Subscribe to RSS - Ransomware

Ransomware

Weak passwords and ransomware infections go hand-in-hand

 - 
Wednesday, January 22, 2020

Did you know … the first ransomware attack happened in 1989 by Joseph L. Popp, a Harvard-trained evolutionary biologist? As history tells us, Popp created the AIDS Trojan, known as the PC Cyborg, and sent 22,000 infected diskettes, labeled “AIDS Information – Introductory Diskettes,” to an international AIDS conference. 

Unsuspiciously, the diskette did educate the user, but it also infected the user’s computer. After approximately 90 reboots, the virus would encrypt files on the hard drive, and to reverse it, the price was $189 made payable to a P.O. box in Panama. 

Although Popp’s virus was easily defeated, it started a snowball effect across the digital world. 

It’s been 31 years since the first ransomware infection and we’re still dealing with these on the daily. Research from precisesecurity.com, showed weak passwords caused 30 percent of ransomware infections in 2019. 

“Weak passwords.” How many times do we see or hear this phrase? Ad nauseam, if you ask me. And, yet, a quick Google search reveals some of the most popular passwords of 2019: 

  • 12345
  • 123456 (This one was used by 23.3 million victim accounts globally.)
  • 12345678 (This was chosen by 7.8 million data breach victims.)
  • 111111
  • test1
  • abc123
  • Password (More than 3.5 million people use this one to protect their sensitive information.)

It just doesn’t make sense. Yes, we have what seems like a bajillion passwords to remember for access to various locations, physically and digitally, but taking the easy way out hasn’t served us or the world well up to this point. It’s only produced one of the leading cyberattacks used by cyber criminals — ransomware.

So, now what? I suggest we take control over our password/phrase creation and usage. My proposal is simple: Set aside some time to create a list of strong passphrases and/or words once every quarter, adding each time to the previous list. Schedule “password/phrase creation” into your calendar so you set the intention ahead of time. The result will be a list of passwords/phrases that can be used anytime: when asked to update, creating a new account, etc. 

A Quick Tutorial

Creation: Think of a secret about yourself that only you or very few of your closest family/friends know. (To my knowledge, cyber criminals have yet to figure out how to hack brains to get information, so this seems like the safest, most secure information.) Then, create a passphrase, incorporating letters, numbers and symbols with your secret. 

Example (DO NOT USE): …Th3Qu1ckBr0wnF0xJump3d0v3rTheLazyD0g!?

Usage: Use a different, unique password or phrase for each account. Does this take time? Yes. Is it worth it to help prevent ransomware attacks? According to the statistics, yes, but this is something you have to decide for yourself by asking: “Is it worth my time to create strong passphrases and/or passwords to keep my sensitive information, such as access to my bank account or work life, safe?”

Lest we forget, Albert Einstein did define “insanity” as “doing the same thing over and over again and expecting different results.”

The state of ransomware ...

 - 
Wednesday, January 8, 2020

The recent cyberattack on the city of New Orleans is another sobering example of how vulnerable we are as a nation to cyber criminals. Even for cities like New Orleans, which was prepared for such an attack, there is an incredible amount of time and effort and cost that goes into getting a city back up on its feet after such an incident.

Following the New Orleans attack, a report on the State of Ransomware in the U.S., created by cybersecurity research firm Emsisoft, was rushed to be released ahead of its original Jan. 1 2020 release date because, as researchers pointed out, the New Orleans incident “elevates the ransomware threat to crisis level. Governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”

By releasing the report early, the company hopes it will help “kickstart discussions and enable solutions to be found sooner rather than later. Those solutions are desperately needed.”

Looking at the numbers on ransomware, they are pretty mind numbing, as in 2019 the U.S. was hit by “an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion,” according to Emsisoft.

The impacted organizations included:
•    113 state and municipal governments and agencies;
•    764 healthcare providers; and
•    89 universities, colleges and school districts, with operations at up to 1,233 individual schools potentially affected.

The incidents were not simply expensive inconveniences, according to the report, which noted that the disruption they caused put people’s health, safety and lives at risk. For example:
•    Emergency patients had to be redirected to other hospitals;
•    Medical records were inaccessible and, in some cases, permanently lost;
•    Surgical procedures were canceled, tests were postponed and admissions halted;
•    911 services were interrupted;
•    Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field;
•    Police were locked out of background check systems and unable to access details about criminal histories or active warrants;
•    Surveillance systems went offline;
•    Badge scanners and building access systems ceased to work;
•    Jail doors could not be remotely opened; and
•    Schools could not access data about students’ medications or allergies.

“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020,” Emsisoft CTO Fabian Wosar said in the report. “Governments and the health and education sectors must do better. ”

Other effects of the incidents included:
•    Property transactions were halted;
•    Utility bills could not be issued;
•    Grants to nonprofits were delayed by months;
•    Websites went offline;
•    Online payment portals were inaccessible;
•    Email and phone systems ceased to work;
•    Driver’s licenses could not be issued or renewed;
•    Payments to vendors were delayed;
•    Schools closed;
•    Students’ grades were lost; and
•    Tax payment deadlines had to be extended.

In looking at how unprepared local governments are, a 2019 University of Maryland, Baltimore County research report based on data from a nationwide survey of cybersecurity in U.S. local governments, stated that, “Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and funding for it,” and that “Local governments as a whole do a poor job of managing their cybersecurity.”

The issues identified included:
•    Just over one-third did not know how frequently security incidents occurred, and nearly two-thirds did not know how often their systems were breached;
•    Only minorities of local governments reported having a very good or excellent ability to detect, prevent, and recover from events that could adversely affect their systems; and
•    Fewer than half of respondents said that they cataloged or counted attacks.

In some cases, governments failed to implement even the most basic of IT best practices, the report noted. For example, Baltimore experienced data loss because data resided only on end-user systems for which there was no backup mechanism in place.

According to the University of Maryland, Baltimore County's research, more than 50 percent of governments identified “lack of funding” as a barrier to cybersecurity and this is almost certainly an issue in the education and healthcare sectors, too. “Resolving the problem may simply require that organizations reallocate their existing budgets, or it may require that additional funding be provided either by federal or state government. In either case, it is an issue that must be addressed,” researchers concluded.
   
While 966 government agencies, educational establishments and healthcare providers were impacted by ransomware in 2019, the report noted that not a single bank disclosed a ransomware incident.

“This is not because banks are not targeted,” researchers noted. “It is because they have better security and so attacks against them are less likely to be successful. If government agencies were simply to adhere to industry-standard best practices — such as ensuring all data is backed up and using multi-factor authentication everywhere that it should be used — that alone would be sufficient to reduce the number of successful attacks, their severity and the disruption that they cause.”
 
As Wosar pointed out, “2020 need not be a repeat of 2019. Proper levels of investment in people, processes and IT would result in significantly fewer ransomware incidents and those incidents which did occur would be less severe, less disruptive and less costly.”
 

5 important facts you need to know about the Texas-based ransomware attacks

 - 
Wednesday, August 21, 2019

Whomever is the culprit for all these ransomware attacks on local U.S. government entities sure is getting a ton of notoriety in the media. With 22 reported and known public-sector attacks so far this year, and none tracked by the federal government or FBI, according to CNN, I say, the more information available the better for those needing to protect themselves. 

The most recent ransomware attack happened in my home state of Texas against 22 small-town governments, and while our “Don’t mess with Texas” campaign is aimed at road-side litter, I think it’s appropriate that we take out the trash on cybercrime, too! Here’s 5 important facts you need to know about these attacks: 

Names of the attacked municipalities are undisclosed, except for two. The city of Borger, Texas, located a few miles north of Amarillo in the Texas Panhandle, issued a statement noting that as of Monday, August 19, 2019, birth and death certifications are offline, and the city is unable to take utility or other payments. The city reassured residents that no late fees would be assessed nor would any utilities be shut off.

Keene, Texas, located just outside Ft. Worth, Texas, was also affected in a similar fashion as Borger. They, too, are unable to process utility payments via credit card. Keene Mayor, Gary Heinrich, told NPR, that hackers breached the information technology software used by the city and managed by an outsourced company, which according to the Mayor also supports many of the other targeted municipalities. 

Heinrich also noted that the hackers demanded a collective ransom of $2.5 million but also said there’s no way his city will be coughing up the dough!
“Stupid people,” Heinrich told NPR, referring to the cyber attackers. “You know, just no sense in all this at all.” 

Attacks seem to be from one, single threat actor. This means only one cybercriminal or cyber-criminal group is responsible for the attacks. 

Attacks are coordinated. What’s so alarming about these attacks is that they simultaneously targeted approximately two dozen cities, dubbing it as a “digital assault.”

Attacks are mostly rural. Small-town governments usually don’t have the budget to staff in-house IT, instead using outsourced specialists. This could mean valuable time that should have been used to quickly assess each incident was spent bringing the outsourced specialists up to speed about the details of the attack before any response could begin. 

The overarching goal is response and recovery. The affected municipalities are assessing and responding and, as quickly as possible, moving into remediation and recovery to get back to operations as usual as soon as possible. 

 

Need for cybersecurity soaring

 - 
Wednesday, August 10, 2016

If you aren’t that worried about cybersecurity and the threat of a ransomware attack, you should be.

According to a new report, “State of Ransomware,” which was sponsored by Malwarebytes and conducted by Osterman Research, nearly 40 percent of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20 percent had to stop business completely.

And that doesn't even include the companies that aren't reporting being attacked. According to FBI Section Chief Philip Celestini, who was a featured speaker at ESX 2016 in Fort Worth, Texas, 80 percent of companies that have been attacked by ransomware “are not reporting it to law enforcement,” he said. The FBI is reaching out to the industry, Celestini said, for its help in spreading the word of the importance of cybersecurity and working with law enforcement to minimize loss.

According to the FBI, ransomware attacks went from causing $25 million in losses to $200 million in just the last year in the U.S., as well as an astonishing $2 trillion in cyber crime losses worldwide.

According to Nathan Scott, senior security researcher at Malwarebytes and a ransomware expert, over the last four years, “ransomware has evolved into one of the biggest cybersecurity threats in the world, with instances of ransomware in exploit kits increasing 259 percent in the last five months alone. Until now, very few studies have examined the current prevalence and ramifications of actual ransomware incidents in the enterprise.”

Some other key U.S. findings from the study include:
- Security attacks with ransomware are increasing: Nearly 80 percent of U.S. companies have suffered a cyber attack in the last year and more than half experienced a ransomware incident. US organizations are the most attacked among the countries surveyed.
 - Email is the top vector for spreading ransomware: More than half of the U.S. attacks originated with email.
- Upper management and C-Level executives are at a higher risk: 68.4 percent of U.S. respondents noted ransomware attacks impacted mid-level managers or higher, while 25 percent of incidents attacked senior executives and the C-Suite.
- Cybercriminals held high-value data for ransom: Nearly 80 percent of the U.S. organizations breached had high-value data held for ransom.
- Attacks are impacting more than initial endpoints: More than 40 percent of ransomware attacks in all four countries were successful in impacting more than a single endpoint, with nearly 10 percent of the attacks affecting more than one-quarter of the endpoints in the business.
- Current enterprise security measures are weak against ransomware: Almost half of ransomware incidents in the U.S. occurred on a corporate desktop within the enterprise security environment.
- Ransomware remediation takes hours: 44 percent of attacks on U.S. companies forced IT staff to work more than nine hours to remediate the incident. Globally, the figure is 63 percent of incidents that took more than nine hours to remediate.