Ransomware has been all over the news and internet lately (e.g., the Wannacry, Spora, and Petya attacks), but what is a ransomware attack, and how can you protect yourself?
In short, a ransomware attack is a type of malicious software that threatens to publish the victim’s data and block access to said data unless a ransom is paid to the hacker. Hackers attempt to extort money by requesting the deposit of cryptocurrency in a bitcoin wallet in exchange for the decryption key. But cybercriminals won’t always follow through and unlock the encrypted files.
Since the COVID-19 pandemic has caused major cyberattacks to numerous companies big and small (even freelancers and solo entrepreneurs have been starting to get hit with attacks and backdoor exploits), things are only getting worse. Ransomware is one of the major types of viruses that hit businesses. In particular, one company actually paid for it – no, they paid their attackers even though the threat was eliminated. Don’t be this company, and don’t live in fear. We’re going to tell you how you can avoid this and keep bad things from happening to you or your business!
Table of Contents
What Happened, and Why’d they Pay?
In May of 2020, a company called Blackbaud ended up thwarting a ransomware attack. Supposedly they were informed that the attackers had already stolen some data before their systems were attempted to be encrypted. The hackers used an exploit to breach their network and install ransomware to keep their customers out of their servers. This, of course, is always a lousy ordeal, and fortunately, the company was able to block the attack successfully. But they didn’t catch it in time.
Unfortunately, the organization ended up losing some data that the hackers stole from its self-hosted environment. This is where Blackbaud’s customers store their files on the cloud servers. The company was then threatened to pay the ransom, or their customers’ information would be leaked on the dark web. Not cool! Of course, Blackbaud paid the hackers and then received confirmation that their customers’ data was destroyed.
The Ransomware Evolutions
A few years ago, you would download the harmful software or ransomware virus, and then you had to pay cryptocurrency to get things unencrypted (which rarely happened). Since then, though, more and more extortion has been happening where they’re grabbing some of the viable data a customer holds dear, and they’re hitting hard – primarily to the customers. This can lead to all sorts of lawsuits for a company if they’re responsible for their customer base’s information leaked on the internet.
Now ransomware has evolved so that hackers can use it by taking advantage of Microsoft exploits, worm viruses, and so much more. Some people have even brought older viruses to the table and modified them, making them even harder to successfully detect from protection systems – unless you have the right One. Let’s look at some more recent ransomware incidents, shall we?
Atlanta’s Ransomware Problem
You may or may not have heard about Atlanta’s government shut down last year due to a ransomware attack. But did you know it ended costing taxpayers north of 17 million dollars? What started as a $51,000 ransom demand that wasn’t paid was estimated to cost $2.7 million to fix, but the latest figures have the breach costing taxpayers north of $17 million, and they may not be finished yet.
Riviera Beach Shut Down
The latest city to be the victim of social engineering is Riviera Beach, Florida. A city employee clicked on a link in an email that he should not have opened. Thus, allowing the ransomware to spread throughout their network. The hackers are demanding $600,000 from the small town of just 35,000 people. And you know what? The town council voted unanimously to pay the hackers to decrypt their data. It turns out Riviera Beach is insured against hackers, and their insurance will be paying for this. Will this start a trend of hackers hacking cities and being paid off by insurance companies?
Sextortion Emails Are On The Rise
Another issue we’ve been hearing a lot about sextortion scams popping up the last couple of weeks, and want you to be prepared if you happen to receive a sextortion email.
So, what is sextortion??
Sextortion, or cyber blackmail, is a growing threat to people of all ages and genders. These scams are often run by organized crime groups based overseas and can be highly convincing. Scammers typically claim to have hacked the victim’s webcam and recorded them while engaging in a private personal activity.
They then threaten to publish these videos online or send them to the victim’s Family, Friends, and Colleagues unless they pay hundreds and sometimes thousands of dollars using Bitcoin.
So what should you do if a sextortionist confronts you?
First of all, do not delete the messages; you’ll need them. Second, contact the FBI and tell them what’s going on and share the emails you received. You may also want to invest in a webcam cover for peace of mind and extra privacy.
What it boils down to is whether your business is prepared or not? Do your employees know how to spot a phishing email? Do you have a disaster recovery plan in place? Could your business survive a $50k, $100k, or even a $500,000 hit?
How Can I Keep This from Happening?
If you have a managed service provider, they may have viable solutions to help protect your business, data, and customers’ data. For example, if they house cloud-based storage solutions, then you’ll be able to get the most out of their servers by utilizing and uploading your files to their servers – keeping your customers’ data safe in a virtual environment. You can probably also talk to them about antivirus and other solutions that make them more effective at not only stopping attacks but completely keeping your hackers out of your systems, to begin with.
- Backing up your important files regularly. Keeping three backups of your data on two different storage types and at least one backup offsite at a data center.
- Apply the latest updates to your operating systems and apps. Keeping on top of updates, especially security updates, can save you thousands of dollars.
- Educate your employees so they can identify social engineering and spear-phishing attacks. Your employees are your weakest link. Without proper education, it’s like a ticking time bomb ready to explode.
- Lastly, the best way to deal with a ransomware attack is to BE PREPARED! We can help by providing your company with a proactive plan to protect your essential information from a ransomware attack!
Senior Safety On The Web
You may not be aware, but seniors are more susceptible to cyber crimes than any other group.
Here are some tips to keep your aging loved ones safe when surfing the net.
- Remove admin rights from their accounts to maximize security.
- Use a password manager to generate & safely store secure passwords.
- Use two-factor authentication (2FA)
- Set browser safety settings to the maximum security
- Call or visit us anytime to help walk through something suspicious.
Final Thoughts
With the rise in viruses and the fact that hackers are continuously improving their technique, you probably need a team of IT professionals who can give you the most when it comes to security and special software applications to help improve your safety. Another thing you can utilize is the use of VoIP, which can even help to improve your quality of life, handle customer’s information better, and so much more! Our specially certified IT support team can give you any cloud hosting, file protection, and data security needs at Infinity Solutions. And did we mention that we can also offer full-service VoIP solutions to your business too?