5
Sep, 2022
mobileRansomware_355601290_400.jpg

Ransomware Has Gone Mobile

mobileRansomware_355601290_400.jpg

Smartphones have managed to hold out against ransomware a bit longer than other hardware and operating systems, but those days are coming to an end. It’s important to remember that the average smartphone is not protected with antivirus software and thus remains threatened by your standard ransomware attacks. It is absolutely critical that your business doubles down on its protection against ransomware, especially in the mobile market.

Defining Mobile Ransomware

Ransomware is defined as a malware that gives a hacker the ability to control a computer or network and hold it for a ransom. Users lose access to the controls and data that allows the system to function, and the only reprieve in most cases is to restore a backup of said data. Users have to decide whether they want to lose access to that data, restore the data from a backup, or pay the ransom in hopes that the hacker will honor their word and restore access.

Think about the number of smartphones which exist in the world today and the fact that most computing these days happens from mobile devices. With so much data to steal and devices to tap, it makes total sense for hackers to focus their efforts on mobile devices.

Phishing Plays an Important Part in Ransomware Infections

When it comes to malware dissemination, phishing attacks are hackers’ go-to methods of infection. When you think about how easy it is to slip up and click on the wrong link, you’ll realize that phishing is a very real threat to your organization and your data. Phishing can come in many different forms, too, adding to the stress. Will the hacker call you on the phone, send you an email, text you a link, contact you through social media, or even send you a physical mailer? It can be quite overwhelming.

How Does Mobile Ransomware Work?

Most mobile platforms remain remarkably secure even against the potent threat that is ransomware. Most scams resort to targeting the device’s cloud storage, locking it down, and demanding a ransom in the process. One particular iPhone scam uses the Find My Phone feature that allows the user to remotely lock the device. Scammers only wanted $100 to unlock the device, and with such a low asking price, people are of course going to pay up rather than go through the hassle of involving the authorities or other professionals. Hackers who gain access to an iOS account can even use the information to create new iCloud accounts and move all data into these new accounts until the ransom is paid.

Threats which target Android are similarly problematic, and they all start with phishing. The most dangerous one was called ScarePackage that targeted 900,000 Android smartphones over the course of 30 days. It was deployed through a fake app that could lock down the device and threaten that the FBI was the one responsible for doing so with the only solution being to pay a ransom. The FBI isn’t in the business of extortion, so this is a simple case of coercion and fear manipulation by hackers.

How You Can Protect Your Devices

Let’s examine some things you need to know about mobile phishing schemes.

  1. The first warning sign is that the message will make you do a double-take. Phishing scams can come through a variety of mediums, including email, telephone, social media, and so on, be it for work or personal use. Mobile phishing messages can come through text messages asking you to click on links. These messages will seem random and out of place, so that is the first hint that something is out of the ordinary here.
  2. Look for spelling and grammar errors. Professional correspondence has a certain look and sound to it, like the sender has taken some time to proofread and edit it. If you receive sloppy messages from strange senders, be wary of the message.
  3. The messages might seem a bit aggressive. It’s one thing for a message to come off as frustrated, but another entirely when the person on the other end of the message demands immediate action. This is often a telltale sign of phishing messages; they urge people to make fast, irrational decisions through fear tactics and threats.

NuTech Services knows how to combat the countless types of cyberthreats out there, phishing and ransomware included. We can use our knowledge to implement high-quality technology tools and to educate your team on how to make the best decisions possible with their technology. To learn more about what we can do for your business, call us today at 810.230.9455.

11
Jul, 2022
data_breach_175517129_400.jpg

A Look Back at Q1 2022’s Worst Data Breaches

data_breach_175517129_400.jpg

Despite their best efforts, cybersecurity can be a major cause for concern for all kinds of businesses and organizations. Even with a full team of cybersecurity professionals, data breaches can occur, and many of the worst data breaches of 2022 have been quite devastating. Let’s take a look at some of the worst ones so far.

We want to emphasize that data breaches can happen to anyone, not just high-profile businesses. You’ll need to invest not just in protecting your business, but also in training your staff. If you want some help with this, you can contact NuTech Services for any and all concerns with your cybersecurity.

January 2022

Crypto.com

January 17 saw the cryptocurrency market become the target of a hacking attack. In this particular attack, 480 users’ cryptocurrency wallets on Crypto.com were targeted, with the hackers making off with $18 million in Bitcoin and $15 million in Ethereum and other currencies. The hackers managed to bypass the two-factor authentication to gain access to these wallets.

Tourisme Montreal

A hacking group called Karakurt targeted Montreal’s tourism agency. This hacking group became known all over the world for its extortion tactics, stealing data and demanding payment, threatening to release the data if the victim didn’t pay up. Over 60 million people were affected by this prolonged six-month attack.

Bernalillo County, New Mexico

Bernalillo County became the victim of a ransomware attack that forced the county office to close during the first week of January. This attack prevented employees from accessing local databases, which in turn kept them from doing their jobs. As a result, the county implemented cybersecurity policies and invested $2 million in revamping their computing infrastructure.

Ukraine

Before Russia invaded Ukraine, the latter was targeted by a cyberattack threatening the Ukrainian government that they should “be afraid and wait for the worst.” This attack brought down the Ministry of Foreign Affairs and other agency databases, and Ukrainian citizens were directed to the nation’s social media channels until the issue was taken care of.

February 2022

GiveSendGo

A Christian fundraising website called GiveSendGo became the target of a politically motivated data breach. The hackers redirected visitors to the Canadian Freedom Convoy protestors, all while posting the personal information of the 90,000 donors to the Freedom Convoy on the website.

Oiltanking Deutschland GmbH & Co.

A major supplier of fuel for Germany, Oiltanking Deutschland GmbH & Co., was forced to declare “force majeure” and scale back operations following a cyberattack. This declaration resulted in them being absolved of their contractual obligations for a limited time. This incident is estimated to cause the company over $4.5 billion in ransomware demands, downtime, and other costs.

Wormhole

A blockchain company called Wormhole had about $324 million in cryptocurrency stolen by hackers, resulting in a loss of 120,000 wETH (wrapped Ethereum). The company went offline to handle maintenance with a loss of millions of dollars. The company even put out a bug bounty of $10 million to learn more about the cause of the hack.

Washington State

Over 250,000 Washington residents had their personal data exposed as a result of the Washington State Department of Licensing database breach. They had to momentarily shut down their POLARIS system thanks to the breach. Some of the data stolen included personal and financial information for any vocation in Washington that needed a license.

San Francisco 49ers

The NFL team became the target of a ransomware attack, resulting in hackers making off with some of the team’s financial data. The hacking group responsible, BlackByte, gave the 49ers enough of a shock to restructure their entire cybersecurity strategy (but not before paying the ransom).

Ukraine

In the moments leading up to the Russian assault on Ukraine, websites for the Ukrainian army, the defense ministry, and most of their major banks were brought down. 

OpenSea

In a heist involving hundreds of NFTs and $1.7 million, users on the peer-to-peer networks of OpenSea were tricked into signing a malicious payload that authorized free gifts of NFTs back to the hacker.

March 2020

Viasat

Millions of broadband subscribers in eastern Europe lost access to their Internet networks as a result of a major cyberattack against Viasat. The company confirmed that it was indeed a cyberattack that brought down these connections—a DDoS attack, specifically.

Samsung

A hacking collective called Lapsus$ managed to steal 190GB of proprietary information from Samsung. The hacking group also teased the hack on social media claiming that they had “confidential Samsung source code.”

At Least Six US States

A cyber attacking group, called APT41, sponsored by the Chinese government took over the computing infrastructures of at least six U.S. states. This breach was a supposed espionage mission carried out by some of the most wanted cybercriminals out there.

Ubisoft

Ubisoft, a France-based video game developer, had its operations disrupted for several days following a cyberattack. Although no personal information was stolen, it became clear later on that Lapsus$ were the culprits behind the attack.

Israel

The Israeli government had their websites taken offline for over an hour thanks to a cyberattack. It was so bad that the National Cyber Directorate declared a state of emergency. It is thought that it was a state-sponsored DDoS attack.

Jefferson Dental and Orthodontics

Jefferson Dental and Orthodontics became the target of a data breach that affected over a million Texans. Hackers stole Social Security numbers, driver’s license numbers, health information, and financial data.

Microsoft

Lapsus$ struck again when it leaked the source code for Microsoft’s Bing search engine and Cortana personal assistant. All it took was compromising a single account. Microsoft was able to shut down the operation before more was stolen.

ELTA

The National Postal Service for Greece was hit by a ransomware attack. Even though the hack was caught early on, operations were brought to a halt. Over 1,400 physical locations were affected, and operations had to be shut down for some time.

Axie Infinity

A cryptocurrency startup tied to Axie Infinity became the target of hackers, resulting in a loss of $540 million. Hackers gained access through the game and emptied users’ crypto accounts, something which became the second largest cryptocurrency theft thus far.

These attacks were the result of various threat methods and actors, proving that your organization cannot overlook anything security-related. NuTech Services can protect your business and help you implement better security practices and solutions. To learn more, reach out to us at 810.230.9455.

18
Feb, 2022
RansonReview_416944382_400.jpg

There is No Value in Paying a Ransom

RansonReview_416944382_400.jpg

We all know at this point how dangerous ransomware can be for businesses. It can lock down files, threaten operational continuity, and in some cases subject victims to brutal fines as a result of privacy breaches. One place where you might not expect ransomware to hit, however, is customer reviews, and it all stems from the big question: do you pay to resolve a ransomware attack or not?

The obvious answer is “no,” you shouldn’t pay to get rid of a ransomware problem, even if you think that it’s your only option. Rest assured, it is far from the only way to solve your issues. Paying up creates serious problems for your business, some of which you may not have considered. We generally advocate that businesses should never pay the ransom because it 1) Rewards the downright deplorable behavior of hackers, 2) There’s no guarantee that you will get your data back in the first place, and 3) You are funding future ransomware attacks against other businesses like yourself. We like to recommend that businesses have data backup solutions in place on the off-chance that a ransomware attack rears its ugly head, but you should always, and we mean always, contact a trusted IT professional before taking any action in ransomware care.

But again, the point we want to make is that you should never pay the ransom, even if it feels like your only option. In fact, it could put your business’ customer base at risk, and not in the way that you might expect. It turns out people don’t really like to work with companies that are struck by ransomware, but even worse, they don’t like to work with companies that pay criminals for the safe return of their files.

Backing this claim up are the results of a survey by data management firm Cohesity. The study asked 1,000 consumers in the United States about their thoughts regarding ransomware. Some of the most concerning numbers have to do with companies that not only are struck by ransomware, but those that also pay the ransom. Here are some statistics:

  • 55% of respondents said they would lose confidence in a company or organization if they are impacted by ransomware.
  • 54% of respondents claim they would lose confidence in a company if their personal data were breached.
  • 29% of respondents claim they would lose confidence in a company if the breach led to any inconvenience on their part.
  • 23% of respondents would lose confidence in businesses that pay the ransom.
  • 22% of respondents would cease doing business with any organization that pays the ransom.

So, there you have it. Not only are you risking your business’s data, but you are also risking the public’s perception of your business if you fail to protect your company from ransomware. Even if you don’t think ransomware can strike your company, it is better to be safe than sorry.

Don’t let ransomware hold your business hostage; take the appropriate preventative measures now to keep ransomware from crippling your business in the future. NuTech Services can assist with implementing any and all security measures your business needs to minimize the chances of a ransomware infection. To learn more, reach out to us at 810.230.9455.

24
Sep, 2021
453804245_alert_attack_400.jpg

The OnePercent Group: A Slightly Different Approach to Ransomware

453804245_alert_attack_400.jpg

A recent trend even amongst ransomware threats is that the FBI is issuing warnings regarding how dangerous it is or how difficult certain variants are. This particular threat—the OnePercent ransomware gang—is no exception. Let’s break down what you need to know about the OnePercent Group and how you can prepare to handle attacks not just from this threat, but most ransomware threats.

What is the OnePercent Group?

The OnePercent Group is a ransomware gang that has been targeting companies since November of 2020. The gang sends out emails in an attempt to convince users to download an infected Word document in a ZIP file. These types of social engineering tactics are surprisingly effective, as people often impulsively download files sent to them via email without thinking to check the sender or the source.

How Does the Threat Work?

Instead of encrypting data found on the infected device, this threat uses macros embedded in the Word document to install a Trojan horse threat on the user’s device. This threat, known as IcedID, is used to steal financial information or login credentials for banking institutions. Furthermore, IcedID can download other types of malware onto the user’s device.

Of particular note is that it can install another type of threat called Cobalt Strike, which is a penetration testing tool. Why would a hacker want this, you ask? It’s simple; it can be used to make a hacking attack that much easier and more efficient by identifying potential pathways for threats on the user’s device.

What’s the Timeline for the Attack?

Using the threats outlined above, OnePercent Group can get a lot of dirt on your business in a relatively short amount of time. After they have collected this information, they issue a ransom note demanding that the victim pay up within a week or risk their data being released online. If the victim refuses to pay up, the group pesters the victims through email and phone calls to pressure them into taking action. If the victim still refuses to pay, they release 1% of the data on the Dark Web. Further resistance leads to the group selling the data to other data brokers on the Dark Web to be sold to the highest bidder.

It just goes to show that as soon as you think you know a threat, they switch things up and try something new. While it can be stressful keeping up with the countless threats found in the online world, it sure is never boring.

Secure Your Business Today

Don’t let the fear of ransomware keep your business from functioning the way it’s supposed to. NuTech Services can help your organization secure its infrastructure and other critical data. To learn more, reach out to us at 810.230.9455.

13
Sep, 2021
299035271_ransomware_400.jpg

Read This if You Don’t Believe That Ransomware is a Major Problem for Businesses Like Yours

299035271_ransomware_400.jpg

You’d think that cybercriminals would use ransomware to target high-profile businesses with loads of money to extort, but this is not always the case. Even a small business can fall victim to these particularly devastating threats. Ransomware, just like other threats out there, has continued to evolve and adjust its approaches based on the current cybersecurity climate, so what are some of the latest developments in ransomware?

In No Uncertain Terms, Ransomware Has Grown More Dangerous

In order to be effective, a cybercriminal must capitalize on the challenges that small and medium-sized businesses face. For example:

  • Cybercriminals frequently rely on deception in the form of phishing. Using phishing attacks, a cybercriminal bypasses the protections a business has in place by taking advantage of their employees in order to gain access to the business’ network.
  • A lack of communication between departments makes issues even greater. A lack of communications between a business’ departments can exacerbate the risks to be seen from cybercriminals.
  • Smaller businesses don’t always have the resources needed to prepare their team members. Unlike corporations, SMBs likely don’t have a dedicated budget for cybersecurity training, and almost certainly can’t afford the salary of a dedicated security professional on-staff.

In addition to these opportunities, today’s cybercriminals can exploit the following:

Automated Threats

The power of automation has allowed many businesses to streamline certain processes, but the same can also be said for cybercriminals. They no longer manually attack individual targets, instead opting to leverage automation for widespread attacks with the smallest amount of effort. The extortion part of ransomware has also been completely automated, as evidenced by Avaddon, a ransomware variant that proudly displays a list of companies that have been infected right on its Dark Web listing, as well as flaunting a countdown to when the data will become publicized.

Ransomware as a Service

Believe it or not, cybercrime is a legitimate business model in the sense that people can and will put together teams of developers and commission-based structures for their services. Ransomware as a Service is just one way that has surfaced, providing hackers and criminals with the means to pull off ransomware attacks with ease. With these types of services being so accessible, it’s no wonder that there is a major cause for concern out there about cybersecurity.

Layered Extortion

Ransomware attacks often target the same individuals or companies more than once, sometimes charging the victims even more or forcing them to pay up with a threat of the data being leaked if they do not do so. Unfortunately for businesses, this approach is more advanced than it has been in the past. Here is a snapshot of what the extortion process looks like:

  • The victimized business is instructed to pay for their access to their encrypted data to be restored.
  • Hackers release the data they’ve stolen if the ransom isn’t paid.
  • Denial of Service attacks are used to take down a victim’s website.
  • The cybercriminals responsible reach out to the targeted business’ customers, partners, employees, and the media to inform them of the hack.

These tactics have made it hard to say no to ransomware and have drastically improved the success odds for cybercriminals.

You Need to Be Ready to Resist Ransomware

Ransomware can be devastating if you let it create problems for your business, so don’t take any risks with it. Make sure that you are working with cybersecurity professionals who can help you take the fight back. To learn more about security and how to keep it from becoming a problem for your business, reach out to us at 810.230.9455.

20
Aug, 2021
244234131_ransomware_400.jpg

Don’t Be Caught Off Guard by Ransomware

244234131_ransomware_400.jpg

Ransomware is bad stuff, and it’s only gotten worse with its recent resurgence that aligned with the COVID-19 pandemic. Phishing attacks and other means by which ransomware is commonly spread have used the current atmosphere as a springboard. This makes it even more critical that these kinds of behaviors and attempts can be spotted and stopped.

Why Do Cybercriminals Use Ransomware?

It’s simple: if a cybercriminal specifically chooses ransomware as their malware of choice, they most likely intend to profit from their crime. The entire point of ransomware is to collect money from its victims by encrypting their data and demanding a ransom in exchange for the decryption key (which, for the record, isn’t guaranteed even if the ransom is paid).

Looking at it this way, it’s little wonder that cybercriminals have aimed their sights higher and higher.

Don’t get us wrong, small and medium-sized businesses are in no way out of the woods, but there have been more and more attacks on critical pieces of infrastructure taking place recently. Consider the attack that was waged on Colonial Pipeline and the massive supply chain disruptions that came about as a result of its impacts. Another massive issue in the supply chain happened in the food industry, with the REvil group attacking those infrastructures. REvil was also responsible for an attack on Kaseya, a major software vendor, hurting businesses and proving that service providers are a good target for such efforts.

Yes, You Need to Be Prepared to Deal With Ransomware

However, this can’t stop once you have some preventative measures in place. You won’t be fully prepared until your team is ready to deal with a successful attack, just in case one does slip through.

To do this, you need to have a resource in your corner that you can turn to for help with either an incoming attack or one that’s already gotten in. That’s what NuTech Services is here for (amongst many other services). We can help you do more to keep ransomware out, while also putting you in a better position should one get by. Did you know that businesses can now actually insure themselves to help prepare for the high costs that come from a ransomware infection?

You’ll also need to crunch some numbers to evaluate your ransomware risk. How much of a financial impact could a ransomware attack have overall? Are there any risks that could come from any third parties? Could you be considered a valuable target for an attacker, in terms of the financial gain they could anticipate or the amount of disruption they could cause? Do you have anything potentially making you vulnerable to these attacks?

Once you’ve covered these steps (and committed to revisiting them regularly as your situation changes), you need to prepare for the two scenarios we’ve referenced:

Keeping Ransomware Out of Your Business

Naturally, we want to keep ransomware out, which means there are some things you need to do. Keeping your protections—your antivirus, your parameters for your content filters, your firewalls, and everything else of the sort—up to date can reduce the number of threats you need to actively deal with by a considerable amount. It is also important that you keep your team equally up-to-date with the best practices and accepted responses on the chance that they spot a potential threat.

Minimizing the Damage Ransomware Can Do

Should a ransomware attack make it past all that, you need to be prepared to minimize its potential impact on you. Frankly, you’ll likely have to completely wipe your infrastructure, so you need to have an isolated and maintained backup. You know, just in case.

Ransomware is no joke, but neither are the services that you receive by working with NuTech Services. Our purpose is to do everything we can to prevent your business being hindered by a technology issue. Find out what we can do for your business specifically by calling 810.230.9455 today.

28
Jul, 2021
irish_health_ransomware_400.jpg

What We Can Learn from the Ireland Health Service Ransomware Attack

irish_health_ransomware_400.jpg

In May of 2021, Ireland’s Health Service Executive, which handles healthcare and social services to the Emerald Isle’s nearly five million residents, was the target of a massive ransomware attack. Even as businesses and municipalities from all over the globe have been dealing with this plight, we mention this because of the aftereffects of this situation. Today, we take a look at the situation and what can be learned from it. 

The Irish HSE Ransomware Attack

On May 14, 2021, the HSE was targeted by a hacking collective known as the Conti Ransomware Gang. The health service then received the instructions that the perpetrators would immediately release the patients’ data to the public unless they paid the ransom of $20 million in bitcoin. After a few days of deliberation, the government agency agreed to pay the sum (a practice that those of us at NuTech Services do not recommend). In turn, they got the decryption key. 

Sad to say, this is not where this situation ended.

Data Restoration is Problematic

With the working decryption key in hand, and a nation of people that depend on their service, the HSE went ahead and started the restoration process. Turns out, it is difficult. HSE is still having problems restoring data systems to their previous state and it has led to bottlenecks inside the nation’s healthcare system. 

The reason is that restoring data, especially on a scale such as this one, is an arduous task, and with new protocols and protections being implemented by HSE administrators to help avoid this type of problem in the future, it is taking much longer than expected. This means costs rise and people don’t get the care they need. As of this writing, it remains a real problem for the people of Ireland. 

What Your Business Can Take Away From the HSE Ransomware

No matter what your business is, getting hit with ransomware is a pretty scary situation. One thing that every company or organization can take away from this situation is the need for comprehensive training for phishing and other scams to minimize the chances of getting ransomware through typical means. You also should be monitoring your network to ensure that if something were to make it past your defenses that more can be done to thwart a major catastrophe like ransomware. You should also have a comprehensive backup in place to help protect the continuity of your business.

At NuTech Services, we can help you identify your organization’s cybersecurity weaknesses and help you put in policies and technology that will help you keep ransomware off your network and be ready for any type of problem should it arise. Reach out to us at 810.230.9455 today to talk to one of our skilled consultants.

23
Jul, 2021
key_to_protecting_400.jpg

The Key to Protecting Your Business from Ransomware Is More of the Same

key_to_protecting_400.jpg

With so many high-profile ransomware attacks being launched against manufacturers, pipelines, and even hospitals, it’s no surprise that many companies are worried about what the future of this threat means for their organizations. Ransomware poses a serious threat, one that cannot possibly be ignored, so we urge you to take action now so you don’t come to regret it later.

Today’s blog is dedicated to helping you take measures to protect your business from ransomware. You will have gained a foundational understanding of the type of threat ransomware is, how it spreads, and what you can do to stop it before it becomes a problem for your company.

What is Ransomware?

Ransomware is a special type of malware that encrypts the files found on a computer or device, essentially locking them down and rendering the user unable to access them. In order to regain access to the files, the hacker responsible for distributing the ransomware demands a payment. In the case of recent ransomware attacks, the payment is usually quite exorbitant and is most certainly not an amount that is budgeted for. Payment is most often requested in the form of Bitcoin or other cryptocurrency. Once the payment is received, hackers claim they will release the decryption key which can begin the process of unlocking the data.

However, we want all businesses to think twice about paying the ransom up-front and in a panic. Paying the ransom is generally counterproductive for a number of reasons. For one, there is no guarantee that paying the ransom will get you your data back. What’s stopping the hacker from accepting payment and just going about their business as usual? The other main concern is that you are essentially funding hackers by giving in to their ransom demands. Furthermore, paying the ransom just reinforces the idea that these types of hacks work, and work well, encouraging hackers to continue pulling off these stunts.

That said, paying the ransom might seem like the only choice at the moment. More and more hackers are implementing dirty tactics that force organizations’ hands when it comes to the ransom. For example, recent attacks have had hackers threaten to release the encrypted data in the event that the ransom is not paid in a timely manner. Doing so puts businesses in a precarious situation; do they pay up and give the hackers what they want, or do they risk their data being released into the wild, potentially subjecting them to fines imposed by strict data security and privacy regulations?

At the end of the day, it’s a lose-lose situation. Therefore, it makes sense to prevent infections in the first place.

How Can You Stop It?

First, you need to understand how ransomware can spread from system to system. At its core, ransomware operates in much the same way as any other type of malware. It can be spread through downloading infected files or attachments, clicking on the wrong links while navigating the web, and other phishing or social engineering tactics used by hackers. Sometimes hackers can utilize holes in your network security to infiltrate and install ransomware on the chosen device. Yes, in many ways, ransomware is no different from your typical malware, but this does not make it any less scary to deal with.

This is good news, as it means that you can double down on tactics used against any other type of malware to protect yourself from ransomware. Through a combination of proactive network maintenance, adequate security solutions, proper data backups and disaster recovery solutions, and training your employees to identify threats, you can be confident that your organization can effectively prevent and respond to ransomware attacks should it need to.

Let Us Help!

No matter how great your defenses, you can never be 100 percent secure from the threats that are out there that could target your business. Therefore, the best you can hope for is that the above measures are enough to deter any would-be security threats. To implement all of the above solutions, NuTech Services can help. To learn more about how you can take proactive steps toward protecting your business, reach out to us at 810.230.9455.

23
Jun, 2021
341110676_hacker_400.jpg

Major Hack Stymies Meat Processing

341110676_hacker_400.jpg

A recent surge of high-profile ransomware attacks strikes again with an assault on the world’s largest meat processor and distributor, JBS S.A. The cyberattack was so disruptive that the company was forced to suspend operations in both North America and Australia, leading to a considerable impact on the supply chain. Let’s take a deeper dive into what lessons can be learned from this situation.

What Happened to JBS S.A.?

In May 2021, JBS’s global IT systems were hit by a ransomware attack that forced the meat processor’s operations to completely shut down in North America and Australia. All operations were forced to halt as a result, and each step of the company’s operations ceased, from livestock procurement to exporting and shipping.

Fortunately for JBS, they had backups prepared and were able to restore their systems. There was also no evidence to suggest that customer, employee, or supplier data was compromised by the attack. This doesn’t mean that we can’t learn anything from the situation, though. Here are some major takeaways from this hack.

Who Was Involved in this Attack?

There has been no indication that any activist groups were involved in the attack; those responsible for this attack are sophisticated cybercriminals, the kind who have been associated with recent Russian cyberattacks. The Federal Bureau of Investigation has taken an interest in this attack, and the United States government has been in communication with Russia regarding it.

Similarly, the Australian Cyber Security Centre has been assisting with the effort but has chosen not to disclose what they are actually doing for this assistance. The company is also working with the Australian government and the Australian Federal Police to investigate the matter.

How Ransomware Affects Other Threats

Ransomware is still relatively new in the grand scheme of things, but it has grown exponentially in the time that it has been around. It is much more than a simple threat that locks down files unless a ransom is paid; nowadays hackers are also threatening to release the target’s data if the ransom is not paid. This is particularly concerning, even for businesses like JBS that have backups, as these types of organizations often have data governed by privacy regulations.

Having a backup is a good idea, even in the event that you are struck by a ransomware attack like those outlined above. The reason for this is simple; in the event you aren’t struck by one of these double-ransom attacks, you should theoretically be able to recover without much trouble. Many ransomware attacks spread through automated phishing campaigns and other hands-off means, meaning that if the hacker is taking such a hands-off approach, you should be able to recover without much incident.

We at NuTech Services are committed to helping businesses just like yours overcome cybersecurity issues big and small. To find out more about how we can help your organization overcome the challenges of modern cybersecurity, reach out to us at 810.230.9455.

18
Jun, 2021
325782067_cybersecurity_400.jpg

The Colonial Pipeline Attack Continues to Be Important to Cybersecurity

325782067_cybersecurity_400.jpg

The situation surrounding the hack against Colonial Pipeline has only become more complex as new information has come to light, each new discovery providing more insights and potentially actionable takeaways. Let’s examine some of the biggest developments surrounding the attack, and what they will likely mean for overall cybersecurity from this point forward.

Let’s begin with some of the bad news, just to get it out of the way.

The Colonial Pipeline Attack Has Inspired Additional Ransomware Campaigns

Taking advantage of the notoriety that the Colonial Pipeline attack garnered, cybercriminals have designed phishing campaigns to play on the fears of its recipients. Via email, messages have been distributed to organizations offering so-called “ransomware system updates.”

To be fair, this isn’t untrue so much as it is misleading. Technically speaking, they do contain ransomware system updates, in that these messages will update the recipients’ systems with ransomware.

To do so, these fraudulent emails direct the recipient to visit an innocuous-enough-looking website in order to download a so-called system update to help protect their computer. Little does the user realize that these websites have been designed to mimic a legitimate one, just so there’s a higher chance that a user will be fooled. Shortly after news broke that Colonial Pipeline had shelled over the payment the DarkSide ransomware group demanded of them, these phishing emails began appearing in the wild.

The Department of Justice Was Able to Repossess a Lot of the Ransom

On June 7th, the Department of Justice distributed a press release that stated that they had managed to seize 63.7 Bitcoins (valued at about $2.3 million) of what Colonial Pipeline had paid up. By following the money, the FBI located a wallet that they had exfiltrated the key for that had received a significant portion of the ransomware payment. As a result, the FBI was able to seize this portion of the payment.

However, This Led to Severe Dips in Cryptocurrency Values

When this news broke, cryptocurrencies saw their values plummet. After all, cryptocurrencies are supposed to be completely anonymous and secure, so the idea that the FBI was able to track and repossess these funds is disconcerting to many. The market therefore plummeted by 11 percent in a single day.

It is somewhat likely that more government intervention will follow, despite the impacts this would certainly have upon the crypto market. Time will only tell if these efforts will continue.
Clearly, ransomware is not to be underestimated, and these developments will only complicate things further. Cybersecurity is a difficult thing to manage, but NuTech Services is here to help. Give us a call at 810.230.9455 to learn more about what can be done to better secure your business.

12
Apr, 2021
215250570_ransomeware_expensive_400.jpg

What Makes a Ransomware Attack So Expensive?

215250570_ransomeware_expensive_400.jpg

Ransomware is no laughing matter, especially in terms of the costs it can impose on its victims—this is, after all, what ransomware is famous for. However, some of these costs can be derived from unexpected expenses and exacerbate the already significant issues that ransomware poses. Let’s go over some of the costs that you should anticipate, should you be targeted by a successful ransomware attempt.

Cost 1: Downtime

Perhaps unsurprisingly, downtime expenses make up most of the financial toll that a business suffers when successfully targeted with ransomware. Depending on the severity of the attack, a business could easily find itself taken completely out of action for days or even weeks. A survey taken in 2020 provided an estimated downtime span of about five days for an organization to completely recover, with another estimating an average of 21 days to resume operations.

This should be of serious concern to businesses, especially with the cost of such downtime rising precipitously. Data from Datto showed that downtime resulting from a ransomware attack can cost north of $274,200 (far more than the average ransomware demand totals).

Cost 2: Reputational Damage

Few things look worse for a company than having their customers’ data locked up—and presumably stolen, as we’ll get into later—so it only makes sense that ransomware can be immensely problematic for the impacted business’ public image. Surveyed consumers from numerous countries have said that they would take their business elsewhere if their data was rendered inaccessible or service was disrupted even once—with 90 percent strongly considering a business’ trustworthiness before becoming a patron and just over half avoiding companies that had experienced a cyberattack within a year prior.

This is a serious issue… particularly with groups popping up that are now collecting and sharing the data that companies have lost in a breach as part of a purported effort to improve transparency.

This means that a company seeking to protect itself will need to approach these issues on two fronts—not only avoiding successful attacks over time, but also putting themselves in a better position to react and get a handle on any that come later. As time goes on, this will be even more important for a company to enable.

Cost 3: Upgrade Costs

While there are truly few benefits to experiencing a ransomware attack, it can at least motivate a business into making the necessary upgrades to protect themselves from that point on. However, these kinds of upgrades don’t come cheap.

After all, these upgrades should equate to far more than just a fresh coat of paint. We’re talking about something akin to a comprehensive overhaul from the bottom up just to ensure that whatever vulnerability—software or otherwise—allowed the attack access has been identified and resolved. As one might imagine, these circumstances aren’t cheap for the business, adding to the burden that a cybersecurity event imposes.

Cost 4: Layered Extortion

We aren’t going to lecture you once again by defining ransomware and all that. What we are going to do is pose a simple question:

Let’s say that you are infected, and to keep your data from being deleted, your business elects to pay up. However, what guarantee do you have that the cybercriminals will keep up their end of the bargain and release the data they have encrypted, rather than keep it or share it on the Dark Web?

Frankly, you don’t—and knowing this, many cybercriminals have begun to steal data before encrypting it, adding the idea of data exposure to their target’s list of concerns. Class-action lawsuits are a real possibility if a business’ entire client list were to have their personally identifiable and sensitive information disclosed online.

Cost 5: Price of the Ransom

Finally, we come to the cost of the ransom itself. While one might expect just biting the bullet and paying for the return of a business’ data would be a less costly option than it would to completely restore a business’ infrastructure from scratch, this isn’t the reality.

Who said the cybercriminal had to return it in its original condition, after all?

Taking this factor into consideration (as well as the costs that come with recovering and restoring this data after the fact), it actually turns out that paying the ransom is far less cost-effective than just restoring data from a backup.

Protecting Your Business Against Ransomware in the First Place is the More Cost-Efficient Option

So, it is safe to conclude that the only reliable means of protecting your business and its data against ransomware’s ill effects is to proactively prepare for its eventuality. NuTech Services is here to help see you through it with our comprehensive data backup and continuity services, as well as the security we can assist you in implementing. Find out more by reaching out at 810.230.9455.

23
Mar, 2018
android_phone_ransom_400.jpg

Android Ransomware Kits on the Rise

android_phone_ransom_400.jpg

The do-it-yourselfers of the world have enjoyed the autonomy that the Internet brings into their lives. They can now look up how-to guides and YouTube videos on how to do just about anything. However, the Internet has also given hackers and other cybercriminals access to all sorts of technology that makes using malware and other threats easier than ever before–even for inexperienced users.

Malware kits are certainly not a new concept, although you might be surprised to hear that the first kits first emerged as early as the 1990s. The introduction of the Dark Web made the transfer of illegal goods and services easier on a global scale, and developing technologies like cryptocurrency have only contributed to the rise of contraband being spread without consequences. The anonymity provided by virtual private networks is simply the icing on the cake, making it difficult for authorities to investigate the activity.

While most of these kits target the Windows operating system, there is an increasing number of malware kits that target other operating systems. In the past year alone, cybersecurity analysts expect an increase in ransomware kits that target Android smartphones. These types of kits are called “ransomware as a service,” in which just about any user with basic knowledge of how computers work to pull off a legitimate ransomware attack.

The type of malware that’s targeting Android smartphones can potentially cost your business thousands of dollars, and that’s not mentioning the data and reputation lost from the incident. These kits go for about $200 on the black market, making them a very lucrative solution. To make matters worse, there are plenty of reasons why Android devices are ideal targets for these types of attacks. Android is used on the vast majority of smartphones–approximately 86% of smartphones around the world. The fact that a $200 investment can yield untold profits makes it tempting, regardless of how ethical the decision is.

Furthermore, statistics show that many Android users are running outdated versions of the operating system, which means that there are patches and security updates that aren’t being implemented on these devices. This makes it more likely that the ransomware attack will succeed on Android-based devices.

It’s almost guaranteed that your business will eventually have to deal with mobile devices in the workplace, accessing important data and information from your network. The best way to ensure that mobile devices are secure from these types of threats is to implement a mobile device management policy that takes into account security and network access. To learn more about how you can keep your business safe from ransomware, reach out to us at 810.230.9455.

27
Oct, 2017
adults_only_website_400.jpg

“It Redirected Where?” — A Case Study in Security Precautions

adults_only_website_400.jpg

Imagine what it would be like to discover that your website was suddenly redirecting to content that was decidedly more… adult... than what should be representing your business. For a company in Phoenix, Arizona, this was the unfortunate reality after they had let their IT administrator go.

The administrator, Tavis Tso, created a web in which he attempted to snare a client in an extortion scam. After lying to the client, claiming that he didn’t have their credentials to login to their GoDaddy domain registrar account, Tso changed the credentials to the GoDaddy accounts and created a separate Microsoft account that gave him considerable power over his target. His first steps were to block employees from accessing their email accounts and to redirect the company’s home page to a blank webpage. Tso then demanded $10,000 from the company to fix the problem that he had caused.

The company did not comply with his demands.

Once it was clear that the company wasn’t going to cooperate with Tso, the cybercriminal upped the ante. Rather than just redirecting the company’s home page to a blank site, Tso redirected all of the website’s traffic to a pornographic website. This redirect took several days to resolve.

Tso was ultimately sentenced to four years of probation, in addition to $9,145 as restitution for a count of wire fraud. While it is nice that a cybercriminal has been brought to justice, the damage done will be hard to undo, as he had considerable access to his company’s systems.

Would your business be able to recover from an incident like this? A good first step is to ensure your recovery is to reconsider the permissions of the users on your network–and more importantly, the permissions of former users. There is no reason to grant access to your IT where it is not needed, and there is no reason to keep an IT resource on your system once they are no longer part of your organization.

NuTech Services can help you to make these changes, as well as many others that will benefit your IT and your network security. Reach out to us at 810.230.9455 to start a discussion.

13
Oct, 2017
ransomware_school400.jpg

TheDarkOverlord Solutions Is at It Again! This Time the Hacker Group Is Targeting Schools

ransomware_school400.jpg

While many youngsters enjoy it when their school shuts down, this was likely not the case in Flathead Valley, Montana, where the cybercriminal group ‘TheDarkOverlord Solutions’ targeted the entire Columbia Falls school district. This attack caused the three-day closure and otherwise disrupted over 30 schools, and the personal information of teachers, students, and school administrators was supposedly to be released if the group didn’t receive a ransom payment.

Furthermore, and more alarmingly, parents received reportedly graphic death threats against their children from the group. These threats alluded to an infamous, and still painfully recent, school shooting. This is the first time that TheDarkOverlord Solutions have gone to these lengths as far as is known.

The district server for Columbia Falls was ultimately targeted; records detailing the addresses, medical history, behavioral history, and other pieces of information valuable to cybercriminals were accessed that detailed the personal data of current and former students, their parents, and the school’s staff members. As a result, the 30 schools closed (as referenced above) and weekend events and activities were cancelled. With a heightened security presence, students returned to classes on Tuesday, September 19th.

TheDarkOverlord is no stranger to the news, or to targeting vulnerable individuals. In July of 2017, there was an online sale for a tantalizing data set that would allow cybercriminals to leverage information harvested from healthcare providers, just weeks after putting almost nine and a half million records for sale. These records came from a clinic, a healthcare provider, and a health insurance provider.

Somewhat less threateningly, the same group also took credit for releasing the fifth season of the Netflix hit series Orange is the New Black before its official release date, despite receiving about $50,000 worth of cryptocurrency in ransom from an audio post-production studio.

This piece of history shows why the Columbia Falls school district is right in their decision to not pay the ransom, as it in no way guarantees that the cybercriminal (or group) responsible will hold up their end of the bargain. Even if they do, it only proves that the victims are willing to pay, designating themselves as the perfect target for repeated attacks.

The key to your safety is to ensure your data is secure against the entire spectrum of threats. NuTech Services can help you to do so. Call us at 810.230.9455 to get started.

20
Mar, 2017
police_ransomware_400.jpg

These Police Officers Called for Backup… and it was Infected with Ransomware

police_ransomware_400.jpg

The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Before you start to worry too much about this terrible new strain of ransomware, you should know that “Osiris” has been identified as a recent version of the Locky ransomware. The police department likely only referred to it as “Osiris” due to their encrypted files all sporting the extension “.osiris.”

This began as many ransomware attacks do; an on-screen message notified the police that their files had been locked, and would only be unlocked if the department paid up the demanded $4,000. As happens far too often, the ransomware was introduced into their system when a member of the department opened a spoofed email that appeared to be an official department communication. In keeping to best practices, the police’s IT department elected to restore the infected server’s files from a backup.

Unfortunately, the backup they had to restore from was taken after their systems had been infected, meaning that all they had were more locked and infected files.

This caused Cockrell authorities no small amount of trouble, as the encrypted files included years and years of photographic and video evidence to be used to prosecute cases. Time will only tell how much of an impact this will have on legal proceedings.

These events serve as a warning to all who rely on data in order to do their job, including businesses everywhere. It is essential to remember that your security is only as good as the people who are given access to your data. Furthermore, it reinforces the importance of keeping more than just one backup of your system. Backing up incrementally, and storing archived backups off site will usually safeguard a business from having the entire backup corrupted in the event of ransomware like this.

Reach out to us at 810.230.9455 so we can optimize your IT to protect you against ransomware and other critical issues.

31
Oct, 2016
spooky_it_service_400.jpg

Monsters aren’t Real, But Ransomware Sure Is!

spooky_it_service_400.jpg

Halloween is a time when creatures like ghosts and goblins are celebrated rather than feared. Even adults use the holiday to lighten up and enjoy themselves, as they’re well aware that the monsters so often seen and heard about in stories are fictional. Unfortunately, the fact remains that there are monsters hiding in plain sight all around us, playing on the fears and misfortune of others–namely, hackers.

It’s pretty unlikely that a child will wander to your front door this Halloween dressed as a hacker (we like to picture them in ski masks and black sweatshirts). Yet, the digital assets of your business, like your website and network infrastructure, could very well be visited this Halloween–or any day. While there are preventative measures to keep these threats at bay, like firewalls and antivirus, there are other tactics used by hackers that aren’t as obvious as a “trick or treat!” at your doorstep. We’re talking about specialized spear-phishing attacks that have a much greater chance of making it through your security and defenses.

Cyber extortion is a major problem that businesses have to deal with, primarily due to the fact that, when used properly, it is difficult to detect and protect against. Hackers tend to use fear tactics for their cyber extortion schemes, since it’s a particularly effective way to incite irrational behavior, like forking over cash. Their methods are akin to the likes of blackmail and deception.

These methods work in a similar manner to ransomware. Most ransomware will use encryption to lock down files on a victim’s computer, preventing them from opening it until a decryption key is issued. The key is obtained when the user pays a fine.

The concept is to capitalize on the victim’s panic. In their haste to recover their files, they will pay the fine using an untraceable cryptocurrency, regardless of how irrational the request. Their fear of losing data outweighs the price that’s been put on it. In particular, businesses need to be wary of losing mission-critical data. In the majority of ransomware cases, unless an organization has their data backed up, they’re out of luck and won’t be able to retrieve their data without paying the fine. Now that’s scary!

Recent ransomware hints at another sickening trend in the form of an ultimatum; hackers will steal information from businesses or individuals, and then threaten to release the sensitive data on the Internet unless a payment is made. Hackers will often do this if they’ve accumulated a large cache of valuable information. While they may not do anything with the stolen data, there’s no guarantee that the hackers who buy the data won’t make good on their threat. In order to prevent this from happening, the asking price is usually between $250 to $1,200.

IC3, the FBI’s Internet Crime Complaint Center, received a significant number of reports indicating that users who had data stolen through high-profile data breaches received extortion emails demanding that they pay a fee, or suffer the consequences. This data includes personally identifiable information, like Social Security numbers and birth dates, as well as financial information. In some cases, hackers also claim to have obtained photos, emails, and other valuable files that could have disastrous effects on the victim’s personal life.

Keep in mind that there’s almost no way to guarantee that hackers have obtained files unless they’re willing to show you proof. They could just be blowing hot air and hoping that you’ll be willing to believe them. This is why it’s important not to immediately pay a ransom, as there’s no guarantee that you’ll even get the decryption key from the hacker.

Basically, you should never act irrationally due to a ransom offered by hackers. Remember, fear isn’t going to save your files. All you’re doing is further proving to the hackers that their tactics work, and the money you fork over is probably going to be used to keep their hacking agenda going. Don’t give them the satisfaction of watching you squirm.

To prevent becoming a victim of a hacking attack or cyber extortion attempt, give NuTech Services a call at 810.230.9455. We can help you assess your choices and implement preventative solutions to keep things like this from happening in the future.

This Halloween, be safe and make sure to celebrate what looks scary (but really isn’t), instead of finding yourself in a situation that’s actually scary, like being blackmailed by a hacker.

29
Aug, 2016
ransomware_money_400.jpg

Alert: Microsoft Outlook Users Be Wary of New Ransomware

ransomware_money_400.jpg

Ransomware is a particularly nasty strain of malware that continues to pop up in unexpected forms. In the case of a new variant of called Cerber, it targets users of Microsoft Outlook using a zero-day vulnerability via phishing messages. To make matters worse, Cerber can also utilize DDoS attacks, which is a major cause for concern.

Distributed Denial of Service attacks utilize previously-infected “botnets” (networks of infected computers) to slam the targeted system with a ferocious amount of traffic. The legs of the targeted system eventually buckle, and the organization’s operations are crippled by downtime. Now that ransomware is using DDoS attacks, it becomes much riskier to ignore a ransomware warning. Plus, the infected computer is brought into the botnet and used to torture other poor souls who are unfortunate enough to get infected.

Cerber demands a ransom of 1.24 Bitcoins to unlock the ransomware. As of this time of writing, 1.24 Bitcoins are valued at approximately $718.

The intended victim receives an email containing the ransomware which, when activated, adds three files to the desktop of the victim’s computer. Each contains the same message; one is a simple TXT file, another is HTML, and the third is a Visual Basic Script that converts to an audio message. Their message reads: Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted! To add insult to injury, this message will trigger every time you boot your computer.

The hackers make it quite easy for users to pay the ransom. The two files contain instructions to navigate to the Tor payment site, while also offering some inspirational advice: “What doesn’t kill me makes me stronger,” transcribed in Latin. In most cases, we recommend against paying the ransom, but sometimes it’s unavoidable; particularly if you don’t have a secure data backup. Still, there’s no guarantee that the hacker will ever release your files, and contributing funds will only further their goals to attack others like yourself.

There’s currently no known way to eliminate Cerber, which makes it crucial to protect your systems from infection. In particular, you should focus on security best practices and identify phishing scams, as this is the primary mode through which ransomware spreads. As the business owner, you need to ensure that your organization follows these practices, from the top-down.

  • Users need to understand email security best practices. This includes being wary of unsolicited messages that contain attachments or suspicious links.
  • All of your organization’s mission-critical data should be backed up and stored in an isolated location. This way, even if your network becomes infected with ransomware, you can just restore the backup to avoid paying the hackers.
  • Keep your systems updated with the latest versions of software solutions, and always keep your antivirus solution updated with the latest threat definitions. Malware designers are always trying to outpace security professionals, so stay one step ahead to help keep yourself secure.

For more information about cyber security and other best practices, reach out to NuTech Services at 810.230.9455.

29
Jul, 2016
new_petya_friend_400.jpg

For This Ransomware, “Yes or No” Really Means “Yes or Yes”

new_petya_friend_400.jpg

The ransomware Petya (previously thought to have been eradicated) has unfortunately resurfaced, and it’s brought a friend to the party. Petya was delivered via an email containing an invitation to apply for a job, including the virus in an executable file that was disguised as a PDF job resume. When a hepless user clicked the file, Petya would get to work.

The original version of the ransomware operated by restricting access to the master boot record, allowing access only to a dark web payment portal that may (or may not) fix the problem. Since Petya required administrative privileges to do so, a savvy user could render it useless by denying them. Unfortunately, its developers have come up with an unpleasant way to work around this Achilles heel.

The malware now comes bundled together with a second ransomware program, a more traditionally operating one known as Mischa. Mischa blocks access to files until the user pays a ransom, providing the user with links to TOR payment sites and authentication codes to utilize there as well. The kicker is, Mischa also encrypts executable files, leaving the Windows folder and browser folders untouched. Once the computer has been sufficiently infected, Mischa leaves two files for the user with their payment instructions.

Just as when Petya was originally distributed, an email is delivered containing a file appearing to be a job application, which would ask to run an .exe file. Selecting “yes” will download Petya, and selecting “no” used to foil the attack. Not anymore – now selecting “no” will install Mischa.

The payment site for Mischa works in a very similar manner to Petya’s. After inputting the authentication code, the user is ordered to purchase enough Bitcoins to pay the ransom, currently set to the general equivalence of $875. The user is then provided with the Bitcoin address where they are to send the ransom.

Unlike Petya, there is no known way to recover files affected by Mischa without paying the Bitcoin ransom, but there are tools available online to remove the virus.

However, also to be found online are the rumblings of upcoming copycats of Petya and Mischa. Malwarebytes.com posted a threat analysis of another dual-horned ransomware called Satana. Just like the Petya and Mischa bundle, Satana has the capability to lock the master boot record and the complete file record. The main difference is, while Petya and Mischa would only run one of the two malware options depending on the user’s actions, Satana goes right ahead and runs both, sequentially.

While Malwarebytes reports that Satana is currently flawed and appears to still be in the early stages of development, this news is still unsettling. Imagine how frustrating it would be to have no fighting chance after downloading a virus – and now consider that we could be approaching that point.

However, we will continue to monitor the situation and keep you in the loop with any updates that arise. Keep visiting the NuTech Services blog to check in for the latest news and security updates.

20
Apr, 2016
ransomware_petya_400.jpg

Alert: New Petya Ransomware Spreads via Fake Online Resumes

ransomware_petya_400.jpg

Next time you see an unsolicited resume in your email, it’s worth scrutinizing before you just click on it. It could be a nasty new ransomware called Petya.

Petya is a particularly mean-spirited ransomware that hackers use to extort money from their victims. Infection begins with a Windows error, followed by the typical “blue screen of death” reboot, and displays a red skull and crossbones. As the computer restarts, a fraudulent “system check” allows the infection to encrypt the master file table (MFT), so the computer more or less “forgets” where, or even which, files it has.

In addition to doing this, instead of barring access from particular files, Petya locks the user out of their system entirely by overwriting their computer’s master boot record. Once this happens, the computer is rendered useless (you can’t even log in), only displaying a list of demands, an online address to appease those demands in Bitcoin, and finally, a decryption code to regain access to the files.

When the user accesses the payment page, they learn that they have a limited amount of time to purchase their key before the price is doubled–from around an initial cost of .99 Bitcoins, which is equivalent to about $430. While many websites claim that there are commands that will allow the user to skip the lock screen, the MFT will still be encrypted, and the files still useless. Additionally, there’s no guarantee that the decryption key provided upon payment will even solve the problem, potentially leaving the user short $430 and all of their digital files.

Business owners and human resource representatives need to be particularly alert, considering that the preferred method of disbursement for Petya is via email, specifically disguised as what would appear to be a message from someone seeking a job. The message contains a hyperlink that directs to a Dropbox containing a “resume” (an antivirus program-blinding Trojan containing Petya) and a stock photo. With these tactics, Petya had been plaguing German businesses, with no telling when it may spread.

Fortunately, a programmer has come up with a fix to remove Petya without paying any ransom after his father-in-law’s system was targeted. Thanks to some purported carelessness by the authors of this malware, the encryption is crackable. To do so, however, isn’t such a simple task – it requires a second, uninfected hard drive, for starters. So while Petya has been cracked, it is still better to not be a target in the first place.

So how does one avoid such an attack? Mainly vigilance, assisted by NuTech Services’s security solutions that help detect and block questionable sources. Call 810.230.9455 for more information about products to keep your company safe from the cyber pirates flying a digital skull and bones.

7
Mar, 2016
b2ap3_thumbnail_ransomware_hostage_400.jpg

Alert: New CryptoJoker Ransomware May Be the Worst Ransomware Yet

b2ap3_thumbnail_ransomware_hostage_400.jpgModern ransomware is exceptionally dangerous, even by malware standards. Ransomware is capable of locking down important files on a victim’s computer, displaying a massive threat to both business professionals and their networks, as well as the average PC user. While other types of ransomware like CryptoLocker and CryptoWall are somewhat manageable, a new variant called CryptoJoker makes it borderline impossible to recover your files.

Similar to other types of ransomware, CryptoJoker locks down the victim’s files through encryption, and will only decrypt the files once the ransom has been paid to the hacker in full. The ransom is generally paid in Bitcoin to preserve the anonymity of the crook holding your data. The idea is to strike fear into the hearts of their victims, and play on this fear to extort money from them for the safe return of their files. Ransomware like CryptoJoker is typically spread through email phishing scams, but in this case, CryptoJoker infects users through a phony PDF file.

ib cryptojoker

After the user has been infected by CryptoJoker and the ransomware has installed, it will scan all drives connected to the infected device. This includes all network drives connected to it. CryptoJoker then proceeds to encrypt specific file extensions, most of which are absolutely critical to your business’s continued functionality:

  • .txt
  • .doc
  • .docx
  • .xls
  • .xlsx
  • .ppt
  • .pptx
  • .odt
  • .jpg
  • .png
  • .csv
  • .sql
  • .mdb
  • .sln
  • .php
  • .asp
  • .aspx
  • .html
  • .xml
  • .psd
  • .java
  • .jpeg
  • .pptm
  • .pptx
  • .xlsb
  • .xlsm
  • .db
  • .docm
  • .sql
  • .pdf

CryptoJoker isn’t widely distributed, so you can breathe easy knowing that you probably won’t run into it anytime soon. Still, what would happen if you were to get infected? CryptoJoker isn’t something to laugh at; the quality of its encryption is military-grade AES-256 encryption, which makes it impossible, in most cases, to crack. Users are often left with no choice but to pay the ransom to CryptoJoker’s developers. Thus, the key to preventing ransomware from destroying your data is to prevent it from infiltrating your computer in the first place. If you do get infected by CryptoJoker, you better hope that you have a data backup solution that’s ready to work overtime.

If you don’t have a backup of your data available, you’re out of luck. Even in the worst case, though, you shouldn’t be paying criminals for the decryption key if you can help it. Just because they claim that they’ll give you the key in exchange for payment, doesn’t mean that they’ll stick to their word. There’s nothing stopping them from taking your money and leaving you high and dry. Other ransomware is notorious for taking payments and not decrypting your files, so it’s safe to say that you shouldn’t trust CryptoJoker either.

If you aren’t sure whether or not your security solution has what it takes to protect your organization from CryptoJoker, NuTech Services can help. We can arm your business with solutions that are designed to protect your systems from CryptoJoker and other ransomware before you get infected. In most cases, this is the best thing we can do for you; recovering your encrypted files is often borderline impossible.

For more information about cybersecurity best practices and how to protect your organization from ransomware, give NuTech Services a call at 810.230.9455.