Understanding the Ransomware Threat
As a former IT service business owner, One 8 Solutions’ Founder and President, Jonathan Bello, has seen first-hand the havoc that data breaches can cause on millions of unsuspecting customers. Since transitioning from an IT service firm to an award-winning accounting and bookkeeping firm in 2001, IT security is still something One 8 Solutions takes seriously today. We are committed to supporting all your accounting needs—including keeping your data protected.
The cybersecurity landscape changes every day with cybercrime expected to hit $6 trillion this year (up from $3 trillion in 2015). There seems to be no end in sight. However, there are keyways to identify vulnerabilities and risks to keep the bad actors at bay. We work with a vetted team of cybersecurity partners to help identify and implement cyber security policies for your network to keep your data safe. Let’s find out how.
1. What is ransomware?
Ransomware is a form of malicious software that, when deployed on a device, encrypts a user’s sensitive data. To secure a decryption key or initiate a decryption process, the victim is asked to pay a ransom to the attacker, usually in the form of cryptocurrency such as Bitcoin. The amount demanded by attackers can vary, with ransoms typically in the range of $200 to over $100,000 per endpoint, depending on the size of the enterprise and the value of the data held for ransom.
2. How does ransomware infect my network?
Understanding how ransomware infects and spreads is the key to avoiding falling victim to an attack. Post-infection, ransomware can spread to other machines or encrypt network files in the organization’s network. In some cases, it can spread across organizational boundaries to infect supply chains, customers and other organizations.
3. What are the primary methods for ransomware?
Phishing emails are still the most common method or attackers to initially infect an endpoint with ransomware. Increasingly targeted, personalized and specific information is used to craft emails, with the goal of gaining trust and tricking potential victims into opening attachments or clicking on links to download malicious files. Malicious files can look identical to normal files, and attackers may take advantage of a default Windows configuration that hides the file’s true extension. For example, an email may appear to be sent from a known vendor, yet the email address is off by one letter (ie: email@example.com vs. firstname.lastname@example.org.) In this case the “e” is missing in the person’s first name which is easy to miss. A good rule of thumb is to think twice before you click. And, when in doubt, pick up the phone and call to confirm.
A maliciously crafted email is not how all ransomware attacks are packaged. Compromised websites are easy targets to insert malicious code. All it takes is for an unsuspecting victim to visit the site, perhaps one they frequent often. The compromised site then reroutes to a page that prompts the user to download a newer version of some software, such as the web browser, plugin or media player. If clicked, the ransomware is either activated directly or runs an installer that downloads and runs the ransomware.
If a user has an unpatched vulnerability in his or her browser, a malvertising attack can occur—a malicious advertisement. Using common advertisements on websites, cybercriminals can insert malicious code in the form of a fileless attack, which will download the ransomware once an advertisement is displayed. While this is a less common ransomware target, it still poses a danger since it doesn’t require the victim to take any overt action, such as downloading a file or enabling macros.
All it takes is for the victim to download the file or application, and then the ransomware is injected. Any file or application that can be downloaded can also be used for ransomware. There is potential for attackers to install malware on legitimate websites. We encourage you, if you have downloaded a suspicious application, that you should disconnect any Internet connections and not restart the device until remediation/removal. Contact your IT professional for further steps to mitigate further damage.
BRUTE FORCE ATTACK
Attackers use ransomware applications to directly compromise endpoints (backdoors) using a brute force attack through internet-facing RDP servers. Remote Desktop Protocol enables IT admins to access and control a user’s device remotely, but this presents an opportunity for attackers to exploit it for criminal use. A combination of default or weak password credentials and open-source password-cracking tools are used to help achieve this objective. Once logged on as a trusted admin, attackers have full command of the machine and can drop ransomware and encrypt data. They may also be able to disable endpoint protection, delete backups to increase likelihood of payment or pivot to achieve other objectives.
Here are some questions business owners need to ask themselves about to reduce cybersecurity risk:
1. How can I identify my vulnerabilities and risk?
Look at it this way: It’s like going to the doctor for a wellness check. Your doctor will do a complete physical and uncover any health issues so you can achieve optimal health. Likewise, a cybersecurity assessment can properly measure risk to keep your IT network (and business) humming. If your IT systems aren’t equipped to protect against significant intrusions, and your data contains valuable information about financial transactions, your overall cyber risk could be high. Identify vulnerabilities and risks to mitigate cyber gaps.
2. Do I need a password manager?
We are big supporters of password management programs such as LastPass, for sharing confidential passwords which can be sent blindly. Strong passwords continue to evolve so we highly recommend to all of our clients that they use a password manager for added protection.
3. How important is Multi-factor Authentication (MFA)
This takes password security up a notch. The National Institute of Standards and Technology (NIST) changed its formula for password creation two years ago, encouraging users to use long, personalized, phrases that are easy for users to remember instead of random combinations of letters, numbers, and special characters. But no matter how unique your password is, cybercriminals somewhere are trying to crack it. The key is to use different login credentials for different accounts and different platforms. That way, if one password is stolen, the hackers won’t immediately gain access to all of your accounts.
4. How often do I back up my data?
Of course, it’s important to back up your data every day, but to where? On an external hard drive? Somewhere in the cloud? Few businesses take the necessary precautions to safeguard the immense importance of the data they store and use, and far fewer take the necessary precautions to safeguard customer and financial information, which can be a treasure trove for hackers. Similarly, backing up your data to a drive that sits next to your computer isn’t safe—fire, theft, flooding, and good old-fashioned coffee spills can all wreck those kinds of on-site backups. That’s why data backups executed automatically and tested regularly are so important.
5. If I get hacked, is all lost?
If your computer does get hacked, you will not be able to get into your accounting on that computer. However, you will still be able to access your logins and passwords from your phone, tablets and other computers. In addition, QuickBooks relies on advanced, industry-recognized security safeguards to keep all of your financial data private and protected. QuickBooks Online is a VeriSign SecuredTM product which is a vital part of One 8 Solutions’ service offerings.
One 8 Solutions has your back when it comes to ransomware and accounting. We work with a vetted group of cybersecurity partners to help implement cyber response policies, set up the protection on your computers, and connect you with cybersecurity insurance professionals. Together, we will design an accounting and cybersecurity solution that is right for your business so you can have the freedom to run your business efficiently and safely.
One 8 Solutions has your business covered. Click here to schedule a 15-minute Zoom phone consultation at no cost to you.