Blog

Cybersecurity Horror Stories

This time of year, we’re all acutely aware that ghosts are ghoulish, shadowy figures are spooky, and vampires are hiding in the night. But if there’s one thing you should truly be afraid of, it’s the threat of a cyberattack hitting your business.

October is about more than the frights of Halloween – it’s also National Cybersecurity Awareness Month (NCSAM). TPx is joining the mission to educate the community on the dangers of cybersecurity threats.

We all regularly see the headlines of companies paying millions of dollars as a result of data breaches. As a small or mid-size business, you might brush it off as “it won’t happen to me.” But just because the news doesn’t report on attacks on smaller companies, it doesn’t mean they aren’t happening. In fact, nearly two-thirds of cyber breach victims are small to mid-size businesses. They don’t make it into the news because they don’t affect as many people and don’t cost millions of dollars; however, they do cost enough to make or break a smaller business. According to an October 2017 report from UPS Capital, the average cyberattack costs small businesses between $84,000 and $148,000. Of course, aside from monetary damages, there are damages to customer trust and brand reputation which may never quite return to the pre-attack state.

Let’s take a look at some noteworthy examples of cyberattacks from the last 12 months. Warning: these are so frightening that you might want to sleep with the lights on tonight.

Two Terrifying Tales of Ransomware Infiltrating Government Systems

This March, the city of Atlanta was hit by a massive ransomware attack. Atlanta’s residents were unable to perform simple tasks like paying parking tickets or utility bills because the ransomware attack locked down the city’s files. The hackers demanded payment of approximately $50,000 in Bitcoin. But the real damages supersede this amount by far: the city will now need to come up with $9.5 million to address the remaining damage, more than 6 months after the attack. That amount is on top of the more than $2 million in emergency procurements Atlanta Information Management sought following the attack. But remember, it’s not always just about monetary damages – the cyberattack also destroyed “years” worth of police dash-cam video footage.

More recently, the Port of San Diego fell victim to a ransomware cyberattack, only days after a similar ransomware attack hit the Port of Barcelona in Spain. Such attacks can have ripple effects throughout a variety of industries. They not only bring the movement of goods to a halt in the targeted country, they also slow or stop operations in any other country that ships goods to or from the affected port.

Government organizations like these are frequently a popular target for cyber adversaries. Experts that study public administration and local government especially worry about small to medium-size cities and counties that hold a lot of data, but may not have the in-house resources to keep that data secure.

Three Horrifying Stories of Attacks on the Healthcare Industry

Healthcare is another industry where you can find many cybersecurity horror stories. Last December, a cyberattack knocked the University of Rochester’s Jones Memorial Hospital offline for a week. Fortunately, this small rural provider was prepared and used standard downtime operations that its team regularly trained for. Otherwise, the damage could have been far worse.

Another recently-reported cyberattack happened to an Indiana hospital. A computer virus forced the hospital to cancel elective surgeries and divert ambulances as a result. Protecting hospitals’ computer networks is crucial to preserving patient privacy – and more importantly, life itself. Even so, recent research shows that the health care industry lags behind other industries in securing its data.

Yet another recent example from the medical field comes from the Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu, which just notified 40,800 patients of a potential data breach after it fell victim to a ransomware attack in June. Only after discovering the ransomware, FDIP tapped a cybersecurity firm to remove the malicious software and restore its data via backup files. However, the cybersecurity firm was unable to determine whether the hackers had viewed or removed any of the information on FDIP’s servers. They only knew that the cyberattack enabled hackers to access current and former patients’ names, dates of birth, home addresses, account numbers, diagnoses, and other types of personal information.

Banks, schools, accountants… the list of companies hit by cyberattacks keeps on going across all industries. Don’t be next! Talk to TPx about how we can help you stay secure so that you’ll have no horror stories to tell.

 

About the Author

Lucie HysLucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler.

How to avoid ransomware

Did you know that ransomware attacks worldwide rose 350 percent in 2017? Ransomware continues to be a scourge for businesses and individuals alike, as cybercriminals cast a wide extortion net in hopes of snagging a lucrative payday.

Made (in)famous around the world by the global Wannacry strike in 2017, the premise is simple: Crooks infect machines with malware that locks up all the files on a computer or business network, and then they demand a ransom (usually in the form of Bitcoin) in exchange for releasing the hostage documents.

The good news is that defenses are improving, giving businesses a host of great options for combatting the threat – which means that keeping current with the latest security tools is critical. Ransomware authors are hardly slinking away in the night: Instead, they’re evolving their tactics, using clever, targeted social-engineering techniques to get malware onto targeted machines and changing up their encryption schemes to make it more difficult for companies to unlock impacted files.

If you’re a victim, the conventional wisdom (which we agree with) is to not pay up – there’s no guarantee that the files will be released after the payment is made, plus it only encourages and funds the threat actors. But ransomware cleanup isn’t easy nor cheap – even after decryption (more and more tools are available to clean the compromised files).  Securing the integrity of the network post-attack is a lengthy process.

The best thing to do is avoid becoming a victim in the first place. Managed security from TPx automatically keeps your defenses up-to-date with the latest state-of-the-art technology to combat the latest threats. That provides real peace of mind, but here are some best practices that every business should always adopt to protect themselves.

1. Educate and Inform Users About Ransomware

Training staff to recognize fake emails and to be wary of unsolicited mails is critical in the fight against ransomware. Malware generally arrives in the form of an email attachment or a malicious link. These scam messages will come in many guises.

Sometimes, the email will purport to be sending an important invoice or information on a shipped package. In other cases, the mail will claim to be sending HR information or other business-critical data. As attacks become more targeted, attackers are even doing reconnaissance on the business before sending the emails, tailoring the message to make it seem legitimate. In all cases, the point is to encourage users to open the attachment or click on a link, after which the ransomware is downloaded and then starts spreading through the organization.

If you think you can easily spot fraudulent emails, think again. The success rate in targeting the average human worker can be almost 20% in some cases, depending on the lure. Also, often the sender’s address will appear to be an internal address; or, the sender may even be someone in a user’s address book. The best course of action is to pick up the phone and verify that an unsolicited message is legitimate before clicking on anything.

2. Use a Good Backup Solution

Back up your systems and data both locally and offsite. Today’s leading hybrid local/cloud backup solutions, such as TPx’s MSx Managed Backups service, can significantly improve the performance and reliability of backing up and restoring important data. They offer the ability to back up systems multiple times per day to minimize the impact of a disaster. Advanced security technology available in some systems can also help you identify and recover from ransomware attacks without having to pay a ransom.

3. Keep Systems Patched and Updated

A critical method for preventing ransomware attacks is to make sure to keep operating system and software updates current. Installing a system or security update doesn’t have to be a hassle or an annoyance and take you offline for a few minutes if you leverage an automated patching software.  And, it’s far better than the alternative: being open to a host of security threats, including ransomware.

That’s because attackers often deliver ransomware by exploiting unpatched security holes on a victim’s machine. When a visitor lands on a compromised website or opens a certain kind of file, the malicious code launches in the background to find these holes and infiltrate the system.

It’s also critical to note that Windows XP devices are no longer supported by Microsoft with security updates, so migrating off this platform to a more current form of Windows should be a priority.

4. Use a Good Antivirus/Anti-Malware Solution

Business-grade antivirus programs have the ability to scan files to see if they might contain ransomware or other threats. It’s critical to make use of them before downloading files or programs.

5. Consider Managed Security and Backup

While implementing user awareness training is up to you, you can implement other best practices with managed services.

The TPx managed security suite is designed to keep up with the latest protections. Gateway AV thwarts downloads of viruses, worms or other malicious content by checking all content for malicious code embedded within the payload and by blocking access to infected sites. The gateway security service also includes web content filtering and application control as well as intrusion detection/prevention (IDS/IPS), which uses SSL deep packet inspection to analyze even encrypted traffic which attackers now use in an attempt to circumvent firewalls. Two 24/7/365 Security Operations Centers staffed by A-list experts are always working to anticipate, prevent and respond to any attack.

TPx’s managed backup service, meanwhile, allows companies to back up complete systems locally and to the cloud on a continuous basis. That means you can resolve a ransomware attack by simply rolling back the affected systems to an earlier timestamp, to make it as if it never happened. This point in time rollback makes file restoration a breeze, and we’ll even work with you to get your backups restored.

We also offer help with system updates and patching with a managed endpoint service.  Our automated patching service ensures that key servers and workstations stay up-to-date with recommended security patches available for the Windows OS and supported third-party applications.

These tips are a good place to start, but of course it’s not an exhaustive list of precautions your business should take. Reach out to your TPx representative today to see how we can deliver peace of mind when it comes to ransomware and other threats.

 

About the Author

Jared Martin has been in the Information Technology world for more than 20 years. He co-founded a managed services voice and Internet service provider in 2001 and grew the business to significant revenue. In 2008, that company was sold to Tel West Communications, which in turn was acquired by TPx in 2012. Jared has been a technology leader in driving change and adoption of new technologies, such as Software-Defined Wide Area Networking. He is always looking for new ways to use technologies that are outside of the box and to influence TPx to innovate and to be on the cutting edge. In 2016, Jared took charge of TPx’s new MSx line of business, formed as a result of the merger of TelePacific and DSCI. This brought Jared back to his roots of providing managed services and a consultative sales approach to customers.

Another day, another massive – and preventable – cyberattack on a major target. Late last week the city of Atlanta was hit by a costly ransomware attack, causing a complete shutdown of the Georgia capital’s online systems that support the police department, city courts, parts of the airport (the world’s busiest) and more. That shutdown is ongoing.

The cybercriminals – believed to be the notorious “SamSam” gang – are requesting a payment of $6,800 to unlock each computer, which translates into $51,000 for all of the needed keys – with absolutely no guarantee that the systems will be restored. Atlanta is working with law enforcement and security firms to lift the wall of encryption that has brought it to its knees, but time is running out. SamSam said it would wipe the city’s files if the ransom wasn’t paid this week.

The fact that government departments within a major metropolitan area can be taken down so easily is yet another wake-up call that managed security should be on the to-do list for every under-resourced, overly worked IT department out there, regardless of what industry vertical it happens to occupy.

Ransomware is a quick and easy win for the bad guys, especially given that email phishing attempts – the primary way in for most malware – can never be fully thwarted. We are only human after all, and it just takes one employee to fall for a fraudulent email to give criminals, who often have no hacking experience at all, access to the kingdom.

Backup alone is not a protection against ransomware, because backup files themselves can be afflicted, even if they’re in the cloud. What’s needed is a sophisticated, multilayered defense. More specifically, Unified Threat Management (UTM) is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion detection/prevention (IDS/IPS), gateway anti-spam, content filtering, load balancing, data loss prevention and on-appliance reporting. In a ransomware scenario, potentially fraudulent emails are flagged, malicious phishing websites are blocked and, if a bad actor does get through, the organization knows quickly and can address it before the worst-case scenario that Atlanta is living through ever plays out.

Of course, maintaining this kind of system is tough for many organizations that lack a deep well of in-house security expertise. Fortunately, managed security can step in to fill the gap.

TPx offers a managed UTM solution that’s always up-to-date with the latest threats, backed by the constant vigilance afforded by our Security Operations Center (SOC). Leave the monitoring and the defenses to us, and sleep a little sounder at night.

Don’t end up like the Peachtree City. Contact your TPx representative today for details on how TPx can protect your valuable infrastructure and protect you from the ransomware scourge.

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Endpoints Management, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.

frustrated man with computers locked by ransomware

It’s every business owner’s nightmare: You go to work, flip on your computer, and are greeted by a red warning screen trying to extort you into paying ransom in Bitcoin to unnamed shadowy figures hidden somewhere in the Dark Web. Frankly, unless you have advanced security in place, you shouldn’t be too surprised: Ransomware is on the rise, and has been for the past 18 months.

However, not all ransomware is created equal. In 2018 we’re seeing cybercriminals employing new tactics, rolling out new functionality, and aiming at new targets. Ransomware is evolving, and every business, large or small, needs to be aware of this shifting threat landscape.

Let us not forget that cybercriminals consider what they do to be a job. These aren’t 18-year-old script kiddies wearing hoodies and living on Doritos and Red Bull in their parents’ basements. They’re organized. They think about business models: ransomware as-a-service offers a lot of upside if you’re a black hat type. They are, above all, disciplined. They wake up in the morning, work long hours, and put a lot of effort into differentiating their tactics and their code in order to return as large of a profit as possible. Believe it or not, they even offer customer service and support! Most ransomware offerings on underground forums try to differentiate with a help desk function. In short, they believe themselves to be entrepreneurs, and just like legitimate business owners with a passion for their work, they hit it hard every day in an effort to be the best at what they do.

The result of this ongoing dedication is a level of innovation that shouldn’t be discounted. A critical component of staying ahead of the threat is to understand it in the first place. Here are five emerging ransomware trends to be aware of as we go forward:

1. Internet of Things (IoT) in the Sights

Cybercriminals are upping their game in 2018 to drive profits, and that means targeting IoT systems and mission-critical point-of-sale systems. According to Forrester Research, because chip-and-PIN cards and end-to-end encryption are making it harder for hackers to lift credit-card information the old-fashioned way (i.e., using malware to scrape data), attackers will instead look to extortion to make money from retail targets. To avoid having their entire payment apparatus locked down, retail businesses should focus their efforts on plugging the gaps exposed by default passwords, weak encryption implementations, and inadequate patching/remediation capabilities.

2. Targeting for Fun and Profit

Ransomware is becoming more targeted. It not only looks for certain file types, but also is taking aim at specific types of companies, such as law firms, healthcare providers, and tax preparers. Security researchers have flagged this evolution as an important change on the threat horizon from the “spray-and-pray” attacks most businesses are used to. Criminals have developed ransomware that targets databases, and can make small tweaks to their code to target critical proprietary files such as AutoCAD designs. The importance of this? A focused targeting of extensions means that ransomware attacks are more likely to succeed against legacy antivirus solutions. We can expect their frequency and severity to also increase.

3. Ransomware that Destroys Instead of Encrypting

Ransomware locks down files and demands payment in response for a de-encryption key. But some bugs are not what they seem. One example is a new malware called Ordinypt, which bills itself as ransomware. However, the code is really a wiper, with apparent twin motives of financial gain as well as disrupting business operations. Once an unwitting victim opens a malicious email attachment, the malware infects a victim’s machine, making files inaccessible, and then requests a ransom for recovering them, as is typical. Yet unbeknownst to the target, the files are actually destroyed, not encrypted, and the attackers have no code for “unlocking” them, even if victims pay up.

4. Necurs Never Sleeps

The Necurs botnet is one of the most omnipresent scourges on the cyber-front, believed to control more than 6 million zombie machines that have been enslaved to send out spam emails. Its scale is immense: It can average volumes in excess of 30 million emails per day, all aimed at spreading fraud and malware, including ransomware. Late last year, for instance, Necurs sent the Scarab ransomware to 12.5 million email addresses in just the first four hours of a massive campaign. It’s important to note that using large botnets like Necurs can give smaller ransomware actors the global reach they need to punch above their weight—making attacks much more prevalent.

5. Fooling Cloud Apps Like Child’s Play

Ransomware is also evolving for the cloud era. A new strain of Gojdue ransomware, dubbed ShurL0ckr, manages to evade being flagged by two well-known cloud platforms with built-in malware protection, Google Drive and Microsoft Office 365 – and it’s not alone in that capability. Increasingly, ransomware is being tailored to evade detection in cloud environments.

Don’t Be a Victim

All it takes is one employee clicking on the wrong email attachment for an infection to occur. To protect yourself, make sure you’ve backed up your systems and tested your ability to recover data in the event of a ransomware attack: Paying the ransom is not an option you want to take given there’s no guarantee you can trust the cybercriminal to release your systems and data. Also, many businesses are targets of multiple attacks—and those known to pay up will be among the first retargeted.

The better strategy is to make sure you’re protected in the first place. TPx offers a full suite of managed IT and business continuity services to help you protect your data and systems. We stay on top of the latest ransomware trends to deliver the latest detection, mitigation and prevention capabilities – all backed up by a state-of-the-art security operations center (SOC) staffed by a team of security analysts with deep military and intelligence backgrounds.

Contact your TPx representative today for details on how we can help you protect your company’s network against ransomware and other malware attacks.

 

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Endpoints Management, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.