Clicking on those links, downloading those files, and entering your details on those suspicious sites can result in not just your personal data being stolen, but sensitive data from your company can also be affected.

How is that possible? Because cybercriminals use those phishing messages to trick their targets into installing ransomware on their personal or company devices.

What is Ransomware?

Ransomware is a type of malware (malicious software) that is designed to lock systems, files, or applications, preventing its user from accessing them. To regain access and prevent sensitive data from being leaked to the internet, users will have to pay a specific amount of ‘ransom’. Cybercriminals who use ransomware to attack their targets usually accept payments through wire transfers, credit card payments, or cryptocurrency.

However, even though ransomware itself has been around since 1989, the shift in working patterns ever since the COVID-19 pandemic has contributed to why ransomware attacks have been on the rise since 2020, as the Working From Home (WFH) policy has made it harder for companies to keep track of their corporate and employee devices, networks, and systems. This also explains why we have been getting lots of phishing messages lately.

Research  also found that 3.4 billion phishing e-mails are sent daily. Data from Statista also revealed that 2 out of 3 ransomware attacks are being carried out through phishing e-mails, and other sources of ransomware attacks include malicious file downloads and/or online advertising that tricks people into getting infected by malware, or malvertising.

Nowadays, even people who don’t have the specific skills or resources needed to launch a ransomware attack can easily attack with the availability of Ransomware as a Service (RaaS) on the dark web. With RaaS, ransomware developers can sell ransomware variants to all kinds of buyers, making ransomware an even more urgent problem in society.

Ransomware Statistics and Trends

In 2020, the US FBI’s Internet Crime Complaint Center (IC3) reported that based on the cases reported to them, approximately $30 billion is the total amount of combined losses due to ransomware attacks. The 2022 Data Protection Trends Report by Veeam also found that out of the surveyed individuals and businesses, only 24% were not attacked by ransomware — or they were unaware of an attack, and only 16% were attacked once in 2021, while 60% were attacked twice or more.

Another factor that contributes to the rise of ransomware, in addition to the shifting working patterns, is the lack of proper cyber security training that companies give to their employees. Research by Statista has found that in 33% of ransomware infection cases, the factor that contributed to the attack was the lack of training that the employees receive.

Recent Ransomware Cases

Over the past 2 years, there have been a lot of cases where giant companies get infected by ransomware. These are some of the notable cases:

Nvidia

Nvidia, a manufacturer of Graphics Processing Units (GPUs), recently got their data stolen by ransomware group Lapsus$ on February 2022. The group claimed that they had stolen around 1TB of Nvidia’s sensitive data. Nvidia has also confirmed that it has been hacked and that the hacker has leaked employee credentials and other information on the internet. Have I Been Pwned (HIBP), a data leak monitoring website reported that 71,000 Nvidia employees’ credentials and passwords of their windows accounts have been stolen and shared on hacking forums.

University of California, San Fransisco

The University of California, San Fransisco’s School of Medicine’s IT environment got attacked by The Netwalker Ransomware operators in June 2020. The attackers obtained some of the university’s data and also made some of the School of Medicine servers inaccessible through malware that they launched. The university has confirmed that it paid approximately $1.14 million, to the attackers to unlock the encrypted data and get their data back.

Colonial Pipeline

Colonial Pipeline, a pipeline operator in the US, experienced an attack on May 2021. The ransomware program that attacked the company was created by DarkSide. The hackers gained access to the company’s shared internal drive, and the company has confirmed that it had paid the $5 million ransom to get the pipeline back up and running. The attack was caused by a breached employee password found on the dark web that was not protected by a Multi-Factor Authentication and not caused by a direct attack on the company’s systems.

Quanta

Quanta, Macbook’s supplier, was attacked on April 2021 by ransomware group REvil. The attacker claimed to have stolen the blueprints for Apple’s latest products at that time. REvil demanded $50 million ransom fee from both Quanta and Apple.

Accenture

Accenture, a global consulting firm, also became a victim of an attack carried out by ransomware group LockBit in August 2021. The group demanded $50 million for 6 TB of data from the company. According to VX Underground, which has a collection of malware source codes on the internet, stated that the attacker has released more than 2,000 files from Accenture to the dark web for some time. The files include case studies and presentations.

How You Can Protect Yourself from Ransomware?

There are several things you can do to protect yourself from ransomware, these are some of them:

Regular backups

We learned that ransomware attacks cause companies to lose access to their systems and data, so regularly backing up your data can help you ensure business continuity as you can always still restore your data. We recommend you invest in reliable backup software instead of relying on manual backups. Veeam is a backup software that can help you by providing 100% ransomware-proof backups, and we can help to deploy Veeam for your enterprise.

Access control

It’s important to only give users access to the data that they need for their work so that monitoring can be done easier. We also recommend you always require Multi-Factor Authentication for users who want to access the company’s systems or data, to prevent unwanted parties from gaining access.

Employee training

We have learned from Colonial Pipeline’s case that ransomware attacks can be carried out as a result of an employee’s mistake or lack of security awareness. Companies can prevent this by regularly providing security training for their employees, and why is it important to always connect to the company’s VPN, regularly check for software updates, use Multi-Factor Authentication, and beware of phishing messages.

Endpoint protection and monitoring

Protecting and monitoring all your organization’s endpoints is very important in preventing ransomware, but relying on manpower or having traditional Antivirus software may not be enough for this. We recommend you invest in endpoint protection software that can automatically detect and respond to threats before they infiltrate your corporate systems and networks. SentinelOne is an autonomous endpoint protection software that we offer and utilize here in Wowrack, and we can help you deploy it for your enterprise as well.

Read More: 3 IT Strategies to Combat Ransomware 

How Wowrack Can Help

Ransomware is a very urgent and crucial issue these days. Cybercriminals don’t only target big corporations for their next ransomware attack. They can also attack end-users and/or small and medium-sized companies.

However, protecting yourself and your company against ransomware doesn’t have to be a complicated process. Your data security matters and we want to help prepare you so your business can continue to move forward in this era where cybersecurity is a top priority for everyone.

Wowrack Security Operation can help you prevent data loss and data breaches from ransomware by regularly monitoring your systems and networks for any compromised user. Wowrack Managed Services can also help you deploy Veeam, a reliable backup software that can help you to recover all data quickly.

As mentioned previously, we also believe that protecting all your endpoints is important, and we can help you deploy SentinelOne for that. Moreover, with the growth of fake websites, we also think it is important for you and your employees to have a tool that can prevent you from clicking on suspicious links, and we can help you deploy Cisco Umbrella for that.

Ready to protect your business from Ransomware? Schedule a consultation with us now and let us know how we can help you.

The post What is Ransomware and How to Deal with It appeared first on Wowrack Blog.

It’s not uncommon for everyone to experience a network problem. As you can guess, everyday comes with a challenge whether it’s recovering files or fighting of a ransomware attack.

What was the Network Problem?

A local school district was targeted by cybercriminals. With a lack of budget and holding the belief that school districts are not typically targeted for cyber attacks, the school did not have the manpower or proper security in place.

Typically, cyber attacks happen on Friday nights or Saturday mornings to decrease detection. Also, they will typically attempt to break in right before a major operation, such as payroll, to add pressure to the situation. Like most hackers, the group initiated the attack late on a Friday night before payroll was due.

As Saturday morning came around, they went to access the student information database only to find an advertisement for Ryuk- a type of ransomware notorious for targeting government, education, and health-sector entities.

After doing some trouble shooting they discovered that the events happened as such:

• DBA reports issues with server
• Ryuk found, management notified
• All windows Servers powered off
• Payroll database ok, switches disconnected
• Server backups unrecoverable

Knowing that they had been hacked, the school district cut off their network and began to contact contractors for additional help with the issue at hand.

We were contacted Sunday morning and we began to help them with recovering their files and repairing their network. Looking into the issue, we discovered that they were using a flat network.

The Issue with Using Only a Flat Network

Essentially, a flat network only requires one switch to operate. A switch manages data flow in a network acting like a security door.

As you can guess, this security door determines which users are allowed in and out of a network. The problem is that if someone can get past that one security door, they have full access to your network.

How did you solve the Network Problem?

Luckily the school district had a physical backup, which helped us rebuild what they had lost. We went and installed proper malware security and segmented their network to further heighten their cyber security.

Working closely with their staff, we informed them of the backdoors they had open in their old network and gave them some best practice tips for keeping their network secure.

Over the next several months we assisted them with recovering lost files and other tasks needed to help rebuild their network.

Segmenting the Network Problem

Segmenting a network is a commonly used method to build a secure network. 

Essentially, when you segment a network, you add sub-networks. Within each new sub-network, you add a switch; or rather, a “security door”. Each security door decides who stays and who goes between each sub-network.  

Now with more sub-networks in place, an attacker has to go over more hurdles to access the entire system. Essentially, if a hacker gets into their network again, it will then be contained to a single sub-network.

After the incident was fixed, the school district acquired more funding and hired proper staff to run their network.

The post Helping a School District with a Network Problem appeared first on Wowrack Blog.

Ransomware has become the root cause of many business infrastructure failures with staggering financial losses. The average cost to remediate a ransomware attack is about US$730,000, if the ransom isn’t paid. Surprisingly, the number escalates to $1.4million if the ransom is paid. Another worrying fact about ransomware attacks is that the number increased by 150% in 2020 as people started to embrace remote working or WFH. It is a threat that any business can’t afford to ignore.

Frankly speaking, no strategies could completely protect you from ransomware. For that reason, the best plan of action is to ensure the company is prepared to recover after the attack happens. Securing your data backup is critical to that process.

4 Steps to Ensure Your Backup Works against Ransomware

Do The Backup

The first thing is, obviously, do your backup. Conduct it correctly and regularly. What we suggest is to perform a 3-2-1 backup strategy. To do it properly, you need to have, at least, three total copies of your data. Two on-site/local backups on different mediums or devices and at least one off-site.

Having multiple copies of your data ensures you a higher probability of a successful recovery. Logically, you can always recover your data even if one of your backups cannot be accessed due to ransomware attacks or any other reasons.

Test the Backup and Recovery

The second step is to routinely test your backups to ensure that they truly work. During the tests, it is common to uncover things like missing software install disks and license keys that don’t refresh after recovery. For that reason, it is necessary to also store such data as install disks and license keys outside of your backup copies.

Wowrack recommends scheduling a regular test. How often you schedule the tests depends on your risks and data importance. One backup schedule does not fit all needs since different companies have different levels of tolerance. If you are not sure how often you should test your backup, you can always consult to an expert in the field.

Create and Document a Plan

Thirdly, it is necessary to create and document your plan. In the heat of the moment, it is easy to lose your way or spend critical time figuring out what to do. To put it simply, creating and documenting your plan ahead of time relieves possible stress and minimizes mistakes.

Some things to keep in mind while creating your plan are your Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO determines how much data the business can afford to lose between backups. Meanwhile, RTO specifies the time required for system recovery.

Another tip: data worth paying extra attention to while creating the plan is Payroll and Accounts Payable/Receivable. Typically, recovering and rebuilding these data sets must be your top priority.

Separate Backups from Production

Finally, we suggest backing up off your domain to help keep your data secured. We also recommend using a unique and hard-to-guess username and password that is different from the administrator accounts. If possible, do not make a username that mimics your email address template.

Some service providers also strengthen your security by separating your backups from production. Wowrack, for instance, creates a backup network using separate NIC cards and specific ports to give you extra protection. Doing this inhibits bad actors from gaining access to your backup environment. Another extra but effective technique is having a data vault to store your backup that prevents deletion by any means other than expiration of a specific timestamp.

Bonus Recovery Tips

Even after recovery, however, similar ransomware attacks can still take place. This does not mean that your plans fail as ransomware can possibly reload during system restoration. Most of the time, the date when the ransomware attack began cannot be determined accurately. There is always a possibility that you recover a backup with ransomware in it.

To prevent it from happening, we encourage you to only recover data. Do fresh application installs instead of recovering the whole applications. By only recovering data, you can decrease the chances of reloading ransomware during system restoration.

The post 4 Steps to Protect Backup from Ransomware appeared first on Wowrack Blog.