Ransomware is on the Rise, Recent Attacks

Ransomware attacks are on the rise this year, crippling cities and organizations that unfortunately fall victim to hackers.

In short, ransomware is malicious software that locks and encrypts computer systems and data. Once a system is infected, hackers gain control and lock out users from their own networks.

Just like in a kidnapping scenario, a ransom is demanded. Thus the bad actors threaten to shut down the hacked organization's critical infrastructure, blocking the victims from accessing files. They can go as far as destroying the victims' network and databases. The motivator is simple - extortion for money.

While these incidents will continue to occur, the best way an organization can be proactive in mitigating cyber risk is having a strong cybersecurity posture and a well-informed staff on cyber hygiene best practices. It's often said among information security professionals, the weakest link is the human being. 

Many ransomware attacks are caused by phishing emails, which are messages infected with malicious links and/or documents. Typically, an individual in the organization mistakenly clicks on such a link or opens up an infected document, enabling hackers to enter the network. Then, well, all havoc breaks loose. 

Once hackers are inside the victims networks, they may lurk around for months before making themselves known. Why? They spend time looking for sensitive data to make sure they can lock up the organization's most valuable information.

Last year, security firm Emsisoft reported that 205,280 organizations claimed to have lost files because of ransomware attacks. And, from what's been reported, the number of incidents has gone up 41 percent from the previous year. It's safe to conclude that not all incidents are known or reported.

Demand for payment now runs on average of $84,116 and can costs can be in the millions, not including the consequential damages from business disruption. 

According to Cybersecurity Ventures, ransomware cybercrime will cost $20 billion in damages worldwide by 2021.

In this blog post, we'll outline some of the biggest recent ransomware attacks.

Hospitals, healthcare providers fighting hackers amid the pandemic

The COVID-19 pandemic has become fertile breeding ground for cybercriminals to do their dirty work. With front-line healthcare providers overwhelmed treating COVID patients, threat actors are aggressively targeting healthcare professionals. 

In mid-May, the FBI and Homeland Security issued a warning that Chinese hackers were trying to steal coronavirus vaccination and treatment research information from businesses, healthcare providers, hospitals and pharmaceutical companies. Interpol, Google and Microsoft also have concluded the shady activity as being aggressively on the rise. 

Since 2016, it is estimated that nearly 6.6 million patients were impacted by ransomware attacks. As healthcare providers networks went under attack,  patients' treatment and appointments ended up on hold and/or canceled. For some, the matter is life or death. And it's only gotten worse, as Interpol has stated. 

In a previous blog post, we discussed how hospitals can protect themselves from ransomware. You can read it by clicking here. 

Celebrity law firm hit, breached, documents leaked

In May of this year, law firm Grubman Shire Meiselas & Sacks which represents Lady Gaga, Bruce Springsteen, Madonna and other celebrities got hit with a $21 million ransom. The hacker group REvil allegedly have stolen 756 gigabytes of files, containing confidential information of the firm's famous clientele.

At the time of this writing, the New York-based law firm has refused to make a payment. So on May 14, the hackers leaked legal documents pertaining to Lady Gaga. 

A sizable amount, the 2.4-gigabyte documents include the entertainer's project contracts, confidentiality agreements and beyond. After doing so, the hackers doubled the ransom to $42 million.

A spokesperson on behalf of the law firm stated, "The leaking of our clients’ documents is a despicable and illegal attack by these foreign cyberterrorists who make their living attempting to extort high-profile U.S. companies, government entities, entertainers, politicians, and others. We have been informed by the experts and the FBI that negotiating with or paying ransom to terrorists is a violation of federal criminal law. Even when enormous ransoms have been paid, the criminals often leak the documents anyway.”

The group of cybercriminals are now threatening to leak documents of President Trump, which they claim to have in hand. “There’s an election race going on, and we found a ton of dirty laundry,” the hackers wrote in a response. “Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever.

This is a developing story, and it's been reported that President Trump is not connected to the Grubman law firm.

MSP hit hard, no entity is immune to threats

In mid-April, IT managed services provider, Cognizant, got hit with ransomware. The international company employs 300,000 employees and boasts nearly $15 billion in revenue.

"Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack," the juggernaut stated on its website. 

As the U.S.-based Cognizant continues to restore its networks, the company is facing a loss of $50 to $70 million in damages over the next three months. Additional associated monetary loss is anticipated. 

New Orleans, Chaos in The Big Easy 

In a high-profile municipality case, one of the most visited cities in the southern U.S. was victimized by hackers.

In response, the mayor of the City of New Orleans declared a state of emergency. The attack occurred on Friday, Dec. 13, 2019 (perfect date for a nightmare, eh?), according to NOLA Ready. 

While a ransom was never paid, the eight months-long recovery efforts to restore the city's network resulted in a cool $7.2 million in damages.

Negotiating with Hackers

The common thread described in the aforementioned incidents is that cybercriminals are ruthless. No organization is immune to threats. There are ways of being proactive against threats by promoting a cybersecurity culture at your organization. Training staff on what a phishing email looks like and how to avoid being a victim.

But....

Few are prepared to negotiate with hackers once they take over your computer systems. Breach Coach Sanjay Deo knows exactly what to do. He's handled nightmarish conversations with cybercriminals, helping countless organizations over the years regain control.