The US Government has decided to get serious about ransomware, with several new initiatives including sanctions and anti-money laundering regulations to prevent bad guys from profiting through cryptocurrency. The government will go after any crypto exchanges that support bad guys. According to Baracuda, a ransomware attack occurs every 11 seconds in the world.
BitCoin's value is on the rise again, with each complete coin now worth nearly $50,000. Leo also says that ransomware didn't really take off until BitCoin started to rise in value. Now it's the prime currency for hackers.
Employees have been warning IT company Kaseya that the company would be hacked for three years. With weak encryption and lackluster cybersecurity, Kaseya was finally breached, exposing over 1500 IT companies to ransomware. The hack was performed by Russian criminal gang REvil, demanding 70 million in bitcoin for the decrypter. Leo says that there's no excuse for it, as the executives of Kaseya left the company a sitting duck for an attack.
Leo also adds that every year, ransomware gets worse and more prevalent.
REvil is the latest ransomware to hit the world. Leo says that the exploit uses the Cassea remote management supply chain to infect thousands of MSP computers. REvil disables your AVS and deploys a fake Windows Defender app to infect and encrypt computers. So far, it's hit several grocery and convenience stores, forcing them to shut down. If stores are using Cassea, then they are advised to go offline and shut down their remote access.
Hugo wants to know why companies pay ransomware when they should normally have a backup to their data and network. Leo says that's a good question. Oftentimes, though, the ransomware isn't triggered right away. It lies in wait. Meanwhile, hackers browse around, looking for valuable data to steal and other weaknesses. The hackers will also look for where the backups are stored and seek to disable the backups or lock them up as well. Then, once the recon is done, the malware is triggered, bringing the network down.
Vick is concerned with network security, especially with ransomware. Leo says it's important to adopt a layered approach to online security, especially with employees. Train your employees to be able to identify so-called Phishing attacks and malware. Be aware of spear-phishing attacks, especially when working from home via VPN. Password management is important, too, with rotating passwords. Have good offline backups, so if your network is compromised, you can get back up and running. It's a complicated full-time job, but it's worth hiring someone to do it.
The Clop Ransomware Team has attempted to encrypt networks from Universities around the country and threatened to release sensitive data. Colorado University sent out notifications this week that their network had been breached with ransomware, taking personal information and clinical data with a demand of $10 million in bitcoin. Leo says if you were a student at any of those universities, look for a notice advising you of the breach. Companies that have also been hacked include Kroger and Shell Oil.
Glen wants to know if ransomware can happen if you unplug your backup from the network. Leo says not until he plugs it back in. But it's less likely with a home-based system than say, a commercial network. So clean up the infected computer before reconnecting the backup, otherwise, it could infect it. A lot of ransomware also has time-released capability. It may not infect right away. So if Glen has backup unplugged from the network, he should keep it that way until he's wiped the hard drive and removed the ransomware.
Steve's data center got attacked by ransomware. Fortunately, they had two locations and was able to shut one down, clean it, and then reinstall with only 3 hours of downtime. Leo says that's fantastic. But a hot backup can let the ransomware spread to your backup. So the key is to keep the second network only connected every three hours. That will give time to take down the infected network before the next sync connection time.