Chances are you have heard about the recent phishing and credential-stuffing attack on more than 1,500 companies. The ransomware group that claimed responsibility, Ransomware Evil, also known as REvil gained access through a platform called Kavesa VSA. The company did deny there was a supply chain attack, it did shut down its Saas platform. The company is still struggling to recover from the attack. Hacking into your business data is surprisingly simple and protecting yourself can be easy.
The way ransomware attacks disrupt and hijack a company’s data is by distributing “malicious code through faked advertisements and trojan horse downloads.” After gaining entry, though Revil upped its game and its attacks.
Some of the higher-profile companies that have been attacked by what is becoming known as RAAS (ransomware as a service):
- Quanta Computer, an Apple supplier
- An entertainment-focused law firm, Travelex
- A nuclear weapons contractor
- French Connection UK, a fashion giant
- A major meat producer and supplier
This group of cyber hackers who are hacking in and extorting money from the companies it is targeting have made ransomware attacks one of the “most pressing security threats facing businesses – nations – today.” REvil provides decryptors and adaptable encryptors, services and infrastructure for the negotiation process. If the victim’s don’t pay the demand for ransom, its information is leaked to the dark web and others.
Hacking Into Your Business Data Is Surprisingly Simple
Ransomware attacks and hacking have become big business for groups like REvil that receive a percentage of the ransom price that is negotiated, as its fee for providing the “service.”
How are victims of the ransomware hijacking coerced into paying the ransom?
- The data is encrypted so the company cannot access its information, restore from backups or use its computer systems
- The data is stolen and threats to post it on leak sites are threatened
In the first quarter of 2021 REvil’s affiliates averaged more than $2 million per breach payout from hacking incidents. The recent Kaseya attack has a ransom demand of $70 million in exchange for the decryption key.
How did they get in and hacking your data?
Access was gained by the cyber hackers:
- Using previously compromised credentials and gaining access to the remote desktop protocol servers
- Sending a phishing message
- Firewall compromises
After the hackers gain access, they create new domain and local user accounts, disable antivirus, security services and any other “protections” a company’s IT department may believe it has in place. Once a hacker like REvil gains access it spreads its tentacles through the network using open-source tools as a way to gather intelligence on the company and the environment of the victim of the breach.
A company’s IT department may not even immediately realize it’s been breached. In some instances the hackers will wait up to a month so they can gain access to even more data and archived data.
What can an IT department and company principles do to help ensure a cyberattack isn’t perpetrated on it?
- The IT team needs to know what is normal, and what’s not, in the environment they manage.
- Question anything out of the norm and any abnormalities
- Investigate anything that looks questionable
- Question whether the defenses your company has in place are adequate (and make them much, much more than adequate)
- What endpoint visibility does the IT team have?
- What alerts are enabled when a hack is in evidence?
- Do all the users need the same, or similar, levels? Does your IT staff enable only what the end user truly needs rather than having a blanket policy of “everyone gets access to everything.”
All it takes is one phishing email, one staff member clicking on a suspicious link or opening an infected document or using/re-using a password that has been compromised.
It’s almost impossible to protect your company from all attacks, but complacency, lack of accountability and lax security protocols certainly open the door to hackers. These threats are ongoing. Daily, in fact. You only hear about the BIG guys getting hacked and getting ransomware demands, but it is happening across the globe to businesses just like yours.
Be proactive, not reactive. Reach out to Seth Melendez today for free risk analysis.
WareGeeks Solutions is a Roselle, New Jersey-based full-service IT Solutions and Service Provider.
We specialize in Data Protection, specifically Business Continuity and Disaster Recovery (BCDR) and Cyber Security. We work with all small, medium, and large companies. We conduct a multi-level risk analysis that identifies processes procedures and/or technology that stifle productivity with oppressive layers of complexity. If you have IT or security questions contact Seth at WareGeeks Solutions. For information or a consultation, call (877) 653-7146, or email us at firstname.lastname@example.org. www.waregeeks.com