants in Ohio.” 

The virus that attacked Honda is known as “Snake” ransomware. An article by Zach Whittaker from TechCrunch explained that this kind of ransomware “scrambles files and documents and holds them hostage for a ransom, expected to be paid in cryptocurrency.” Although Honda worked to contain the attack and continue business as usual, many business processes that relied on those systems were impacted. 

In a statement provided to Popular Mechanics, Honda denies that any of its data was successfully exfiltrated and that the attack had not presented any evidence of loss of personally identifiable information.

A cybersecurity firm, Sophos, released a survey in May 2020 stating that “51% of organizations have suffered at the whims of a ransomware attack over the past twelve months, with cybercriminals managing to encrypt company data in 73% of these cases.” As a result of COVID-19, the remote workforce has increased significantly which leaves companies, like Honda, uniquely vulnerable to attacks. Oz Alashe, chief executive for CybSafe, said, “The coronavirus pandemic has created a sizable remote workforce which has increased businesses’ attack surfaces and heightened existing vulnerabilities. Organizations of all sizes should prioritize and adapt their cybersecurity strategies to reflect how their employees now work.”

Although Honda has put its best foot forward trying to minimize the effect of this attack, it is likely that Honda will have trouble making a swift recovery. With the attack happening during this challenging time, there is already financial pressure from coronavirus and reduced demand for its goods.

Chris Kennedy, CISO at AttackIQ suggests that as the ransomware threat continues to increase, companies should ensure they are prepared for a possible attack. “Ransomware is a tremendously growing threat. More powerful variants and strains are constantly emerging, and there are more capabilities for it to be remotely (and confidentially) managed the best way to defend against ransomware is readiness and timely response.”

Trinsio will help you develop a plan to ensure your data is protected. As a Rubrik strategic partner, Trinsio offers great protection for your company. All applications and data ingested by Rubrik technology are stored in an immutable manner. Once ingested, no external or internal operation can modify the data. With more than 30+ years of experience in the cloud, data center colocation, and communications, Trinsio can provide you with a solution you can trust. 

This ransomware attack on Honda was not the first and definitely will not be the last, so make sure you are prepared.

I’ve Been Hit by Ransomware… What Now?

/in ,

In an article titled “Best practices to remediate a ransomware attack” published through Business & Finance, Filip Verloy, Field CTO EMEA of Rubrik says, “As the use of remote working rises, so do potential threats and vulnerabilities, especially within a smaller business which might not have stringent home working security measures in place. People have been forced to adopt new ways of working at an accelerated pace.” Verloy states the importance of protecting your company from cyberattacks that could come as a result of remote working. He advises every company to “create a ‘work from home guide’ for employees, explain which tools are ok, what basic security measures are expected, and who is responsible for implementing them.”

The FBI has estimated that ransomware will be a $1 billion market in 2021. If a company or organization is not prepared, they may feel that paying the ransom is their only option. The recovery process can be very difficult because it is both expensive, and there is no guarantee you’ll get all your files back. Waiting until you fall victim to a cyberattack in order to develop a data recovery plan is not effective and can be detrimental to your business. It is important to decide now on a backup and recovery solution to ensure your data is secure.

Business & Finance published “Best practices to remediate a ransomware attack” to help you develop your ransomware remediation plan just in case an attack occurs.

You Have Been Hit by Ransomware – What Now?

1. Isolate the infected station from the network.

This is done to prevent the infection from spreading to other devices. Disconnect the network cable, WiFi, USB’s, etc. and turn the power off the affected devices to try and contain the damage.

2. Ensure backups have not been compromised.

Be sure backup data is not in read/write mode because it can be manipulated or deleted by the attacker.

3. Identify the infection.

Ask yourself the following questions: What kind of ransomware are you facing? How did it enter your system? Phishing scam? Stolen user credentials?

4. Determine your options.

There are several options available as you try to recover from an attack: pay the ransom, try to remove the malware, and recover from backups. Unfortunately, paying a ransom does not guarantee the recovery of all your data, and may encourage the attacker further because their attack was successful. Trying to remove the malware has become increasingly difficult as ransomware has become more sophisticated and mutates frequently. If you have a robust backup system, you should be able to restore all data from the most recent backup without paying the ransom.

After you have taken these steps, be sure to notify your team, discover which files are corrupted, restore your files, and inform law enforcement, customers, and other authorities. 

How to Prepare

One of the best ways to prepare for a ransomware attack is to make sure your data is backed up in multiple places. Joel Witts with Expert Insights said, “In the event of a ransomware attack, backing up data means you will be able to mitigate the loss of any encrypted files and regain functionality of systems.”

Trinsio offers full-featured, Rubrik-powered data management with global searchability, instant recovery, and data immutability. We also offer local and cloud data replication to be sure your data is secure. With more than 30+ years of experience in cloud, data center colocation, and communications, Trinsio can provide you with a solution you can trust.

OpEx Versus CapEx

/in ,

“Being ever-evolving as an attack tool, even the simplest form of ransomware can cost significant time and money, but more severe attacks can deal a crippling blow and even destroy a company completely, sparing no one” (Ransomware Facts, Trends & Statistics for 2020).

The effects of a ransomware attack on a business or organization can be detrimental. This is especially dangerous considering the unique time of economic uncertainty we are currently experiencing, which has forced many businesses to manage and mitigate their risks while planning ahead. “If the end of 2019 is any indication, ransomware in 2020 will become more hazardous than ever” (2020 Prediction: Ransomware to become more dangerous than ever).

Picture this: You are the IT director for a school district and you are worried about the increase in ransomware attacks and other forms of malware. You want to make sure you have a reliable data backup and recovery plan in place. You have heard of the amazing features of Rubrik software and you would love to apply their technology, however, you do not have the budget to take the leap and purchase a Brik. 

Rubrik Technology

Rubrik technology converges backup, secondary, storage, and data management into a single software. As one of the fastest-growing IT companies in the world, they are solving all the problems that data backup was previously known for— slow recoveries, poor scalability, and lack of automation/cloud support. With immutability for ransomware, end-to-end encryption, data replication, and instant recovery, it is no wonder time and time again, people are choosing Rubrik. 

Every business or organization should have a data backup and recovery plan in place. Whether you are the owner of a growing business or the IT director for an organization, there are many reasons why one may not be ready for a Brik. Some simply do not have the budget, and others may be cautious in their purchasing decisions because of the current pandemic. Whatever the reason may be, Trinsio understands your concerns and has created a way to meet these specific needs.

Trinsio’s OpEx Model

Although large enterprises and organizations may have the capital to purchase a Brik upfront, growing businesses don’t always have the same opportunity. Trinsio has developed an OpEx Model by offering a monthly consumption-based service that allows organizations of any size to take advantage of all the features of Rubrik, without initial outstanding costs. Trinsio will help you build a plan that will grow and shrink according to the amount of data you have.

Along with the monthly lease of a Brik, Trinsio’s OpEx model provides local data and storage management (capacity varies based on Brik model), full-featured Rubrik data management tools, CloudOut — archive backup data to Fibernet, Amazon S3, Google, or Azure Blob Storage for quick access and retrieval. 

Trinsio provides data management solutions, including data backup and recovery, all powered by Rubrik. With more than 30+ years of experience in cloud, data center colocation, and communications, Trinsio can provide customers with custom-tailored solutions covering all aspects of data management. With Rubrik, we provide enterprise-level complete data management to customers of any size. 

Advice from Microsoft: Blocking Ransomware Attacks

/in ,

We have seen lots of changes in businesses due to the COVID-19 pandemic. As most companies are converting to a remote workforce, we have seen human-operated ransomware campaigns targeting healthcare organizations and critical services. To prevent these attacks, Microsoft “advises potential victims to prevent threat actors behind ransomware campaigns from being able to exploit the weaknesses they usually abuse to launch their attacks.”

Microsoft encourages companies to do several things to reduce the risk of becoming a victim of a ransomware attack. The Microsoft Threat Protection Intelligence Team says, “Applying security patches for internet-facing systems is critical in preventing these attacks.” As they have researched data about recent ransomware attacks they have found the following security gaps or common ways attacks infiltrate systems: 

  1. Remote Desktop Protocol (RDP) or Virtual Desktop endpoints without multi-factor authentication (MFA);
  2. Older platforms that have reached end of support and are no longer getting security updates; and
  3. Misconfigured web servers, including IIS, electronic health record (EHR) software, backup servers, or systems management servers.

Organizations should be looking for signs of an active ransomware attack and if they find any signs, Microsoft encourages people to take the following actions:

  1. Investigate affected endpoints and credentials,
  2. Isolate compromised endpoints, and
  3. Inspect and rebuild devices with related malware infections.

To help people understand just how detrimental a ransomware attack can be, Microsoft reported that “after analyzing collected cryptocurrency wallets and ransomware ransom notes, the FBI said at this year’s RSA security conference that victims paid more that $140 million to ransomware operators during the past six years.” It is important for your business to be informed of the possible ways you may be at risk of a ransomware attack. 

Microsoft wants you and your company to be safe from the detrimental effects of ransomware.

Five Tips to Reduce Your Ransomware Attack Surface

/in ,

When it comes to protecting ourselves against ransomware, there is no one magic thing that we can do to make us immune to attacks. Cybersecurity is about creating a layering defense and covering all bases. This takes time and resources but is crucial to the success of businesses of all sizes.

While some networks will require special deliberation, there are steps that all businesses can take to secure their business systems. Here are five tips to reduce your ransomware attack surface and build a strong defense against cyber threats:

1. Patch software

One of the most obvious things a company can do to secure their network is to patch its software. Leaving software unpatched is like inviting the hacker in through your front door and asking them to help themselves. By patching your system’s software, you are closing the door to attacks based on known vulnerabilities. The 2017 WannaCry ransomware attacks are an excellent example of this; a known vulnerability was patched and published by Microsoft. However, many people were not on top of updating their software and were attacked in the months following and were forced to pay the ransom or lose their data.

Patching your software timely requires hackers to look for more creative ways to get access to your sensitive data, like looking for undiscovered vulnerabilities, which can be much harder.

2. Least privilege policies

Least privilege connotes limiting access to data to those users who explicitly need access. This can mean assigning access to only certain parts of the network for some users. Because of this, implementing least privilege policies into your IT environment allows for better visibility into data movement. By knowing who is allowed access to certain parts of the network, you can see who is accessing data and when, and more easily identify unauthorized access to sensitive data.

3. Strong Password Policies

According to Google, compromised passwords are the number one reason that websites are hacked. A compromised password can be obtained by the hacker on the dark web, or through brute-force guessing techniques. An analysis by Skyhigh Networks found that the same 20 passwords made up 10.3% of 11 million stolen passwords for cloud services, or about 1.13 million passwords. These same passwords can be cracked in less than 1 second. All of these facts should convince you of the necessity of creating strong passwords. Besides using common, guessable passwords, don’t make these other common password mistakes:

  • Using the same 2 passwords. Did you know that over two-thirds of people only use 2 passwords? Using the same passwords for different accounts can lead to all your accounts being compromised when one is hacked.
  • Keeping your passwords in an unsecured place. Around 40% of organizations keep privileged passwords in a Word document or spreadsheet, one of the least secure places to keep privileged information. Instead, try using a password manager, or something similar that limits access to sensitive information.
  • Never changing passwords. Keeping the same password for your email account since your freshman year in college increases your chances of using a compromised password. Frequently updating passwords can prevent access to those who knew your password at one time.

4. Educate Organization Members

The members of your organization can be your weakest links if they are not trained appropriately to have good cyber hygiene, including how to identify phishing emails and other cyberthreats.

5. Secure remote access pathways

Be cautious of external vendors who have access to your network. Vendors may not have the same level of security protocols as your organization, and may not be as careful about keeping information secure. To double down on their potential lack of security, limit access to resources in your network through a single access pathway, giving you more visibility into traffic going in and out. Here you can also implement granular, role-based access to prevent the over-exposure of sensitive information to unwanted users.

BONUS TIP: Keep your backups separate from your main network and off-prem

As your last line of defense, your backups should not be on the same network as the rest of your data. Doing so puts your backups in the same situations as your active data, so in a situation where you need to restore from your backups, there is much less of a chance that your backups will be unaffected by the same ransomware that rendered your active data useless.

Keeping your backups on a different network and off-site allows for a barrier of protection between the backups and the active data. For some backup solutions, this can mean a slower recovery, which can be detrimental to any organization. With Rubrik cloud data management, you can restore from your backups almost instantly from immutable backup stores, even when backups are stored off-site. Rubrik was built to be ransomware proof and boasts features like data immutability and end-to-end encryption.

Increases in Ransomware since COVID-19

/in , ,

“The coronavirus pandemic has sparked a massive increase in the number of cybercrime complaints flowing into the FBI these days” -Tony Ugortez, Bureau Official, FBI.

Critical Infrastructure Security Agency (CISA) has re-emphasized the need for effective cyber security and cyber resilience planning and testing during these times. At the same time, FBI Bureau officials have stated that IC3, the Bureau’s Internet Crime Complaint Center, is receiving 3,000 to 4,000 complaints per day, far above the typical 1,000 per day prior to the pandemic, according to a deputy assistant director of the FBI’s Cyber Division. “Not all of those are COVID-related,” she said during an Aspen Institute webinar, “but a good number of those are.”

Join us along with the Department of Homeland Security’s CISA to learn how to create, implement, and test an effective cyber strategy. You’ll hear from CISA and learn about their free and confidential cybersecurity assessments. You also hear from Lane Livingston, CTO of Trinsio, on end-to-end data management. and effective ways to protect, manage, and recover your data. The Webinar will be held Wednesday, June 4 2020 at 11:00 AM EST. RSVP will be available soon.

As a result of this rise in ransomware attacks, it is important to be sure your business is protected. Trinsio provides data management solutions, including data backup and recovery, all powered by Rubrik. With more than 30+ years of experience in cloud, data center colocation, and communications, Trinsio can provide customers with custom-tailored solutions covering all aspects of data management. With Rubrik, we provide enterprise-level complete data management to customers of any size. Our solutions address premise, cloud, and long term data storage.

Link to event: https://trins.io/events/webinar-with-cisa-create-implement-and-test-an-effective-cyber-strategy/

We Critiqued Organizations’ Reactions to Recent Ransomware Attacks

/in , ,

With ransomware so often in the news, are organizations really shaping up their IT infrastructure? Organizations are increasing cybersecurity budgets and investing in security metrics to avoid being subject to data breaches. Despite their efforts, the number of successful cyberattacks are increasing, along with the number of companies who feel that they are likely to be compromised in the following year (Source: CyberEdge). 

What’s the best way to determine how prepared organizations really are? Test them. One way or another, the organizations will be tested, it is just up to the owners whether it is in a controlled environment or the real deal. And since some organizations have recently been “tested”, let’s see how they responded. 

Travelex 

If this were a college course, Travelex would have failed and been required to retake it. Unfortunately for them, after this attack, they definitely will “retake it” some day, and probably soon. Travelex, a London-based foreign exchange company, paid a staggering $2.3 million worth of bitcoin to hackers to reclaim access to their computer systems which were compromised by a ransomware attack discovered on New Year’s Eve 2019. A group who claimed to be behind the attack said they had access to the company’s data 6 months earlier, since the summer of 2019.

Despite paying the ransom, Travelex was not able to get its business back to regular operations until over one and a half months later. Only the company’s website remained operational in the attack, with online transactions suspended, and locations being forced to return to physical records. 

Overall Score: Very Poor

Overall, Travelex’s response to the New Year’s Eve ransomware attack was very poor. They didn’t discover it for 6 months, and were severely under prepared, with no backups to get them back to working order quickly. 

Preparation: Very Poor

Discovery: Very Poor

Reaction: Very Poor

Recovery: Very Poor

Coffee County Sheriff’s Department

Coffee County Sheriff’s Department in Tennessee was attacked last Monday by ransomware. Employees at the jail noticed files mysteriously moving earlier, but discovered that their entire system was encrypted Monday morning. The compromised data included files and arrest, booking and sentencing records for all the inmates. They were sent a ransomware demand, but are instead electing to use paper back-ups. 

Overall Score: Poor

While the sheriff’s department did not pay the ransomware demand, they were still inadequately prepared for the attack, and are now being forced to use paper backups, which is painful and slow. Other working backups could have decreased down time significantly and prevented data loss. Additionally, the employees were not trained well enough to understand what the suspicious movement of the files meant. If the employees had understood, some or all of the lost data could have been prevented. 

Preparation: Poor

Discovery: Very Poor

Reaction: Moderate

Recovery: Very Poor

 Finastra

The data breach that began in mid-march was discovered after the hackers’ malicious activity set off an alarm from one of Finastra’s cloud servers, alerting its security team. After being discovered, the hackers worked quickly to begin the ransomware attack. To prevent irreversible damage, Finastra took the affected servers offline, which also stopped delivering services for many of its customers. This came at a time when Finastra was working on new emergency plans due to COVID-19.

Overall Score: Moderate

While Finastra did react quickly to the ransomware attack, their preparation and recovery were very poor. Finastra neglected to fix many known software issues, which aided the hackers in their attack. Finastra correctly refused to pay the ransom, saying “Paying the ransom just makes you a bigger target for next time,” however, recovering and rebuilding their servers from their backups will be a long and painful process, leading to long amounts of downtime and service loss. 

Preparation: Very Poor

Discovery: Moderate

Reaction: Excellent

Recovery: Poor

Durham City

Last month, Durham City, North Carolina, was hit with ransomware. The malware spread after an internal employee clicked on a malicious email. After discovering the ransomware, the city quickly took affected systems offline as part of their cybercontingency plan. They were then able to quickly restore systems from working backups which had not been compromised by the ransomware because of their immutability and distance from the on-site data.

Overall Score: Excellent

Durham City was well prepared to combat the ransomware attack with a cybercontingency plan and working, fast backups from Rubrik. Additionally,the city routinely and frequently holds security trainings for employees to prevent them from falling prey to phishing emails. They were quick to react and recover, preventing extended data loss and down time. 

Preparation: Good

Discovery: Excellent

Reaction: Excellent

Recovery: Excellent

Guaranteed Excellent Recoveries

Rubrik is an award-winning, industry-leading, enterprise-level backup and recovery service that leverages an all-in-one software to bring you near-zero RTOs and instant recovery. Rubrik requires little daily management time, so you don’t have to babysit your backups all day to make sure they are ready when you need them.

Businesses not only save up to 50% when switching to Rubrik (and more with Trinsio), but they get more relevant, security-focused services like immutable backups and ransomware detection with Polaris Radar.

Not convinced? Try Rubrik free for 30 days with Trinsio. Sign up here or contact a Trinsio representative to get started.

You are the Problem: How the Misinformed are Bankrolling Hackers

/in

I recently talked with a friend about using anti-virus software. The topic of conversation was ransomware and how we could protect ourselves against it. When I suggested he try some free antivirus software, his response was surprising to me: “I don’t believe in that stuff.” He explained that he didn’t understand the software and didn’t believe it did anything truly useful. Sadly, this has become the opinion of the average person (1): bias against this kind of technology simply because they understand little about it. This “attitude of ignorance,” however, is hurting those same people who employ it. Because of their ignorance, people and organizations are unknowingly supporting the ransomware industry.

Those who choose to disregard ransomware and other cybersecurity threats as real threats will eventually find their computers hijacked and all their data encrypted, tricked by a specially-designed spam email or some other malicious ploy. It should be and is our job to build up defences against such attacks. By doing so we will be protecting ourselves and others around us.

The Economics of Ransomware 

Ironically, this is where the ransomware problem originates. Companies who, like my friend, disregard warnings to take action to protect their data are the ones who pay to get their data back when they eventually become victims. People with misinformation or no information unknowingly create a demand for ransomware by showing hackers that they are willing to pay the ransom. It is as simple as the economic principle of supply and demand—the more demand there is for a commodity, the more people are willing to pay a higher price for that commodity.

Victims are Reliably and Increasingly Paying Ransoms

What other factors are contributing to the demand for ransomware? Current cybersecurity research shows that hackers are becoming better at getting encrypted data back to the user after the user makes the ransomware payment. CyberEdge Group, a leading research and marketing company for the high-tech industry, reported that of the companies surveyed, the percentage that paid the ransom but still lost their data decreased almost 12%, from 50.6% to 38.8% (2). Other sources report that 22% of those surveyed never recovered their data (1). As hackers become more accurate decrypting user data, users are becoming more confident that they will get their data back if they pay the ransom. Consequently, users are more willing to pay to get their data back, and the data reflects that, with an increase in the number of organizations paying the ransom demand (2).

Like my friend, many users are grossly underprepared for malicious events. When an event does occur (to their surprise and chagrin), they are left with few options: either pay the hacker or permanently lose their data. However, most users do not realize that by paying the ransom the first time, they are inviting the hacker to come back again. Surprisingly, many victims are not just attacked once, but twice. Why would a hacker bother hitting someone multiple times? Under the false impression that a ransomware attack is a “one and done” situation, many do not make much more of an effort to increase their security infrastructure after the first attack. This idea is false because the hacker is now familiar with their system, and making a second attack is marginally easier. Additionally, once the attackers know the victim is willing to pay the ransom, there is no reason to find another source when revisiting the same victim means lower risk and lower costs.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.2″][et_pb_column type=”4_4″ _builder_version=”4.4.2″][et_pb_image src=”https://trins.io/wp-content/uploads/2020/04/Petya.A-1.png” _builder_version=”4.4.2″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.4.2″][et_pb_column type=”4_4″ _builder_version=”4.4.2″][et_pb_text _builder_version=”4.4.2″]

Ransomware Operators are Making a Killing

When a hacker is paid, they gain the cash flow to support additional attacks, leading to more victims, which leads to more cash flow—and the cycle perpetuates. We are now seeing the effects of this cycle in the price of ransom payments reported in 2019. Coveware, a ransomware response and analytics company, reported that ransom payments in quarter four of 2019 doubled from the previous quarter, from $41,198 to $84,116 (3). This huge jump in ransom payments reflects the dramatic increase in ransomware attacks across all industries in 2019.

In some cases, the ransom and risk associated with losing the data was so high that the ransomware attacks made headlines throughout the year. Two cities in Florida fell victim to ransomware within a short period of time last summer. One of the cities, Riviera Beach, elected to pay $600,000 in bitcoin to the people who illustrated the attack in order to get back their cities data. Lake City paid just under $500,000 (4).

Not only is the pay great, but it turns out that the cost of ransomware is low. In Q4 2019, over half of the ransomware attacks recorded by Coveware used Remote Desktop Protocol credentials, which can be purchased for under $100 on the dark web (5). With few other pieces of equipment needed, a hacker can recover their costs 800 times over from the average $84,000 ransom demand.

Bill Siegel, CEO of Coveware, speaking about the low cost of ransomware attacks said, “This will continue until the profit margins go down for these cheap and simple attacks. As of right now, the margins are great for cybercrime, so it marches on” (6). So with the increase in ransomware attacks in the last year, why isn’t the trend in ransom payments following Siegel’s statement? The key is the inelasticity of data.

The demand for data directly affects the demand for ransomware. The demand for ransomware is high because the demand for data is high. The demand isn’t very elastic, meaning that demand isn’t as volatile when the price changes because it is difficult to replace someone’s data. What is the consequence? People are willing to pay a very high price to retrieve their data.

The Movement to Stop Ransomware

Some people have recognized this vicious cycle and are taking steps to fight back. Most notable is the No More Ransom Project, started by Europol and other cybersecurity companies. No More Ransom provides tips, suggestions, and decryption tools for people and organizations whose data is encrypted and held for ransom.

Others are trying to do their part by making pacts to not pay ransoms. In 2019,  the U.S. Conference of Mayors made a pact to not pay ransoms if their cities are hit with ransomware (7). Local and state governments have been especially targeted starting in 2019 because of their commonly out-of-date IT infrastructure, and the valuable data that they keep. The difference between saying you won’t pay the ransom and then actually doing so is very challenging, however. Due to data privacy and security laws, cities and companies are contractually obligated to keep citizen/customer data, and in the event of ransomware, paying the ransom may be the only option that prevents them from being fined or worse—after all, they were under-prepared for an attack.

As a Member of the Community, You Can Fight Against Ransom Payments

The first step in taking action against this cycle of ransom payments is to educate others and help people recognize the real issue. Without an understanding of what they can do to fight against the ransomware operators, those who are unaware will continue to fuel ransomware operators. As an employee or member of an organization, you are the first line of defense when it comes to protecting your organization against ransomware. When individuals are working to protect themselves, the organization as a whole will be more immune to the ransomware attacks against them. This will then pay dividends to the communities we are a part of and the cycle of ransom payments will diminish.

[/et_pb_text][et_pb_text _builder_version=”4.4.2″]

Resources:

  1. Proofpoint, Inc., Ransomware is Big Business, Retrieved from https://www.proofpoint.com/us/threat-reference/ransomware
  2. CyberEdge Group (2019), 2019 Cyberthreat Defense Report, page 14, Retrieved fromhttps://cyber-edge.com/wp-content/uploads/2019/03/CyberEdge-2019-CDR-Report.pdf
  3. Proofpoint, Inc., State of the Phish: An in-depth look at user awareness, vulnerability and resilience, Retrieved from https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-tr-state-of-the-phish-2020.pdf
  4. Mazzei, Patricia (2019), Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000, Retreived fromhttps://www.nytimes.com/2019/06/19/us/florida-riviera-beach-hacking-ransom.html
  5. Ransomware Costs Double in Q4 as Ryuk, Sodinokibi Proliferate, Retrieved from https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate
  6. Viljayan, Jai, Average Ransomware Payments More Than Doubled in Q4 2019, DarkReading, Retrieved from https://www.darkreading.com/risk/average-ransomware-payments-more-than-doubled-in-q4-2019/d/d-id/1336893
  7. Kamp, Jon (2019), U.S. Mayors Unite Against Paying Ransom to Hackers, Retrieved from https://www.wsj.com/articles/u-s-mayors-unite-against-paying-ransom-to-hackers-11562774950

Durham City Wins The Battle Against Ransomware

/in , ,

On Friday, March 6th, the City of Durham and Durham County governments fell victim to a ransomware attack. A statement released on Sunday described the attack in more detail explaining that it originated from a malicious email attachment and then was spread across network servers. The effects of this attack could have been detrimental because there is very sensitive information held on their servers. Durham City responded to this attack as quickly as they could, taking networks and phones offline, in an effort to minimize the damage done because of this attack. 

Ransomware attacks on governments in the US rose 28% in 2018 from the previous year. This number is predicted to continue to rise. Not only have the number of ransomware attacks continued to increase, but also the ransom amount. In Riviera Beach, ransomers demanded $600,000, and less than two weeks earlier, $500,000 from Lake City, Florida. According to Nathaniel Popper, “security experts said that even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.” The importance of having a plan in place to protect your data from malware cannot be overstated.

Luckily, Durham City had installed Rubrik technology and were prepared for this kind of attack. Leaders of the city say that they are hoping to have all their systems completely up and running in several days. Kerry Goode, the CEO and Director of Technology Solutions said Rubrik technology, “is one of the leading backup systems you can purchase” and they decided they needed to have it because “it was a backup system that could not be consumed by ransomware”

Trinsio offers great protection including immutability for ransomware and end-to-end encryption. We know how critical your data and network are to you and your citizens because we are your citizens. That is why we partner with Rubrik, to bring stability and security to your organization so you can rest easy, despite the odds.