A Deep Dive Into Ransomware | Part 2 August 26, 2021 by Paul Byrne Ecommerce Security Welcome back to the hacking hour, where we hack and slash hackers tactics so that businesses can establish some level of security and self defense! If all else fails, give our team at Razoyo a call so we can set you up with a plan that will help you and your employees sleep well at night. Easy Access for Hackers Most attacks start either with phishing or social engineering. Here are some easy examples: Someone receives an email saying that it’s time to update a basic software, or that the government owes an individual money and that the insurance company, bank, or other institution needs the user to update their information. Someone gets a call from tech support saying you need to visit a website so they can see if the system is working properly. Some engenius hackers have even used Facebook or other social media ads, targeted specifically at a person of interest, to get them to click on their link. All 3 of these tactics have a similar goal: Once a person clicks on the link, or divulges their personal information, they can be tricked into installing some piece of software that tracks their activity. Other tactics include hackers easily accessing devices like printers, TVs, security cameras, and any other internet connected device. These local network devices are commonly manufactured to have (or hacked to create) a “digital built-in back door” that captures local unencrypted data and traffic that is transferred via the internet for unsavory purposes. This is why it is especially important for consumers to be mindful of convenient and cheap devices that could leave them and the companies they work for vulnerable to cyber attacks. What Hackers Really Want Let’s cut to the chase, beyond accessing consumer information with cheap hardware, there are methods that big time hackers use to get information, power, and money. It’s almost impossible to say which is the motivation for each hacker specifically, but you can make your own assumptions about those coming from countries with state-sponsored hackers like Russia and China. i.e. Ransomware Ransomware attacks are the most popular strategy (as of late) to get hackers what they want… and fast if the system or organization they hack is desperate enough. It just takes one person clicking on a phishing email or plugging in a compromised USB device in a non-air-gapped system to open the door to a ransomware attack. It’s definitely not just big businesses that are being targeted by these types of attacks. The hacked email, link, or device has the capability to infect, lock up, and hold hostage all digital business hardware, software, and information until a ransom is paid to the hackers. These types of Ransoms aren’t the age-old blindfolded handoff anymore either. Despite common knowledge, there is often phone and/or video call contact between victim and attacker. Small businesses have reported amenities such as toll-free numbers and tech support for ransomware attacks. Why not? Many companies don’t believe that the hackers will give them back their data, so having a reputation for ensuring the businesses get back up and running significantly increases their hit rate. The size of the prize for hackers depends on how urgently a business needs to resume operations, the amount and sensitivity of data involved, and of course the size of the targeted organization. Large businesses often receive extortion requests totalling Millions of dollars. Small businesses often receive requests in the low thousands of dollars, and because small businesses are less tech-savvy they are often more frequently susceptible to extortion. Ransoms are typically paid via encrypted payment portals accepting only cryptocurrency to reduce traceability. Preventing Phishing, Hackers, and Ransomware Companies cringe at the thought of their business operations being held hostage. So, what can be done? We’ve got 6 steps below that will help any business save themselves from a dreaded data breach, or worse, a ransomware attack. If these steps seem like too much, reach out for a consultation on how to secure your systems. 1. Get a security expert involved Most large businesses employ network and cyber-security experts that should develop and implement protections, protocols, and procedures for employees to keep the business safe from attacks. Not enough businesses employ this method, but these protocols and procedures are often the first line of defense against an attack. 2. Counterspying Unlike common hacking attacks, these invasions involve a social component; keeping an eye on your employees. Companies can employ counter-intelligence systems to make informed decisions about who should have access to sensitive information. Employees with access to intellectual property and systems should have to clear a background check each year to avoid information getting into the wrong hands. 3. Get onboard with the Cloud Google, Amazon Web Services, MS Azure and other cloud providers do share information from individuals using their services with the NSA on a regular basis, but they are pretty good at keeping it safe from malicious hackers. They have millions of servers and a sufficient scale to spend enormous amounts of money on tools and procedures to protect them in case of threats to the data. 4. Air-gap your systems Don’t sync files automatically from your desktop to the cloud. View in a browser Google Docs, Microsoft Teams files, etc. Phishing via email or even online advertising is a common attack vector. Generally, hackers gain access to the file system on a desktop computer or tablet computer and use that to spread the attack. If they manage to infect a file on the desktop and that file syncs to the person’s cloud storage and is shared by multiple users and/or multiple devices, it will spread like wildfire. The Colonial Pipeline actually had their systems air-gapped but was unable to confirm the infection had not made it to their operational systems quickly enough and, thus, paid the ransom. 5. Use a ransomware backup service Even though the Colonial Pipeline had the encryption key and software needed to decrypt their systems, they actually resolved their ransomware issue by using a backup of the data. It was made clear that the backup was the key to getting the system fully functional and running in a matter of days because they soon discovered that the decryption process would take months or years to complete. 6. Participate in the national discussion Because ransomware attacks are often state-supported acts of terrorism, a government that partners with the private sector is a necessity. In 2018, the Trump administration signed the Cybersecurity and Infrastructure Security Act and the Biden administration seems to have embraced it. You can find information here, and participate in the national discussion via your elected representatives. While the government is incapable of freeing the internet of cybercrime, it’s possible to work together to make it better. Hackers are relentless. From petty phishing schemes to holistic hostage situations, businesses and individuals are at risk. Becoming aware of the digital vulnerabilities in your life is the first step in learning to prevent and protect yourself from attacks of any size. So now that you’ve read both parts of our Deep Dive into Ransomware, go forth and be wary of what information may be under attack to protect yourself and others. (If you missed Part 1, you can read it here) In summary, hackers will keep on hacking and finding new and improved ways to make companies dish out the dough. If you have immediate concerns about your business and it’s security risks, sign up for a technical site review to reveal any missteps or improvements that can be made.