The Clop Ransomware Team has attempted to encrypt networks from Universities around the country and threatened to release sensitive data. Colorado University sent out notifications this week that their network had been breached with ransomware, taking personal information and clinical data with a demand of $10 million in bitcoin. Leo says if you were a student at any of those universities, look for a notice advising you of the breach. Companies that have also been hacked include Kroger and Shell Oil.
Glen wants to know if ransomware can happen if you unplug your backup from the network. Leo says not until he plugs it back in. But it's less likely with a home-based system than say, a commercial network. So clean up the infected computer before reconnecting the backup, otherwise, it could infect it. A lot of ransomware also has time-released capability. It may not infect right away. So if Glen has backup unplugged from the network, he should keep it that way until he's wiped the hard drive and removed the ransomware.
Steve's data center got attacked by ransomware. Fortunately, they had two locations and was able to shut one down, clean it, and then reinstall with only 3 hours of downtime. Leo says that's fantastic. But a hot backup can let the ransomware spread to your backup. So the key is to keep the second network only connected every three hours. That will give time to take down the infected network before the next sync connection time.
Norsk-Hydro, a huge international conglomerate was hit with ransomware, costing the company $60 million. The malware came from an innocent email that had been intercepted and altered to include malware that infected the network when opened. Encrypting all data. The malware infected the company in December but wasn't triggered until March. Norsk-Hydro had a cyber insurance policy that consistently tests the network, but they were infected anyway. The company decided not to pay and relied on backups to restore their network. But the damage had been done as the network was down for weeks.
For the first time ever, 1 in 5 attacks on consumers are ransomware attacks, making them more common than credit card theft.
Most of the malware and ransomware that comes through the internet and onto our systems is thanks to email attachments. If you see an "invoice" with an artificially rushed, demanding tone from a powerful figure (such as your work boss) and they've attached a "PDF", be very skeptical and do not open it. The same goes for links, since they can take you to a very shady site. Make sure to update your computer with security patches to prevent infection from background exploit kits across the web.
Tom wants to set up a virtual private network at home. How can he do that? He's worried about getting bit by ransomware. Will a VPN prevent that? Leo says that no. If you click on something, a VPN can't help you. But a VPN will keep your traffic private, so no one can see where you're going. But even then, it has its limitations. While it burrows an encrypted tunnel to where you're going, once you get there, it's no longer encrypted. So you have to trust that where you're going will keep your privacy. And your provider still sees your traffic.
The Weather Channel went down this week for about 90 minutes due to a phishing attack and ransomware. Leo says that it's impressive that the Weather Channel came back up so quickly, but this is going to keep happening as long as people click on attachments.
Leo says that while 2018 was the year Ransomware, 2019 is even worse. Arizona Beverages got hit by ransomware last week. The attack shut down sales operations for days, scuttled their networks, and servers. The network was hacked and encrypted, targeted by hackers with a ransom note posted to their website. Leo says that Arizona struggled with trying to rebuild their operations for five days. Most of their servers hadn't been given security patches in years and their backups didn't work.
Jay gets an email of a scam that says it has his login information and knows where he's been online. It even tells him his password. And unless he gives them $800 in Bitcoin, they'll expose him. Leo says it's called ransomware. Leo says it's probably from a data breach.