On September 9, 2022, the US Treasury Department sanctioned the Iranian Ministry of Intelligence and Security alleging that it led “several networks” of hacking groups in coordinated ransomware attacks (and cyber espionage) on US and allied government networks. On September 6, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI also warned of increasing ransomware attacks against schools.
We’ve talked about ransomware in our general cyber security suggestions and in our piece about ransomware disaster recovery. While business email compromise has been a more lucrative attack, ransomware had been getting most of the press for the last few years. And for good reason.
How It Happens
Ransomware is truly disruptive of company data and network connectivity, but more importantly, of basic business functioning.
You know how it goes: though software vulnerabilities are sometimes the entry point to a network, usually a hapless user clicks on a link or opens an attachment from a threat actor, who consequently breaks into an organization’s network, encrypts their files (or locks them), and then demands a ransom in exchange for the decrypting (or to unlock the systems).
Alternately, the actor may threaten to release sensitive organization data (PII or HIPAA for example). Most of the time, the organization only gets part of its files back and about 80 percent of victims who pay will be hit again. (That’s why CISA recommends not paying and not negotiating with ransomware threat actors.)
Various threat actors have created and/or used different strains of ransomware software. A common vector (attack method) for ransomware continues to be Remote Desktop Protocol (RDP) on Windows systems.
The Variants
The following ransomware strains have been identified as being sold and used on the internet:
Bad Rabbit, BitPaymer, Cerber, CryptoLocker, CryptoWall, Crysis, CTB-Locker, Dharma, DoppelPaymer, GandCrab, GoldenEye, Jigsaw, KeRanger, LeChiffre, LockerGoga, Locky, Maze, MedusaLocker, NetWalker, NotPetya (The most-costly cyberattack on record at over $10 billion in damages. It primarily wiped data rather than encrypting or locking.), Petya, REvil, Ryuk, SamSam, Spider, TeslaCrypt, TorrentLocker, Wannacry, ZCryptor
And now more concern has been generated with the release of ransomware-as-a-service (RaaS), i.e. as a subscription service, with the attacker paying part of the ransom to the ransomware software creator.
Conclusion: It Can Happen To You
Yes, it usually starts with user error (except for ransomware variants like WannaCry), as is common with most cyber attacks, but potential targets often think it can’t happen to them.
The number of ransomware attacks during 2020 was double that of 2019 and there is now a CISA site specifically for ransomware information. And ransomware criminals don’t care who the target is.
It could be an individual web browser at home or other critical infrastructure like governmental offices (Albania’s government)–or even a hospital, which deals with life-or-death events. Cybercriminals have targeted these organizations with no compunction about the damage they do to others.
You are susceptible.
Tech Kahunas recognizes that user error can put you in a position vulnerable to ransomware and to a number of other attacks. That’s why we specialize in, training your workforce–and you, personally. We know that everyone needs to be on board with cybersecurity at your organization. The weakest link to your security may be your most seasoned employee or executive.
***Tech Kahunas is a San Diego Managed IT Services provider which provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.
Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.
2 comments