Posted on

Ransomware can kill the Trust small businesses need from Customers

We’re not even halfway through 2020, and already it’s been a record-breaking year for ransomware attacks says Adam Levin, inc. Barely a week goes by without reports of a new strain or variant of malware wreaking havoc among companies.

1-99-employee companies are a target

No industry, category, size, or group is safe from this cyber scourge. 

We hear about the big ones. Manufacturing giant Honda had its networks brought to a standstill by just such an attack. Millions of inboxes have been hit with a variant of Avaddon ransomware. High-profile entertainment law firm Grubman Shire Meiselas & Sacks suffered a one-two punch of infection via REvil ransomware followed by a dark web auction of the firm’s client documents.

Small companies get hit all the time, but when they go out of business as a result it’s not news. It doesn’t matter how big your company is. In fact, what may matter more is how easy you are to hack. 

A compounded threat for businesses

While there’s no shortage of examples of ransomware attacks, a recent study by data protection firm Veritas suggests an even bigger problem that few, if any, companies are prepared for: Customers are increasingly laying the blame on companies, specifically their CEOs, rather than on the hackers perpetrating the attacks.

The statistics are sobering. Twelve thousand respondents in the U.S., U.K., Germany, Japan, France, and China thought companies were to blame, with 40 percent saying CEOs should be doing a better job. In the same survey, 35 percent thought CEOs should be fined for a cyber failure, and 30 percent wanted to see a CEO lose his or her right to run any company following a serious cyber event. Another 23 percent thought the CEO should face a prison sentence.

Some of the survey’s findings suggest there’s some cognitive dissonance. For instance, 71 percent of respondents said companies shouldn’t pay ransoms to hackers, but 55 percent wanted businesses to pay a ransom if their own personal data was at risk. The numbers point to a nascent blame game, which in turn points to the need for companies large and small to make sure they have cyber insurance–often the only thing between your company and an extinction-level cyber event.

What can CEOs do?

With 44 percent in the Veritas survey claiming that they would stop using a business’s services following a ransomware-related breach regardless of how the company responded–it matters how you handle cyber. 

With customers pointing the finger at business leadership, CEOs face a new layer to what was already an extinction-level threat. If the combined costs of paying a ransom and the resulting breach-related expenses aren’t enough to ruin a company, customers and clients are increasingly poised to drive the final nail in the coffin.

Preventing data breaches and implementing adequate cybersecurity safeguards was a daunting assignment even before the Covid-19 pandemic. A 2019 study showed that 80 percent of IT business leaders expected a critical breach or a successful cyberattack within a year, double what a similar study had indicated in 2015.

The inevitability of a successful cyberattack, ransomware-related or otherwise, cannot be mitigated by any CEO, but managing the aftermath can. 

Much has been made of the shortage of skilled cybersecurity workers, to say nothing of supply chain vulnerabilitiesunpatched or outdated software, or employee malfeasance. But the answer for management here lies in being prepared. 

While corporate security fails are complex, a good leader needs only to be prepared for the day the inevitable happens. More than half of security personnel surveyed in 2019 believed that CEOs ignored security plans, and 14 percent said that their CEOs hadn’t received any cybersecurity training. Another study showed that 40 percent of IT professionals specifically cited their company’s CEO as the weakest link in their company’s security. Only you know if this is true of your organization. And if it is, only you can take steps to get cyber right. 

There’s an oft-quoted saying that “culture eats strategy for breakfast,” and that’s very true when it comes to cyber. Know the risks, get help if you need it, get insured, and take it seriously. 

Posted on

Knoxville Shuts Down IT Following Ransomware Attack Thursday June 11th

Knoxville joins a list that also includes Atlanta, Baltimore, Denver, and New Orleans. Catalin Cimpanu for Zero Day reported the city of Knoxville, Tennessee, has shut down its IT network today (Thursday, June 11th, 2020) following a ransomware attack, CBS affiliate WVLT reported today.

The attack took place last night, between June 10 and June 11. The city’s IT department did not detect the intrusion until it was too late and the ransomware had already encrypted multiple systems.

Responding to the attack, IT staff shut down impacted servers and workstations and disconnected the city’s network from the internet. This resulted in downtimes for the city’s internal IT network, its public website, and the network of the city’s court.

Emergency services, managed by the city, such as police, the fire department, and 911 hotlines were not impacted, as they ran on separate systems. The network of Knox County, which shares some IT systems with the city of Knoxville was not impacted, the county said today on Twitter.

Knoxville city employees arriving at work this morning were greeted by an email disclosing the attack, WVLT reported. The message disclosed the ransomware attack and told employees not to log into their computers.

City officials said they’re currently looking at an email opened by one of its employees as the initial entry point for the ransomware, local news site Knox News reported. However, this was merely a theory, and a more thorough investigation is currently underway, with city officials receiving help from the local FBI office.

The name of the ransomware type/group that infected the city’s network is currently unknown. Recently, most major ransomware operations have also begun stealing data from infected networks, and then leaking or selling it online.

Knoxville, which is currently the 134th biggest city in the US based on population size, is just the latest in a long list of US cities that have suffered a ransomware attack.

While most ransomware attacks hit smaller cities, ransomware gangs also hit the jackpot once in a while and infect the network of a larger city, such as AtlantaBaltimoreDenverNew Orleans — and now, Knoxville.

In July 2019, the US Conference of Mayors unanimously agreed to stop paying ransomware demands. That pledge never stuck.

Posted on

Conduent Suffers Ransomware Attack, Data Breach

IT Services Giant Conduent Suffers Ransomware Attack, Data Breach. Computer Business Review CBR reports Conduent, a $4.4 billion by revenue (2019) IT services giant, has admitted that a ransomware attack hit its European operations — but says it managed to restore most systems within eight hours.

Conduent, which says it provides services (including HR and payments infrastructure) for “a majority of Fortune 100 companies and over 500 governments”, was hit on Friday, May 29.

“Conduent’s European operations experienced a service interruption on Friday, May 29, 2020. Our system identified ransomware, which was then addressed by our cybersecurity protocols.

“This interruption began at 12.45 AM CET on May 29th with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been restored,” said spokesman Sean Collins.

He added: “This resulted in a partial interruption to the services that we provide to some clients. As our investigation continues, we have on-going internal and external security forensics and anti-virus teams reviewing and monitoring our European infrastructure.”

Conduent Ransomware Attack: Maze Posts Stolen Data

The company did not name the ransomware type or intrusion vector, but the Maze ransomware group has posted stolen Conduent data including apparent customer audits to its Dark Web page.

Security researchers at Bad Packets say Conduent, which employs 67,000 globally, was running unpatched Citrix VPNs for “at least” eight weeks. (An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, has been widely exploited in the wild by ransomware gangs.)

In early January Bad Packets found nearly 10,000 vulnerable hosts running the unpatched VPN were identified in the US and over 2,000 in the UK. Citrix pushed out firmware updates on January 24.

  • Military, federal, state, and city government agencies
  • Public universities and schools
  • Hospitals and healthcare providers
  • Electric utilities and cooperatives
  • Major financial and banking institutions
  • Numerous Fortune 500 companies

The malware used by Maze is a binary file of 32 bits, usually packed as an EXE or a DLL file, according to a March 2020 McAfee analysis, which noted that the Maze ransomware can also terminate debugging tools used to analyse its behaviour, including the IDA debugger, x32dbg, OllyDbg and more processes, “to avoid dynamic analysis… and security tools”.

Cyber criminals have largely moved away from “spray and pray”-style attacks on organisations to more targeted intrusions, exploiting weak credentials, unpatched software, or using phishing. They typically sit in a network gathering data to steal and use to blackmail their victims before actually triggering the malware that locks down end-points.

The attack follows hot on the heels of another successful Maze breach of fellow IT services firm Cognizant in April.

Law enforcement and security professionals continue to urge companies to improve basic cyber hygiene, from introducing multi-factor authentication (MFA), to ensuring regular system patching.