Byte-Size Tech: Managed IT Firm Stopped Ransomware Attack In Progress
Posts
Ransomware as a Service: When Criminals Mimic Corporations
When you imagine cyber criminals planning ways to infect hundreds of thousands of computers, you probably don’t picture sophisticated marketing operations and software licensing, but you’d be surprised. The black market on the Dark Web is much like any other online store where you purchase goods, only its products are more nefarious. Cyber criminals copy the techniques used by corporations to increase profits by authoring and distributing ransomware-as-a-service (RaaS). RaaS enables less tech-savvy cyber criminals to quickly set up shop, and often includes “customer support,” easy-to-use dashboards, and guides on how to most effectively distribute ransomware onto victims’ machines.
The RaaS Business Model
This is not a recent development. RaaS has been used since 2016, and has proved to be a lasting business model for cyber criminal organizations. These organizations utilize modern marketing and corporate strategies to get their “customers” to choose their ransomware services over other offerings on the Dark Web.
How Does RaaS Work?
In a traditional software business model, a user pays a one-time fee to buy a license for a specific version of the software outright. There are no other costs throughout the life of the software, but if the user wants to upgrade to a newer version, the software must be purchased again. But being required to buy each new version that’s released can be financially impossible for some consumers. That’s where software-as-a-service (SaaS) comes in.
With SaaS, the user can “rent” the software for a monthly fee, giving the user the most current version of the software at a greatly reduced upfront cost. But unlike traditional software purchasing, if the user ends their subscription, they lose access to the software.
On the Dark Web, RaaS utilizes both these business models. Instead of a bad actor authoring and distributing their own ransomware onto victims’ computers, cyber criminals pay for someone else’s ransomware strain. This allows even those who don’t have the skills necessary to create their own ransomware strain to enter the ransomware market.
This arrangement is beneficial to the author of the ransomware, as well. In addition to the subscription price, the author often gets a cut of each ransom paid. The more subscribers who buy and distribute their ransomware, the more money the author makes without needing to infect a single computer themselves.
This is where RaaS mimics legitimate businesses. Some ransomware authors sell licenses using the traditional software business model. When a cyber criminal buys the ransomware license, they are free to use it as much as they want. Other ransomware authors have adopted the modern subscription model of SaaS. As a subscription, buyers have to continue to pay monthly or by number of infected computers. In return, the ransomware they “rent” receives updates and continued support from the author. To entice cyber criminals to choose their strain, some authors will offer discounts or adjust their cut of the ransom. Some even provide tutorials and customer support to buyers to help with distribution.
Ransomware Finds New Ways to Make Victims Pay Up
The authors of ransomware strains aren’t the only ones offering customer support. For several years now, criminal organizations spreading ransomware have provided customer support representatives to facilitate payments, such as helping victims buy bitcoin or walking them through the payment process. Sometimes these customer support reps even lower the ransom for victims unable to pay the requested amount.
While offering customer service may seem absurd for a criminal enterprise, the newest extortion method fits right in. The threat of ransomware includes not only the loss of data but also the weaponization of that data by bad actors. Until now, the risks associated with not paying the ransom have been limited to criminals farming the encrypted data for credentials or losing the data altogether. Now a new type of extortion is threatening to come to the forefront.
To thwart the growing number of businesses taking cyber security seriously and ensuring they have reliable backups in case of a ransomware attack, cyber criminals now threaten to release the unencrypted data they steal if the businesses choose not to pay the ransom. Those behind the Maze ransomware strain have a public website listing the names of businesses they’ve infected, as well as details about the attack and documents stolen from infected systems. The Allied Universal data breach and release was Maze’s first victim to be publicly exposed in this way.
What Can You Do?
When it’s not only loss of data but release of data that is the danger, the usual mantra of back up your data doesn’t cut it anymore. With this evolving threat landscape, prevention is the key to security.
In addition to basic security measures that all businesses should implement, intrusion detection is essential to modern cyber security. Bad actors are often in compromised systems for days or weeks before the actual ransomware attack happens. They can search files, disable security measures, corrupt backup systems, and more to make the business as vulnerable as possible. Identifying the problem when the intrusion first happens could save not only your money but your data and reputation as well.
Other precautions include encrypting all sensitive data so hackers can’t access it, having strong user access controls and passwords, and restricting administrator access to necessary IT personnel. This limits the amount of data criminals can access if they were to penetrate your systems.
Most of all, train your employees how to identify phishing methods and signs their computer may be compromised. Employees are the front line of defense against infection. Make sure everyone is trained at least annually to stay up to date with new ransomware strategies so that they and you don’t become unwilling customers of the ransomware business model.
If you need help shoring up your defenses against ransomware or need employee training, contact Anderson Technologies today!
Downtime Lifeline: One Law Firm’s Battle with Outdated Tech
When companies, non-profits, or entire city governments find themselves victims of cyber crime, it can feel like they’re frozen as the world moves on around them. This feeling, to a lesser degree, might also come as you’re sitting in front of your office computer every morning, twiddling your thumbs waiting for it to boot up so you can finally start your work day.
Ransomware looms as one of the biggest business tech threats of 2019. Organizations of all sizes are finding themselves in the cross-hairs of cyber crime actors who seek high payouts from insurance agencies and panicked data hostages. Why are some companies so quick to pay off the ransom?
Too often it’s the fear of downtime, or money lost while hackers obstruct you from your data and your business’s day-to-day operations. However, while ransomware dominates the tech industry news, a much more common and avoidable cause of downtime significantly affects organizations without raising alarms—outdated technology. A minute lost every time you try to access a file or launch your internet browser adds up quickly over the course of days and weeks. These wasted (and often-unnoticed) minutes can mean thousands in lost revenue for your company.
Let’s explore the real-life implications of business downtime due to hardware and software that has long been ready to be replaced. Luke Bragg, Lead System Administrator at Anderson Technologies, witnessed this firsthand.
Efficient Until Obsolete
A St. Louis business law firm reached out to Anderson Technologies in 2018 for help. Their old server was dying. It hadn’t been patched or updated in over a year, leaving it vulnerable to ransomware and other cyber attacks.
“Security was a major concern,” Bragg says. Slow speeds and cyber vulnerabilities were starting to impact the firm’s daily operations. Days after contacting us for help, the firm’s aging server experienced a catastrophic system failure and died altogether: “The server completely failed, and we had to keep them functional on emergency hardware while we put a new server in place.” Thankfully, the failure wasn’t caused by ransomware or another cyber attack, but the law firm felt how close they came to experiencing futile downtime.
Read more about the effects of downtime on a business here!
Downtime can be detrimental to any business, but some may feel the effects more strongly than others. Law firms constantly collaborate with other businesses and clients, as well as government organizations and the judicial system. Timing can be what makes or breaks a potential account. “Every business is different in how much downtime they can tolerate,” Bragg explains.
“This is a law firm, so their workflow is very critical with very little room for outages.”
Tell Old Tech to R.I.P. (Replace Itself Promptly)
The crashed server was a wake-up call, and acted as a jumping-off point for replacing more of the firm’s outdated hardware. Their workstations and wireless network benefited from a sprucing up as well.
Aside from the obvious security breaches, law firms and all kinds of other organizations suffer from negative effects of downtime due to antiquated tech. Employee productivity suffers when hardware is sluggish or undependable. Similarly, websites that aren’t mobile-optimized or user-friendly could turn away potential clients and impact your company’s digital presence.
Law firms especially run ethical risks when using outdated technology. “Technological competence” is a modern addition to the American Bar Association’s Model Rule 1.1. The last thing a law firm wants is a law suit because negligent treatment of the devices they use every day caused harm to a client. A big part of the work Anderson Technologies did for this law firm involved maintaining uptime and strengthening security during the hardware upgrade.
“Law firms tend to have constant workflows that are time sensitive,” Bragg says. “The key to success is being extremely detailed and properly communicating every step with the client so that scheduled downtime for things like network upgrades or system replacements is properly planned and the client’s expectations are factored into the equation.”
Anderson Technologies is now focused on replacing the firm’s outdated Windows 7 machines before the January 14, 2020, end of life deadline. “No other major projects are on the horizon at this point,” Bragg says, and the firm can rest easy knowing their new server is secure.
Businesses in need of a top-notch attorney wouldn’t wait until the last minute to seek out critical legal advice. Similarly, this St. Louis law firm discovered the value of employing knowledgeable and proactive IT experts well before the threat of downtime surfaced.
You don’t want to find yourself drowning in downtime because of outdated technology equipment. To find out if your business could use a tune up, contact Anderson Technologies today.
Learn: How to Protect Your Data from Ransomware
Learn all about ransomware and how best to protect your data from an attack in our new explainer.
Tired of Waiting to Work?
The true cost of ransomware.
Ransomware is a major threat right now. According to Datto, experts in data backup and recovery, 80% of managed services providers (MSP) report ransomware attacks in 2018, and 35% report that some of their clients experienced multiple attacks per day. Clearly, ransomware is nothing to sneeze about.
Surprisingly, though, it’s not the ransomware attack, but the downtime afterward that accumulates the greatest cost to your company. Time, manpower, customer and vendor trust are all affected. This increases the importance of defending your company against this threat.
Here’s a quick recap of what happens in a ransomware attack. First, your network or computer is compromised. Next, an intruder plants an infection that encrypts your data files, until, theoretically, you pay the “ransom.” Until then, you are stuck. You can’t use your hardware, applications, or access any of your data. Any employees who connect to your network for their job can’t work. Even if the ransom is paid, the likelihood of getting your data back as it was is fairly small. During this attack, your network is fair game to the cyber criminals, and you’ll have no idea which files they will exploit. In all reality, you might be starting from scratch to get your company up and running again. And that takes time. If you aren’t protected and prepared, you could suffer weeks of lost revenue with a high cost to recover.
The best solution for defending your company against ransomware is a multi-layer approach. To keep your network safe, you must have the following:
- A properly configured hardware firewall
- An internet content filter
- Email scanning prior to delivery
- Antimalware/antivirus software on each workstation
- Current operating system and third-party application updates
- Consistent, reliable, and tested backups
Whether it’s a cyber attack, human error, or hardware failure, a multi-layer approach is a safeguard for when one layer is compromised.
Read more about ransomware!
Backups are one of the most important aspects. They are your insurance policy to eliminate a huge amount of downtime. If ransomware infects your network despite all of the safeguards in place, your current backups will ensure your data is retrievable. Consulting with your IT department or MSP to ensure your backups are properly configured will keep the ransomware from infecting the backups as well.
Unfortunately, many companies don’t have all of these measures in place, and when ransomware hits, things get chaotic. Downtime can turn a disaster into a catastrophe.
Studies show that downtime has twelve times the cost of the actual ransomware attack. To calculate downtime, you must take into consideration direct employee costs, productivity losses, halted company production, and even more importantly, how your clients are affected. Are they getting the products and services they paid for? How does that affect their trust in you?
To counteract these detrimental costs to your company, it is important to focus on prevention and prepare for the worst, so when something does happen, your downtime is minimal. Backup services provide disaster recovery as a service to ensure your peace of mind no matter what.
Downtime Contributors
Ransomware isn’t the only cause of downtime, though. There are other things potentially sapping your company’s productivity every day. Poor performance due to outdated hardware, slow internet speeds, and hardware failure. How much are these often-overlooked daily experiences costing your business?
Old Hardware – New Software
Continually spending money on hardware can be frustrating. Unfortunately, that is the reality in the tech world. One year, the latest technology comes out with a wow and a bang, and by the next year, that amazing equipment is already out of date. Within a few years, it’s obsolete and can no longer handle even the most basic software updates.
Older hardware simply wasn’t designed to handle the latest resource-intensive apps.
Because technology changes so quickly, Anderson Technologies recommends replacing computers every three to five years, depending on your specific requirements. Replacing 20% of your machines per year keeps all equipment on a five-year rotation and your budget reasonable.
How can this plan save your company from downtime?
By upgrading your hardware regularly, your systems stay efficient and fast. You won’t have to wait those 30 seconds for an app to load when it should load in a fraction of that time.
Thirty seconds of downtime doesn’t seem like much until you calculate the cost of those accumulated seconds lost every week.
Hardware Failure
Hardware failure, be it a laptop or server, will happen, and inevitably it will occur at the worst possible moment, like during your busiest time of year. Because of this, it’s best to be proactive. If you’re continually refreshing hardware, not just computers, at the rate of 20% per year, everything will be less likely to experience failure due to age.
Just like with ransomware, the best insurance policy against hardware failure is having up-to-date backups. Failed hardware can easily be replaced, but the information stored on it may be lost unless it’s backed up regularly. Your MSP can help you determine the frequency of backups and provide backup options to ensure that your company can get up and running as quickly as possible.
Slow Internet
This is probably the most common downtime-inducing culprit. There are several factors that may contribute to slow internet. The first step is to double check what speed you pay for with your internet provider and make sure it matches the speed you observe on your network. If the two speeds match, then you may need to invest in more speed.
If you’re paying for a higher grade of internet, but still experiencing slow speeds, there may be something misconfigured in your firewall or switch. If the firewall or switch are over five years old, they might need to be replaced. Older firewalls or switches are just like the old hardware we mentioned earlier – they can’t keep up with the traffic going through them and act like a bottle neck. For instance, your LAN switch may be running at 100 Mbps, but you’re paying the ISP for a 400 Mbps internet connection! Upgrading to a gigabit switch in this example is a simple, cost-effective solution. A properly configured and updated firewall and network switch will give each user the full speed the internet allows instead of bogging it down.
Would you like more information about saving your company from the threat of ransomware and downtime? Contact Anderson Technologies at 314.394.3001 or email us at info@andersontech.com.
Cyber Security in St. Louis: Ransomware Nearly Destroyed This Small Business
Ransomware attacks have been making international headlines, and St. Louis cyber security threats are all too real. See how one local business survived a ransomware attack with the help of proper IT support.
In late June, malware struck companies in the U.S., Europe, and the Middle East. This massive attack, a variant of the Petya family of ransomware, infected thousands of systems. This was on the heels of the largest global ransomware attack in history, WannaCry, the consequences of which are still being tallied months later.
In a ransomware attack, cyber criminals infect a computer or network with malware that encrypts data, rendering it unusable. They claim they will decrypt the data in exchange for a ransom, which is usually requested in the form of bitcoin. However, there is no guarantee that the data will be returned.
In light of these recent crimes and a spike in cyber attacks worldwide, ransomware protection is a hot topic. The International Police Organization (INTERPOL) recently held its annual security conference, INTERPOL World, which brings together law enforcement, security professionals, and technology providers. On the agenda was the mounting volume of cyber threats and the heightened importance of cyber security. St. Louis businesses need to tune in, too. Ransomware defenses, and other cyber security concerns, are as much local issues as they are international ones.
Just One Example of Ransomware in St. Louis
Earlier this year, a small business in the greater St. Louis area* experienced the severity of cyber security threats firsthand when ransomware infected its communications server. Luckily, when it was detected, the ransomware was confined to that device. The business’s IT support vendor detached the machine from the network, scanned it to remove the threat and returned it to the infrastructure after believing all instances of the threat had been identified and eradicated.
It had not! This time the ransomware spread throughout the network and locked up business-critical data on the primary fileserver. Because the company did not have a backup system in place, the IT vendor said it was unable to retrieve any data and suggested the only option was to pay the ransom.
The business owner was in a total panic at that point because every piece of client data for the entire business had been rendered unusable. The ransom was expensive. He knew that even if he paid it, he still risked receiving partial data, damaged data, or nothing at all. From an ethical standpoint, it felt like the wrong thing to do. Law enforcement recommends people not to pay the ransom as it encourages subsequent attacks.
The Road to Ransomware Recovery
The business owner wanted a second opinion. With a quick Google search, he found Anderson Technologies, a local St. Louis cyber security firm. He called and shared his story. Mark Anderson and his team agreed to do their best to help. Luke Bragg, senior system administrator at Anderson Technologies, went onsite, assessed the situation, and conducted a deep inspection. He discovered the ransomware had infected most of the drive but upon further investigation identified previously hidden copies of company data that were untouched. After successfully removing the ransomware Luke recovered every single file.
The ransomware recovery process took two days, but in the end the Anderson Technologies team retrieved all the company’s data, onboarded it to its managed IT services program, put new cyber security preventative measures in place, and implemented a reliable approach to backing up all the company’s files.
This is an extraordinary story and certainly not the norm. Unfortunately, plenty of businesses are attacked by ransomware from which they cannot recover. However, this example illustrates two important points:
- Businesses must take ransomware protection seriously with cyber security. In St. Louis cyber criminals attack companies big and small.
- The skill and experience of your IT partner affects the outcome of your ransomware recovery process.
This story could have had a different ending if the company chose a less experienced IT firm. Should your company be in a bind, choose a partner with a proven track record.
Anderson Technologies is a St. Louis cyber security company that specializes in ransomware protection and recovery. For more information on our services, email info@andersontech.com or call 314.394.3001 today.
*To protect this business’s privacy, we have omitted its name and any identifying details.
Why Is Ransomware on the Rise in St. Louis?
Ransomware is on the rise everywhere, not just in St. Louis. Ransomware can cost a small business tens of thousands of dollars—or even more! Let’s take a look at the proliferation of ransomware, and how your business can protect itself.
A small business’s data is one of its most valuable assets. When criminals launch a ransomware attack, they use malicious software to hold your data hostage. They claim they will give you access to your data in return for a “ransom” payment (although criminals aren’t exactly known for being true to their word).
One of the most common ways in which cyber criminals launch ransomware attacks is by sending phishing or spear-phishing emails. Employees download attachments or click links that look innocuous enough, but they end up inadvertently installing ransomware on their computers as a result. The ransomware then searches for user data to encrypt on the computer or on the network or cloud-based storage system. Once data is encrypted, you won’t be able to use it, and the bad guys send a message with instructions on how to render your files usable again—by paying a “ransom,” often in the form of bitcoins. Often sending money to the criminals provides no guarantee they will release your data.
According to the United States Department of Justice, more than 4,000 reported ransomware attacks occurred daily since January 2016. That is a 300 percent increase in just one year.1 At Anderson Technologies, we frequently hear about St. Louis ransomware attacks—both from local small businesses and reports in the media. Earlier this year, ransomware impacted all 17 branches of the public library in St. Louis. Ransomware rendered their computers unusable. Library management refused to pay the $35,000 ransom and worked with its IT staff to remove the virus and restore service.
Ransomware Makes the Bad Guys Big Money
The reason ransomware is on the rise comes down to economics. In 2015, the FBI reported approximately 327,000 robberies in the U.S., which accounted for an estimated $390 million in losses.
That same year, there were approximately 127,000 cyber attacks reported in the U.S., accounting for over $1 billion in losses. It’s no wonder criminals are turning to cyber crime. That’s a whole lot fewer attacks for a whole lot more money. Plus, currency like bitcoin makes it easier for criminals to carry out crimes since they can anonymously collect the ransom.
If you factor in downtime and the cost of recovering files, cyber crime actually costs companies approximately $75 billion each year.
Is Your Business Protected from Ransomware?
Ransomware is also on the rise because the bad guys are getting better at designing believable phishing and spear-phishing emails. Gone are the days of scams that are easily identifiable, ridden with typos and strange verbiage. Today, cyber criminals have gotten better at mimicking the language and graphical design of reputable companies, which improves their chances of someone clicking a harmful link or attachment.
For small businesses in St. Louis, cyber security protection is an intricate process. You need a multi-tiered approach that includes a firewall, intrusion protection system, internet content filtering, anti-virus and anti-malware software that runs in real-time and is updated regularly, and a thorough and tested approach to backing up your system files. You also need to educate your employees. Even if you are working together with a managed IT services provider to do “everything right,” it takes just one click from an unsuspecting employee to introduce an issue your prevention efforts will have to deal with.
Although your managed IT services partner can reduce the likelihood of an email containing ransomware hitting your employees’ inbox in the first place, malicious messages can still get through. Email providers like Google and Microsoft scan your messages and try to filter out ones that look suspicious, but criminals are working just as hard to update their tactics. The final layer of protection between a St. Louis business (or any business for that matter) and ransomware is employee education.
Just last month, a St. Louis small business called Anderson Technologies in distress. It had just fallen victim to a ransomware attack. Its previous IT services provider wasn’t able to restore its files, but Anderson Technologies experts managed to eradicate the malware and recover the compromised data!
Ransomware stories don’t always have such a happy ending. Indisputably, your best bet is to reduce your chances of coming into contact with ransomware in the first place. Anderson Technologies has a team of St. Louis cyber security and ransomware experts who can help protect your business. For more information on our St. Louis cyber security services, email info@andersontech.com or call 314.394.3001.
1 “How to Protect Your Networks from Ransomware” U.S. Justice Department. Retrieved on April 20, 2017 from https://www.justice.gov/criminal-ccips/file/872771/download
Quotables: Surviving a Ransomware Attack (Inc. Magazine)
We’re proud of Mark Anderson’s recent expert IT consulting advice for an Inc. Magazine article about ransomware! Mark provides Inc. readers with tips on how businesses can protect themselves from increasingly tricky attempts by criminals to infiltrate business-critical files.
The full article is no longer on Inc. Magazine’s website.
Are you in need of expert IT consulting? Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses. Let us help you today! Give us a call at 314.394.3001 or email us at info@andersontech.com.
What are Quotables? This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers.
Avoid Being Held Hostage! Ransomware: What Is It and How Can I Protect Myself?
As technology constantly evolves, we find ourselves facing ever more disruptive threats. That’s why it is absolutely critical we remain diligent in protecting ourselves from new dangers and stay proactive in our security posture.
An increasingly prevalent computer threat is ransomware.
Ransomware is designed not to corrupt or even steal your data but to hold it hostage and require payment of a “ransom” to get it back. Two widespread examples are CryptoLocker and CryptoWall. Based on FBI estimates between April through June 2015, the latter generated over $18 million for its perpetrators.
Commonly, ransomware comes as a harmless-looking email attachment from what appears to be a trusted source. When the unsuspecting user clicks the attachment, it installs a small program that immediately searches for your data on local drives, network shares, and even cloud-based storage. Once found, the data is encrypted, rendering it inaccessible. Attempts to access your files result in a prompt to pay a ransom to “unlock” the data and reverse the encryption.
This devastating program was depicted in an episode of CBS’s drama, The Good Wife. An employee unknowingly installs ransomware within the firm’s network, locking all the information at a law firm until a ransom of $50,000 is paid within 72 hours. In reality, typical ransom fees are lower but no less devastating for a company that can no longer access any of its critical data.
Imagine how disruptive this is for businesses in this predicament. In many cases, companies with no disaster recovery plan find themselves paying the ransom. As reported by this Wall Street Journal article, according to Tom Kellermann, chief cyber security officer for Trend Micro, Inc., “Around 30% of ransomware victims pay to regain their data.”
All of this underlines the importance of having high quality, up-to-date computer security implemented within your IT infrastructure.
What can you do to protect yourself? Here are seven tips:
- Educate everyone using devices attached to your business’s network of the issue (you can forward this article to them right now!).
- Use caution when interacting with email. Delete anything suspicious. When opening attachments, check the sender’s email address first. If it looks dubious, verify its legitimacy prior to opening. If it doesn’t feel right, it probably isn’t!
- Exercise extreme caution prior to clicking website popups even if they appear legitimate. If you’re unsure, ask for a second opinion. Better to be safe than sorry.
- Only download and install browser plugins and extensions from industry standard, verified sources.
- Install computer and network security software that includes regularly updated anti-malware, antivirus, email scanning, and web/content filtering capabilities. The combination of multiple security products designed to handle particular threats provides the best protection.
- Keep all computers’ operating systems and applications current with the most recent patches and security updates.
- Implement (and regularly audit) a backup strategy that offers a short recovery time and flexible file restore options. This is often the most neglected area by businesses though it’s one of the most important – especially in the case of a ransomware attack. A good backup strategy gives you the ability to quickly restore data to a known good state prior to the infection, avoiding the need to pay a ransom.
If you have a security question, please call us at 314.394.3001 to discuss this topic in-depth. Whether it’s for your network, computers, or mobile devices, we at Anderson Technologies are here to help you find not just any solution for your security needs but the best solution for your business.
Like this article? If so, check out another article here:Data Security: Just How Secure Will Your Business Be in 2016?
Phone: 314.394.3001
Email: info@andersontech.com
13523 Barrett Parkway Dr
Suite 120
St. Louis, MO 63021