Home > Blog
Read Time — 6 minutes
Since our last chat about cloud erp benefits and the threat of ransomware, we have seen increased incidents with our on-premise customers and the industry in general. The level of sophistication of the attacks is increasing and smaller businesses are being targeted more than ever before.
Ransomware, in general, is software that spreads virally through vulnerabilities and security holes in systems. Attackers often use a “phishing” email, a faked email used to get a user to click on a link and unknowingly install malware, to infect the employee’s local machine and grant access to your network.
Once the ransomware infects a host, it looks for critical data and uses encryption to lock that data and render it unusable. The key to unlocking the data is held on the cyber-criminal’s server and victims must pay a fee to unlock their data. The fee must usually be paid using Bitcoin, a form of internet digital currency that can be difficult to locate and purchase and can be quite expensive. A message displayed to the user on their computer system informs them of the ransom and includes a dashboard showing how the price of the ransom goes up as time passes towards an ultimatum time limit. If the time limit is reached the key to unlock will be erased. Understandably, this causes stress and urgency to pay as soon as possible.
The world has seen some significant security events in the past several years, most notably the WannaCry ransomware outbreak starting on May 12, 2017. The attack held healthcare organizations in Britain hostage and inhibited admissions and critical surgeries from being performed. Many other organizations, large and small, around the globe were affected as well.
Hackers often choose holidays to attack, knowing that many businesses employ a skeleton crew or are closed. On Christmas Eve 2018, the world experienced a massive ransomware attack that was not a gift from Santa. Hackers previously infected systems with a malware trojan called TrikBot and used it to deploy a ransomware virus called Ryuk. Ryuk is more advanced than others, it has the capability to encrypt network shares, delete backups, and disable system recovery options in windows automatically. Without an external backup, the only option for recovery is to pay the ransom.
Why do hackers do this? Quite simply, ransomware is a billion dollar business run by cyber-criminals around the world who hold companies and their business data hostage. Hackers residing in countries that do not cooperate with foreign governments and InterPol have a safe haven to treat hacking as a business model.
From Wikipedia with respect to WannaCry: “Three hardcoded bitcoin addresses, or 'wallets', are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. As of 23 May 2017, at 5:00 UTC, a total of 297 payments totaling $106,180.44 had been transferred.”
WannaCry was fortunately cut short of its full potential by a security researcher who stumbled upon the “kill switch” by accident and stopped the global outbreak. However, we all expected a new attempt soon after and have seen several devastating attacks since.
Ransomware spreads using known vulnerabilities and security holes. Unsuspecting users opening emails or attachments that appear to be legitimate, clicking on links and going to fake websites are some of the ways the ransomware gets launched in networks. The ransomware then exploits unpatched or improperly secured systems, encrypting data and spreading to the next host it can find.
WannaCry exploited a security vulnerability that was patched in mid-March of that year by Microsoft. Businesses that properly applied the security patch to all systems were largely unaffected by the outbreak. Defending your business from these attacks requires a layered security model that includes:
Properly setting up the layered security model above takes skill, time, and expense both initially and on an ongoing basis. In most cases, both the hard and soft costs can be more than SMBs can afford on their own. Using cloud-based file storage and business applications keeps your data and critical operations locked down outside of your local network where it is harder for infections of malware to spread.
ECI maintains a robust cloud environment deploying some of the best security technology; it already hosts over 2,000 customers around the world. It has been in operation for more than seven years. Security operations, backups and failover are performed at secure data centers that house many large servers, networking equipment, and storage arrays. We employ a layered security model that protects data and operations from attacks. The data centers are managed by professional IT personnel with experience in the cloud environment who dedicate themselves to our software. We have relationships with our hardware vendors, security consultants, and software providers (Microsoft, for example) who we can reach out to on a moment’s notice and receive an immediate response, even on holidays and weekends. These things are not only expensive they require scale of operations to be successful.
Through scale of operations, ECI can help you reduce the operational risks to your business at a more affordable cost than a stand-alone operation. Ignoring the risks to your business operations in light of today’s challenging security environment is a choice. However, we value your business and want to help you proactively avoid a disaster.
Sources:
WannaCry ransomware attack.
Ransom: Win32/WannaCrypt, May 23, 2017
Ryuk ransomware attack