Ransomware is one of the most dangerous computer viruses in the computer world today. It would not be surprising if many of you, regardless of your background knowledge of computers, have heard of ransomware to some extent. Perhaps it has been through the numerous cities that have been hit, or maybe it was because of the few schools that have begun to be targeted by this disastrous virus. With ransomware on the rise, more and more businesses are being targeted. In order to keep your business’s sensitive information safe, taking preventative measures immediately is the best course of action to ensure your computer systems are not held for ransom. Setting up your Defenses Running Backups One of the most important steps, one often disregarded by many businesses, is ensuring that all computer systems are backed up daily. In the event that your network becomes infected with ransomware, having backups of critical information systems and configurations can save millions of dollars in lost revenue. Educate and Reinforce Basic Cybersecurity Awareness Ransomware needs a human element in order to infect a computer system or network. Therefore, proper and regular training of staff on how to spot phishing emails and suspicious files is essential to a business’s overall cybersecurity. Ensure that staff understands “think before click” and the dangers of downloading attachments from unknown senders. Make sure staff are browsing safely as well and know how to spot fake websites. Fake websites can look strikingly similar to the real ones but often have variations in their URL, which give away their true identities. Make sure employees are suspicious of anyone on the phone or email asking for sensitive information. Always ensure you are communicating with a trusted individual before divulging sensitive information. Have a Plan in Place in the Event of an Attack Make sure a clear plan is established in the event an attack does occur. Ensure response plans outline how to request outside assistance from cyber first responders (state agencies, CISA, and MS-ISAC). Update and Patch Systems Regularly updating and patching computer systems not only keeps the systems running smoothly, but it also protects against viruses such as ransomware. Additional Resources Once all the above is completed, consider reviewing the following articles: MS-ISAC Security Primer – Ransomware CISA Tip Sheet on Ransomware NGA Disruption Response Planning Memo NASCIO Cyber Disruption Planning Guide Each article outlines further steps you can take to protect yourself from ransomware. A Trusted Defense If any of the above worries you, consider calling Hammett Technologies. We are a trusted IT company and are well versed in the dangers of all computer viruses, not just ransomware. We use only the latest technology to ensure your business’s safety, regularly backup all your systems, and train your staff on safety procedures when handling information online. When you partner with Hammett Technologies you do not become just a partner, you become a priority. If you want more information as to what we can do to assist your company, click here!
Windows and Linux users are once again the targets of a new string of ransomware: Tycoon. First discovered in 2019, the new strain of ransomware was created to attack educational institutes and software industries. Once inside, Tycoon proceeds to encrypt file servers, demanding a ransom for decryption. What makes this ransomware different from its predecessors is its use of code to help disguise its presence on networks. Uncovering Tycoon Ransomware Discovered by researchers and security analysts at Blackberry and KPMG, Tycoon is quite unusual compared to other ransomware. Utilizing Java, Tycoon deploys using Java Runtime Environment (JRE) and compiles itself into a Java image file (Jimage) to hide its malicious payload. What Tycoon Does The ransomware infiltrates a network using unsecured internet-facing remote desktop protocol (RDP) servers. When the system is compromised, antivirus solutions are rendered useless due to Tycoon’s ability to elevate its privileges and disable them. Once executed, Tycoon ransomware encrypts all files connected with the network, adding filename extensions such as .redrum, .grinch, and .thanos. Like other ransomware, once all files are encrypted, users are prompted to pay a ransom (in the form of bitcoin) to obtain their data back safely. Staying Safe RDP is a common way for many malicious attack campaigns to infiltrate networks. Ports should only face outward towards the internet for extreme cases, and users accessing these ports should have strong, unique passwords. Regularly updating your system’s security is another good way to ensure your network remains safe. Regularly backing up your network and storing those backups offsite or off the network is another crucial step to take. Should the worst case scenario happen, a backup will save you time and money. Worried your network may be compromised or at risk to attackers? Wondering when the last time you backed up your network was? Hammett Technologies can take care of all your business’s technological needs without the headache. Give us a call and secure your data today!
Pitney Bowes, the e-commerce and tech-shipping company, has suffered a ransomware attack. On October 14th, the company disclosed that they were victims of a malware attack that resulted in the encryption of information systems and disabled customer access to some services. As of now, Pitney Bowes has confirmed that it is working with third-party security experts and consultants. However, the identity of these experts is still unknown. The company has also disclosed that, as of now, it does not appear that customer data or any other sensitive information had been accessed. While this is reassuring, it is important to air on the side of caution. Ransomware attacks are not known to be a form of heckling someone. Pitney Bowes has yet to disclose whether the attack was directed at a certain employee, or if it was transported to them through a third-party service provider. Furthermore, it is unknown if the company’s MSP was monitoring the security network before the attack occurred. We expect to learn more information and will keep you apprised of the situation as the story develops. What’s Next? If you believe you were affected by this attack, we recommend following the developments on Pitney Bowes’s Twitter as well as there webpage that is posting live updates of the situation as it develops. The company has stated that it plans on keeping its users as up-to-date on the situation as possible. It is important that you, as a business owner, trust your MSP to monitor your network and keep your customer’s and employee’s sensitive information out of the hands of criminals. Hammett Technologies has proven time and time again that we are able to handle ourselves in the event of a crisis and secure all sensitive information before it falls into the hands of thieves. To learn more about what we do, visit the What We Do page, or give us a call today!
New ransomware, Nemty, has been discovered according to the report from BleepingComputer. Nemty, as security researchers are calling it, has the possibility to spread using compromised Remote Desktop Protocol (RDP) connections. Nemty, like all other ransomware, holds the victim’s files hostage, deleting all shadow versions of the files while disabling the victim from any attempted recovery options. Payment is then required via bitcoins, which average about $1,000. Those infected will be prompted with this message: Unfortunately, being so new, a known fix is not available, but security researchers are working diligently to find a fix. While RDP is suspected to be the method of distribution for the ransomware, researchers have not yet confirmed this finding. Most ransomware is distributed through phishing emails. If RDP is the method of distribution, confirming hackers have gained higher access to the machine, cutting out the middleman, and giving them full control of the computer. If you would like to find out more about how Hammett Technologies can keep your company safe, click here!
Following the cyber-attacks that occurred in Baltimore and Florida, last week, Monroe College in New York, had multiple campuses hit, and taken offline, by ransomware, crippling the college’s network. This has not just affected the school’s administrative departments; however; it has also hurt students and teachers. The ransomware is asking for an obscene $2 million for the safe return of the college’s data. Jackie Rugger, the executive director of public affairs at the college, said in an interview on Friday (07/12) with Inside Higher Ed that the school was still unsure who had carried out the attack, but that the school was actively working with local law enforcement and the FBI in order to determine where the attack originated from. There was no comment on whether the school would pay the $2 million ransom. For now, Rugger said, the school continues to operate. However, they have been forced to resort to using “historic” methods. Students and teachers have still been able to attend classes, with homework being turned in on paper. Ransomware infections are usually due to someone on the network falling victim to a phishing email scam. It is difficult to determine the severity and exact amount of ransomware attacks that occur daily, but cybersecurity firms believe that attacks are on the rise. What makes this attack different is that ransomware attacks that focus on colleges usually focus on a specific individual rather than the entire network, said Ben Woelk, according to Insider Higher Ed. He stated that this attack is demanding an amount of money he had ever witnessed before. Depending on how Monroe College reacts to this technological hostage situation could determine whether we see a string of upcoming ransomware attacks on colleges across the country. Cybersecurity analysts, as well as the FBI, believe that no business or institution should pay the ransom, should their network become infected. With no guarantee that the criminals would provide a key upon payment, it seems as though not paying would be a company’s best option. However, with ransomware, companies must understand that with each day, the ransom will continue to increase. In Baltimore, the city government refused to pay to ransom, opting to revamp its network, costing over $18 million. Therefore, despite the lack of reliability on criminals, businesses, and institution placed in this situation must come to terms with the lesser of two evils. At Hammett Technologies, our partners never have to worry about ransomware attacks. We use state-of-the-art cybersecurity software and hardware to ensure our partner’s data security, while not interrupting or slowing down their work process. Hammett Technologies practices prevention, halting cyber-attacks before our partners even know they were there. Want more information as to how we can help your business grow? Click here!
Across the United States, hackers have been targeted cities through the use of ransomware. Ransomware is a malicious attack on a computer system which completely locks the user out of their computer until a “ransom” is paid (usually in bitcoins). For those who think paying the ransom will be the easiest option should be aware that there is no guarantee that, upon payment, a decryption key will be provided. What makes ransomware especially threatening is the timer that not only counts down how many days left the user has before all files are deleted but also increases the price of decryption each passing day. Ransomware attacks should not be news to residents of Maryland. A similar attack has plagued Baltimore’s city government for a while, and the price of recovery has skyrocketed to $18 million. As of today, Lake City, Florida, another US city infected with ransomware, has decided to pay the ransom in order to regain access to their technology network. Despite Lake City’s technology department successfully disconnecting all infecting computers within a matter of minutes the virus was able to snake its way through the entire government’s network, with the police and fire departments being the exception. Lack City, Florida government officials have agreed to pay a ransom of $500,000. Upon payment, Lake City was granted a recovery key after paying the ransom, something other cities should take note of. Baltimore and Lake City are not the only two cities to have been plagued with the attack. Other cities such as Lynn, Massachusetts, Cartersville and Jackson County, Georgia have also been faced with this serious cyber-attack. These attacks, while expensive to fix, are a wakeup call to local governments. Ransomware is often targeted and successful on outdated systems, something each of the cities listed had. In order to combat these issues, and ensure they do not happen again, regular maintenance, updates, and patches are not only necessary but required. These attacks not only cripple the state government, but they also hurt the general public.