Ransomware Attacks Aren’t Just for Big Companies

While millions of Americans were celebrating a long Independence Day weekend, something sinister was happening behind the scenes. Considered to be one of the largest ransomware attacks ever, more than 1,000 businesses worldwide were suddenly locked out of their own IT systems with demands to pay up to $5 million each to regain access to their encrypted business data.

According to Quartz, the initial breach occurred at a Florida-based software company called Kaseya on Friday, July 2. This conveniently coincided with Americans winding down their work and starting their long-awaited Fourth of July celebrations.

As families fired up their grills, watched neighborhood parades and chatted with friends, the ransomware attack spread like wildfire from Kaseya to approximately 1000 firms that used their software.  But it didn’t stop there.

The bad actors then encrypted each company’s data and demanded a ransom payment ($50,000 for smaller businesses and $5 million for large companies) in exchange for a data key that would provide access to the company’s own files. Today’s hackers are no longer recreational individuals or small-time troublemakers. They’ve become sophisticated, slick global enterprises that continue to level up their expertise and affiliations.

Strategic and Stealthy

So we’ve already addressed the fact that the hackers chose a long holiday weekend because they knew Americans would be distracted by socializing and relaxing. But we also need to recognize that this wasn’t a sudden attack.

The reality is much more insidious than it being a last-minute, random hack. In most of these massive ransomware attacks, the predators have been quietly crawling around your networks for months, gathering information and exfiltrating your data to another server (typically in another country), preparing for the final attack.

Imagine thieves hiding out in your corporate headquarters, manufacturing plant or warehouse for 120 days without anyone realizing they’re onsite watching every move. Then one day you arrive at work to discover that you’ve been locked out of your building and the thieves have access to everything – you’re at their mercy. Bad actors in the cyber sector are doing the same thing, virtually.

Ongoing Danger

In addition to the obvious frustration of not being able to operate your business during a breach, your company is exposed to a high level of risk that could be devastating. Bad actors can wreak havoc when they have access to financial information, healthcare records, proprietary trade secrets and other critical data.

The early July attack on more than a thousand businesses wasn’t a one-time event. It’s still happening, with hackers throughout the world quietly engaged in various stages of infiltration, encryption and lock-out. Even worse, their work is becoming increasingly automated, which elevates their ability to carry out a larger number of – and increasingly sophisticated – ransomware attacks.

The risk is real. Even for business-savvy professionals.

But we’re just getting started! Don’t miss Part 2 of our cybersecurity awareness, assessment and risk reduction report coming Thursday.


Article by Don Dawson, President

Principal Owner, Marketing Firm

Bringing IT360 on as our technology services “department” was one of the smartest business decisions we’ve made. Over the years, we’ve tried various similar services and have also hired internal IT staff, and we’ve never felt confident that we were adequately supported. IT360 has changed all that. They not only provide proactive, comprehensive technical support and consulting, they engage with us in a way that feels like they are part of our company…a true business partner.

Principal Owner, Marketing Firm

Recent
Technology News

IT 360 News
79% of Employees Have Knowingly Engaged in Risky Online Activities in the Past Year

With employees not believing that it’s important to personally worry about cyber security risks, they also tend to believe they’re not a target, new data suggest as the reason for the risky behavior. In most cyberattacks, the employee plays some role – clicking on a malicious attachment, giving up their corporate credentials to an impersonated […]

Read more
IT 360 News
80% of Ransomware Victim Organizations Experience a Second Attack

The impact of ransomware attacks is much more than just the sensationalized cost of ransoms. New data spells out how victim organizations have suffered at the hands of ransomware. With the future of ransomware looking pretty bleak, it’s important for organizations like yours to have a realistic understanding of just how impactful a single successful […]

Read more