Last week, the Rockville Centre school district in Long Island, New York paid almost $100,000 to restore its data after being hacked with a ransomware virus that encrypted files on the system’s server until payment was made to unlock the information, officials said Friday.
The Nassau County district was among several statewide targeted by a ransomware virus that encrypts data, essentially locking users out of access to their files. Mineola's server was corrupted by the same ransomware, known as Ryuk, but the district said it did not have to pay a ransom to unlock data because it had everything backed up offline.
In June we reported a $600,000 payment made to ransomware hackers and in the article, explained U.S. hacks have cost more than $3 trillion in ten years! Another story we reported was 22% of small and medium businesses have been hit by ransomware.
We also told you about mayors vowing not to pay ransomware attackers anymore but that doesn’t mean much if behavior doesn’t change and it didn’t. Sadly. three days later we reported another attack taking place, La Porte County, Indiana got hit with the same Ryuk ransomware and their website and email went down.
No matter how much reporting is done on the issue – problems, and major ones persist. In fact 85% of security Pros say their organizations are struggling to maintain security configurations in the cloud. This is from a Tripwire survey release last week.
In addition, 34% of vulnerabilities found this year are still unpatched. What this means in plain English is a hacker scanning the internet looking for systems which haven’t been updated can generally find these vulnerable systems. Depending on what the vulnerability is, they can potentially infect the organization with ransomware, steal information or encrypt all information – making all computers unusable. This latter and malicious action is exactly what happened in the NotPetya attack which cost at least $10 billion dollars!
Who is hacking? Anyone and everyone. Hacks can originate in the U.S. but hackers in China, Russia, Iran and North Korea work on hacking the U.S. without much fear.
China has become very active as of late. Chinese-linked APT41, APT22, APT10 and APT18 have all been seen trying to obtain medical data in recent years.
A May 2015 hack saw human resources data, tax information and documents about the company's acquisition taken by the Chinese group. The security company says: "Notably, clinical trials data of developed drugs, academic data, and R&D funding-related documents were also exfiltrated."
In fact, a newly created U.S. cybersecurity agency said Thursday that China represents the greatest strategic risk to the U.S., and as a result, the agency’s top operational priority is reducing the risks from Chinese compromises to the global supply chain, including emerging 5G technology.
Companies need to take the threats seriously – they can be put out of business if they lose customers as a result of a hack. Executives can be fired. IT team reputations can be destroyed – all because cybersecurity basics were not followed.
There are some simple things every organization should do:
1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.