Ransomware attacks have been in the news quite a bit as of late. From Locky to Gibon to Scarab, and the newest strain called LockCrypt, it all ends the same way. Your data is locked and cut off from you, now in the hands of a hacker. This hacker now wants money to get your files back. Some asking for $7,000 or more per machine hit.
The most recent attack, LockCrypt, has shut down a North Carolina Counties’ offices. Offices in Mecklenburg County, North Carolina have had their servers taken hostage by a ransomware that they believe to have originated from Iran or Ukraine, according to officials.
Tuesday afternoon, December 5th, the county experienced a county-wide outage. During a meeting just after 6:00 pm on Tuesday, December 5th, officials made public the attack, saying that their servers were being held for ransom.
It was confirmed by officials to the local CBS news affiliate that the hacker was asking for $23,000 by 1:00 pm Wednesday to get the server access back. According to County Manager Dena Diorio, the County had opted to not pay the ransom and instead work towards restoring their systems and data on their own.
The attack has shut down all IT services for the county including email, printing, and other ways business is conducted at most county offices. The attack started when a county employee clicked on an attachment within an email, exposing the files. The worm got into nearly 50 of the county’s computers before it was caught.
Avoid falling victim to a damaging cyber attack. Reach out to the experts at Phoenix Technology to help you protect all your valuable resources and data.
Did you know that 93% of all network breaches include a phishing or spear phishing attack? The perimeter of most vigilante organizations is reasonably tight, for the most part. Firewalls are in place; servers are patched, and physical security is in place. However, email is a giant gaping hole in your network defenses. Email is the vector for all the bad things that keep you up at night.
What’s worse is that the bad guys are using email to target every IT person’s greatest weakness: their employees. If you think that your organization is safe from email-borne attacks just because you have set up Office 365 with email security packages such as EOP, Proofpoint, McAfee or Barracuda you need to think again. These security packages will not reliably stop spear phishing or zero-day attacks.
84% of organizations said that a spear phishing attack successfully penetrated their organization in 2015. 71% also indicated that they already have some form of email security technology in place.
The problem is two-fold. The first problem is the technology. Most email “security” systems are really just glorified spam filters. They were designed to stop known mass email attacks. The underlying architecture of these solutions isn’t suitable to catch zero-day threats or one-off spear phishing emails. The second problem is the people. Most employees will click on or respond to a well-crafted phishing or spear phishing email if it lands in their email box. Despite education efforts, 20-30% of recipients open standard phishing messages that arrive in their inbox and 12-20% of those click on any enclosed phishing links. These rates are already high, but they double when looking at spear phishing emails.
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. The “ph” replaces the “f” in homage to the first hackers, the “phone phreaks” from the 1960’s and 1970’s. Virtually anyone on the internet has seen a phishing attack. Phishing attacks are mass emails that request confidential information or credentials under false pretenses, link to malicious websites or include malware as an attachment.
Many phishing sites look just like the sites that they are impersonating. Often, the only difference in many spoofed sites is slight, and easily missed, the difference in the URLs. Visitors can easily be manipulated into disclosing confidential information or credentials to the hacker if they can be induced to click the link. Even blacklisted phishing sites can often get by standard filters through the technique of time-bombing the URLs. Then the URL will lead to an innocent URL initially to get past the filters but then redirect to a malicious site.
Although malware is harder to get past filters, recently discovered and zero-day malware stands an excellent chance of getting through standard filters and being clicked on, especially if the malware is hidden in a non-executable file such as a PDF or Office document. This is how many of the recent ransomware attacks were pulled off.
Despite the lack of personalization, an astonishing 20% of recipients will click on basically anything that makes it to their inbox.
Spear phishing is an enhanced version of phishing that takes aim at specific employees of the targeted organization. The goal is usually to gain unauthorized access to networks, data, and applications. In contrast to the mass emailing of a phishing attack, which might see hundreds of attack messages sent out to random recipients within the space of a couple of hours, spear phishing is methodical and focused on a single recipient. Often the initial email will contain no URL or attachment. Instead, it will simply try to invoke the recipient into thinking that the sender is legitimately whomever they say they are. Only later on will the hacker request confidential credentials or information, or send a booby-trapped URL or attachment.
The additional customization and targeting of a spear phishing email, along with the lack of easily recognized blacklisted URLs or malware customization results in click-rates in excess of 50%!
IMPACTS ON BUSINESS
Some phishing attacks are often just the first part of a much larger hacking campaign. Once inside, hackers can do devastating damage by rifling through confidential customer lists, intellectual property, and emails and even deleting critical data or encrypting it with ransomware. Companies that fall victim to phishing schemes enabled by spear phishing face risks of reputation damage, loss of market value, competitive disadvantage, and legal liability and compliance problems. Of course, individual executive careers can suffer in the wake of this.
- Financial Services
At risk of theft includes inside trading information, personal information, credit card numbers and bank account information. The impact includes financial loss, legal liability, and regulatory penalties.
Retailers are vulnerable to hacks that leak customer information including credit card information. Investigators are now revealing the existence of large-scale theft operations that steal merchandise from e-commerce sites and ship abroad.
- Intellectual Property-based Businesses
For businesses such as pharmaceuticals and technology where digital information may represent massive investments, spear phishing may have an especially costly impact. Competitors can gain access to confidential intellectual property that took years and cost billions of dollars to develop.
- Manufacture and Defense
These companies are part of an actual war, a war on cybercrime. These companies tend to keep these attacks as quiet as possible. A serious attack could endanger national security and affect a company’s ability to secure further defense contracts.
- Health Care
HIPAA-regulated industries are bound by extensive, rigid compliance guidelines. They face stiff penalties, financial and legal, for data breaches.
SO NOW WHAT?
The problem is that standard email-filtering systems built for Office 365 such as EOP, Barracuda, Proofpoint, and McAfee will NOT catch your typical spear-phishing email. The architectures of all these email security systems were originally built to stop spam. Therefore, they focus on mass emails, using a signature technique to block suspicious emails and known malware attachments and phishing URLs.
It is a great idea to have some sort of backup storage space for your files. This backup could be in the cloud, but it is also important to have a collection of backed up files offline. By backing up your files you are making sure that you will be able to access them in the case of a ransomware attack. This means that even if a hacker does manage to take your files, you will not be looking at paying thousands of dollars to get them back. Keeping your back up files stored offline is even more effective in ensuring that files are secure. Ransomware encryption has the potential to infect file in your back up drive, so make sure you have these files saved offline as well. To ensure there is no potential for further ransomware infection, a full system wipe may be required.
These processes, while great at fighting spam, are not very useful against spear phishing. A one-off well-written email will generally get past most corporate spam filters since they match to known “signatures” that signify malevolent. Today’s enterprise needs a purpose-built email security system that will stop at all types of email-borne threats…not just a glorified spam filter.
Don’t wait until it’s too late to make a smart decision about backups. Reach out to the experts at Phoenix Technology for backup and recovery solutions that keep you working. Contact us at (360) 433-6930 or email@example.com to hear more about our independent backup solutions.