Ransomware Attacks On The Increase In Metro Atlanta
Make no mistake – the world is currently experiencing a digital pandemic of increasingly complex ransomware attacks.
The year 2020 was agreeably the toughest. For one, the pandemic situation wreaked havoc on communities and businesses globally. Then, along with the COVID-19 restrictions and work-from-home regulations came ransomware attacks that have been a nightmare for both public and private organizations.
Already 2021 has seen a histrionic spike in these cyber incidents. The recent spate of attacks has disrupted vital food supply chains, crippled critical infrastructure in the U.S., and revealed that no entity, small or established, is spared from the stealthy cyberattacks.
How Does a Ransomware Attack Occur?
These attacks are made possible like most other cybersecurity breaches. The malware mostly takes root in organization networks with legacy systems or those without the latest software updates and patches. Furthermore, they can be contributed by users who don’t hesitate to open email links. It’s this malware that serves as the ransomware attack entry point.
In other cases, threat actors force their way into systems through publicly exposed interfaces. The Colonial Pipeline incident is one such attack, and the criminals used various publicly imperiled services. Most likely, they might have leveraged the organization’s unpatched Microsoft Exchange servers.
A Recap of Recent Incidents
Cyberattacks are the greatest threat to business organizations in Atlanta and globally, and ransomware is among the most significant concerns for humankind. The impact of this universal threat is vividly reflected in the numbers.
The City of Atlanta recently experienced a ransomware attack and had to spend over $2.6 million on emergency activities in response to a ransomware incident that destabilized operations in the municipality. In addition, the attackers requested a bitcoin ransom worth about $50,000.
Other notable incidents globally include:
Enterprise software company Software AG is still recuperating from a recent ransomware incident in which the responsible group demanded a ransom of over $20 million.
The highly-publicized ransomware attack targeting the Colonial Pipeline disrupted gas supply throughout the East Coast. This April 2021 attack led to a $4.4 million ransom payout, although the organization recovered most of this money.
A German patient is reportedly the first ransomware attack fatality after a facility computer crash forced University Hospital Düsseldorf to turn away emergency patients. A lady experiencing a life-threatening emergency was re-directed to another health facility and succumbed due to treatment delays.
Still, in Germany, chemical distribution agency Brenntag also parted with $4.4 million as ransom after a ransomware attack in May.
Even giant tech companies aren’t spared. Electronic hardware provider Acer also fell victim to a ransomware attack that made them lose $50 million as ransom.
These are only a few instances of reported successful ransomware attacks. Notably, numerous such cyberattacks go unreported; hence the already available information is just the tip of the iceberg.
Why Is Ransomware on the Rise?
The coronavirus epidemic certainly made most organizations vulnerable to ransomware. This was evident during the rapid global digital migration and work-from-home regulations where staff had to use their own devices. Workers accessed government and company systems from personal gadgets that served various potentially risky functions, from surfing the web to playing online games.
Another reason for the enormous spike in ransomware attacks is the increased value of cryptocurrency. Bitcoin is the cybercriminals’ most attractive means of payment, and ransomware groups prefer its discretion.
But the ransomware industry has experienced two key transformations that have been driving the increase in cyber incidents even before the pandemic situation.
These Attacks Have Pivoted
Initially, it used to be a threat where hackers prevent you from accessing your data. But nowadays, it’s a dual-threat where they threaten to release the data if the victim fails to pay the ransom.
A ransomware group recently targeted Metropolitan Police Department in Washington D.C. with this attack. The department was requested to pay $4 million but declined to make the payment even after allegedly offering to pay $100,000. As a result, the group went ahead to publish embarrassing pages on the department’s background investigations.
The additional liability and damaged reputation of having sensitive data published increases victims’ potential financial pain. This further increases their likelihood of paying the demanded ransom. The more organizations pay the ransom, the more the attack increases in prevalence.
Emergence of Ransomware-as-a-Service
Besides launching their own attacks, sophisticated ransomware groups are now offering their services to aspiring cybercriminals as a bundle. The package comprises malware, phishing operation, premade data leak site, and a payment platform.
DarkSide’s attack on the Colonial Pipeline gives several indications of a RaaS operation. First, there was an immediate news flurry about the shutdown, which attracted unwanted attention. As a result, the group published a statement stating that they’ll introduce moderation to verify each company their partners are targeting to avoid any similar social consequences.
RaaS substantially lowers entry barriers into the business, which is likely to attract more reckless players in the business model.
Ransomware Evasion Best Practices
While you cannot eliminate the cyber threat, several practices could protect you from falling victim and the exorbitant ransom payments. Here are the most critical ones:
Patch regularly – Regular updates can help you reduce vulnerabilities in your browser, operating systems, and applications.
Back up regularly – Updated backups can be your only hope when cybercriminals encrypt your data, and you can confidently avoid the ransom. Maintain at least three distinct versions of your files on two different storage varieties and have at least one offsite.
Leverage intrusion detection systems – Continuous monitoring can detect signs of malicious or anomalous activity in real-time, helping you get rid of attacks at the early stages.
Train staff regularly – Regular staff training on identifying and evading common pitfalls will keep them in the know. As such, they can avoid threats like phishing emails and malware.
Separate networks logically – If you’re under a ransomware attack, you can mitigate loss by separating your networks based on department or task.
Practice email filtering – This activity blocks spam, phishing emails, malicious executables, and other common email ransomware tricks.
Offer the least amount of privilege – Robust access management can help you restrict unwarranted access and reduce malware access points.
Whitelist applications – Include the acceptable applications in your safelist, then block the unauthorized ones.
Ransomware Recovery Services In Metro Atlanta
Ransomware incidents have been on the rise amid the recent health epidemic. Targeting organizations of all types and sectors, ransomware has proven to be tremendously destructive. In just one day, criminals can cripple your ability to function, and the recovery efforts can be consuming. What’s more, paying the ransom will leave you with a damaged reputation and financial woes.
Fortunately, the above steps can reduce your Atlanta business’ vulnerability to this increasingly complex cyber threat. What’s more, a reliable cybersecurity expert like Centerpoint I.T. will help you maintain great cyber hygiene by training your staff and providing state-of-the-art cybersecurity solutions. So don’t hesitate to speak with us.