Sunday, July 3, 2022

This week in ransomware – Friday, June 17, 2022

Ransomware on the rise again, doing even more damage. 

Palo Alto Networks’ Unit 42 released their report on ransomware this week. Among the findings, the group noted that they had seen a 144 per cent increase in ransom demands.

The report also noted three prominent “areas of attack” contributing to the growth of ransomware as a threat:

  • Multi-extortion techniques – in addition to the classic attack with the encryption of a company’s files, attackers also threaten to “name and shame” the victims. Posting of names on ransomware “leak sites” increased by 85 per cent compared to 2020.
  • Ransomware-as-a-service business models offer “start-up kits” and “support services” to would-be cybercriminals. The report notes that this has greatly reduced the “technical barrier to entry” and greatly accelerated the growth of ransomware attackers.
  • Rapid weaponization of vulnerabilities. The speed at which major ransomware gangs are exploiting vulnerabilities has also increased. The report points to the way gangs exploited CVE-2021-44228, commonly referred to as Log4Shell. Patching critical vulnerabilities is already a huge challenge that companies struggle with; they don’t always have the resources. Companies may not be aware of where all their vulnerabilities are. Common and open-source modules are hidden away, embedded in other applications and programs. Now they must find these vulnerabilities and patch almost immediately – for many an almost impossible task.

Sourced from the study which can be downloaded from PaloAlto. (Registration required)

No place is safe

Many users of cloud-based systems may not think of ransomware as a serious danger. After all, the cloud is always backed up, isn’t it? Recently, warnings emerged that ransomware can encrypt files saved by Microsoft’s cloud-based Office 365 suite, particularly files in SharePoint or OneDrive storage, making data unrecoverable. According to security researchers at Proofpoint, it’s another way ransomware gangs can attack data held in the cloud.

While cloud providers often have impressive security, cloud applications are still open to attacks simply by getting control of a user’s credentials using traditional social engineering, phishing or other methods. Particularly if multi-factor authentication is not implemented, cloud applications are vulnerable.

It’s a reminder that no place is safe from ransomware. Even cloud applications need backup systems, and, more importantly, if you haven’t proven you can restore your data from a protected copy – regardless of where your system is run from – you are at risk.

Sourced from an article in ITWorldCanada and also featured in the podcast Cyber Security Today

Fool me once, shame on you. Fool me twice…?

Seventy-three per cent of organizations suffered two or more ransomware attacks in the past 12 months, according to the Veeam 2022 Ransomware Trends Report. The majority — 44 per cent of ransomware infections – were accomplished through simple approaches such as phishing emails, links, and websites.

The report points out that many companies faced repeated attacks. Thirty-five per cent of the organizations experienced two ransomware attacks, 25 per cent had three attacks, and 20 per cent had five or more attacks.

Are companies that pay a ransom being targeted for additional attacks? Other reports have suggested a similar correlation. This report noted that 76 per cent of companies hit by ransomware in the past 12 months paid the ransom, and if the statistics on repeat attacks are accurate, almost half of these faced a second attack, and often a third, fourth and fifth.

The report also confirmed that paying a ransom was no guarantee that you would get your data back. As noted in other studies, including a recent one by Telus, paying a ransom is no guarantee that your data can be recovered. According to the Veeam study, nearly 1 in 4 companies that paid a ransom could not recover their data afterwards.

The report also notes that fewer than one in five companies (19 per cent) were able to recover their data without paying the ransom. This is not an encouraging statistic, and implies that only a small fraction of companies have a recovery strategy, with isolated backups and ability to restore their data.

Sourced from an Atlas VPN Team report on a Veeam 2022 Ransomware Trends Report.

When a BlackCat crosses your path…

BlackCat, also known as ALPHV, has developed a whole new approach to leaking data as an extortion technique. Like all ransomware gangs, they have long used so called “data leak” sites accessible on the dark web.

BlackCat has now created a dedicated website to allow customers and employees to do their own “self-service” check to see if their data was stolen in an attack. The site comes complete with a notification system to alarm the customer or employee, and presumably get them to put pressure on the company to pay the ransom (picture below).

Data and the graphic used were sourced from an article in Bleeping Computer

Nobody ever died from ransomware? Not exactly true.

Ransomware is normally seen as attacking a company or organization. Recently it also has threatened the privacy of customers and employees. But does it put people in risk of physical as well as emotional harm?

The short answer is, yes. Attacks on health care organizations are a serious risk, especially to those with life-threatening diseases.

An attack on the University of Vermont Medical Center (UVMC) in the fall of 2020 shut down access to key systems for almost a month. Electronic health records were unavailable. UVMC’s cancer centre had to turn away hundreds of chemotherapy patients.

Because the clinic served rural areas, the attack left many patients with no treatment alternatives. A New York Times article quoted one nurse as saying, “To look someone in the eye, and tell them they cannot have their life-extending or lifesaving treatment, it was horrible, and totally heart-wrenching.”

A recent Ponemon Institute report found that ransomware attacks hit 43 per cent of surveyed healthcare delivery organizations in the past two years. This resulted in procedure or test delays, increased complications from medical procedures, and, most troubling, a rise in mortality rates of 22 per cent.

Sourced from an article in threatpost

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jim Love
Jim Lovehttp://www.changethegame.ca
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.