Ransomware

It Company Kaseya Gets Hacked, Exposing 1500 Companies to Ransomware

Kaseya

Episode 1812

Employees have been warning IT company Kaseya that the company would be hacked for three years. With weak encryption and lackluster cybersecurity, Kaseya was finally breached, exposing over 1500 IT companies to ransomware. The hack was performed by Russian criminal gang REvil, demanding 70 million in bitcoin for the decrypter. Leo says that there's no excuse for it, as the executives of Kaseya left the company a sitting duck for an attack.

Leo also adds that every year, ransomware gets worse and more prevalent.

REvil is Latest Ransomware

REvil

Episode 1810

REvil is the latest ransomware to hit the world. Leo says that the exploit uses the Cassea remote management supply chain to infect thousands of MSP computers. REvil disables your AVS and deploys a fake Windows Defender app to infect and encrypt computers. So far, it's hit several grocery and convenience stores, forcing them to shut down. If stores are using Cassea, then they are advised to go offline and shut down their remote access.

Why Do Companies Pay Ransomware?

Ransomware

Episode 1809

Hugo from West Los Angeles, CA

Hugo wants to know why companies pay ransomware when they should normally have a backup to their data and network. Leo says that's a good question. Oftentimes, though, the ransomware isn't triggered right away. It lies in wait. Meanwhile, hackers browse around, looking for valuable data to steal and other weaknesses. The hackers will also look for where the backups are stored and seek to disable the backups or lock them up as well. Then, once the recon is done, the malware is triggered, bringing the network down.

How Can I Keep My Business Network Safe?

LastPass

Episode 1803

Vick from Vista, CA

Vick is concerned with network security, especially with ransomware. Leo says it's important to adopt a layered approach to online security, especially with employees. Train your employees to be able to identify so-called Phishing attacks and malware. Be aware of spear-phishing attacks, especially when working from home via VPN. Password management is important, too, with rotating passwords. Have good offline backups, so if your network is compromised, you can get back up and running. It's a complicated full-time job, but it's worth hiring someone to do it.

Hackers Encrypting Universities and Companies with Ransomware

University

Episode 1784

The Clop Ransomware Team has attempted to encrypt networks from Universities around the country and threatened to release sensitive data. Colorado University sent out notifications this week that their network had been breached with ransomware, taking personal information and clinical data with a  demand of $10 million in bitcoin. Leo says if you were a student at any of those universities, look for a notice advising you of the breach. Companies that have also been hacked include Kroger and Shell Oil.

Is My Backup Safe From Ransomware If It's Unplugged From The Network?

iDrive

Episode 1727

Glen from California

Glen wants to know if ransomware can happen if you unplug your backup from the network. Leo says not until he plugs it back in. But it's less likely with a home-based system than say, a commercial network. So clean up the infected computer before reconnecting the backup, otherwise, it could infect it. A lot of ransomware also has time-released capability. It may not infect right away. So if Glen has backup unplugged from the network, he should keep it that way until he's wiped the hard drive and removed the ransomware. 

Is my network safe from ransomware?

Types of Ransomware

Episode 1714

Steve from Newport Beach, CA

Steve's data center got attacked by ransomware. Fortunately, they had two locations and was able to shut one down, clean it, and then reinstall with only 3 hours of downtime. Leo says that's fantastic. But a hot backup can let the ransomware spread to your backup. So the key is to keep the second network only connected every three hours. That will give time to take down the infected network before the next sync connection time.