Ransomware – are you ready for the inevitable attack?

June 12th, 2021 by Stephen Jones Leave a reply »

The question about whether your organization will be hit with a ransomware attack is not “if” but “when.” Ransomware attacks are still on the rise, and can hit anything from critical infrastructure to smaller enterprises that try to stay under the radar of cybercriminals. An epidemic of security breaches involving ransomware and other types of malware is hitting large companies. In some cases, including the May ransomware attack on Colonial Pipeline, hackers first gained access using compromised accounts. Many such credentials are available for sale online. The ransomware attackers prompted major disruptions to gasoline and jet fuel supplies in the Southeastern US.

Ransomware attacks in North America have soared by 158% and globally by 62% since 2019, according to the 2021 SonicWall Cyber Threat Report

Earlier this month, JBS, the largest US supplier of meat, temporarily shut down its US plants following a ransomware attack on its network.

Game-maker Electronic Arts and the Presque Isle Police Department in Maine are responding to an event they had both been dreading: the theft of gigabytes of private data by hackers who breached their Internet-connected networks.

In EA’s case, the theft included 780GB of source code and tools for FIFA 21,

In another recent incident around 200GB of private data belonging to the Presque Isle Police Department was dumped online by a ransomware group known as Avaddon. The police department was hacked on April 18 and given 10 days to pay a ransom. The department was able to rebuild its network using data backups, and it declined to pay. Earlier this week, Avaddon posted the data on its website hosted on the dark web. The haul included 15,000 emails, according to leak site Distributed Denial of Secrets, which is making the data available to journalists and researchers. The Avaddon site also showed a sampling of police reports and witness statements that date back to at least 2011. The files document incidents of domestic violence, shoplifting, and physical assault and in many cases provide phone numbers, addresses, and other personal information belonging to victims and defendants.

Researchers have discovered yet another massive trove of sensitive data, a dizzying 1.2TB database containing login credentials, browser cookies, autofill data, and payment information extracted by malware that has yet to be identified.

In all, researchers from NordLocker said on Wednesday, the database contained 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims stored passwords in text files created with the Notepad application.

The stash also included over 1 million images and more than 650,000 Word and .pdf files. Additionally, the malware made a screenshot after it infected the computer and took a picture using the device’s webcam. Stolen data also came from apps for messaging, email, gaming, and file-sharing. The data was extracted between 2018 and 2020 from more than 3 million PCs.

Dark web ads for these viruses promise that they can build a virus to attack virtually any app the buyer needs. Once infected, a PC will regularly send pilfered data to a command and control server operated by the attacker. The files can be useful in piecing together the habits and interests of the victims, and if the cookies are used for authentication, they give access to the person’s online accounts.

If you want to determine whether your data was swept up by the malware check the Have I Been Pwned breach notification service, which has uploaded a list compromised accounts.

So what can you do to protect yourself. There is some good advice here https://www.eweek.com/enterprise-apps/how-can-you-prevent-ransomware/

In Theordore Levitt’s book, Thinking About Management, he says managers should ask simple questions. Why do we do it this way? What are the alternatives? What are the potential business costs? Who does it better? It is time for CEOs to start asking these kinds of simple questions about their firm’s security posture.

Contingency plans are part of sound preparedness. One of them should be that, in the case of a ransomware attack: How can the company ensure near-instantaneous recovery if the ransomware attack is ignored? Secondly, how can the company ensure that the data is not corrupted? Knowing and strategizing to have contingency plans in place to address these challenges will give a company’s leadership greater confidence to move forward.

IT executives need to have a seat at the crisis management table and be empowered to speak the truth, even if the other executives are reluctant to hear it. In the midst of a cyber attack, the communication within a company can easily be disrupted, fragmented, and isolated. Weaknesses in internal communication, and a disconnect between business executives and IT executives, is exposed. When business executives have limited information and do not have a full, clear picture of what the company can and can’t do, knee-jerk decisions are made, that lead to financial loss, reputation damage, and business disruption, when with preparation it can be avoided. 

Ransomware criminals have unlimited dollars and every tool and technology needed to succeed. 

Are you ready?


Comments are closed.