Tag Archive for: Ransomware

When Trinsio Met ThreatBlockr

When ThreatBlockr Met Trinsio…

ThreatBlockr, an industry innovator committed to protecting companies and organizations against all cyber attacks using an active defense cybersecurity platform, has entered into a strategic partnership with Trinsio, a cybersecurity company specializing in data management solutions including data backup and recovery. Together, this new partnership will provide enterprise-level data backup, recovery, management, disaster recovery, and other preventative cyber security solutions for the small to mid-sized business market.

Mark Massey, Trinsio’s Co-Founder, said, “We recognize the world is evolving rapidly and threats abound. We are excited about our future with ThreatBlockr… their technology will play a key role in delivering preventative solutions to our customers and those that recognize the threats that face each and every organization globally.”

“Our mission at ThreatBlockr is to enable all companies to Block Every Threat in an easy, open, and automated way. Trinsio will help us to fulfill this mission and provide all companies – regardless of size, that opportunity.” Brian McMahon, CEO, ThreatBlockr.

Lane Livingston, the CTO, and Co-Founder at Trinsio, said, “We are excited to be working with ThreatBlockr. The technology they offer is unmatched. It looks at well over 1 million parameters in real time without adding latency. Far exceeding the current industry offerings. As we collaborate and work together, we can now offer this great technology to companies and organizations of all sizes… it is a real game changer.”

Our world is more technologically reliant than ever before, and that will not be changing anytime soon. Whatever business or organization you work for, chances are, you rely on computer systems every day. Business leaders can no longer rely on out-of-the-box defense systems as cyber criminals are becoming more intelligent and more effective. You need to be actively defending your critical data and information. Trinsio and ThreatBlockr are here to help you do exactly that. Protect your business and rest easy despite the odds.

About ThreatBlockr: Headquartered in Tysons Virginia, and founded in 2012, ThreatBlockr’s patented solution blocks known threats from ever reaching customers’ networks. ThreatBlockr utilizes immense volumes of cyber intelligence from over 50 renowned security vendors to provide unparalleled visibility over the threat landscape resulting in a more efficient and effective security posture. 

About Trinsio: Headquartered in Orem, Utah, and founded in 2020, Trinsio brings over 30 years of experience in all things data management, including cloud, data center colocation, and telecommunications. They have tailored their solutions to bring enterprise-level solutions, including data backup, recovery, management, and disaster recovery solutions, to customers of any size. Trinsio’s data solutions address premise, cloud, and long-term storage.

Ransomware Attack in New Mexico: A ‘Gut-Check’ for Local Government Entities

Ransomware Strikes New Mexico

On January 5, 2022 between Midnight and 5:30 a.m. ransomware struck Bernalillo County in New Mexico. The Albuquerque Journal reported that the attack affected “a wide variety of county government operations. Most county buildings were closed” which halted many of the counties operations.

All Bernalillo County websites were offline as a result of the cyber attack which made working with the public very difficult, but most concerning was the way the county-operated jail was affected. Government officials were unable to access cameras which caused inmates to be temporarily limited to their cells. Inmates were also reduced in their access to telephones, tablets, and unable to have visitors. The facility was on lockdown for several days following the attack. 

Bernalillo County was not the first Ransomware attack on a local government entity and certainly will not be the last. These ransomware attacks are frequent and not only disrupt government services but can also compromise data and have significant impacts on local communities.

Ransomware Attacks Targeting Local Government Entities

According to The Washington Post, “in 2019, cybersecurity experts noticed a significant increase in ransomware attacks on municipalities, cities, and towns across the country and these attacks continue to trend upward. Cyber criminals target local governments because oftentimes these organizations have limited personnel, equipment, budget, and resources to devote to cybersecurity. 

The FBI has said concerning the matter that local government entities will continue to experience ransomware attacks. Especially as “deployment and targeting tactics evolve, further endangering public health, safety, and resulting in significant financial liabilities.”

Is your City/State/Municipality Prepared?

Months later, Bernalillo County continues to feel the effects of this ransomware attack. This devastating attack certainly serves as a gut check for other local government entities. Are you prepared to withstand a ransomware attack? Do you have a data backup strategy in place? Are your employees adequately informed and understand the risks/vulnerabilities?

ENSURE you are SECURE

Trinsio is a data backup solution that will ensure that your data is secure. As a Rubrik strategic partner, Trinsio offers top-of-the-line technology for a fraction of the cost. Trinsio understands that your small town is important to you & will help you first, to understand your data, and then create a plan to protect it.

RANSOMWARE: Coming to a Town Near You!

Galt California, a small town about 25 miles from Sacramento fell victim to a ransomware attack earlier this year. After a city employee clicked on a link that was disguised as a message from another Galt City Employee, malware spread through the city’s entire system. “It encrypted critical files that knocked several key phone lines out of service, including the non-emergency number for the Galt Police Department, the emergency outage line for Public Works and the main numbers for City Hall and the finance division.” (Small Town Nearly Done Recovering from Ransomware Attack)

Thomas Haglund, the Interim City Manager said “We never had any intention of paying the ransom. We consulted with the FBI and the Department of Homeland Security who told us that even if we pay a ransom, hackers could have blatantly planted malware in a system to steal data.” 

It has now been several months since the attack, and Galt is still trying to get back on their feet. Approximately 85% of Galt’s systems have been rebuilt and restored, while the remaining 15% are currently in the process of being built. Haglund also disclosed the total incurred cost to restore the city systems is about $758,000, a large number for a small city that already has a stressed budget.

Members of the community have expressed frustration because these were “funds that could go to the schools, police, [and] more appropriate places.”

Small towns are at risk

Unfortunately, smaller locations are at particular risk because these towns typically do not have the resources or technology to protect them against ransomware attacks. 

Small governments host services that are critical to everyday life–court records, utility bills, emergency services, etc. These cities may be more likely to pay the ransom in an effort to get their systems up and running as quickly as possible. Small governments also may not have IT resources or personnel that may not understand a sophisticated cyberattack.

Move forward with confidence

The increasing news of ransomware attacks devastating small towns and cities is both frightening and overwhelming. In this day and age, whether you are as large as Las Vegas or as small as Galt, California, you are at risk for a potential ransomware attack and you need to be prepared. 

Trinsio provides data management solutions, including data backup and recovery. With immutability for ransomware, you can be sure your data will be protected in the event of an attack. We know and understand that data management may be overwhelming, especially if you are a small city that may not completely understand it. Trinsio will guide you, step-by-step, to first understand your data, then create a plan to protect it specifically tailored to you. 

As a Rubrik strategic partner, your small town or city can utilize the exact same industry leading technology that Las Vegas uses, but for a price that is affordable for you.

Ransomware: “It won’t happen to me…” until it does

With ransomware, it is easy to assume, “it won’t happen to me” until it does. Dr. William Scalf and Dr. John Bizon became victims of this horrific cybercrime in March of this year. The two doctors own a small medical office in Battle Creek Michigan that has been operating for many years. Upon return from a vacation, Dr. Scalf found all computers shut down with patient information, schedules, and records seized. There was a single email requesting a sum of money in exchange for the stolen information.

The ENT and Hearing Specialist informed the FBI as soon as they could, where they were encouraged to do everything they could to not pay the ransom, as this only encourages criminal behavior. There is also a risk in paying the ransom because there is no guarantee that their data would be completely recovered. Rather than paying the ransom, the two doctors decided after a long career, the only option was to shut down the practice completely. Dr. Scalf describes the situation as a nightmare. Brookside ENT could not even inform the patients of the event that occurred because all contact information was lost. Patients were frustrated as they tried to schedule appointments only to find out that the practice had shut down.

Unfortunately, this small practice in Battle Creek Michigan is not and will not be the only small business to be affected by ransomware. In a report by Beazley Breach Briefing, a software insurance agency, 3,300 ransomware attacks were reported against U.S. businesses in 2018 and 71% of these attacks were against small businesses or organizations. 

Healthcare Industry at High-Risk for Ransomware Attacks

The healthcare industry is definitely an industry that cybercriminals are taking advantage of. Healthcare providers are oftentimes more likely to pay the ransom because people’s lives could be in jeopardy if the information is lost. According to HealthITSecurity, small healthcare facilities are also targeted because of their “lean security support.” Data shows 3 out of 4 small to mid-sized healthcare centers lack an on-staff IT security leader leaving cybercriminals a greater opportunity to successfully complete an attack.

Although oftentimes we hear about large enterprises falling victim to devastating ransomware attacks, it is important to consider the opportunity cybercriminals see within small businesses and organizations. Because small businesses are not typically equipped with the resources to withstand an attack, they can be the prime target for an attacker. Without a data recovery plan in place, many small businesses end up paying the ransom out of sheer desperation in hopes of getting their data back. The effects of these attacks are devastating and can lead to the complete shutdown of an organization, just as it did with Brookside ENT.

Trinsio Can Help Protect Your Business Against Ransomware

As small businesses and organizations develop a data backup and management plan, they may struggle to find a good solution because they do not have the budget or may be overwhelmed by their data and have no idea where to begin. Trinsio understands this concern and has developed a way to solve this problem. With immutability to fight ransomware, you can be confident that your data will be protected in the event of an attack, we will also walk with you step by step to understand your data and present the best strategy to manage it. As a Rubrik Strategic Partner, we offer the best data backup and recovery technology that is available. And with a monthly ‘pay as you go’ model, our technology is affordable and available to protect your organization.

Honda Battles Ransomware

Honda, one of the largest vehicle manufacturers in the world, was hit by a ransomware attack on Monday, June 8th. News of the attack came after Honda tweeted a message informing the public that Honda Customer and Financial Services were experiencing technical difficulties and were currently unavailable. This ransomware attack disrupted Honda’s global operations, including factory operations. In a statement to The Verge, Honda said “There is no current evidence of loss of personally identifiable information… we have resumed production in most plants and are currently working toward the return to production of our auto and engine plants in Ohio.” 

The virus that attacked Honda is known as “Snake” ransomware. An article by Zach Whittaker from TechCrunch explained that this kind of ransomware “scrambles files and documents and holds them hostage for a ransom, expected to be paid in cryptocurrency.” Although Honda worked to contain the attack and continue business as usual, many business processes that relied on those systems were impacted. 

In a statement provided to Popular Mechanics, Honda denies that any of its data was successfully exfiltrated and that the attack had not presented any evidence of loss of personally identifiable information.

A cybersecurity firm, Sophos, released a survey in May 2020 stating that “51% of organizations have suffered at the whims of a ransomware attack over the past twelve months, with cybercriminals managing to encrypt company data in 73% of these cases.” As a result of COVID-19, the remote workforce has increased significantly which leaves companies, like Honda, uniquely vulnerable to attacks. Oz Alashe, chief executive for CybSafe, said, “The coronavirus pandemic has created a sizable remote workforce which has increased businesses’ attack surfaces and heightened existing vulnerabilities. Organizations of all sizes should prioritize and adapt their cybersecurity strategies to reflect how their employees now work.”

Although Honda has put its best foot forward trying to minimize the effect of this attack, it is likely that Honda will have trouble making a swift recovery. With the attack happening during this challenging time, there is already financial pressure from coronavirus and reduced demand for its goods.

Chris Kennedy, CISO at AttackIQ suggests that as the ransomware threat continues to increase, companies should ensure they are prepared for a possible attack. “Ransomware is a tremendously growing threat. More powerful variants and strains are constantly emerging, and there are more capabilities for it to be remotely (and confidentially) managed the best way to defend against ransomware is readiness and timely response.”

Trinsio will help you develop a plan to ensure your data is protected. As a Rubrik strategic partner, Trinsio offers great protection for your company. All applications and data ingested by Rubrik technology are stored in an immutable manner. Once ingested, no external or internal operation can modify the data. With more than 30+ years of experience in the cloud, data center colocation, and communications, Trinsio can provide you with a solution you can trust. 

This ransomware attack on Honda was not the first and definitely will not be the last, so make sure you are prepared.

I’ve Been Hit by Ransomware… What Now?

In an article titled “Best practices to remediate a ransomware attack” published through Business & Finance, Filip Verloy, Field CTO EMEA of Rubrik says, “As the use of remote working rises, so do potential threats and vulnerabilities, especially within a smaller business which might not have stringent home working security measures in place. People have been forced to adopt new ways of working at an accelerated pace.” Verloy states the importance of protecting your company from cyberattacks that could come as a result of remote working. He advises every company to “create a ‘work from home guide’ for employees, explain which tools are ok, what basic security measures are expected, and who is responsible for implementing them.”

The FBI has estimated that ransomware will be a $1 billion market in 2021. If a company or organization is not prepared, they may feel that paying the ransom is their only option. The recovery process can be very difficult because it is both expensive, and there is no guarantee you’ll get all your files back. Waiting until you fall victim to a cyberattack in order to develop a data recovery plan is not effective and can be detrimental to your business. It is important to decide now on a backup and recovery solution to ensure your data is secure.

Business & Finance published “Best practices to remediate a ransomware attack” to help you develop your ransomware remediation plan just in case an attack occurs.

You Have Been Hit by Ransomware – What Now?

1. Isolate the infected station from the network.

This is done to prevent the infection from spreading to other devices. Disconnect the network cable, WiFi, USB’s, etc. and turn the power off the affected devices to try and contain the damage.

2. Ensure backups have not been compromised.

Be sure backup data is not in read/write mode because it can be manipulated or deleted by the attacker.

3. Identify the infection.

Ask yourself the following questions: What kind of ransomware are you facing? How did it enter your system? Phishing scam? Stolen user credentials?

4. Determine your options.

There are several options available as you try to recover from an attack: pay the ransom, try to remove the malware, and recover from backups. Unfortunately, paying a ransom does not guarantee the recovery of all your data, and may encourage the attacker further because their attack was successful. Trying to remove the malware has become increasingly difficult as ransomware has become more sophisticated and mutates frequently. If you have a robust backup system, you should be able to restore all data from the most recent backup without paying the ransom.

After you have taken these steps, be sure to notify your team, discover which files are corrupted, restore your files, and inform law enforcement, customers, and other authorities. 

How to Prepare

One of the best ways to prepare for a ransomware attack is to make sure your data is backed up in multiple places. Joel Witts with Expert Insights said, “In the event of a ransomware attack, backing up data means you will be able to mitigate the loss of any encrypted files and regain functionality of systems.”

Trinsio offers full-featured, Rubrik-powered data management with global searchability, instant recovery, and data immutability. We also offer local and cloud data replication to be sure your data is secure. With more than 30+ years of experience in cloud, data center colocation, and communications, Trinsio can provide you with a solution you can trust.

Advice from Microsoft: Blocking Ransomware Attacks

We have seen lots of changes in businesses due to the COVID-19 pandemic. As most companies are converting to a remote workforce, we have seen human-operated ransomware campaigns targeting healthcare organizations and critical services. To prevent these attacks, Microsoft “advises potential victims to prevent threat actors behind ransomware campaigns from being able to exploit the weaknesses they usually abuse to launch their attacks.”

Microsoft encourages companies to do several things to reduce the risk of becoming a victim of a ransomware attack. The Microsoft Threat Protection Intelligence Team says, “Applying security patches for internet-facing systems is critical in preventing these attacks.” As they have researched data about recent ransomware attacks they have found the following security gaps or common ways attacks infiltrate systems: 

  1. Remote Desktop Protocol (RDP) or Virtual Desktop endpoints without multi-factor authentication (MFA);
  2. Older platforms that have reached end of support and are no longer getting security updates; and
  3. Misconfigured web servers, including IIS, electronic health record (EHR) software, backup servers, or systems management servers.

Organizations should be looking for signs of an active ransomware attack and if they find any signs, Microsoft encourages people to take the following actions:

  1. Investigate affected endpoints and credentials,
  2. Isolate compromised endpoints, and
  3. Inspect and rebuild devices with related malware infections.

To help people understand just how detrimental a ransomware attack can be, Microsoft reported that “after analyzing collected cryptocurrency wallets and ransomware ransom notes, the FBI said at this year’s RSA security conference that victims paid more that $140 million to ransomware operators during the past six years.” It is important for your business to be informed of the possible ways you may be at risk of a ransomware attack. 

Microsoft wants you and your company to be safe from the detrimental effects of ransomware.

We Critiqued Organizations’ Reactions to Recent Ransomware Attacks

With ransomware so often in the news, are organizations really shaping up their IT infrastructure? Organizations are increasing cybersecurity budgets and investing in security metrics to avoid being subject to data breaches. Despite their efforts, the number of successful cyberattacks are increasing, along with the number of companies who feel that they are likely to be compromised in the following year (Source: CyberEdge). 

What’s the best way to determine how prepared organizations really are? Test them. One way or another, the organizations will be tested, it is just up to the owners whether it is in a controlled environment or the real deal. And since some organizations have recently been “tested”, let’s see how they responded. 

Travelex 

If this were a college course, Travelex would have failed and been required to retake it. Unfortunately for them, after this attack, they definitely will “retake it” some day, and probably soon. Travelex, a London-based foreign exchange company, paid a staggering $2.3 million worth of bitcoin to hackers to reclaim access to their computer systems which were compromised by a ransomware attack discovered on New Year’s Eve 2019. A group who claimed to be behind the attack said they had access to the company’s data 6 months earlier, since the summer of 2019.

Despite paying the ransom, Travelex was not able to get its business back to regular operations until over one and a half months later. Only the company’s website remained operational in the attack, with online transactions suspended, and locations being forced to return to physical records. 

Overall Score: Very Poor

Overall, Travelex’s response to the New Year’s Eve ransomware attack was very poor. They didn’t discover it for 6 months, and were severely under prepared, with no backups to get them back to working order quickly. 

Preparation: Very Poor

Discovery: Very Poor

Reaction: Very Poor

Recovery: Very Poor

Coffee County Sheriff’s Department

Coffee County Sheriff’s Department in Tennessee was attacked last Monday by ransomware. Employees at the jail noticed files mysteriously moving earlier, but discovered that their entire system was encrypted Monday morning. The compromised data included files and arrest, booking and sentencing records for all the inmates. They were sent a ransomware demand, but are instead electing to use paper back-ups. 

Overall Score: Poor

While the sheriff’s department did not pay the ransomware demand, they were still inadequately prepared for the attack, and are now being forced to use paper backups, which is painful and slow. Other working backups could have decreased down time significantly and prevented data loss. Additionally, the employees were not trained well enough to understand what the suspicious movement of the files meant. If the employees had understood, some or all of the lost data could have been prevented. 

Preparation: Poor

Discovery: Very Poor

Reaction: Moderate

Recovery: Very Poor

 Finastra

The data breach that began in mid-march was discovered after the hackers’ malicious activity set off an alarm from one of Finastra’s cloud servers, alerting its security team. After being discovered, the hackers worked quickly to begin the ransomware attack. To prevent irreversible damage, Finastra took the affected servers offline, which also stopped delivering services for many of its customers. This came at a time when Finastra was working on new emergency plans due to COVID-19.

Overall Score: Moderate

While Finastra did react quickly to the ransomware attack, their preparation and recovery were very poor. Finastra neglected to fix many known software issues, which aided the hackers in their attack. Finastra correctly refused to pay the ransom, saying “Paying the ransom just makes you a bigger target for next time,” however, recovering and rebuilding their servers from their backups will be a long and painful process, leading to long amounts of downtime and service loss. 

Preparation: Very Poor

Discovery: Moderate

Reaction: Excellent

Recovery: Poor

Durham City

Last month, Durham City, North Carolina, was hit with ransomware. The malware spread after an internal employee clicked on a malicious email. After discovering the ransomware, the city quickly took affected systems offline as part of their cybercontingency plan. They were then able to quickly restore systems from working backups which had not been compromised by the ransomware because of their immutability and distance from the on-site data.

Overall Score: Excellent

Durham City was well prepared to combat the ransomware attack with a cybercontingency plan and working, fast backups from Rubrik. Additionally,the city routinely and frequently holds security trainings for employees to prevent them from falling prey to phishing emails. They were quick to react and recover, preventing extended data loss and down time. 

Preparation: Good

Discovery: Excellent

Reaction: Excellent

Recovery: Excellent

Guaranteed Excellent Recoveries

Rubrik is an award-winning, industry-leading, enterprise-level backup and recovery service that leverages an all-in-one software to bring you near-zero RTOs and instant recovery. Rubrik requires little daily management time, so you don’t have to babysit your backups all day to make sure they are ready when you need them.

Businesses not only save up to 50% when switching to Rubrik (and more with Trinsio), but they get more relevant, security-focused services like immutable backups and ransomware detection with Polaris Radar.

Not convinced? Try Rubrik free for 30 days with Trinsio. Sign up here or contact a Trinsio representative to get started.

Durham City Wins The Battle Against Ransomware

On Friday, March 6th, the City of Durham and Durham County governments fell victim to a ransomware attack. A statement released on Sunday described the attack in more detail explaining that it originated from a malicious email attachment and then was spread across network servers. The effects of this attack could have been detrimental because there is very sensitive information held on their servers. Durham City responded to this attack as quickly as they could, taking networks and phones offline, in an effort to minimize the damage done because of this attack. 

Ransomware attacks on governments in the US rose 28% in 2018 from the previous year. This number is predicted to continue to rise. Not only have the number of ransomware attacks continued to increase, but also the ransom amount. In Riviera Beach, ransomers demanded $600,000, and less than two weeks earlier, $500,000 from Lake City, Florida. According to Nathaniel Popper, “security experts said that even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.” The importance of having a plan in place to protect your data from malware cannot be overstated.

Luckily, Durham City had installed Rubrik technology and were prepared for this kind of attack. Leaders of the city say that they are hoping to have all their systems completely up and running in several days. Kerry Goode, the CEO and Director of Technology Solutions said Rubrik technology, “is one of the leading backup systems you can purchase” and they decided they needed to have it because “it was a backup system that could not be consumed by ransomware”

Trinsio offers great protection including immutability for ransomware and end-to-end encryption. We know how critical your data and network are to you and your citizens because we are your citizens. That is why we partner with Rubrik, to bring stability and security to your organization so you can rest easy, despite the odds.

US Natural Gas Facility Hit with Ransomware

Unsurprisingly, we have another ransomware attack on the books. Yesterday, a malicious link was sent to staff at a US natural gas facility. As a result, staff was forced to shut down the entire pipeline asset for two days.

Facility Inadequately Prepared

This organization was simply not prepared for this sort of an attack. CISA stated, regarding the issue, “The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning.” CISA encourages all organizations to have a plan that considers the effects of these attacks. Companies should see this as a warning of the ways that ransomware can affect operations.

What is ransomware?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim in exchange for access to the data. This kind of malware can be devastating to an organization, and recovery has proven to be a very difficult process. Some victims pay the ransom in an effort to recover the files, but even then, there are no guarantees victims will get their files back.

Ransomware Doesn’t Have to End in Disaster

In contrast to the incident at the natural gas facility, Kern Medical Center, a large Level II trauma healthcare organization in Bakersfield, California experienced a ransomware attack in June that penetrated their system, deeming it unusable. An attack on a healthcare facility obviously raises significant concerns because the systems need to be readily available at all times to ensure patient survival. Kern Medical Center had a data recovery plan in place, and as a result, they were able to get their systems up and running quickly while recovering 100% of their data. What could have been a devastating event, ended up being a situation completely under control.

Craig Witmer, CTO of Kerns Medical Center claims that “With our legacy system, restores could take hours— even if we had the necessary tapes onsite. Rubrik allows us to restore in seconds.” He also noted that an important feature of the technology, is the at-a-glance view. With Rubrik, they are able to check all their systems in just a few minutes.

The difference in the preparedness of these two organizations is significant. Ransomware attacks are becoming more and more deliberate. It would be highly beneficial for every company to have a plan in place in an effort to keep their data safe.