The Heritage Company has temporarily shut down its operations due to a ransomware attack. In December of last year, CEO Sandra Franecke announced to the company’s 300 employees that the company had not fully restored its systems following a ransomware attack that October. As a result of the attack, the company would be temporarily suspending all its functions. In a statement to the company’s employees, she stated that “we do not prevent you from searching for other employment”.

What is data encryption?

Ransomware attacks are a type of cyberattack that encrypts data on a victim’s computer, demanding ransom payment for its release. Encryption is the act of scrambling data into a format that cannot be read unless it is decrypted using a digital key.

Unfortunately the Heritage Company has not been the only ransomware victim in recent times. Over the past year, ransomware  has become increasingly common among small sized businesses. In August of 2019, Wood Ranch Medical, a medical clinic located in California, announced that it was a victim of a ransomware attack. The attack had a widespread impact on the company’s IT infrastructure including its servers and backups, where personal client information was stored. On December 17^th 2019, the clinic closed as a result of the damages, stating that the records that were encrypted were lost and could not be recovered.

Ransomware attacks are now targeting backup systems

Ransomware attacks rely on the leverage of releasing encrypted data to extort money from victims. Therefore, if the victims have up-to-date backups of all the sensitive information, it eliminates the pressure point that attackers use. Knowing this, ransomware attacks have started to target the backup systems of victims as well, as illustrated by Wood Ranch Medical. In particular, since mid 2019, data backup manufacturers began warning customers that ransomware attackers were now targeting Network Attached Storage (NAS) devices.

Does paying the ransom fee guarantee safe release?

There have been many instances where encrypted data has not been released even after ransom has been paid. These strains of ransomware, called wipers, are designed to simply destroy the data. An example of a wiper ransomware is “NotPetya”. However, because the victim has no way of guaranteeing that the data cannot be restored, ransom payment is still the only option in many attacks.

Learn more about NotPetya and other ransomware strains by calling us today at 888 366 4443 or emailing us at info@gige.ca

The list of ransomware victims continues to grow. Florida’s Lake City and Riviera Beach City have both fallen victim to cyberattack. Both cities have been forced to pay $500 000 each to the attackers in attempts to unlock the encrypted files.

On June 5^th, the City of Riviera Beach released an official announcement stating that a “data security event” has occurred. One day later, the Lake City Police Department released a similar announcement, detailing that a ransomware attack had disabled many of the city’s systems, including email, VoIP and credit card channels.

As a result of the attacks, both governments have been thrown back to analog working environments, hand-writing bills and permits while the systems are recovered. Despite the ransom payments, there is no guarantee that the lost data will, or even can, be decrypted by the cyberattackers.

Riviera Beach released that the ransomware virus infected their systems through a malicious link in an email. Lake City, on the other hand, stated that their system was intruded after attacks on multiple fronts of their network.

What is Ransomware?

Ransomware is a type of cyberattack that encrypts data on a computer and asks for a ransom fee for an unlock key. Encryption renders ordinary data unreadable, and can only be decrypted by using the key supplied by the attackers.

This type of attack has seen a massive uptick in recent years. Since January 2016, over 4000 ransomware attacks have occurred daily, according to the U.S. Department of Homeland Security. Targets of these attacks range from households and small organizations to governments.

There are many factors that caused the widespread use of ransomware. Firstly, the rise in cryptocurrency popularity have given attackers an ideal payment channel. Recent years has seen digital currencies such as Ethereum and Bitcoin rise in both usage and value. Bitcoin, for instance, costs around CAD 14 000 as of July 3^rd 2019. Some of these currencies are designed to be difficult to track, therefore making them perfect for cyberattackers.

The unpreparedness of companies and governments to deal with ransomware attacks is another reason why this type of attack has been so successful. As demonstrated by the attacks of the Florida cities, ransomware causes significant damage to day-to-day functions. Therefore, businesses and governments are often forced to simply pay the fee to avoid compounding damage.

Don’t fall victim to ransomware. Managed IT service providers can help you design and monitor backups of your data to restore your systems in the event of an attack. GIGE IT Solutions provides customizable backup and security solutions tailored to your business goals. Call us at +1 888 366 4443 for an immediate consult.

A cryptojacking attack has forced St. Francis Xavier University to temporarily shut down its computer network systems. The university reports that the cyberattackers attempted to use the school’s computers resources to collect digital currency.

What are cryptomining and cryptojacking?

Cryptomining is the use of computer resources to collect cryptocurrencies such as bitcoin. The act of doing this is entirely legal, and many people voluntarily use their computers to do so.

However, cryptojacking is the illegal act of installing malicious software on unsuspecting victims and using their computers’ resources to cryptomine without their consent. In cryptojacking attacks, the currency earned is then sent back to the attacker.

Risks and consequences of cryptojacking attacks include the following:

• Slow-down of normal computer functioning
• Overheating of computer graphics, processor, or memory due to overuse

There are many ways that a computer can become infected with cryptojacking malware. For instance, they can be transmitted through malicious email attachments. The DDE Exploit is an example of this, and this malware is passed through an infected Microsoft Word document.

Next, cryptojacking malware can also attach itself to your computer through malicious websites. For instance, Coinhive is a cryptomalware that can enter your computer through unprotected websites. Once it infects a pc, it then uses its resources to collect the cryptocurrency called Monero.

Finally, cryptomining malware can enter your computer though compromised cloud services. A recent incident involved numerous large organizations such as Aviva and Gemalto being infected with mining software due to cloud accounts lacking password protection.

How to protect yourself:

There are any steps that you can take to protect your organization’s network against cryptomining attacks. Firstly, you can ensure that your employees are educated in spotting malicious links and files in suspicious emails. By minimizing the human error in the equation, you will be able to reduce the risk of infection. Next, ensure that your email service has antivirus and antispam installed. These software use databases of known malicious websites and automatically block potentially harmful emails.

Ensure that your organization’s computers are running up-to-date antivirus software that blocks cryptomining programs. Finally, ensure that you constantly monitor network activity in your organization. This allows for anomalies to be spotted quicker.

Don’t fall victim to cryptomining attacks. Contact GigE at 888 366 4443 to ensure that your sensitive data is backed-up and protected.

It has recently been discovered by Check Point researchers that fax machines contain cyber-vulnerabilities that allow attackers to infiltrate your network using only a fax number. Given that many companies today still use fax machines, and that fax numbers are publicly provided contact information, this new exploit poses a major vulnerability concern to thousands of organizations.

The new exploit that abuses this vulnerability has been dubbed “Faxploit” (short for fax exploit), and is believed to affect all fax-capable machines, including fax-to-mail services and all-in-one printers.

To infect the printer, all the attackers need to do is send a malicious fax to the machine. From there, they can gain full control of the device and then further infiltrate the company’s network. In their study, the researchers at Check Point were able to gain control of an HP Officejet all-in-one printer simply by sending an infected fax, and then were able to infect its network with spying software such as ‘EternalBlue’.

Another point of vulnerability that was discovered was through the fax machine’s PSTN phone line connection. Using this, attackers can exploit the machine and gain control of the device without it even being connected to the internet.

Still a Lab Contained Danger

The Faxploit has not been detected outside of the laboratory conditions, reported the Check Point researchers. However, they noted that it will only be a matter of time before other researchers and cyberattackers develop the software for themselves.

The researchers stated that they have already notified HP of the exploit, and the company has since developed and released a patch that has repaired the cyber vulnerability. This update was released on August 1^st 2018, and likely has already been applied to your printer if its update-sequence is set to automatic. However, if your printers’ updates are manually managed, it is important to ensure that the latest software has been installed on it.

The checkpoint researchers have confirmed that the exploit works on HP all-in-one machines, and has therefore prioritized communicating with this manufacturer to develop a fix. However, they believe that the exploit will also work on devices from other manufacturers. There is no word yet from these companies on fixes.

Here are some best practices to keep in mind to protect your organization’s or personal printer from infection:

Firstly, always ensure that your fax machine is running the latest software from its developer. If the automatic update feature is not turned on, manually check if the latest firmware is running. Second, if you do not use the fax features of your all-in-one printer machine, it is beneficial to disconnect it entirely from the PSTN line, eliminating this potential malicious pathway into your network. Finally, if you are unable to completely disconnect your fax machine, use network segmentation to protect critical areas of your network. This strategy involves creating ‘breaks’ in an organization’s network by disconnecting groups of computers from each other. This way, if a segment becomes infected, the infection can be contained more easily.

GigE Solutions can help your company protect its networks from fax exploits by ensuring that all your machine are up-to-date with the latest patches from developers. Contact us at +1 (888) 366-4443 to get started today.