Explosive Rise in Ransomware Attacks - The Perfect Storm

Last month we told you about the Microsoft Exchange Zero-day attacks which compromised hundreds of thousands of systems worldwide. We told you that not installing the Microsoft patches immediately to plug those holes would leave you vulnerable to the mass attacks which have indeed been taking place ever since the Zero-day attacks began. We hope you all listened.

Unfortunately, there are still millions of vulnerable, unpatched systems out there and hackers are still using those vulnerabilities as a pivot point to launch more and more costly attacks. The most recent trend on the radar is an explosion in ransomware attacks.

Ransomware Attacks on the Rise

Ransomware attacks are a nasty ordeal, and according to a recent report by Check Point Research, they are also on a big upswing, as attackers race to exploit as many systems as possible before their window of opportunity closes on the Microsoft Exchange Server Zero-day chaos. Their research showed a 9% increase in ransomware attacks every month since the start of 2021. Their numbers also showed that ransomware attacks actually tripled in a single week in the middle of March. These should be eye-opening numbers for anyone responsible for the confidentiality, integrity, and availability of an organization’s precious digital assets.  And to add insult to injury, attackers are using data they steal from one compromised organization to craft effective phishing and spear phishing emails to attack their customers, suppliers, investors and anyone else they can connect the dots to. But this should not come as a surprise, since there has always been a strong connection between ransomware attacks and phishing, as we’ve written about before.

The Perfect Storm

Exacerbating the problem right now is a perfect storm for hackers, and what great for them, is always terrible for you. They got their dream scenario of a successful Zero-day attack against one of the most popular business platforms on the planet, Microsoft Exchange Server, which opens the door for embedding Trojan backdoors on a mind-boggling number of systems, allowing for direct attack, reconnaissance, or straight up theft right out of the gate. They also have a proven, easy and battle-tested method to generate cold, hard cash – ransomware.  And to complete the trifecta of cyber-carnage, they also have a fully formed product offering to cash in on the thousands upon thousands of unskilled hacker-wannabes out there known in the industry as Script-Kiddies.  A Script-Kiddie is an individual who does not possess, or just doesn’t use, their own skills and know-how to hack or crack a computer system or network, but uses a pre-written program or piece of code, a script, to do the dirty work. While they may not possess the computing talent, they can be just as dangerous! They simply go to the Dark Web and buy a one click solution to launch a ransomware attack against a target(s) of their own choosing, or buy and use one of the massive, new mailing lists hackers have compiled since the Zero-day attacks began. The sellers take a cut of any ransoms paid and the Script-Kiddie nets the difference, all in virtually untraceable Bitcoins. Combine all that with a remote workforce due to COVID and all the potential cybersecurity pitfalls that has caused, and voila! – the perfect storm.

Every Ransom Paid is Just Added Incentive for Hackers

Make no mistake about it. If a ransomware attack is successful, you are at the mercy of one of two things; you either restore your systems from a clean backup (assuming you still have one), or you pay and pray the attacker holds up their end of the deal and gives you the decryption key to release all your data. Trying to decrypt is a fool’s errand. It could take a couple hundred thousand years to crack the encryption code with today’s encryption algorithms. But paying the ransom is not only not a guaranteed silver bullet, it could land you under a microscope of the FBI. Last year the federal government announced they would look into coming after you too, for money laundering, abetting terrorists, violations of international sanctions and more. Just take a look at this Department of the Treasury Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments from October 1, 2020. So paying up not only adds the greatest incentive for hackers to continue their diabolical ransomware pursuits, it could land you in hot water too.

The Bottom Line

It should be obvious by now that the best way to beat ransomware is to stop it before it infects your systems and/or network. And with the perfect storm chugging along at a breakneck pace right now, that means taking every possible step to stop an attack preemptively. The biggest and easiest step you can take right now when you’ve finished reading this is to make sure all of your systems are updated with the most current patches, because not meticulously keeping your systems updated is like choosing to hide from an oncoming tornado in a tent instead of the bomb shelter right next to it – it’s a terrible idea that could cost you dearly.

GDF Can Help

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, legal, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to call 1-800-868-8189 for immediate help. For more information, visit GDF's cyber security page.

You can call GDF at 1-800-868-8189 today, or fill out the form below and we’ll contact you.