02/01/2021

Be Aware: Recent Ransomware Attacks in Ohio

OSMA's I.T. support partner, MAXtech has sent this notice to all their clients. 

Over the weekend, Russian hackers and cybercriminals began launching ransomware attacks on local businesses, right here in Ohio. Victims include hospitals and medical associations, government organizations, and private sector companies.

The hackers are using a sophisticated ransomware to wipe out entire data backups and holding systems hostage for hundreds of thousands to millions of dollars in ransom.

The Department of Homeland Security has advised us that these threats and attacks will continue to rise throughout 2021.

These are serious and imminent threats, and you must take immediate action to minimize your risk.

If you think this can’t happen to you, we assure you it most definitely can at any moment. It has already happened to businesses around you.

The ransomware the hackers used is called Ryuk.
Here’s what we know about it:

• According to Coveware, the average ransom payout for Ryuk is $2.3 million. They target mid-to-large companies who are more likely to pay higher ransoms, but they can attack small businesses just as well.

• Even if you pay the ransom, the chances of fully recovering your data are lower than typical ransomware.

• The average time to fully recover from a Ryuk attack is 12 days.

• The top attack vectors (or how they installed the ransomware) are via a company’s Remote Desktop Protocol (like those used while working from home) and Email Phishing.

• Every attack is unique in the “strain” of the ransomware, attack method, and decryption method.

WHAT YOU NEED TO DO
Again, it is imperative that you take immediate action to ensure your risk of attack is minimized. We strongly advise you address the following areas of concern:

• Ensure your data backups are working properly and regularly

  • If you don’t have a backup process in place, you must immediately establish one. We will help you get your backup set, but it is your responsibility to manage and monitor your backups on an ongoing basis.

  • Use the 3-2-1 backup strategy: you should at all times have 3 copies of your data (your production data and 2 backup copies) on 2 types of media (disk, NAS, cloud, etc.) with 1 offsite copy (in a storage unit, a safe in your closet at home, etc.). Having multiple redundant backups will improve your chances of full data recovery.

• Ensure you have proper Cyber Liability Insurance

  • If you don’t have cyber liability insurance, again you must immediately establish coverage. You do not want to be caught without it. It will be the end of your business.

  • Make sure your policy has both Cyber Extortion Coverage to pay for ransoms and Contingent Business Interruption Coverage to cover business losses incurred from cyberattacks.

  • We have read rumors they are specifically targeting companies who don’t carry these coverages.

• Provide extensive employee training

  • Employee error is one of the biggest contributing factors to cyberattacks. Whether wittingly or unwittingly, one simply can’t account for human error. Be sure to address these key points:

    • Email attachments: Never download email attachments from unknown email addresses. Also beware of any attachments sent from internal emails, as phishing attempts will pose as legitimate contacts like your coworkers or vendor companies.

    • USB drives: Never plug non-company-issued USB drives or SD cards into a company computer.  They could wittingly or unwittingly contain malware that will install automatically once the drive is opened.

    • Passwords: Never write passwords down for any reason. All passwords should be at least 8 characters long and use upper-case and lower-case letters, numbers, and special characters. Also discourage your employees from using any personal data in their passwords like birthdays or family names.

MAXtech is here for you:
If you have any doubts or concerns about your cybersecurity, please do not hesitate to call MAXtech at 614-401-8800.