Education Sector at High Risk of Ransomware Attacks

/in ,

According to CBS news, in January, a Michigan school district became one of the victims of a ransomware attack. Hackers seized control of its computer system, demanding $10,000 in bitcoin in order to release it. This attack “affected telephones, copiers and classroom technology.” As a result of the attack, several schools in the district were closed for a week so employees could attempt to resolve the problem. The Richmond Community Schools Superintendent explained that recovery of the data is a difficult process and they do not intend to pay the ransom. “There’s no guarantee we’ll get [the server files] back, and we don’t know if that’s $10,000 for each file or each server that they’ve taken.”

Education is one of the most targeted sectors for ransomware. One reason educational organizations are at such high risk is because of the valuable information they store. They have social security numbers, banking information, credit card numbers, birthdates, and other personal information. In addition, this information does not just stem from students, but from all employees and parents. Another reason the education sector is targeted is because typically their IT equipment is not always state of the art. The school districts have budgetary constraints that make it difficult to fund IT security investments. 

According to a study done by Emsisoft Malware Lab, in 2019, the United States was hit by a myriad of ransomware attacks “that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.” That number is astounding. Of these attacks, 89 were educational sectors which potentially affected 1,233 individual schools. These numbers demonstrate the severity of the issue and reiterate the need for a data backup and recovery plan. 

Trinsio knows how valuable your data is to the success of your organizations, and we are dedicated to helping you conquer the odds against you. That is why we partner with Rubrik, to bring to you the best in cloud data management.

US Natural Gas Facility Hit with Ransomware

/in ,

Unsurprisingly, we have another ransomware attack on the books. Yesterday, a malicious link was sent to staff at a US natural gas facility. As a result, staff was forced to shut down the entire pipeline asset for two days.

Facility Inadequately Prepared

This organization was simply not prepared for this sort of an attack. CISA stated, regarding the issue, “The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning.” CISA encourages all organizations to have a plan that considers the effects of these attacks. Companies should see this as a warning of the ways that ransomware can affect operations.

What is ransomware?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim in exchange for access to the data. This kind of malware can be devastating to an organization, and recovery has proven to be a very difficult process. Some victims pay the ransom in an effort to recover the files, but even then, there are no guarantees victims will get their files back.

Ransomware Doesn’t Have to End in Disaster

In contrast to the incident at the natural gas facility, Kern Medical Center, a large Level II trauma healthcare organization in Bakersfield, California experienced a ransomware attack in June that penetrated their system, deeming it unusable. An attack on a healthcare facility obviously raises significant concerns because the systems need to be readily available at all times to ensure patient survival. Kern Medical Center had a data recovery plan in place, and as a result, they were able to get their systems up and running quickly while recovering 100% of their data. What could have been a devastating event, ended up being a situation completely under control.

Craig Witmer, CTO of Kerns Medical Center claims that “With our legacy system, restores could take hours— even if we had the necessary tapes onsite. Rubrik allows us to restore in seconds.” He also noted that an important feature of the technology, is the at-a-glance view. With Rubrik, they are able to check all their systems in just a few minutes.

The difference in the preparedness of these two organizations is significant. Ransomware attacks are becoming more and more deliberate. It would be highly beneficial for every company to have a plan in place in an effort to keep their data safe.

Ransom Demands Double While Ransomware Victims Bankroll Hackers

/in ,

Alarming numbers from the last quarter of 2019 show that ransom demand payments doubled compared to the previous quarter, with the average ransom payment rising 104 percent from the previous quarter to $84,116 (Coveware), wrapping up a successful year for ransomware operators. From there, the numbers just get scarier. Coveware reported that organizations hit with ransomware suffered an average of 16.2 days in downtime which is an increase of over four days from the third quarter. 

Coveware’s CEO and co-founder Bill Siegel commented on the huge increase in ransom payments, stating, “The doubling of the amount was surprising. I think we expected it to rise, but had not expected the impact of large enterprise attacks to pull the average up as much as it did.”

Coveware’s reports also indicated that attackers’ techniques are changing, with increases in ransomware attacks which include data exfiltration and exposure techniques. Data exfiltration — the practice of exfiltrating data before encrypting it and threatening to leak it to the public unless the demand is paid — became a trend in summer 2019.

Why is this such a successful market for hackers right now?

Seigel explained that cybercrime is a business, and just like any other business, when costs are low and profits are high, business is booming. Nearly 60 percent of attacks last quarter used stolen Remote Desktop Protocol credentials, which are available on the darkweb for less than $100. Coveware estimated that hackers using ransomware only needed to get returns on about 2 percent of their attacks to make a hefty profit. “This will continue until the profit margins go down for these cheap and simple attacks,” says Seigel. “As of right now, the margins are great for cybercrime, so it marches on.”

But low costs aren’t the only things enticing cybercriminals to use ransomware. Reports show that victims are increasingly more willing to bargain with hackers. A recent survey of 600 security professions by Proofpoint suggests that a little more than half of the affected organizations in 2019 decided to pay the ransom. However, the survey also found that of those who paid, 22 percent were still unable to access their data, and 9 percent were hit with more demands.

What Can You Do to Avoid Paying the Ransom?

A secure infrastructure has multiple layers of security with working backups in place underneath it all. Seigel explained that the companies that agree to pay the ransom payments are usually the ones with compromised backups or without any backups in place. “Those who think paying a ransom will help them recover faster are incredibly mistaken,” he said. “In our experience that is absolutely false, and in practice it does not happen. Once companies realize the extent of the remediation work necessary just to cleanse their production network, such that you could safely decrypt it, they realize that on a risk and time adjusted basis, restoring from backups is always a better option.” Learn more about Trinsio’s fast and secure backups here.