Could Your Business Be a Victim of Targeted Ransomware?
If you were a cybercriminal, what would be your preferred method of launching a ransomware attack? Would you rather create a catch-all threat that could capture as many potential victims as possible, or a calculated approach to land a big one? Despite the proven results of larger ransomware initiatives, most cybercriminals have made the shift to smaller, more targeted attacks against specific companies, and in some cases, individuals.
This transition occurred last year, which saw attackers ditching the traditional approach to ransomware in favor of a more targeted approach. The previous mindset assumed that the more victims, the more would be willing to pay up. This is what made spam such an ideal way of spreading ransomware, as it could be distributed to countless victims relatively quickly. Even though this was effective, attackers have changed tactics to experiment and find a better way to accomplish the same goal.
Instead of sending out a large net to bring in several victims, smaller attacks have proven to be just as effective. Attacks targeting specific industries, company sizes, and geographic locations have been among the most effective. Ransomware attackers have even begun to use more sophisticated measures to spread their influence, particularly in regard to spear phishing emails.
Most notably, companies and businesses in finance, healthcare, higher education, and technology industries faced many campaigns designed to take advantage of ransomware events. These targets were often larger, which means that there were more endpoints to infect with the variants.
It doesn’t matter what the size of the ransomware campaign is, or if your business is in the industries targeted most by ransomware–you should be ready to protect against threats including ransomware. Today’s IT landscape can be unforgiving if you aren’t prepared to protect your infrastructure. Your company’s security needs will not be covered by one specific solution. Therefore, you need to make sure that your business is well-prepared for any ransomware attempts, including both hardware and software protection and other security best practices.
For more information on how to protect your business from ransomware, reach out to us at (317) 705-0333.
Bad Rabbit Ransomware Strikes Targets in Eastern Europe
In yet another widespread ransomware attack, Eastern European countries saw an assortment of their critical establishments and infrastructures struck by an infection known as Bad Rabbit. Government buildings, media establishments, and transportation centers were among the targets of this attack.
Focused in Russia and Ukraine but also spotted in Bulgaria, Germany, and Turkey, Bad Rabbit shut down Russia’s Interfax Agency–a major news outlet–as well as Ukraine’s Kiev Metro, the Odessa International Airport, and both the Ministry of Infrastructure and the Ministry of Finance. The attack on Kiev Metro was found to leverage Diskcoder.D, yet another variant of the infamous Petya ransomware.
Fortunately, there is a considerably lesser chance of Bad Rabbit repeating what WannaCry managed to accomplish during its spread across Europe and, to a lesser extent, North America. This is because, instead of relying on a worm as WannaCry did, Bad Rabbit uses a server message block vulnerability called EternalRomance to spread, after being downloaded while disguised as an Adobe Flash installer on legitimate websites. It would also appear that Bad Rabbit and NotPetya (another significant ransomware attack) were deployed by the same threat actor, as 67 percent of their codebases are the same.
There is also evidence that this threat actor is a Game of Thrones fan, as the code strings used in Bad Rabbit include character names from the novels and television series.
Unfortunately, Bad Rabbit should not have been able to spread as far as it has, as Microsoft released a patch for EternalRomance in March, when the EternalBlue vulnerability was also patched. This makes this attack yet another example of why it is crucial to install patches and updates when they are released–if the organizations affected by Bad Rabbit had done so, they would not be in the position they are now.
Catalyst Technology Group can help you make sure that your systems are not left vulnerable to attacks like this by managing your patches and updates for you. Reach out by calling (317) 705-0333 for more information.
Tip of the Week: 5 Reminders To Protect You Against Ransomware
The Internet is a vast place filled to the brim with threats, especially for businesses that need to preserve the integrity of their infrastructure and keep critical data safe. The Cisco 2017 Annual Cybersecurity Report states that ransomware is growing at a yearly rate of 350%, which is a considerable number to say the least. Here are five tips that can help you keep your business safe from ransomware infections.
Remember Your Employees
Often times it’s your employees who are the first to come into contact with ransomware. Ransomware is often spread through spam messages that lurk in the inboxes of your employees. It’s best to educate them on how to avoid ransomware in the first place, as it can quickly become a pain to deal with once ransomware makes its home on your network.
Don’t Pay the Ransom
Even if your data is threatened by ransomware, it’s not worth paying the ransom to get it back. The mindset you need to keep is that you have to assume the worst. What if you pay up and you don’t get your data back at all? You can’t trust crooks to keep their word. You’re better off reaching out to a trusted IT service provider for assistance with your predicament.
Take Regular Backups
Since you can’t trust hackers to hand over the decryption key, you’ll have to resort to a more reliable way of ensuring your data’s safety. Data backup can help you prepare for the day you need to restore your data following a disaster. The ideal data backup solution will take multiple backups of your data several times throughout the day, and send them to an off-site data center or the cloud for safekeeping. The idea here is to make sure that your data backups aren’t stored on an infected network so that they will work properly when push comes to shove.
Ensure Your Security is Up to Date
Ransomware is always trying everything it can to slip through the cracks found in enterprise security. Therefore, you must take a proactive stance by updating your network’s security protocol so that all known variants of malware can be kept out of your infrastructure. This includes updating your software solutions, including your operating system and applications, to ensure maximum security.
Be Wary of Email
As we mentioned before, ransomware prefers email as its movement medium. Encourage any and all users on your network to be cautious of any unsolicited messages–especially those that contain links and attachments.
Microsoft users who want to find out more about ransomware can do so at the Ransomware FAQ that is regularly updated in the Windows Defender Security Intelligence (WDSI) database of threats. If you want a more personalized approach to ransomware security, however, reach out to Catalyst Technology Group at (317) 705-0333.
Lowlife Ransomware Hackers Now Asking for More Than $1k Per Attack
Ransomware remains a very real threat, and is arguably only getting worse. Attacks are now able to come more frequently, and there are opportunities for even relative amateurs to level an attack against some unfortunate victim. However, this is not to say that there is nothing you can do to keep your business from becoming another cautionary tale.
Ransomware, in review:
First of all, it’s important to understand exactly what ransomware is. A form of malware, ransomware will infect your system and encrypt your data. It gets its name from the fact that the attacker will demand a ransom in order for your data to be decrypted. What’s worse, if you pay, you’re taking the distributor at their word that they will decrypt your data once the money has changed hands.
Understandably, this form of ransomware can be a highly potent weapon against many users, who simply won’t know how to handle the situation beyond paying and hoping for the best. Of course, since the motives behind ransomware are financial, a lot is directed towards business targets, as they not only have more funds available but are also heavily reliant on their data to function.
Ransomware repercussions
The nature of ransomware means that those that distribute it can usually name their price for the decryption key. After all, it isn’t as though victims have anywhere else to turn other than the hacker (or so the hackers want them to believe). Due to this, ransoms for encrypted data have shot up–in 2015, the ransom to decrypt an infected computer would cost about $ 294, on average. That price had jumped to average $ 1,077 per computer in 2016.
In addition to this increase in ransom demands, there was a 36 percent higher rate of ransomware attempts between 2015 and 2016, 68 percent targeting consumers. This left a still-considerable 32 percent being leveraged towards businesses.
Does it get worse? Sure does.
As if it wasn’t bad enough already, ransomware is now able to be utilized by just about anybody who has a grudge or a desire for some extra cash. Ransomware is now offered as-a-Service, allowing an attack to potentially come from far more sources than before. Some variants of ransomware, such as Karmen, will only cost an aspiring cyber criminal $ 175 to cash in on.
Thankfully, there are steps being taken to eliminate the threat of ransomware. For instance, there are decryption tools to help undo the damage that Karmen can cause because it was derived from the open-source ransomware project Hidden Tear. Other tools and resources are available to help identify which ransomware has infected a given system, like this one from security researcher Michael Gillespie.
However, there are also steps that you can take to avoid a ransomware infection, like following best security practices and computing mindfully. Catalyst Technology Group is here to assist you in putting these procedures in place, as well as helping you recover should ransomware strike. Give us a call at (317) 705-0333 today.