Ransomware Attacks Aren’t Just for Big Companies

While millions of Americans were celebrating a long Independence Day weekend, something sinister was happening behind the scenes. Considered to be one of the largest ransomware attacks ever, more than 1,000 businesses worldwide were suddenly locked out of their own IT systems with demands to pay up to $5 million each to regain access to their encrypted business data.

According to Quartz, the initial breach occurred at a Florida-based software company called Kaseya on Friday, July 2. This conveniently coincided with Americans winding down their work and starting their long-awaited Fourth of July celebrations.

As families fired up their grills, watched neighborhood parades and chatted with friends, the ransomware attack spread like wildfire from Kaseya to approximately 1000 firms that used their software.  But it didn’t stop there.

The bad actors then encrypted each company’s data and demanded a ransom payment ($50,000 for smaller businesses and $5 million for large companies) in exchange for a data key that would provide access to the company’s own files. Today’s hackers are no longer recreational individuals or small-time troublemakers. They’ve become sophisticated, slick global enterprises that continue to level up their expertise and affiliations.

Strategic and Stealthy

So we’ve already addressed the fact that the hackers chose a long holiday weekend because they knew Americans would be distracted by socializing and relaxing. But we also need to recognize that this wasn’t a sudden attack.

The reality is much more insidious than it being a last-minute, random hack. In most of these massive ransomware attacks, the predators have been quietly crawling around your networks for months, gathering information and exfiltrating your data to another server (typically in another country), preparing for the final attack.

Imagine thieves hiding out in your corporate headquarters, manufacturing plant or warehouse for 120 days without anyone realizing they’re onsite watching every move. Then one day you arrive at work to discover that you’ve been locked out of your building and the thieves have access to everything – you’re at their mercy. Bad actors in the cyber sector are doing the same thing, virtually.

Ongoing Danger

In addition to the obvious frustration of not being able to operate your business during a breach, your company is exposed to a high level of risk that could be devastating. Bad actors can wreak havoc when they have access to financial information, healthcare records, proprietary trade secrets and other critical data.

The early July attack on more than a thousand businesses wasn’t a one-time event. It’s still happening, with hackers throughout the world quietly engaged in various stages of infiltration, encryption and lock-out. Even worse, their work is becoming increasingly automated, which elevates their ability to carry out a larger number of – and increasingly sophisticated – ransomware attacks.

The risk is real. Even for business-savvy professionals.

But we’re just getting started! Don’t miss Part 2 of our cybersecurity awareness, assessment and risk reduction report coming Thursday.


Article by Don Dawson, President

President, Manufacturing Company

We are high speed and wireless with computer systems for everything we do. I do not worry at all because it has not been an issue since IT360 became a part of our company.

President, Manufacturing Company

Recent
Technology News

IT 360 News
Impersonation Phishing Attacks Increase as Credentials Take the Lead as the Primary Target

New data shows an upswell of email-based cyberattacks, with over 256 brands being impersonated, as social media, Microsoft, shipping, and ecommerce brands top the list. There’s been a lot of changes in the volume of email-based cyberattacks, according to security analysts at Abnormal Security. According to their H2 2022 Email Threat Report, the number of […]

Read more
IT 360 News
Crafty Microsoft USB Scam Shows the Importance of Security Awareness Training

Just when you thought scammers couldn’t get more tricky in their attacks, this example will prove you wrong. One of our KnowBe4 colleagues shared this LinkedIn post on a recent very crafty USB scam: As you can see, the Microsoft USB looks VERY similar to a USB you would receive from Microsoft in the mail as […]

Read more