I wanted to reach out to you because it is becoming crazy. 2020 is just crazy!
This week in cybersecurity has been busy with lots of news…and most of it is malicious, harmful and evil.
We start with the operators of the REvil Ransomware who have launched a new auction site used to sell victims stolen data to the highest bidder.
Once, they compromise your network they quietly spread laterally through the company while stealing unencrypted data from workstations and exposed servers… after which, they then proceed to encrypt all your machines on your network.
The second story is how the VT San Antonio Aerospace, a leading maintenance a repair firm was successfully breached by another form of Maze Ransomware. During the attack, they stole 1.5 TB worth of data.
My next story is how the business services giant Conduent that employs 67,000 employees and a revenue of $4.47 billion in 2019 was also struck by the Maze Ransomware. They too suffered a data theft of 1 TB.
As if that is not enough, the Nightwalker Ransomware has successfully attacked the University of San Francisco (UCSF), stolen data and then encrypted their machines. The UCSF ranks #2 in medical schools for research and #6 in best medical schools for primary care in the US.
And last but not least, Ransomware gangs says it breached one of NASA’s IT contractors. An ironic message, the operators of the DopplePaymer ransomware, have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA’s IT contractors.
Why Do You Need To Care?
You may be thinking… “well, all those examples you mentioned are all large enterprises…and I’m a small business, so why should I be concerned,… why should I care?”
Unfortunately, such thinking will get you in trouble. There are different types of Ransomware that target various industries and businesses.
Have you heard of the Tycoon Ransomware?
This new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organisations in the software and education industries since last December 2019.
The ransomware is a multi-platform Java-based malware that can be used to encrypt both Windows and Linux devices.
After they infiltrate their victims’ networks, they go about locking the administrators out of the systems, disabling the anti-malware system and encrypting systems. See below the Ransomware note they leave:
What can you do?
First, have a plan in mind. Industry experience shows that the plan should not be to pay the ransom. The plan should instead have three simple elements, quickly detect and identify systems affected by ransomware, contain the ransomware and then quickly recover.
Second, have exceptional offline secure backups! In the majority of ransomware events, the infected system will need to be rebuilt and the affected data restored from backup – there is simply no other effective means of recovering from a ransomware event. Having backups of your key business data offline (not always connected to your network) means that a ransomware event will not be able to affect it, that offline backup can then be utilised when needed to recover. Far too many businesses have online and accessible backups that the attackers behind ransomware also target!
Third, test your plan, more specifically make sure you know how to contain affected systems – disconnect them and isolate them from your network, test how you would rebuild an affected system, and then restore your offline backups regularly to a test system to ensure you are effectively backing up the right data.