Tech Tidbit – Ransomware is getting a whole lot nastier

June 24th, 2023
Tech Tidbit – Ransomware is getting a whole lot nastier

We all understand the scourge of Ransomware.   It is debilitating.   Even in the best case, it consumes a huge amount of time to recover.  However, now the bad guys are getting even more nasty.   They want their money.   If you decide you can recover or don't care, they get nothing.

Here are some of the new twists to expect from Ransomware attacks:

  • They will go after all your on-premise and online credentials.
  • They will use your online credentials to compromise your web pages and access other sensitive material like your online financial or student services systems.
  • They will figure out your backup systems and, instead of killing them, reset them with an encryption key.  Your backups will continue to run perfectly.  They will attempt to wait out your backup retention strategy before wiping you out.
  • They will ship your financial and personally identifiable data offsite so they have their own copy.
  • If you don't pay, they will publish all your data on the Internet.
  • If you don't pay, they will publicly shame you by making sure that EVERYONE understands you have been hacked.
  • If you don't pay, they will start contacting all the companies or people whose personal and confidential data they have and demand payment from each of them individually.
  • The amount of money the bad guys demand has been steadily increasing.

KnowBe4.com recently had some interesting statistics.

  • 67% of ransomware comes from phishing attacks
  • 30% from password credential theft.
  • 3% from other sources

They went on to state that for all breaches worldwide:

  • 70-90% came from phishing and social engineering
  • 10-20% unpatched software
  • 1-10% of everything else

There are some basic things you can do:

  • Patch your servers and workstations for both critical OS security patches *AND* third-party software patches.
  • Read your security and backup reports daily
  • Routinely run test restores to prove your backups work.
  • Make sure your backups are "air-gapped" meaning that they are not part of your normal Active Directory network and use separate credentials to access both the backup server and backup server storage.
  • Implement Multi-Factor Authentication (MFA) on all online and remote access resources.  Microsoft's statistics say 99.9% of credential breaches are stopped by this technology.
  • Implement a cloud-based backup for your Office 365 or Google Apps environments including OneDrive or Google Drive.   Remember you have 30 days or less recoverability from the vendor's normal tools.
  • It is time to significantly improve your spam/phishing defenses.  It is time to put a next-generation spam filter in front of Google Apps and Office 365.  Remember 67% of the attacks are coming through this interface.  A lot has changed in the last few years and it is time to take the next step.
  • Implement Cisco Umbrella (aka OpenDNS) to block known malware links from even launching in your district.
  • Implement a next-generation EDR client like our CyberSentinel Endpoint Detect & Respond. (CSEDR) to protect your critical servers and endpoints.
  • Know exactly what your CyberSecurity insurance policy covers and what the rules of engagement are with it.
  • Control and limit your browser extensions.  Google just dumped 500 browser extensions that they determined were doing bad things.   Firefox has blocked all extensions which download additional code beyond the basic extension.   Google Apps allows you to control and limit Chrome browser extensions.  Test what extensions you actually need and block the rest.

There is a lot here to unpack and a lot for everyone to work on.   We are happy to help.  Give us a call and let's work through the list together.