As if things weren’t bad enough in the world of hacking – over the last months, ransomware has increasingly become Extortionware. In other words, attackers not only encrypt files but before doing so, they steal them. They then threaten to release the data if demands are not met.
This puts enormous pressure on the attacked organization – it is bad enough getting hacked, a lot of trust is lost when this happens. On top of that, to have the information posted online, adds insult to injury.
We also told you about Extortionware affiliate programs that can pay a hacker over a million dollars per infected system.
This is where things get interesting.
There are many known exploits out there – quite often as a result of security researchers releasing findings. Or, they could be learned by seeing what patches are issued by software vendors and then targeting systems with known vulnerabilities.
It looks like hackers used the Windows 10 SMBGhost RCE exploit, allowing them to execute code on the victim’s computer.
A countdown timer on the attacker’s website shows that the university has about six days to comply or “secret data” will become public.
The site set up by the Netwalker ransomware gang gives no details about the attack but they posted images with directories, a passport scan, and two financial documents allegedly stolen from the university’s network.
According to a May 28 statement from MSU:
“Within hours of the intrusion, MSU IT took prompt action and notified law enforcement agencies. At this time, we believe the intrusion is isolated to one unit on campus. The affected systems and servers have been taken offline to prevent further exposure and we are working with MSU Police Department and the Michigan State Police to conduct a thorough investigation.”
Some have estimated the breach will cost the university $3 million. Names and MSU identification numbers were exposed along with social security numbers.
Despite never working for or attending MSU, Jeff Kussow said he received a letter from MSU saying his records were part of the breach.
“In fact, I've never set foot on the campus and don't recall enrolling in anything they've offered, even online,” Kussow wrote in an email.
Applying to graduate school in the mid-1990s was the only contact Kussow remembers having with MSU.
Cody said there's no reason to believe information from applicants was on the compromised database. A handful of people like Kussow have contacted MSU in the past week after receiving letters despite no connection to MSU. Cody chalked it up to someone having the same name as someone who did attend or work for the university.
MSU began sending out emails and letters about the hack Nov. 18, Cody said. Anyone whose data was comprised is advised to visit msu.edu/datasecurity to sign up for identity protection. Those wishing to know if they were affected by the breach or wanting to sign up for identity protection should call 1-855-231-9331.
These attacks often start as an email that a user inadvertently clicks on. The best way to combat such an issue is via phishing simulation. This is done by sending messages to users which look like messages a hacker would send. If the user clicks, they are instantly trained. This is the best way to laser target training to those who need it most. We suggest our PHISH360 which is free to use for small businesses.
In addition, our company, Apex Technology Services offers cybersecurity assessments which should be done regularly to ensure systems are as secure as possible.
While the Covid-19 pandemic has made this a challenging climate for many organizations, hackers are stepping up their efforts, knowing work at home users are more vulnerable. There will also be many new hackers to deal with, as tech layoffs mount worldwide. A company struggling through a pandemic has enough problems… Adding the financial challenges of a ransomware attack to an already tough situation may be unsustainable for most organizations.
The time to get help is now – before an attack takes place.