InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
What You Should Know if Your Business Is Targeted by Ransomware
It may not be news to you that ransomware is on the rise, but the numbers may leave you shocked. In 2020 alone, there were close to 300 million ransomware attacks worldwide.1 The cost of ransom payments demanded by hackers are also increasing in tandem with the increase in attacks. According to a recent projection, the global annual cost of ransomware attacks will touch $20 billion by the end of 2021.2Offerings like ransomware-as-a-service have made it easier for criminals with little technical knowledge to become threat actors. These attackers are less predictable and seem to lack a code of ethics. For example, groups in the past had lists of organizations they wouldn’t attack, such as cancer treatment facilities. That’s often not the case anymore.
A ransomware attack can affect any organization, regardless of size or industry. However, SMBs are the most vulnerable since cybercriminals count on these businesses to lack the resources to battle cybercrime or the IT teams to frequently evaluate cybersecurity measures. Even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news unless a huge corporation experiences a breach.
With ransomware expected to hit businesses every 11 seconds2, always remember that it isn’t a question of IF but rather WHEN your business will come under attack. Keep in mind that with the right security solutions and measures in place, your business won’t have to experience a devastating breach. But first, there are a few things you should know if you experience a ransomware attack.
Before Reacting to a Ransomware Attack, Remember:
- The FBI advises against paying a ransom because spending money does not guarantee the hackers will share the keys to decrypt your data. While the FBI is an American organization, they raise a good point for businesses all across the globe.
It doesn’t make any sense to place your trust in cybercriminals who have already demonstrated that they aren’t afraid to break the law and take advantage of you for financial gain. However, many businesses find themselves in this situation because they don’t have sufficient security, backup or compliance measures, and are desperate to get their data back.
Keep in mind that another reason the FBI advises against giving in to ransomware demands is that you are encouraging criminals to conduct further attacks. If nobody ever paid ransom, it’s likely there wouldn’t be as many ransomware attacks. Criminals would have to find new ways to make money and would disregard ransomware as a viable venture.
- In case you fall victim to a ransomware attack and have no option other than paying, “ransomware negotiators” are available for hire.
In ransomware negotiations, the most crucial moment occurs long before the victim and hackers discuss the ransom. This is because by the time both sides start to discuss, hackers have already gained considerable control over the organization’s network by encrypting access to sensitive business data and other digital assets. The more data they encrypt, the greater the negotiating power they have.
So, even before you begin negotiations, you need to know how much data has been compromised and what negotiating methods have been employed in the past by the criminals. Professional ransomware negotiators can help at this stage. Although a ransomware negotiation rarely results in a ransom demand being totally withdrawn, it can significantly bring down the asking price.
- Victims of ransomware should expect the following:
- The data will not be erased in a trustworthy manner. It will be sold, improperly handled or stored for future extortion attempts.
- Multiple parties would have handled the exfiltrated data, making it insecure. Even if the hacker deletes a large portion of the data once the ransom is paid, other parties who had access to it may have made duplicates to make payment demands later.
- Before a victim can respond to an extortion attempt, the data may get leaked either intentionally or inadvertently.
- Even if the threat actor explicitly promises to release the encrypted data after payment, they may not keep their word.
Make Your Move Before It’s Too Late
You’re probably wondering what steps you can take right now to combat the menace of ransomware targeting vulnerable systems. Our best recommendation is layered security.
Since no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.
If the idea of protecting your business is overwhelming, don’t worry. You don’t have to do it alone. Collaborate with an experienced partner like us to do the heavy lifting for you. Our cybersecurity expertise and knowledge will help you pave the way to a more secure future.
Sources:
- Statista
- Cybersecurity Ventures
What You Should Know if Your Business Is Targeted by Ransomware
It may not be news to you that ransomware is on the rise, but the numbers may leave you shocked. In 2020 alone, there were close to 300 million ransomware attacks worldwide.1 The cost of ransom payments demanded by hackers are also increasing in tandem with the increase in attacks. According to a recent projection, the global annual cost of ransomware attacks will touch $20 billion by the end of 2021.2 Offerings like ransomware-as-a-service have made it easier for criminals with little technical knowledge to become threat actors. These attackers are less predictable and seem to lack a code of ethics. For example, groups in the past had lists of organizations they wouldn’t attack, such as cancer treatment facilities. That’s often not the case anymore.
A ransomware attack can affect any organization, regardless of size or industry. However, SMBs are the most vulnerable since cybercriminals count on these businesses to lack the resources to battle cybercrime or the IT teams to frequently evaluate cybersecurity measures. Even though SMBs continue to be disproportionately affected by these nefarious attacks, reporting and notifications rarely make the news unless a huge corporation experiences a breach.
With ransomware expected to hit businesses every 11 seconds2, always remember that it isn’t a question of IF but rather WHEN your business will come under attack. Keep in mind that with the right security solutions and measures in place, your business won’t have to experience a devastating breach. But first, there are a few things you should know if you experience a ransomware attack.
Before Reacting to a Ransomware Attack, Remember:
- The FBI advises against paying a ransom because spending money does not guarantee the hackers will share the keys to decrypt your data. While the FBI is an American organization, they raise a good point for businesses all across the globe.
Keep in mind that another reason the FBI advises against giving in to ransomware demands is that you are encouraging criminals to conduct further attacks. If nobody ever paid ransom, it’s likely there wouldn’t be as many ransomware attacks. Criminals would have to find new ways to make money and would disregard ransomware as a viable venture.
- In case you fall victim to a ransomware attack and have no option other than paying, “ransomware negotiators” are available for hire.
So, even before you begin negotiations, you need to know how much data has been compromised and what negotiating methods have been employed in the past by the criminals. Professional ransomware negotiators can help at this stage. Although a ransomware negotiation rarely results in a ransom demand being totally withdrawn, it can significantly bring down the asking price.
- Victims of ransomware should expect the following:
- The data will not be erased in a trustworthy manner. It will be sold, improperly handled or stored for future extortion attempts.
- Multiple parties would have handled the exfiltrated data, making it insecure. Even if the hacker deletes a large portion of the data once the ransom is paid, other parties who had access to it may have made duplicates to make payment demands later.
- Before a victim can respond to an extortion attempt, the data may get leaked either intentionally or inadvertently.
- Even if the threat actor explicitly promises to release the encrypted data after payment, they may not keep their word.
Make Your Move Before It’s Too Late
You’re probably wondering what steps you can take right now to combat the menace of ransomware targeting vulnerable systems. Our best recommendation is layered security.
Since no security technology or measure is flawless or guaranteed, layered security assumes that attackers will infiltrate different layers of an organization's defenses or have already done so. The goal of this approach is to provide multiple security measures so that if an attack gets past one security tool, there are others in place to help identify and stop the attack before your data is stolen.
If the idea of protecting your business is overwhelming, don’t worry. You don’t have to do it alone. Collaborate with an experienced partner like us to do the heavy lifting for you. Our cybersecurity expertise and knowledge will help you pave the way to a more secure future.
Sources:
- Statista
- Cybersecurity Ventures
Olympus Corporation of the Americas
https://www.bleepingcomputer.com/news/security/olympus-us-systems-hit-by-cyberattack-over-the-weekend/Exploit: Ransomware
Olympus Corporation of the Americas: Medical Technology Manufacturer
Risk to Business: 2.122 = Severe
Olympus was forced to take down IT systems in the U.S., Canada, and Latin America following a cyberattack that hit its network Sunday. The medical equipment manufacturer says that it does not believe that any data was stolen. Olympus also said that the incident was contained to the Americas with no known impact to other regions. Just last month, Olympus suffered another ransomware attack on its EMEA region systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Many ransomware gangs aren’t bothering to steal data anymore, opting to lock down networks and production lines to force a speedy ransom payment.
Premier Patient Healthcare
https://www.govinfosecurity.com/former-executive-accessed-phi-nearly-38000-individuals-a-17724Exploit: Malicious Insider
Premier Patient Healthcare: Medical Clinic Chain
Risk to Business: 1.712=Severe
Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case.
Individual Risk: 1.712=Severe
The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.
How It Could Affect Your Business: This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.
Ecuador- Banco Pichincha
https://www.bleepingcomputer.com/news/security/cyberattack-shuts-down-ecuadors-largest-bank-banco-pichincha/Exploit: Ransomware
Banco Pichincha: Banking & Financial Services
Risk to Business: 1.412=Extreme
Ecuador’s largest private bank Banco Pichincha has suffered a suspected ransomware attack that has resulted in some systems being knocked offline for days. Many services of the bank were disrupted, including online banking, its mobile app and ATM network. The bank is working with national authorities at the Superintendency of Banks to investigate the incident. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational for an unspecified amount of time due to a technology issue, limiting many bank services to in-person transactions. Some ATM services have been restored. The incident is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking and fintech sectors have been growing, creating complications for every financial services organization.
Argentina – Registro Nacional de las Personas (RENAPER)/National Registry of Persons
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/Exploit: Hacking
Registro Nacional de las Personas (RENAPER): National Identity Database
Risk to Business: 1.232=Extreme
Hackers have broken into the Argentina Interior Ministry’s IT network and stolen a massive amount of data from Registro Nacional de las Personas (RENAPER)/National Registry of Persons. That extremely sensitive database contains ID card details for the country’s entire population. The leak was announced when a Twitter user posted ID card photos and personal details for 44 Argentinian celebrities including the country’s president Alberto Fernández and soccer superstars Lionel Messi and Sergio Aguero. While the Argentine government admits to the hack, they maintain that no data was stolen. However, cybersecurity experts and journalists were able to contact the threat actors through a dark web posting and confirm the authenticity of the database. The hackers appear to have gained access through a compromised VPN.
Risk to Business: 1.222= Extreme
According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.
How it Could Affect Your Business: A strong security culture helps reduce the likelihood of an incident caused by employee carelessness as this one reportedly was.
Brazil – Hariexpress
https://www.infosecurity-magazine.com/news/ecommerce-player-leaks-billion/Exploit: Misconfiguration
Hariexpress: e-Commerce Firm
Risk to Business: 1.616 = Severe
Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.
Individual Risk: 1.616 = Severe
Exposed customer data included full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).
How it Could Affect Your Business: Human error will always be a company’s biggest cyberattack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.
Spain – Meliá Hotels International
https://therecord.media/cyberattack-hits-melia-one-of-the-largest-hotel-chains-in-the-world/Exploit: Ransomware
Meliá Hotels International: Hotel Chain
Risk to Business: 1.615 = Severe
Meliá Hotels International, one of the largest hotel chains in the world, had fallen victim to a suspected ransomware attack. Attackers took down parts of the hotel chain’s internal network and some web-based servers, including its reservation system and public websites. An investigation is underway. No ransomware gang has yet claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is always expensive. Even without the extortion demand, it can cause massive losses simply from business interruption.
Taiwan – Acer
https://www.bleepingcomputer.com/news/security/acer-confirms-breach-of-after-sales-service-systems-in-india/Exploit: Hacking
Acer: Computer Manufacturer
Risk to Business: 1.631 = Severe
Acer has just been beleaguered by cyberattacks in 2021. In its second time at the dance this year, Acer’s India after-sales service has suffered a data breach. A threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. The threat actor posted a video showcasing the stolen files and databases to a dark web forum showcasing the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that store large amounts of data are hacker catnip. The data that they can steal will not only reap a big profit, it also opens other cybercrime doors.
Olympus Corporation of the Americas
https://www.bleepingcomputer.com/news/security/olympus-us-systems-hit-by-cyberattack-over-the-weekend/Exploit: Ransomware
Olympus Corporation of the Americas: Medical Technology Manufacturer
Risk to Business: 2.122 = Severe
Olympus was forced to take down IT systems in the U.S., Canada, and Latin America following a cyberattack that hit its network Sunday. The medical equipment manufacturer says that it does not believe that any data was stolen. Olympus also said that the incident was contained to the Americas with no known impact to other regions. Just last month, Olympus suffered another ransomware attack on its EMEA region systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Many ransomware gangs aren’t bothering to steal data anymore, opting to lock down networks and production lines to force a speedy ransom payment.
Premier Patient Healthcare
https://www.govinfosecurity.com/former-executive-accessed-phi-nearly-38000-individuals-a-17724Exploit: Malicious Insider
Premier Patient Healthcare: Medical Clinic Chain
Risk to Business: 1.712=Severe
Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case.
Individual Risk: 1.712=Severe
The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.
How It Could Affect Your Business: This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.
Ecuador- Banco Pichincha
https://www.bleepingcomputer.com/news/security/cyberattack-shuts-down-ecuadors-largest-bank-banco-pichincha/Exploit: Ransomware
Banco Pichincha: Banking & Financial Services
Risk to Business: 1.412=Extreme
Ecuador’s largest private bank Banco Pichincha has suffered a suspected ransomware attack that has resulted in some systems being knocked offline for days. Many services of the bank were disrupted, including online banking, its mobile app and ATM network. The bank is working with national authorities at the Superintendency of Banks to investigate the incident. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational for an unspecified amount of time due to a technology issue, limiting many bank services to in-person transactions. Some ATM services have been restored. The incident is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Attacks on the banking and fintech sectors have been growing, creating complications for every financial services organization.
Argentina – Registro Nacional de las Personas (RENAPER)/National Registry of Persons
https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/Exploit: Hacking
Registro Nacional de las Personas (RENAPER): National Identity Database
Risk to Business: 1.232=Extreme
Hackers have broken into the Argentina Interior Ministry’s IT network and stolen a massive amount of data from Registro Nacional de las Personas (RENAPER)/National Registry of Persons. That extremely sensitive database contains ID card details for the country’s entire population. The leak was announced when a Twitter user posted ID card photos and personal details for 44 Argentinian celebrities including the country’s president Alberto Fernández and soccer superstars Lionel Messi and Sergio Aguero. While the Argentine government admits to the hack, they maintain that no data was stolen. However, cybersecurity experts and journalists were able to contact the threat actors through a dark web posting and confirm the authenticity of the database. The hackers appear to have gained access through a compromised VPN.
Risk to Business: 1.222= Extreme
According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.
How it Could Affect Your Business: A strong security culture helps reduce the likelihood of an incident caused by employee carelessness as this one reportedly was.
Brazil – Hariexpress
https://www.infosecurity-magazine.com/news/ecommerce-player-leaks-billion/Exploit: Misconfiguration
Hariexpress: e-Commerce Firm
Risk to Business: 1.616 = Severe
Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.
Individual Risk: 1.616 = Severe
Exposed customer data included full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).
How it Could Affect Your Business: Human error will always be a company’s biggest cyberattack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.
Spain – Meliá Hotels International
https://therecord.media/cyberattack-hits-melia-one-of-the-largest-hotel-chains-in-the-world/Exploit: Ransomware
Meliá Hotels International: Hotel Chain
Risk to Business: 1.615 = Severe
Meliá Hotels International, one of the largest hotel chains in the world, had fallen victim to a suspected ransomware attack. Attackers took down parts of the hotel chain’s internal network and some web-based servers, including its reservation system and public websites. An investigation is underway. No ransomware gang has yet claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is always expensive. Even without the extortion demand, it can cause massive losses simply from business interruption.
Taiwan – Acer
https://www.bleepingcomputer.com/news/security/acer-confirms-breach-of-after-sales-service-systems-in-india/Exploit: Hacking
Acer: Computer Manufacturer
Risk to Business: 1.631 = Severe
Acer has just been beleaguered by cyberattacks in 2021. In its second time at the dance this year, Acer’s India after-sales service has suffered a data breach. A threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. The threat actor posted a video showcasing the stolen files and databases to a dark web forum showcasing the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that store large amounts of data are hacker catnip. The data that they can steal will not only reap a big profit, it also opens other cybercrime doors.
4 Data Backup Myths You Need to Know About
Humans generate 2.5 quintillion bytes of data every day.1 That is a substantial amount of information. However, failing to keep up with the ever-changing threat landscape might wipe your share of this data in the blink of an eye. In fact, ransomware has more than doubled in frequency since last year, accounting for 10% of verified breaches.2
While there is a lot of fear surrounding cybersecurity, you don’t need to panic. There are measures you can put in place to better protect your business. One of our best recommendations is to make data backups a component of your cybersecurity plan. Companies that don’t regularly back up valuable data leave themselves vulnerable to evolving cyberthreats.
Data loss can occur due to multiple reasons that range from hard drive failures and ransomware attacks to natural disasters and human error. Whatever the reason may be, data backup can provide the relief you need by helping restore data on your devices should an incident occur.
When you decide to embark on your data backup journey to protect your organization and create business continuity, there are several myths you’ll come across. Here are four of the most common data backup myths:
Backup Myths Debunked
Myth #1: Data Backup Is Too Expensive
Data loss can have a cascading effect, resulting in downtime, productivity loss, revenue disruptions, regulatory fines and reputational damage. The total cost of these setbacks is typically higher than the cost of a backup solution.Myth #2: Having One Copy of Your Data Backed Up Is All You Need
The 3-2-1 strategy is a data backup best practice that involves having at least three copies of your data, two on-site but on different mediums/devices, and one off-site.
- Three copies of data: Having at least two additional copies of your data, in addition to your original data, is ideal.
- Two different mediums: Keep two copies of your data on different types of storage medium such as internal hard drives and removable storage like an external hard drive or a USB drive.
- One off-site copy: Keep one copy of your data off-site. This helps safeguard against worst-case scenarios.
Myth #3: Multiple Copies Guarantee Successful Backups
Having additional copies of your data by following the 3-2-1 strategy is a smart practice, but this doesn’t guarantee backups will operate as expected.Organizations following the 3-2-1 strategy generally keep the original data and one of its copies on-site while another copy is transmitted to a safe, off-site destination, typically the cloud.
Beyond creating additional backup copies, regularly check to verify whether your backups are working properly since they may still be vulnerable to user error or data corruption. Routinely test backups or outsource the task to a managed service provider (MSP).
Myth #4: Data Backup and Disaster Recovery Are the Same
This misunderstanding stems from the fact that many people do not understand the difference between data backup and disaster recovery. Even though they are both vital components of business continuity, they are not the same.While data backup is the act of backing up critical data, disaster recovery is the act of recovering those backups. Another distinction is that while data backup is defined by the recovery point objective (RPO), which is the amount of data that must be restored to keep operations running, disaster recovery is defined by the recovery time objective (RTO), which considers the time it takes to recover.
Partner for Success
Trying to safeguard your organization against data loss on your own can be overwhelming. Fortunately, we've got you covered.
We can make it easier for you to implement a long-term security and data backup strategy that also meets IT and endpoint device security and data protection requirements – especially considering new, growing cyberthreats that target vulnerabilities you may have overlooked.
Sources:
- net
- Verizon 2021 DBIR