Newsletters
Risk Central
Digital Edition5 Ways to Protect Yourself Against This New and Dangerous Ransomware
Imagine this scenario: You’re sitting at your desk at work, when suddenly your computer screen is covered by a long message. You try closing out the window but that doesn’t work. You scan the message: “Your computer has been infected… Your files are encrypted and currently unavailable… time is much more valuable than money.”
At first you think it’s some kind of glitch, but as you look closer you realize it’s a ransomware attack. The note explains that your data has been encrypted by hackers and it’ll cost $1,300 to get the encryption key. If you wait two more days to decide, the price doubles to $2,600. And the preferred method of payment? You guessed it: Bitcoin.
Thinking it’s some kind of joke you stand up and look around the office — only to realize everyone’s computer has been infected. Say hello to Sodinokibi.
Sodinokibi is a new ransomware causing damage to businesses and computer networks. Ransomware is basically a computer virus that uses encryption algorithms (typically meant for data security) to make your data inaccessible.
The hackers demand money (aka a ransom) in exchange for the decryption key. There’s a chance you can restore with data backups, but don’t be surprised if hackers infected those too. Ransomware hackers are strangely organized.
Some even have customer service hotlines with telephone or web chat support to help expedite payments or troubleshoot problems with encryption keys.
In the past four years, ransomware attacks have extracted an average of $2,300 per victim in 2019, up from $210 four years prior, according to Chainalysis research.
One called Samsam infected more than 200 U.S.-based victims and collected $6 million — including some local governments.
Now we’ve got Sodinokibi, which appears to be a continuation of another ransomware called GandCrab, even though the GandCrab creators claimed they retired.
Tom Bennett, cyber security incident responder, CFC Underwriting
“Cyber crime is so incredibly lucrative. You can rob a bank in a traditional armed robbery and you might get 70,000 pounds or you can rob a bank online and get 1 billion,” said Tom Bennett, cyber security incident responder at CFC Underwriting.
Threat actors appear to be targeting managed-service providers (aka third-party vendors) that have access to data for a variety of companies. It got particularly bad during the July 4th holiday, he said, when plenty of managed service providers returned from vacation to discover the infections.
“It’s a hub-and-spoke model. If you get in the middle of that wheel, you can go to all the individual spokes,” said Bennett. “So through the effort it takes to do one infection, you get hundreds or thousands of companies infected.”
But paying the hackers to remove the ransomware is just the beginning of your problems.
“Using the decryption key is a lengthy process prone to errors. If you don’t pay and restore from backups, expect plenty of hiccups too,” said Bennett. “Worst case scenario, you could be looking at weeks of business interruption. I’ve seen businesses down for weeks, even after they’ve paid.”
Refusing payment should be done at your own peril. The city of Baltimore got attacked with hackers demanding more than $75,000 for each computer affected. The city refused to pay and is now facing an $18 million bill to get their systems back up-and-running.
Ways to Protect Your Business From Ransomware
The best way to defend against an attack is to never get attacked in the first place. Following these steps can help:
1) Implement multi-factor authentication. Make employees sign in with two or more methods of identification (typically the second is responding to a notification on their smartphone).
Bennett says exploitation of remote desktop services is the main way hackers get inside a system and multi-factor authentication “stops that dead in its tracks and makes the company basically immune to that entire class of attack.”
2) Update your software. In one instance, hackers exploited software vulnerabilities in Oracle Web Logic and used it to infect computer systems with Sodinokibi, said Bennett.
Oracle discovered the problem and issued a patch — but since people don’t often update their software, plenty of computers got infected anyway.
3) The best passwords are long passwords. The longer a password, the harder it is to break. Think 15 characters or more and sprinkle in a few special characters too.
Bennett says that if the managed service providers had longer, more complex passwords, it would have been nearly impossible for hackers to infect their systems.
4) Spam filtering is your friend. Businesses receive phishing emails all the time. Having a spam filter can detect phishing emails and filter them out before they even hit your inbox.
5) Take employees on a phishing trip. Train employees on proper email usage. Teach them how to detect a phishing scam. For extra credit, send them a phishing email of your own, perhaps asking them to re-login to their email accounts or download a potentially malicious file.
Seeing who fell for the attack will help you identify weaknesses and rally your team around the idea of security. &
