On October 8^th 2019, an unnamed Canadian insurance company paid a total of 950 000 USD to a ransomware cyberattacker.

The attacker was able to infect 20 servers and around 1000 employee computers in the attack, encrypting data on the systems behind a ransomwall, demanding payment of 109.25 bitcoins for the safe release of the information.

It was reported that after paying the ransom fee, the cyberattackers provided decryption keys which allowed for the 20 servers to be decrypted for 5 days, and the 1000 end user computers to be decrypted for 10 days.

What was the ransomware strain responsible for the attack?

The ransomware strain that was used in this attack was “BitPaymer”. The malware was able to bypass the Canadian insurance company’s firewalls and infect its network. It is not known exactly how the malware was able to infiltrate into the company’s infrastructure.

Unlike many other ransomware strains that use strategies such as fake emails and malicious download links or websites to infect computers, it is believed that BitPaymer uses targeted brute force attacks.

Brute Force RDP (Remote Desktops Protocol) Attacks

RDP, or remote desktop protocol, is a tool developed by Microsoft for an individual to remotely connect to another computer. It is often used by IT administrators and cybersecurity professionals to diagnose and troubleshoot computer problems from a remote location. However, RDP is also a prime target for cyberattacks, as it is a direct pathway into a company’s network, if compromised.

A brute force attack tries to guess the credentials to an RDP connection through thousands of trial-and-error attempts done in rapid succession by machines.

Microsoft states that protective actions against RDP brute force attacks include activating multifactor authentication and using VPNs. Multifactor authentication is an added security feature to the login process that sends a temporary ‘second password’ to a trusted device every time an account is accessed from an unfamiliar IP.

Don’t become the victim of a brute force attack. Our team of cybersecurity professionals can identify points of vulnerability in your organizations’ network and provide remediation strategies to keep you protected. Call us at +1 888 366 4443 or email us at info@gige.ca to get started with us immediately.

The Heritage Company has temporarily shut down its operations due to a ransomware attack. In December of last year, CEO Sandra Franecke announced to the company’s 300 employees that the company had not fully restored its systems following a ransomware attack that October. As a result of the attack, the company would be temporarily suspending all its functions. In a statement to the company’s employees, she stated that “we do not prevent you from searching for other employment”.

What is data encryption?

Ransomware attacks are a type of cyberattack that encrypts data on a victim’s computer, demanding ransom payment for its release. Encryption is the act of scrambling data into a format that cannot be read unless it is decrypted using a digital key.

Unfortunately the Heritage Company has not been the only ransomware victim in recent times. Over the past year, ransomware  has become increasingly common among small sized businesses. In August of 2019, Wood Ranch Medical, a medical clinic located in California, announced that it was a victim of a ransomware attack. The attack had a widespread impact on the company’s IT infrastructure including its servers and backups, where personal client information was stored. On December 17^th 2019, the clinic closed as a result of the damages, stating that the records that were encrypted were lost and could not be recovered.

Ransomware attacks are now targeting backup systems

Ransomware attacks rely on the leverage of releasing encrypted data to extort money from victims. Therefore, if the victims have up-to-date backups of all the sensitive information, it eliminates the pressure point that attackers use. Knowing this, ransomware attacks have started to target the backup systems of victims as well, as illustrated by Wood Ranch Medical. In particular, since mid 2019, data backup manufacturers began warning customers that ransomware attackers were now targeting Network Attached Storage (NAS) devices.

Does paying the ransom fee guarantee safe release?

There have been many instances where encrypted data has not been released even after ransom has been paid. These strains of ransomware, called wipers, are designed to simply destroy the data. An example of a wiper ransomware is “NotPetya”. However, because the victim has no way of guaranteeing that the data cannot be restored, ransom payment is still the only option in many attacks.

Learn more about NotPetya and other ransomware strains by calling us today at 888 366 4443 or emailing us at info@gige.ca

With 2019 drawing to a close and 2020 almost here, we can take a look sat how the cybersecurity landscape has evolved over this past year. By far the two most prevalent topics of the year have been ransomware and data privacy.

Ransomware

By far the most relevant cybersecurity threat of 2019 was the rise of ransomware. This is strain of malware that encrypts user data behind a paywall, and demands payment for its safe release. Targets have ranged from multinational corporations to governments. Worryingly, ransomware attacks have recently become more organized, as seen in an attack in August 2019 where 22 Texan governments were simultaneously hit with ransowmare.

Data Privacy

As collecting and storing sensitive user data grows as a core requirement of many companies, so too does the risk of leaking this data to unwanted eyes. 2019 saw several enterprises falling victim to data breaches, often leading to devastating financial and legal consequences. New York’s Retrieval-Masters Creditor Bureau Inc. filed for bankruptcy due to a $3.8 million dollar data breach where its customers home addresses, SSNs, and credit card information were leaked. In another attack, Capital One Financial reported between $100 million USD to $150 million USD in damages caused by a data breach leaking customer SSNs and bank account numbers.

In 2020, ransomware will become more dangerous than ever.

A new strain of ransomware named Maze has confirmed a cyberattacker’s bluff as a real threat. In a ransomware attack, data on a victim’s computer is both encrypted and stolen by cyberattackers. Until Maze, it was not known whether cyberattackers actually had access to the stolen data. In November, Allied Universal refused to pay a ransom fee of $2.5 million USD, resulting in cyberattackers releasing 700MB of the company’s sensitive data to the public.

With the threat now confirmed, organizations must prepare for more vicious strains of ransomware in the coming year. Cybersecurity company McAfee Labs predicts that “two-stage extortion attacks” will be a major threat in 2020, where stage 1 is data encryption, and stage 2 is data theft. With 2 leverage points, cyberattackers will have more extortion power than previous attacks.

To counter the new threats coming in 2020, cybersecurity will need to improve in both preventative and restorative measures in order to fully prepare organizations for attack. Call GIGE IT Solutions at +1 888 366 4443 or info@gige.ca. With over 30 years of network security and data backup experience, we can help keep you protected against cyberattack.

 

Cyberattackers using ransomware for money extortion have recently adopted a new strategy to force victims into succumbing to their threats – releasing sensitive stolen information to the public. This new strategy was brought to light by a recent cyberattack by the Maze Ransomware strain.

Typically, ransomware cyberattacks force victims to pay ransom fees by locking and encrypting their files behind paywalls. If the business or government that is hit does not have sufficient backups, they suffer major damages to productivity. Because the cost of the attack increases with each passing day that productivity is lost, these organizations opt to pay the ransom fee in order to resume daily functions. While cyberattackers also often threaten to release the files to the public, it is often believed that these threats were bluffed and that the attackers did not actually have access to the files.

The Maze Ransomware confirmed that cyberattackers can indeed access and release the files to the public. In a recent ransomware attack involving the “maze ransomware” this November, victim company Allied Universal refused to pay a ransom fee of 300 bitcoin (around $2.5 Million USD at the time). The cyberattackers then followed through on their threats and released around 700 MB of sensitive data to the public.

 

How are computer being infected with Maze?

Cybersecurity professional Jerome Segura discovered that Maze Ransomware was being spread via a fake cryptocurrency exchange webpage. It is believed that the ransomware was being distributed alongside another exploit, the ‘Fallout exploit kit”, which exploits security holes in Adobe Flash and Windows OS.

Another method of transmission is through malicious email attachments. An example of this was discovered by cybersecurity professional JAMESWT, who discovered a phishing campaign that targeted the Italian population by pretending to be the Italian revenue agency.

Previously, maintaining updated backups was sufficient best practice to protect against ransowmare attacks, as their leverage hinged on the amount of damage that is done to company productivity. In light of the new strategy of data leakage, ransomware protection has to put greater emphasis on preventative measures rather than reactive measures.

This can include strategies such as:

-Educating your employees on proper cyber hygiene and signs to look for when identifying fake emails

-maintaining strict information privilege matrices in the company so that sensitive data is kept on a need-to-access basis.

-strengthening firewalls and keeping software up-to-date

GIGE IT Solutions specializes in designing and managing your IT security for your company. Don’t be the next ransomware victim, and call us at +1 888 366 4443 to get started right away.

Malware, or malicious software, is any piece of software that is developed with malicious intent. There are many strains of malware that do everything from stealing sensitive data to locking files behind ransom walls.

There are many ways that a computer can become infected with malware. Many of these, such as phishing, rely on user mistakes. Phishing is a method of infecting a computer with malware by attaching fraudulent links or attachments to emails, pretending to be sent from legitimate sellers. Once the user clicks on the fake link, a malicious file is downloaded onto the victim’s computer.

Once a malware infiltrates a computer, it often communicates back with the cyberattacker’s terminal through the internet.

The effects of malware depends on the strain that is used. For example, ransomware is a specific type of malware that encrypts the files on a victim’s computer and demands a ransom to be paid, often in digital currencies, for the data to be released.

Another type of malware is called a botnet. This type forces groups of infected computers to become under the control of the cyberattackers, who then uses the botnet for further malicious activity such as launching Denial of Service (DOS) attacks on other targets.

 

Worm Capability

Some malware have worm capability – this is a functionality that allows it to spread to other computers without user input. This makes worming malware extremely dangerous, as it can spread throughout entire networks without being detected.

An example of a worm-capable malware was Wannacry – a ransomware that was able to infect over 100 000 computers within 24 hours in May of 2017.

 

How do you Stop It?

Keep admin privileges on a need-to-have basis

In general, the less administrative privileges that a company’s computer has, the less of a weak point it is to the network as whole. It is important to keep administrative rights to only a few management devices, so that it is less likely that a key target computer becomes infected.

 

Segmenting your network with air gaps

As described above, worm malware can spread itself across a network without user input. The most secure way to protect your sensitive devices is by disconnecting them completely from the network. That way, if one segment becomes infected, you can be sure that another segment is still secure. Don’t fall victim to cyberattack – let our network experts help you design custom security solutions to keep your company’s data safe.

Multinational insurance company CFC Underwriting says that human error still remains a primary factor in the thousands of cybersecurity insurance claims that the company handles. In 2018, the insurance company received over a thousand claims relating to ransomware, malware, data breaches, and data theft. Of these incidents, CFC Underwriting notes that the following human-driven errors were the leading cited causes of cyberattack claims:

 

Phishing Attacks:

A phishing attack is a type of cyberattack that uses malicious links in an email to trick victims into sharing personal information or downloading malware. The emails can be targeted at high-profile victims such as CEOs and CFOs, or can be sent en masse to millions of people. The main danger of this type of attack is that it is often difficult to distinguish between a legitimate or malicious email. Some attackers even construct entirely fake websites with credential fields that send the information directly to their systems. Phishing attacks are a major point of infection for ransomware attacks.

 

Business Email Compromise:

Business Email Compromises (BEC), are a specific type of malicious email attack that targets businesses that conduct wire transfers on a daily basis. The goal of these attacks is to trick these companies into completing transfers to malicious accounts. According to the FBI, around 80 000 cases were reported between October 2013 to May 2018, with a total theft of $12.5 billion.

CFC Underwriting reported that employees not following-up to check if funds were properly transferred was a major cause of the prevalence of this type of attack.

 

Losing a Device:

CFC Underwriting stressed that a common cause for data breach was misplaced or lost devices. Leaving computers and phones that contain sensitive information unattended can lead to accidentally sharing private company data.

 

What can you do to reduce minimize the risk posed by human error?

Human error will always be a risk factor in cybersecurity. Here are some best cybersecurity practices for you to protect yourself:

Stay up-to-date on phishing techniques – by training yourself and employees on key factors to look-out-for in phishing emails, you can significantly reduce risk of infection. See our article on phishing scams to learn more about this type of attack.

Keep track of your company’s devices. A key part of mitigating data breach damage relies on early detection, as seen by the recent data leak at HCL. Keeping a close eye on your devices ensures that missing devices are detected early and that efforts can start on damage mitigation.

Managed IT Security providers like GIGE IT Solutions can help you protect yourself against the risk of human-caused cyberattack. By designing customized IT security plans for your company and monitoring your security and data backup on a 24/7 basis, we ensure that you are always prepared. Call +1 888 366 4443 for an immediate consultation, or email us at info@gige.ca

The list of ransomware victims continues to grow. Florida’s Lake City and Riviera Beach City have both fallen victim to cyberattack. Both cities have been forced to pay $500 000 each to the attackers in attempts to unlock the encrypted files.

On June 5^th, the City of Riviera Beach released an official announcement stating that a “data security event” has occurred. One day later, the Lake City Police Department released a similar announcement, detailing that a ransomware attack had disabled many of the city’s systems, including email, VoIP and credit card channels.

As a result of the attacks, both governments have been thrown back to analog working environments, hand-writing bills and permits while the systems are recovered. Despite the ransom payments, there is no guarantee that the lost data will, or even can, be decrypted by the cyberattackers.

Riviera Beach released that the ransomware virus infected their systems through a malicious link in an email. Lake City, on the other hand, stated that their system was intruded after attacks on multiple fronts of their network.

What is Ransomware?

Ransomware is a type of cyberattack that encrypts data on a computer and asks for a ransom fee for an unlock key. Encryption renders ordinary data unreadable, and can only be decrypted by using the key supplied by the attackers.

This type of attack has seen a massive uptick in recent years. Since January 2016, over 4000 ransomware attacks have occurred daily, according to the U.S. Department of Homeland Security. Targets of these attacks range from households and small organizations to governments.

There are many factors that caused the widespread use of ransomware. Firstly, the rise in cryptocurrency popularity have given attackers an ideal payment channel. Recent years has seen digital currencies such as Ethereum and Bitcoin rise in both usage and value. Bitcoin, for instance, costs around CAD 14 000 as of July 3^rd 2019. Some of these currencies are designed to be difficult to track, therefore making them perfect for cyberattackers.

The unpreparedness of companies and governments to deal with ransomware attacks is another reason why this type of attack has been so successful. As demonstrated by the attacks of the Florida cities, ransomware causes significant damage to day-to-day functions. Therefore, businesses and governments are often forced to simply pay the fee to avoid compounding damage.

Don’t fall victim to ransomware. Managed IT service providers can help you design and monitor backups of your data to restore your systems in the event of an attack. GIGE IT Solutions provides customizable backup and security solutions tailored to your business goals. Call us at +1 888 366 4443 for an immediate consult.