Unnamed Canadian Insurance Company Suffers $1M USD Ransomware Attack
On October 8th 2019, an unnamed Canadian insurance company paid a total of 950 000 USD to a ransomware cyberattacker.
The attacker was able to infect 20 servers and around 1000 employee computers in the attack, encrypting data on the systems behind a ransomwall, demanding payment of 109.25 bitcoins for the safe release of the information.
It was reported that after paying the ransom fee, the cyberattackers provided decryption keys which allowed for the 20 servers to be decrypted for 5 days, and the 1000 end user computers to be decrypted for 10 days.
What was the ransomware strain responsible for the attack?
The ransomware strain that was used in this attack was “BitPaymer”. The malware was able to bypass the Canadian insurance company’s firewalls and infect its network. It is not known exactly how the malware was able to infiltrate into the company’s infrastructure.
Unlike many other ransomware strains that use strategies such as fake emails and malicious download links or websites to infect computers, it is believed that BitPaymer uses targeted brute force attacks.
Brute Force RDP (Remote Desktops Protocol) Attacks
RDP, or remote desktop protocol, is a tool developed by Microsoft for an individual to remotely connect to another computer. It is often used by IT administrators and cybersecurity professionals to diagnose and troubleshoot computer problems from a remote location. However, RDP is also a prime target for cyberattacks, as it is a direct pathway into a company’s network, if compromised.
A brute force attack tries to guess the credentials to an RDP connection through thousands of trial-and-error attempts done in rapid succession by machines.
Microsoft states that protective actions against RDP brute force attacks include activating multifactor authentication and using VPNs. Multifactor authentication is an added security feature to the login process that sends a temporary ‘second password’ to a trusted device every time an account is accessed from an unfamiliar IP.
Don’t become the victim of a brute force attack. Our team of cybersecurity professionals can identify points of vulnerability in your organizations’ network and provide remediation strategies to keep you protected. Call us at +1 888 366 4443 or email us at firstname.lastname@example.org to get started with us immediately.