Ferrum Technology Services Blog

It’s one thing to avoid ransomware entirely, but what does a business do when it’s already within its walls? Today we are going to discuss how your business can recover from a ransomware attack, as well as measures and solutions you can implement to ensure that it doesn’t happen again.

A new ransomware attack has surfaced, this time mostly targeting IT companies and their clients. The attack is specifically targeting the Kaseya platform. Kaseya is management software that many IT companies use to remotely manage and support technology. The attack in question attacked Kaseya’s supply chain through a vulnerability in its VSA software; this attack is notable because of how it targeted the supply chain, not only striking at the vendor’s clients—notably IT companies—but also their customers. Basically, this attack had a trickle-down effect that is causing widespread chaos for a massive number of businesses.

Ransomware is such a major problem for computing-dependent organizations that even government agencies are getting involved, equipping businesses and organizations with tools to help themselves identify whether or not they are at risk of these attacks. The most recent addition to this group, the United States’ Cybersecurity and Infrastructure Security Agency (CISA) have made their Ransomware Readiness Assessment, or RRA, available as part of its Cyber Security Awareness Toolset.

Ransomware has been a scourge to businesses for years now, with it unfortunately experiencing a renaissance of sorts as the COVID-19 pandemic came to the fore. With increased phishing attacks and other means of spreading ransomware now taking advantage of the ongoing situation, it is all the more important that these attempts can be identified and mitigated.

Countless high-profile ransomware attacks have surfaced over the past several years, all against targets like manufacturers, pipelines, hospitals, and utility companies. Obviously, these attacks are a cause for concern, but some small businesses might make the mistake of thinking themselves too small to target. Unfortunately, this is simply not the case; we’ll help you protect your business from these devastating cyberattacks.

This past May, Ireland’s Health Service Executive—the organization responsible for providing healthcare and social services to the country’s residents—was successfully targeted by a major ransomware attack. Unfortunately, we are still talking about it now because the entire situation has forced us to acknowledge the aftereffects of such an event.

Once again, ransomware strikes, this time targeting the world’s largest meat processor and distributor, JBS S.A. This disruptive cyberattack forced the company to suspend operations in both North America and Australia, a move which had devastating consequences to the supply chain. What can we learn from this situation?

As is often the case with ransomware attacks, the situation with the Colonial Pipeline hack has grown more complex as more information regarding the attack has been discovered. Here are some of the major developments that you should keep top of mind in the wake of this devastating ransomware attack.

In what sounds like a positive shift, cybersecurity experts have announced their research has found that cyberattacks are spending less time on the networks they infiltrate. Unfortunately, this isn’t such a clear-cut positive. Today, we’ll discuss “dwell time” and how less of it is a problem. 

We’ve become aware of a concerning phenomenon: the perception that a business that has already been targeted by a cyberattack, won’t be attacked again. We here to tell you that this is decidedly not the case—in fact, according to cybersecurity solutions provider Crowdstrike, there’s a 68 percent chance a targeted business will see another attack within a year.

Ransomware has been a real problem for the past several years. This is a result of a shift in the ways hackers approach their craft. Once known for breaching networks directly, the establishment of uncrackable encryption left hackers looking to change their strategies. Today, they use scams to get people to give them access to network resources. If they are successful, it can deliver more than headaches for a business. Let’s look at what makes ransomware so dangerous and how your company can combat the constant attacks that come your way. 

Ransom: a sum of money is demanded in order for the release of goods.
Software: the programs and other operating information used by a computer.

What do you get when you combine the two? Ransomware. 

On March 22, 2018, a remote-triggered ransomware called “SamSam” demanded a one-time payment of $51,000 be made to restore the city of Atlanta, Georgia’s, data. Despite an operating budget somewhere in the neighborhood of $625 million, Atlanta’s municipal leaders refused to pay the fine. The “hostage situation” has cost the city over $2 million already with an expected $9.5 million more likely to be spent restoring and re-enforcing the municipality’s network and infrastructure. This doesn’t take into account downtime and the significant amount of data lost in the hack. Whether or not you think it’s a good idea to not pay the ransom, if a whole city - especially one as large as Atlanta - can effectively be crippled by a single hack, you better believe that your business has to get serious about its cybersecurity efforts.

If you were a cybercriminal, what would be your preferred method of launching a ransomware attack? Would you rather create a catch-all threat that could capture as many potential victims as possible, or a calculated approach to land a big one? Despite the proven results of larger ransomware initiatives, most cybercriminals have made the shift to smaller, more targeted attacks against specific companies, and in some cases, individuals.

In yet another widespread ransomware attack, Eastern European countries saw an assortment of their critical establishments and infrastructures struck by an infection known as Bad Rabbit. Government buildings, media establishments, and transportation centers were among the targets of this attack.

The Internet is a vast place filled to the brim with threats, especially for businesses that need to preserve the integrity of their infrastructure and keep critical data safe. The Cisco 2017 Annual Cybersecurity Report states that ransomware is growing at a yearly rate of 350%, which is a considerable number to say the least. Here are five tips that can help you keep your business safe from ransomware infections.

Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing history.

On May 11, 2017, the WannaCry ransomware spread around the globe like wildfire and disabled computing infrastructures belonging to organizations of all shapes and sizes. As the world watched the news unfold, it seemed as if practically no business was immune to this ultra-powerful ransomware. Yet, many quick-thinking organizations were. All because they had the foresight to follow IT best practices.

Ransomware remains a very real threat, and is arguably only getting worse. Attacks are now able to come more frequently, and there are opportunities for even relative amateurs to level an attack against some unfortunate victim. However, this is not to say that there is nothing you can do to keep your business from becoming another cautionary tale.

Run your Windows Updates and be very skeptical about opening unsolicited emails. Failure to do so may result in a very dangerous strain of ransomware that could infect your entire network and spread to your clients, partners, and prospects.