SpireTech Blog - Tag: Ransomware
News and tips to avoid ransomware
During the course of the COVID-19 pandemic, cybercrime has seen an incredible 600% increase — and it’s not slowing down. This alarming trend means that proper cybersecurity implementation is more important than ever.
A large number of these attacks are ransomware attacks. Although the first ransomware software hit the scene back in the ‘80s, the use of this type of attack has seen a massive explosion in recent years.
In this article, we will explain what ransomware is and explore six ways a small business can avoid being the victim of a ransomware attack.
Ransomware is a malicious type of software (malware) that infects the host computer and encrypts all of the files and data before demanding payment for the decryption key. Typically, the hacker requests the money via either a credit card or, more commonly, a cryptocurrency like bitcoin.
The attackers aren’t picky about who they go after either. Read more...
As you may or may not be aware, the well-known brewery and hospitality chain McMenamins suffered a data breach following a ransomware attack during the month of December. During the attack, threat actors stole business records, payroll and human resources data files dating back as far as 1998!
The attack temporarily disrupted their operations over a weekend as several of their servers, workstations, and point-of-sale systems were encrypted. It was later determined that hackers had been in their systems since December 7th, days before they executed their final attack on December 12th. McMenamins was forced to shut down all credit card point-of-sale systems, corporate email, and any IT systems to stop the spread of the attack internally.
According to the breach disclosure, stolen data potentially included names, addresses, phone numbers, email addresses, birthdates, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, and retirement contribution information. Read more...
Some of our employees just returned from a training session in Denver, CO – the first time we’ve attended such an event in person since Early 2020. Most of the discussion revolved around security and the persistent threat of ransomware.
We heard first-hand experiences from others that have been the victim of ransomware attacks. Ransomware is devastating to any business, and is certainly top of mind for us. While our basic managed services package includes Sophos Intercept X, which does well at stopping ransomware, we need to do more. Behind the scenes, we’ve been taking actions to increase our security posture and better protect our clients. In the coming months, we’ll be introducing additional security services to help keep our clients safe and secure – while at the same time increasing our readiness in case of an incident.
IT security is becoming more of an issue for insurance coverage, renewals, and large clients of our clients. Read more...
Ransomware is a plague on businesses and insurers. Cyber insurance can provide protection in the event your business falls victim. However – we’ve heard insurance rates are going up across the board due to ransomware, and hefty payouts that insurers have been forced to make. Fortunately, none of our clients have fallen victim, but we’ve heard some horror stories. Not only will the crooks encrypt your files, but they’ll also threaten to publish your sensitive data if you don’t pay – damaging your business reputation.
You may have heard about the ransomware attack on Colonial Pipeline on Friday. They brought in specialists to examine the evidence to determine what happened, restore normal operations, and secure systems. Often this means replacing entire systems and networks. We’ve heard the IT people and the company management will suffer PTSD-like symptoms due to the stress involved. Of course this is all very expensive – not to mention hefty ransom payments that may be involved. Read more...
used with permission from FTC.gov., by Andrew Smith, Director, FTC Bureau of Consumer Protection
Mention the word “ransomware” at a meeting of small business owners and you’ll feel the temperature in the room drop by 20 degrees. A ransomware attack is a chilling prospect that could freeze you out of the files you need to run your business. When FTC staff met with business owners across the country, you cited ransomware as a particular concern. New resources from the FTC can help protect your company from this threat.
Ransomware: How It Happens
What is a ransomware attack? It can start innocently enough. An employee clicks on a link, downloads an email attachment, or visits a website where malicious code is lurking in the background. With just one keystroke, they inadvertently install software that locks you out of your own files. The cyber crook then demands a ransom, often in the form of cryptocurrency. Read more...
used with permission from Microsoft Secure, by Michael Melone, Principal Cybersecurity Consultant, Enterprise Cybersecurity Group
Earlier this year, the world experienced a new and highly-destructive type of ransomware. The novel aspects of WannaCry and Petya were not skills as ransomware, but the combination of commonplace ransomware tactics paired with worm capability to improve propagation.
WannaCry achieved its saturation primarily through exploiting a discovered and patched vulnerability in a common Windows service. The vulnerability (MS17-010) impacted the Windows Server service which enables communication between computers using the SMB protocol. Machines infected by WannaCry propagate by connecting to a nearby unpatched machine, performing the exploit, and executing the malware. Execution of the exploit did not require authentication, thus enabling infection of any unpatched machine.
Petya took this worming functionality one step further and additionally introduced credential theft and impersonation as a form of worming capability. These techniques target single sign-on technologies, such as traditional domain membership. Read more...
used with permission from Norton by Symantec
Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data. Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it. Ransomware, as it is known, scores high profile victims like hospitals, public schools and police departments. Now it has found its way into home computers.
The nefarious ransomware business model has turned out to be a lucrative industry for criminals. Over the years its ill repute has made law enforcement team up with international agencies to identify and bring down scam operators.
Most of the ransomware attacks that have taken place in the past have been linked to poor protection practices by employees. Read more...
used with permission from Microsoft US Small and Midsize Business Blog
Not long ago, I blogged here about a new type of cybercrime called ransomware. But when it comes to cyber crooks, apparently they’re also using some old-fashioned methods to breach businesses’ systems. The 2017 Annual Cybersecurity Report from Cisco shows cybercrime is growing. Here’s what could be at risk for your business.
How are cyber crooks getting in?
While highly complex cyber attacks are increasing, the Cisco report notes that “classic” attacks are on the rise as well. For example, adware that gathers information about a user’s computer without telling them and malicious spam emails are common attack methods. In fact, spam is flying at levels not seen since 2010. According to the report, almost two-thirds (65 percent) of all email is spam, and 8 percent to 10 percent of spam is malicious.
Another risk for businesses is when employees select and use their own third-party cloud apps on company computers. Read more...
A new ransomware attack called Petya, PetyaWrap, or GoldenEye began spreading worldwide on June 27th, and it looks similar to the WannaCry outbreak in May. It targets Microsoft Windows operating systems and so far reports show that all systems from XP to Windows 10 are susceptible.
Petya looks to be more sophisticated than WannaCry and doesn’t have the same flaws that allowed a “killswitch” to slow down WannaCry’s progress. This means Petya may be a more virulent attack and harder to slow down and stop, although experts are saying they hope the patching of the known exploits it uses after the WannaCry outbreak may limit its impact.
Petya delivers two nasty payloads: ransomware which targets a computer’s entire file system and an information stealer which extracts usernames and passwords from other machines in the network.
So far, this outbreak takes advantage of the same EternalBlue exploit as last month’s WannaCry attack. Read more...
We have recognized that systems that are not actively managed or have no system access management policies are exceptionally susceptible to the current version of ransomware.
What Is Ransomware and Troldesh?
Troldesh is a form of malicious software called ransomware. If infected, your data, and often every fileshare on your network is encrypted and you will be asked to pay a “ransom” to get a key to access your information. Resolving ransomware issues is possible, but ransomware infections remain a significant expense and a huge productivity drain for business.
Now is the time to make sure you have good network security and good security practices in place to limit your exposure to these attacks.
What Is a Sign of Troldesh Infection?
If you notice files with a .XTBL extension on the end, these files are the first clue that a computer or server on your network has been infected by Troldesh. Read more...