Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
Dataprise
Table of content
While 2020 brought about expected advancements in technology and in cyber threats, it combined that with a global pandemic that turned the world on its head. This swift change led to a growing divide between organizations with more advanced security processes like automation and formal incident response teams, and those with less advanced security postures in those areas.
In 2021 this divide has been exacerbated as ransomware attacks and cyber threats continued to accelerate, garnering front-page headlines and costing companies billions. In fact, these attacks show no signs of stopping because they’re so lucrative. Ransomware has proven to be a good revenue stream for all threat actors, including nation-states. Ransomware is an equal opportunity offender; like phishing, anyone, from the CEO to the Receptionist, can be susceptible to ransomware attempts. Read on below to learn how you and your business can prevent ransomware attacks.
Ransomware is a type of malware designed to encrypt a victim’s information upon activation, thereby leaving the files, applications, and systems on a device unusable. Malicious actors then demand a ransom in exchange for decryption, which is the only way to regain control over the information. In a sense, ransomware “kidnaps” your data, and demands money from you to return it.
This form of cybercrime is particularly insidious because it’s designed to spread across a network to continue infection, quickly crippling small and large businesses alike.
The first documented ransomware attack was the AIDS trojan (PC Cyborg Virus) which was released by floppy disk in 1989 and demanded that victims pay $189 to a P.O. box in Panama to restore access to their systems. It was initiated by Joseph Popp, Ph.D., an AIDS researcher, who carried out the attack by distributing 20,000 floppy disks to AIDS researchers spanning more than 90 countries, claiming that the disks contained a program that analyzed an individual’s risk of acquiring AIDS through the use of a questionnaire. However, the disk also contained a malware program that initially remained dormant in computers, only activating after a computer was powered on 90 times. After the 90-start threshold was reached, the malware displayed a message demanding a payment of $189 and another $378 for a software lease.
While ransomware capabilities existed for decades, it was the advent of cryptocurrency and its ability to provide an easy and untraceable method for receiving payment from victims that created the ransomware explosion we see today.
While cryptocurrencies like Bitcoin remain untraceable, they are far from ubiquitous and are not easy for non-tech-savvy targets to obtain and send to their hackers. Still, many organized crime gangs have shifted investments and resources towards ransomware to take advantage of this new, lucrative, endeavor.
Ransomware will cost its victims more around $265 billion (USD) annually by 2031, around the worth of the entire video game industry, Cybersecurity Ventures predicts.
This increase in ransomware crime coincided with a shift from ransomware attacks spread far and wide across the internet’s pool of users to what is called “big game hunting” (BGH). Big Game Hunters in ransomware study specific targets they believe will be lucrative before using sophisticated methods to install ransomware on their victim’s systems.
Furthering this discord is the fact that most attackers aren’t developing their own encryption code but are using off-the-shelf tools found and sold on the dark web. This has led to the rise in prominence of well-known ransomware like CryptoLocker, CryptoWall, Locky, and TeslaCrypt.
2021 has been an eventful year for ransomware attacks. In July, a ransomware group named “Hello Kitty” was responsible for the attack on the video game company “CD Projekt RED”, where they stole the source code for their games and uploaded them to their leak site. Also this month, Kaseya, an international company that produces remote management software for the IT industry, released an emergency communication via their website about a compromise of their VSA system being used to spread ransomware to client systems. Most infamously, Colonial Pipeline, the largest fuel pipeline in the US, was a ransomware victim and paid 75 Bitcoins ($4.3 Million USD) to regain control of their systems in order to avoid a prolonged shutdown.
Eva Velasquez, president and CEO of the ITRC, said 2021 is just 238 breaches away from tying the all-time record for a single year.
In August, two of the biggest wireless carriers in the US (T-Mobile and AT&T) were breached, resulting in millions of records of customer information being stolen and sold on the dark web.
Typically when investigating an instance of ransomware, you’ll want to look out for a variety of “indicators of compromise”, or things that look out of the ordinary in your network. Here are a few things to look out for if you’re not sure if ransomware is in your system, or if you’ve noticed something suspicious.
Typically, ransomware attacks begin with an infection spread through phishing emails that contain malicious attachments. However, there are several ways that ransomware can reach your system.
Despite the hours and resources spent training employees, email attachments remain a dangerous ransomware threat because bad actors know that a naive end user can be relied on to open and interact with a convincing enough phishing email. While sometimes these emails are general, many bad actors conduct extensive research on their target (often a specific company or high-ranking individual in an organization) to create credible and very believable emails.
As the name suggests, a malicious URL is a clickable link that directs users to a fraudulent website or webpage. These links are often embedded in an email but can be found anywhere a user can click a link, including on social media. After the user interacts with the URL, the ransomware will often attempt to auto-install itself onto the victim’s machine, where it can begin to propagate and spread to multiple systems.
The Remote Desktop Protocol (RDP) is a protocol, or technical standard, for using a desktop computer remotely. Bad actors who find computers with exposed ports can then gain access to the machine by exploiting security vulnerabilities. Once the attacker has access to the machine, they can move laterally to other critical assets, applications, and data.
Third-party vendors are also targets for phishing attacks. A successful attack can potentially enable bad actors to then deploy ransomware on the vendor’s entire customer base.
Ransomware entities are ever evolving their tactics to circumvent cybersecurity efforts and to maximize pressure on victims to pay the ransom. Building a proper ransomware prevention strategy is key and requires a proactive defense strategy and a vigorously tested plan.
A high-quality security awareness and training program is a great method at shoring up one of your organization’s biggest weaknesses and prevent ransomware attacks. This training should teach your employees to spot phishing attacks, create strong passwords, secure their laptops and mobile devices, and to notify the right IT team member if they spot something suspicious.
Organizations need a way to recover their data in the event of a successful ransomware infection. With this in place, an organization can restore their information on a computer that’s been wiped to eliminate ransomware or even on a newly purchases replacement device.
Strict identity and access management policies, such as the principle of least privilege, Zero Trust, and multifactor authentication give employees only the access necessary to do their jobs. This means that in the event an employee’s device is compromised, lateral spread of the malware can be contained.
In the event of a ransomware attack, creating an effective ransomware response guide can mean the difference between panic and a company-wide infection or decisive action and a contained incident. If preventative measures fail, organizations should take the following steps immediately after identifying a ransomware infection to prevent ransomware attacks.
Ransomware attacks have shown that businesses are nearly unable to avoid negative outcomes, whether it be paying large sums of money, or suffer a dramatic decline in productivity. With these attacks becoming more successful and advanced, it has put companies in a hard place, wondering if they should pay the lofty ransom fee or try and fix the issue on their own. Addressing the exploitation yourself is a very risky and difficult task, so most businesses end up paying the ransom. Investing in an MSP who specializes in cybersecurity and continuous vulnerability management is the best way to save your valuable data.
To learn more about how Dataprise can help you with your Zero Trust architecture and overall cybersecurity strategy, contact us to set up a discovery call.
Interested in gauging your cyber posture? Take our short Cyber Hygiene Assessment today and receive personalized recommendations from our experts.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.