Ransomware and Data Breaches
Data Breaches and Ransomware Attacks
Ransomware attacks are becoming increasingly widespread. Companies are increasingly identifying them as data breaches as the attacks often result in compromised data. This categorization change is significant, as it prompts ransomware victims to notify affected individuals that their information may have been compromised during the attack.
In a recent ransomware attack, Magellan Health reported that they fell victim to a data breach caused by the attack. The health care company filed a breach notification to the Attorney General of California following the attack, noting that data stored on its servers were compromised as a result of the incident. Magellan assured its customers that this was done for an “abundance of caution”.
In another incident, April 2020 saw Cognizant being hit by another ransomware attack. The company had its services disrupted by a strain of ransomware known as Maze. Earlier that year, Railworks Corporation submitted 3 data breach reports to California’s Office of the Attorney General, stating that it was the victim of a cyberattack that compromised its servers. Railworks stated that an unauthorized individual encrypted many of its servers, and may have gained access to sensitive employee information including names, addresses, and SSNs.
Previously, ransomware and data breaches had been handled separately. While ransomware describes a cyberattack where an external actor demands payment for the decryption of sensitive data, an attack is only considered a data breach if the attacker steals and gains access to sensitive data.
For many years, it was believed that ransomware attackers did not have direct access to the information that they encrypted. This has now been proven false, and many ransomware attackers use a 2 phased attack in order to extort money out of victims.
In the first stage, the attacker threatens to continue disrupting company functions by refusing to unlock the encrypted data. However, if victims refuse to comply, the attacker will threaten to release the stolen data to the public. It was the ransomware strain called “Maze” that first used this strategy, and this revealed that attackers not only encrypted its victim’s data, but also stole it.
The fact that ransomware attackers are able to steal victims’ data has been reinforced by a recent attempt by ransomware “REvil” to set up a black market auction in order to sell stolen data. In a recent report, Microsoft’s threat protection intelligence team also acknowledged that almost all ransomware attacks had the potential to steal victims’ data, despite only a small number publicly leveraging this threat.
A Thorough Data Backup Strategy
Data backup is an effective way of protecting against stage 1 of 2-pronged ransomware attacks. Because stage 1 of the extortion strategy relies on inhibiting company functions by encrypting essential data, if an up-to-date copy exists, company functions are not nearly as impacted during the attack.
As cybersecurity professionals and software developers continue to find vulnerabilities in their software, they release patches in order to repair these security holes. It is important to keep your organization’s software up-to-date in order to ensure that you are protected from all known threats. REvil ransomware is known to exploit a known vulnerability in Citrix. Vulnerabilities like this can be avoid by keeping the device up-to-date. In early 2020, the Canadian Centre for Cyber Security advised for Canadian companies to disconnect their Citrix devices while a fix was developed for the vulnerability called CVE-2019-19781. Exploitation of this vulnerability allowed a cyberattacker to gain access to a company’s network.
Another known vulnerability in Pulse VPN devices dubbed CVE-2019-11510 allows unauthenticated cyberattackers to compromise a company’s network. Like REvil, this exploit targets unpatched systems, highlighting the importance of keeping your devices updated.
For Canadian businesses, ransomware and data breaches are becoming an increasingly significant and immediate threat. Do not fall victim to cyberattack. GIGE Corporation’s experts have over 30 years of cybersecurity experience. Consult with us today at 888 366 4443 or firstname.lastname@example.org to identify and remedy network vulnerabilities in your company.