Avoid Ransomware: That’s why it’s best not to take any risks
Estimated reading time: 4 minutes
ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it is because the risk is too great in terms of reputation and collateral economic losses.
Researchers from IBM Security’s X-Force interviewed executives of 600 companies of all sizes and found that organizations affected by ransomware choose to pay in most cases.
Data shows that 20% of compromised organizations paid ransoms of more than $ 40,000 and 25% paid between $ 20,000 and $ 40,000. These numbers are much higher than that. that consumers typically pay, which is usually around $ 500-1,000, depending on the variant of the ransomware.
When targeting businesses, hacking groups aim to paralyze organizations by encrypting financial data , customer databases, sales data and other vital information .
Avoid ransomware – the risks of attacks
In the past year, a number of organizations have been hit by severe ransomware attacks, including hospitals, universities and others. For example, the San Francisco Municipal Transportation Authority was hit by a ransomware attack during the weekend of Thanksgiving, a very important holiday in the US. The attack paralyzed desktops within the agency and forcing officials to shut down the automatic ticket machines. Needless to say, this attack resulted in a huge loss of assets and a ransom demand.
Getting malware into public organizations isn’t as difficult as you might think, and is often done with a single email .
In their attacks on networks, cybercriminals seek out the servers that keep the business running and encrypt critical assets rather than working on enterprise-wide endpoints.
The access point is usually a phishing email with a malicious attachment, sent to the mailbox of a employee . In most cases, the attachment is a Microsoft Office document asking the victim to enable macros . Clicking the macro enable button is often a trivial matter for those uninformed users who just want to get rid of the warning at the top of the document . The malware runs as soon as the user allows the macros to run. The ransomware can also arrive through any other attachment or through exploit kits which facilitate infection without any special action on your part.
The amount of money businesses have paid to get their data back shouldn’t come as a surprise considering the alternative. As is increasingly the case, the attack doesn’t just put key the data until payment of the requested amount. The threat continues with the release of data if you do not agree to pay a second ransom. In the end two ransoms will be paid and in any case there is no certainty that the data will not be disclosed. (It is said double extortion attack).
Many organizations keep these attacks under wraps to avoid public humiliation and loss of customer confidence . Data from the IBM survey shows that 29% of executives in large corporations would pay more than $ 50,000 to retrieve financial data.
Law enforcement, including the FBI, and security experts advise ransomware victims not to pay, for a variety of reasons. First, there is no guarantee for the attacker to deliver the decryption key. Second, the ransomware’s profits help fund other cybercrime operations.
How to defend yourself to avoid ransomware
Phishing remains one of the key methods by which a ransomware attack is attempted. With the recent increase in remote working, it is imperative to reiterate the importance of being careful when opening emails and attachments . If employees are suspicious of something, they should report it.
Organizations should also make sure they have a good patching strategy and apply the latest security updates . This prevents cybercriminals from taking advantage of known vulnerabilities to distribute malware.
Regularly updating backups should be a priority , because if the worst happens and your organization falls victim to a ransomware attack, your network can be restored without paying the ransom.
SOD provides solutions for the situations listed through the SOCaaS service. You can ensure the protection of a Security Operation Center without having to invest in its initial funding .
The system controls the actions of the computers connected to the network using an artificial intelligence. As soon as a suspicious, even legitimate, action is detected, the technicians are alerted who can investigate the nature of the fact . The new generation SIEM systems and behavioral analysis via UEBA , work together to offer 360 ° security.
SOD also provides intelligent anti-ransomware backup systems via Acronis Cyber Protect Cloud . With this tool at your side, business and customer data are safe. Any attack attempt is identified and mitigated immediately, meanwhile, thanks to dynamic backups, the data is immediately restored .
Avoiding ransomware can be relatively easy – just pay attention to every operation you perform on your computers. Unfortunately, sometimes this is not enough. This is the time when having invested in a quality safety system will make a difference.
For questions or requests do not hesitate to contact us, we will be happy to answer your questions and propose a solution tailored to your needs.
- Secure Online Desktop 10 years later: our corporate anniversary
- Air-Fi: attacking computers that are disconnected and without network hardware is possible
- Examples of phishing: the latest campaigns mentioned by the CSIRT
- Event Overload? Our SOCaaS can help!
- Business email compromise (BEC) schemes
- XDR as an approach to security
- What is threat intelligence?
- Data Loss Prevention: definition and uses
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (11)
- Web Hosting (15)
- Mission Critical: What Really Matters in a Cybersecurity Incident June 17, 2021The things you do before and during a cybersecurity incident can make or break the success of your response.
- Ukraine Police Disrupt Cl0p Ransomware Operation June 16, 2021Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.
- Ransomware Operators' Strategies Evolve as Attacks Rise June 16, 2021Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.
- Biden Tells Putin Critical Infrastructure Sectors 'Off Limits' to Russian Hacking June 16, 2021President Joe Biden said he and Russian President Vladimir Putin agreed to discuss boundaries in cyber activity.
- Security Flaw Discovered In Peloton Equipment June 16, 2021The vulnerability could give attackers remote root access to the bike's tablet, researchers report.
- Cars, Medicine, Electric Grids: Future Hackers Will Hit Much More Than Networks in an IT/OT Integrated World June 16, 2021Intelligent systems must include the right cybersecurity protections to prevent physical threats to operational technology.
- Russian National Convicted on Charges Related to Kelihos Botnet June 16, 2021Oleg Koshkin was arrested in 2019 and faces a maximum penalty of 15 years in prison, the DoJ reports.
- Is an Attacker Living Off Your Land? June 16, 2021Living-off-the-land attacks pose significant risks to organizations and, on top of that, are difficult to detect. Learn the basics about how these attacks operate and ways to limit their damage.
- Keeping Your Organization Secure When Dealing With the Unexpected June 16, 2021There's no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.
- Don't Get Stymied by Security Indecision June 16, 2021You might be increasing cyber-risk by not actively working to reduce it.
- Backdoor.Win32.Zombam.gen / Information Disclosure June 15, 2021Posted by malvuln on Jun 15Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404_D.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Information Disclosure Description: Zombam malware listens on TCP port 80 and deploys an unsecured HTML Web UI for basic remote administration capability. Third-party attackers who can reach an infected...
- Backdoor.Win32.VB.pld / Unauthenticated Remote Command Execution June 15, 2021Posted by malvuln on Jun 15Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/6ff35087d789f7aca6c0e3396984894e_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.pld Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP port 4000. Third-party attackers who can reach infected systems can connect to port 4000 and run commands made available […]
- Backdoor.Win32.VB.pld / Insecure Transit June 15, 2021Posted by malvuln on Jun 15Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/6ff35087d789f7aca6c0e3396984894e.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.pld Vulnerability: Insecure Transit Description: The malware listens on TCP port 4000 and has a chat feature "Hnadle-X Pro V1.0 Text Chat". Messages are passed in unencrypted plaintext across the network. […]
- popo2, kernel/tun driver bufferoverflow. June 15, 2021Posted by KJ Jung on Jun 15Linux kernel 5.4 version. latest. __tun_chr_ioctl function of ~/drivers/net/tun.c has a stack buffer overflow vulnerability. it get's arg, ifreq_len, and copy the arg(argp) to ifr(ifreq struct) and this steps are no bounds-checking. if cmd == TUNSETIFF or TUNSETQUEUE or and so on condition then it's enter copy_from_user function area.
- Onapsis Security Advisory 2021-0014: Missing authorization check in SAP Solution Manager LM-SERVICE Component SP 11 PL 2 June 14, 2021Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0014: Missing authorization check in SAP Solution Manager LM-SERVICE Component SP 11 PL 2 ## Impact on Business Due to a missing authorization check in SAP Solution Manager LM-SERVICE component a remote authenticated attacker could be able to execute privileged actions in the […]
- Onapsis Security Advisory 2021-0013: [CVE-2020-26829] - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication June 14, 2021Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0013: [CVE-2020-26829] - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication ## Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the respective TCP […]
- Onapsis Security Advisory 2021-0012: SAP Manufacturing Integration and Intelligence lack of server side validations leads to RCE June 14, 2021Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0012: SAP Manufacturing Integration and Intelligence lack of server side validations leads to RCE ## Impact on Business By abusing a Code Injection in SAP MII, an authenticated user with SAP XMII Developer privileges could execute code (including OS commands) on the server. […]
- Onapsis Security Advisory 2021-0011 Missing authorization check in SolMan End-User Experience Monitoring June 14, 2021Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0011: Missing authorization check in SolMan End-User Experience Monitoring ## Impact on Business Any authenticated user of the Solution Manager is able to craft/upload and execute EEM scripts on the SMDAgents affecting its Integrity, Confidentiality and Availability. ## Advisory Information - Public Release […]
- Onapsis Security Advisory 2021-0010: File exfiltration and DoS in SolMan End-User Experience Monitoring June 14, 2021Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0010: File exfiltration and DoS in SolMan End-User Experience Monitoring ## Impact on Business The End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive […]
- Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager June 14, 2021Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager ## Impact on Business Unauthenticated attackers can bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator. This may impact the confidentiality of the service. ## Advisory […]
Estimated reading time: 8 minutes Il termine shoulder surfing potrebbe evocare immagini di un piccolo surfista su… https://t.co/PKEpO1Mvzn
Ten years ago, on June 16, 2011, Secure Online Desktop was born. Many things have changed in ten years and we have… https://t.co/DN23n6BK7q
Dieci anni fa, il 16 giugno del 2011, nasceva Secure Online Desktop. Sono cambiate moltissime cose in dieci anni e… https://t.co/H7TPlWJ5Pk
Estimated reading time: 8 minutes The term shoulder surfing might conjure up images of a little surfer on his… https://t.co/3poUTq9MUc
Estimated reading time: 5 minutes I ricercatori della sicurezza hanno appena digerito il protocollo HTTP/2, ma gl… https://t.co/XsFsgBTpia