Imagine this: You’re sitting in your office one day and your phone rings. You pick it up and a voice on the other end says they have something important to you; and if you want it back, you have to wire them a large amount of money.
This sounds like something right out of Taken, except you’re not Liam Neeson, and this article is about stolen data in the tech world. We often think we would never find ourselves in a situation like this, but it’s actually more likely than you might think…
I’m, of course, talking about Ransomware:
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. Ransomware | CISA. (n.d.). Cybersecurity and Infrastructure Security Agency. Retrieved February 25, 2021, from https://www.cisa.gov/ransomware
A company or an individual could find themselves in a situation where this could happen to them, find their business crippled, and not be sure of how to move forward. You might ask how often this actually happens? Unfortunately, far more often than should make us comfortable. Take for instance the Norway Aluminum company, Norsk Hydro, who was hacked in 2019.
Imagine the excitement when hackers gained a foothold in the computer system of Norsk Hydro, a global aluminium producer. When they eventually launched their ransomware attack, it was devastating – 22,000 computers were hit across 170 different sites in 40 different countries. Chief information officer Jo De Vliegher reopens the ransom note that appeared on computers all over the company. It read: “Your files have been encrypted with the strongest military algorithms… without our special decoder it is impossible to restore the data.” The entire workforce – 35,000 people – had to resort to pen and paper.
Production lines shaping molten metal were switched to manual functions, in some cases long-retired workers came back in to help colleagues run things “the old fashioned way”. In many cases though, production lines simply had to stop. Tidy, B. J. (2019, June 25). How a ransomware attack cost one firm £45m. BBC News. https://www.bbc.com/news/business-48661152
In the end, the attack would cost the company more than $60 million—way more than the $3.6 million the insurance policy has paid out so far, according to an earnings report. It was, according to the prosecutor investigating the breach, the worst cyberattack in Norway’s history. Turton, W. (2020, July 22). How To Survive A Ransomware Attack Without Paying Ransom. Bloomberg. https://www.bloomberg.com/news/features/2020-07-23/how-to-survive-ransomware-attack-without-paying-ransom
According to statistics, the amount of Ransomware attacks on small businesses is increasing by the year.
A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. 1.5 million new phishing sites are created every month. PurpleSec. (2021, January 27). 2020 Ransomware Statistics, Data, & Trends. https://purplesec.us/resources/cyber-security-statistics/ransomware
The statistics are staggering and frightening when you think about how many businesses can be left unaware and unprepared for a Ransomware attack.
Our next question is, where does Ransomware even come from? Well it’s not something you can find at your local computer store. Ransomware is illegal, and if you’re caught purchasing it, you could find yourself in a heap of trouble with the law. However, using the dark web, hackers are able to find easy access to Ransomware.
Websites that sell malware to cyber attackers tend to be on the dark web, which is the part of the internet only visible and accessible through encrypted proxy networks like Tor or I2P. Those networks route your web traffic through a series of proxy servers, which means it’s difficult for law enforcement to find where the web servers are located or who is using them. It is perfectly legal for people to use the dark web with software such as the Tor web browser, as it does have some legitimate benefits. Crawley, K. (2018, November 12). Ransomware For Sale On The Dark Web Is A Killer Bargain For Criminals. The Threat Report. https://thethreatreport.com/ransomware-for-sale-on-the-dark-web-is-a-killer-bargain-for-criminals/
One reason for this growth is the appearance of ransomware as a service and ransomware kits on the dark web, which can be purchased for as low as $175 and require little to no technical knowledge to deploy. Small businesses, which account for 43% of all cyber attacks, make for the perfect target as they often can’t afford the investments into security. Large businesses and government institutions are also at risk. For example, the WannaCry ransomware attack was responsible for one of the largest healthcare breaches affecting the National Health Service (NHS) – locking out access to hundredes of thousands of patient files in hospitals in England and Scotland. PurpleSec. (2021, January 27). 2020 Ransomware Statistics, Data, & Trends. https://purplesec.us/resources/cyber-security-statistics/ransomware/
With all the staggering facts in front of us, it can seem like there’s little chance of protecting our companies against an attack. However, there are quite a few avenues we can take to demolish the chances of being the next victim of a hacker’s attack.
Nate Sheen, the owner of DataCom Technologies, answers some of the more pressing questions:
Can you give us your personal insight of what Ransomware is?
“Ransomware is a type of malware from crypto-virology that can gain access to your data. It encrypts all your files, and you aren’t able to access your files without an encryption key. Then the attackers contact you and they say, ‘We have all of your data, and if you don’t pay us this amount of money, we are going to distribute your data to a buyer.’ You then want to pay them, so they don’t distribute your data. They are essentially kidnapping your data.”
How are they able to even get access to these companies?
“So let’s say I am a hacker. I would send you an email and try to convince you to install something onto your computer… I might say I am an assistant manager at a company that you do regular business with and trust. I might send you an email from something or someone else whom you trust. I can impersonate someone like the system administrator, or I might impersonate the CEO. My job is to hack your boss’ account and email something convincing to the system guys to get them to open my email. Once they open the email, I am in. The Ransomware can download to a computer within just a few seconds. Once I’m in, I now have access to all the other computers that are connected to the system.”
Would the attack happen immediately, or does it take awhile?
“It varies by situation. It could be months that they work their way into the system. They might be able to install something and it sits there for several months before it actually executes. A common way they infiltrate is through fake invoices. They try to get you to click on them. When you do that, it downloads the Ransomware onto your computer.”
What can a business do to protect itself from an attack like this?
“Well the key is prevention. We don’t want there to be a situation where you have to pay a ransom. So you want to prepare and protect beforehand. One of the best ways to do this is to get a protection plan for your system. For instance, you can find a premium protection plan at DataCom Technologies. What we provide is backup, anti-virus, and real time threat monitoring. We also work to test all the back doors to make sure they are secure to keep away anyone who might be trying to break into your system. We have different plans to help find the right fit for you and your business.”
What else can we do to help close up those back doors?
“You need to have multi-factor authentication (MFA) in place. You see, when someone is trying to hack your system they are trying to impersonate you. Having MFA makes it harder for hackers to figure their way through your passwords. There are three main types of MFA.
1. The first one is things you know. That would be your password or pin.
2. The second would be things you have, like a smart phone or a badge.
3. And then the third would be things you are, like Face ID or your fingerprint.
A hacker might be able to guess a password, but they can’t replicate your face or fingerprint which is unique to you. When you have MFA, it helps eliminate almost 90% of a hacker’s ability to get into your system.
Another way to protect yourself is to have backups. If your system gets hacked, it’s good to have backups in a different place that you can access and get yourself back online. And that is what the plans that DataCom Technologies’ offers will help businesses do more efficiently.
My main advice is: Do not get lost in the emotion of the attack if you find your company in this position. Build a plan to protect yourself. Datacom Technologies’ Premium Plan also includes helping you prepare and build a plan that fits your business.”
As the threat to our security continues to rise every year, we have to take more pronounced and purposeful steps to keep our businesses and our personal lives secure. In a world where Ransomware and hacking runs rampant, it’s relieving to know we have solutions to protect ourselves and our companies. We rely heavily on companies like Datacom Technologies to help prepare and protect our businesses for the future.
We also recommend Nate Sheen’s book: The Cyber Security Guide, both to help answer your questions and for you to delve deeper into keeping yourself safe on the internet.
You can find the guide by clicking here:
DataCom Technologies is an IT solutions company, and we do our best to stay on top of this information. Contact us at 330-680-6002 or through our website, and we’ll do our best to help you.
