Ransomware, Lately

Ransomware, Lately

If you’ve followed our blog for any length of time, you probably remember us bringing up the topic of ransomware. Despite our efforts, we’re still shocked by the caviler attitude many business owners have about the threat of ransomware (not to mention cybersecurity in general).

In the third quarter of 2018, ransomware was among the top three in malware trends for digital business threats. While the “bad guys” are ultimately after money from their victims, information remains the most popular vehicle to arrive at that goal.

According to data provided by Malwarebytes, threat detection jumped by 55% in the third quarter! When you consider what that means for your small business that figure should be alarming. The same report detailed that banking trojans led the category in threat detection during Q3, surging 86% from the same time last quarter.

Each quarter, there are more ransomware threats than you can keep track of, which is why we wanted to highlight a few you might have missed but could pose a serious threat.

The GrandCrab Ransomware

This is a particularly nasty strain of ransomware which provided two updates for itself recently – which is unusual, even for ransomware. This ransomware seems to be aimed particularly at South Korean users, but as we’ve seen before these can spread worldwide easily.

An article in threatpost describes why this ransomware appears different than “traditional” ransomware:

This is an example of the shift of ransomware actors moving to more targeted campaigns than the traditional ‘spray-and-pray’ technique used in the past,” said Trend Micro’s Jon Clay, director of global threat communications, told Threatpost. “Utilizing phishing email techniques that use multiple files, hidden files and a unique, and interesting subject to entice the victims into clicking on the weaponized attachments allow the threat actors behind this campaign to likely improve their infection rates.

Qinynore Ransomware

The Qinyore Ransomware appends the .anonymous extension to encrypted files and drops a particularly stylized ransom note called “YOU_MUST_READ_ME.rtf".

LockCrypt 2.0

This form of ransomware appends the .BDKR extension in order to encrypt files. It creates a ransom note called “How To Restore Files.txt. The text file is not that different from others in that it will outline what happened to the files and how to make a ransom payment to decrypt the files.

Not Too Small to Matter

We’ve been reminding small business owners for many years that there is no such thing as “too small to matter” when it comes to cybersecurity. There might have been a time in history when it took coordinated efforts from hackers to target a specific business and if you were a “mom-and-pop” store with a website you could plow forward with a reasonable assurance that no harm would come to your website.

Those days are gone.

With Cybercrime-as-a-Service becoming more popular than ever, we’ve seen a spike in instances of hackers renting out botnets to launch DDoS attacks and open-source malware available for download. The result is that much more collateral damage occurs when an attack is successful.

Several important small and medium-sized businesses and even public utilities have fallen victim lately to ransomware attacks.

The San Diego Port Authority recently learned the hard way about not being prepared for ransomware. In September, the Port released a statement describing the malware that had infiltrated their computer network. While the event did not stop ships or put any member of the public in immediate danger the event did necessitate an investigation from the FBI and Department of Homeland Security.

An article in The San Diego Union-Tribune updated their report on the incident:

Port officials shut down certain computers as a precaution. The Harbor Police Department shifted to alternative systems to reduce impacts to public safety, and the port continues to be in close communication with the U.S. Coast Guard.

The attack involved ransomware – a type of malware that freezes or encrypts critical data on a computer system. Cybercriminals demand payment from the computer user to unlock the data, though sometimes it is erased anyway.

Fixing computers infected with ransomware can be time-consuming – sometimes requiring manually scrubbing hard drives and re-configuring the machines.

While the San Diego incident might seem like a high-profile target, the Jones Eye Clinic qualifies as a “smaller” target – all the same, they were the victims of an attack in August.

Several thousand customers had their personal information held for ransom, according to an article from KTIV 4:

During this time the attackers would have had the ability to access patient information in Jones Eye Clinic and the Surgery Center billing and scheduling software. However, the attack did not impact our electronic medical records.

Information in the software includes a person’s full name, address, date of birth, date of service, and a medical record number.

For some individuals, the information may also include a Social Security number, insurance status, and claims information. The information did not include financial information like bank account or credit card information.

The Good Fight (Against Ransomware)

Hopefully, this article has given you a good idea that ransomware can happen to anyone and the aftermath of a successful attack is quite devastating. But being aware of the threat and being prepared for the threat are very different concepts.

The truth of the matter is that repairing a system that has been compromised by ransomware is a long and painstaking process. Disinfecting hard drives and reconfiguring systems takes a lot of time if you’re not working in an environment with consistent and accurate data backup systems.

It can also be helpful to disconnect infected computers from the network and immediately use anti-malware and anti-virus software to clean out infections. This won’t always work, but it’s a smart way to start the triage process.

Whitelisting applications can also be an effective, proactive defense, maintaining a regular update schedule, and restricting administrative privileges for most users on the network will provide a solid defensive position for companies who are using cloud-networking to accomplish their day-to-day operations.

Ransomware isn’t going away. Floppy discs with infected files are a thing of the past, but clever hackers going after your critical data will always be something that businesses should be prepared for.

Free Help from Continuous

If you have not yet checked out the FREE RESOURCES area on our website, click here. Our ‘Network Protection’ whitepaper has some startling facts that might help kick your efforts to protect your network into high gear.

  • Companies experience an average of 501 hours of network downtime every year, and the overall downtime costs an average of 3.6% of annual revenue. (Source: The Costs of Enterprise Downtime, Infonetics Research)
  • 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately. (Source: National Archives & Records Administration in Washington.)
  • This year, 40% of small to medium businesses that manage their own network and use the Internet for more than e-mail will have their network accessed by a hacker, and more than 50% won’t even know they were attacked. (Source: Gartner Group)
  • Of those companies participating in the Contingency Planning & Management Cost of Downtime Survey: 46% said each hour of downtime would cost their companies up to $50,000, 28% said each hour would cost between $51,000 and $250,000, 18% said each hour would cost between $251,000 and $1 million, and 8% said it would cost their companies more than $1million per hour. (Source: Cost of Downtime Survey Results, 2001.)

You can read more for free on our website, but before you do, make sure you get a comprehensive security audit scheduled with our team.