Evitare il Ransomware Cover Giacomo Lanzi

Avoid Ransomware: That’s why it’s best not to take any risks

Estimated reading time: 4 minutes

ransomware gangs have been targeting businesses in recent times, demanding larger payments than they can extort from consumers. The plan was very successful. According to the new data, 70% of the attacked companies paid the ransom to get their data back. Avoiding ransomware is a necessity, these figures implicitly prove it. If such a large number of companies pay, it is because the risk is too great in terms of reputation and collateral economic losses.

Researchers from IBM Security’s X-Force interviewed executives of 600 companies of all sizes and found that organizations affected by ransomware choose to pay in most cases.

Data shows that 20% of compromised organizations paid ransoms of more than $ 40,000 and 25% paid between $ 20,000 and $ 40,000. These numbers are much higher than that. that consumers typically pay, which is usually around $ 500-1,000, depending on the variant of the ransomware.

When targeting businesses, hacking groups aim to paralyze organizations by encrypting financial data , customer databases, sales data and other vital information .

Avoid ransomware – the risks of attacks

In the past year, a number of organizations have been hit by severe ransomware attacks, including hospitals, universities and others. For example, the San Francisco Municipal Transportation Authority was hit by a ransomware attack during the weekend of Thanksgiving, a very important holiday in the US. The attack paralyzed desktops within the agency and forcing officials to shut down the automatic ticket machines. Needless to say, this attack resulted in a huge loss of assets and a ransom demand.

Getting malware into public organizations isn’t as difficult as you might think, and is often done with a single email .

In their attacks on networks, cybercriminals seek out the servers that keep the business running and encrypt critical assets rather than working on enterprise-wide endpoints.

The access point is usually a phishing email with a malicious attachment, sent to the mailbox of a employee . In most cases, the attachment is a Microsoft Office document asking the victim to enable macros . Clicking the macro enable button is often a trivial matter for those uninformed users who just want to get rid of the warning at the top of the document . The malware runs as soon as the user allows the macros to run. The ransomware can also arrive through any other attachment or through exploit kits which facilitate infection without any special action on your part.

Economic losses

The amount of money businesses have paid to get their data back shouldn’t come as a surprise considering the alternative. As is increasingly the case, the attack doesn’t just put key the data until payment of the requested amount. The threat continues with the release of data if you do not agree to pay a second ransom. In the end two ransoms will be paid and in any case there is no certainty that the data will not be disclosed. (It is said double extortion attack).

Many organizations keep these attacks under wraps to avoid public humiliation and loss of customer confidence . Data from the IBM survey shows that 29% of executives in large corporations would pay more than $ 50,000 to retrieve financial data.

Law enforcement, including the FBI, and security experts advise ransomware victims not to pay, for a variety of reasons. First, there is no guarantee for the attacker to deliver the decryption key. Second, the ransomware’s profits help fund other cybercrime operations.

How to defend yourself to avoid ransomware

Phishing remains one of the key methods by which a ransomware attack is attempted. With the recent increase in remote working, it is imperative to reiterate the importance of being careful when opening emails and attachments . If employees are suspicious of something, they should report it.

Organizations should also make sure they have a good patching strategy and apply the latest security updates . This prevents cybercriminals from taking advantage of known vulnerabilities to distribute malware.

Regularly updating backups should be a priority , because if the worst happens and your organization falls victim to a ransomware attack, your network can be restored without paying the ransom.

SOD provides solutions for the situations listed through the SOCaaS service. You can ensure the protection of a Security Operation Center without having to invest in its initial funding .

The system controls the actions of the computers connected to the network using an artificial intelligence. As soon as a suspicious, even legitimate, action is detected, the technicians are alerted who can investigate the nature of the fact . The new generation SIEM systems and behavioral analysis via UEBA , work together to offer 360 ° security.

SOD also provides intelligent anti-ransomware backup systems via Acronis Cyber Protect Cloud . With this tool at your side, business and customer data are safe. Any attack attempt is identified and mitigated immediately, meanwhile, thanks to dynamic backups, the data is immediately restored .

Avoiding ransomware can be relatively easy – just pay attention to every operation you perform on your computers. Unfortunately, sometimes this is not enough. This is the time when having invested in a quality safety system will make a difference.

For questions or requests do not hesitate to contact us, we will be happy to answer your questions and propose a solution tailored to your needs.

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Win32.MarsStealer Web Panel / Unauthenticated Remote Data Deletion January 16, 2022
    Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa_C.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Data Deletion Description: The Mars-Stealer web interface has a "Grab Rules" component area that lets a user specify which type of files to collect from […]
  • Win32.MarsStealer Web Panel / Unauthenticated Remote Persistent XSS January 16, 2022
    Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The Mars-Stealer web interface has a "Marker Rules" component area. Third-party attackers who can reach the Mars-Stealer server can send HTTP...
  • Win32.MarsStealer Web Panel / Unauthenticated Remote Information Disclosure January 16, 2022
    Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Information Disclosure Description: The malware web interface stores screen captures named "screenshot.jpg" in the panel directory, ZIP archived. Third-party attackers who...
  • Ab Stealer Web Panel / Unauthenticated Remote Persistent XSS January 16, 2022
    Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab Stealer" web Panel By KingDomSc for "AbBuild v.1.0.exe" is used to browse victim information "Get All Victims Passwords, With...
  • SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones January 14, 2022
    Posted by SEC Consult Vulnerability Lab, Research on Jan 14SEC Consult Vulnerability Lab Security Advisory < 20220113-0 > ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 vulnerable version: Firmware
  • 🐞 Call for Papers for Hardwear.io USA 2022 is OPEN! January 14, 2022
    Posted by Andrea Simonca on Jan 14Hello, We are happy to announce that the CFP for Hardwear.io USA 2022 is OPEN! If you have a groundbreaking embedded research or an awesome open-source tool you’d like to showcase before the global hardware security community, this is your chance. Send in your ideas on various hardware subjects, […]
  • APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1 January 12, 2022
    Posted by Apple Product Security via Fulldisclosure on Jan 12APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1 iOS 15.2.1 and iPadOS 15.2.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213043. HomeKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, […]
  • Reprise License Manager 14.2 - Reflected Cross-Site Scripting January 12, 2022
    Posted by Gionathan Reale via Fulldisclosure on Jan 12# Product:  RLM 14.2 # Vendor:   Reprise Software # CVE ID:   CVE-2021-45422 # Vulnerability Title: Reflected Cross-Site Scripting # Severity: Medium # Author(s): Giulia Melotti Garibaldi # Date:     2022-01-11 # ############################################################# Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected […]
  • [RT-SA-2021-009] Credential Disclosure in Web Interface of Crestron Device January 12, 2022
    Posted by RedTeam Pentesting GmbH on Jan 12Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Details ======= Product: Crestron HD-MD4X2-4K-E Affected Versions: 1.0.0.2159 Fixed Versions: - Vulnerability Type: […]
  • Backdoor.Win32.Controlit.10 / Unauthenticated Remote Command Execution January 11, 2022
    Posted by malvuln on Jan 11Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/859aab793a42868343346163bd42f485.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Controlit.10 Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP port 3347. Third-party attackers who can reach an infected system can run any OS commands made available by the […]

Customers

Newsletter