10 21 22

“No More Ransom” is Leading the Fight Against Ransomware Abroad

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.

No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.

Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.

Why You Should Never Pay the Ransom

Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.

Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.

This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.

Instead, You Should Call Us!

If you become the target of ransomware, we suggest you call Point North Networks at 651-234-0895. We can walk you through the appropriate next steps to address ransomware on your network.

Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.

Get started today by calling us at 651-234-0895.

10 6 21

Keep Your Eyes Peeled for These Potential Security Threats

We don’t like it any more than you do, but if we have learned anything at all over the past several years, it’s that security absolutely needs to be a priority for all small businesses.

In the face of high-profile ransomware attacks that can snuff companies out of existence, what are you doing to keep your own business secure?

To put things in perspective, we’ve put together a list of some of the more common threats that all companies should be able to address.

Common Security Threats for Businesses

The following list of threats should give you an idea for how to start securing your business. You can never prepare too much for a potential security breach, so take the time now to get ready for what will inevitably come down the line.

Viruses

Some viruses are little more than an irritation, whereas others are incredibly disruptive to operations. They are basically bits of code that can harm your computer or data. Viruses are known for being able to spread from system to system to corrupt data, destroy files, and other harmful behavior. You can get viruses through downloading files, installing free software or applications, clicking on infected advertisements, clicking on the wrong links, or opening email attachments. Fortunately, modern antivirus software has gotten really good at protecting computers, provided that your software is up-to-date. For businesses, it’s best to have a centralized antivirus on your network that controls and manages all of the antivirus clients on your workstations.

Malware

Malware is malicious software that performs a specific task. A virus can also be considered a type of malware, albeit more simplistic in nature. Malware comes in various forms according to its purpose, such as spyware for spying on infected machines and adware for displaying ads in extremely intrusive or inconvenient ways. The major takeaway here is that you don’t want to deal with malware in any capacity. It’s often installed on devices under the radar, and unless you are actively looking for it, it’s entirely possible that it can run in the background and cause all kinds of trouble without being detected. You can get malware through the same processes as viruses, and the same antivirus solutions can help you to resolve malware as well.

Phishing Attacks

Phishing attacks are mediums to spread other types of threats rather than actually being threats in and of themselves. Hackers might try to send out spam messages with links or infected attachments aiming to get the user to download them or click on them. When they do, the device is infected. Some phishing attacks are so inconspicuous that they can be hard to identify.

There are other types of phishing attacks as well, some of which try to get the user to share sensitive information or send money to the cybercriminal. Cybercriminals can spoof legitimate-sounding email addresses and use psychological hacks to convince the user to act in a certain way. It’s the most common way that hackers see results, so you should be aware of it.

Ransomware

Ransomware is so dangerous and high-profile that it is deserving of its own section. Ransomware locks down files using encryption and forces the user to pay a ransom in order to unlock them, usually in the form of cryptocurrency. Recent ransomware attacks are also threatening to release encrypted data on the Internet if the ransom is not paid, something which basically forces the user to pay up and gets around the possibility of restoring a backup.

Denial of Service (DDoS)

Denial of Service and Distributed Denial of Service attacks occur when a botnet, or a network of infected computers, repeatedly launches traffic at a server or infrastructure to the point where it just cannot handle the load, effectively disrupting operations and forcing it to shut down. Sometimes this happens with websites or services, so it’s no surprise that businesses can suffer from them, as well.

Trojans

Trojans (also called backdoors) install themselves on devices and work in the background to open up more opportunities for hackers later on. These can be used to steal data, infiltrate networks, or install other threats. Basically, if a hacker installs a backdoor on your network, they can access it whenever they want to; you are essentially at their mercy.

Zero-Day Vulnerabilities

Zero-day vulnerabilities are those that were previously unknown to developers but are currently in use by cybercriminals. These zero-day vulnerabilities are problems because when the developer discovers them and issues a patch, cybercriminals can identify the vulnerability based on the patch, and then exploit users who haven’t installed the patch yet. There is not much to be done besides keeping your software up-to-date, monitoring your networks for issues, and trusting the developers to issue patches as they discover security problems.

User Error

User error is a critical issue for many businesses. Your business is made up of people who perform tasks and work toward objectives. If one of these employees makes a mistake, it could leave your business exposed to threats. Thankfully, a combination of best practices and security solutions should be enough to minimize user error, and with some security training under their belt, your employees should have a good idea of how to handle it.

Get Started with Security Solutions

Point North Networks, Inc., can equip your business with the tools you need to be successful when protecting your organization. To learn more, reach out to us at 651-234-0895.

Hacker in action

Hackers Spark Major Gas Crisis Throughout the Southern U.S.

You’ve probably heard by now, a Russia-based hacking collective by the name of DarkSide targeted Colonial Pipeline, a company that supplies nearly 45 percent of the fuel used along the Eastern Seaboard of the United States, with a ransomware attack. Not only does this hack have an effect on fuel prices and availability, it highlights just how vulnerable much of the nation’s energy infrastructure is. Let’s discuss the details of the hack and the raging discussion about cybersecurity that’s happening as a result.

The Facts Surrounding the Hack

On Friday, May 7, 2020, Colonial Pipeline had to shut down operations after a ransomware attack threatened to spread into critical systems that control the flow of fuel. Almost immediately gas prices started to jump in the region, averaging around six cents per gallon this week. The pipeline, which runs from Texas to New York, transports an estimated 2.5 million barrels of fuel per day. The shutdown has caused some fuel shortages and caused panic buying in some southern U.S. states. Administrators said that the ransomware that caused the precautionary shutdown did not get into core system controls but also mentions that it will take days for the supply chain to get back up and running as usual again.

Who Is DarkSide?

The hacker group DarkSide is a relatively new player, but it has set its sights high. The group claims to be an apolitical hacking group that is only out to make money.  In fact, they put out the following statement after the FBI started a full-scale investigation of the group:

“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

 

DarkSide seems to be a professionally-run organization that deals in ransomware. They follow what is called the Ransomware-as-a-Service model, where hackers develop and sell their ransomware to parties looking to conduct operations like the one that stymied Colonial Pipeline. They also are known for their “double extortion” methodology, where they threaten to take the data they encrypt public if their demands aren’t met. Their ransom demands are paid through cryptocurrency and have only been in the six-to-seven figure range.

 

What’s interesting is that the group seems to have its own code of ethics, stating that they will never attack hospitals, schools, non-profits, or government agencies. Either way, their current attempt at extortion has made a mess for millions of Americans.

Problems Securing Infrastructure

Even before the world completely changed, cybersecurity analysts were recommending that more had to be done to protect aging utility systems around the world. Back in 2015, hackers took down a power grid in Ukraine and left 250,000 people without electricity, and it caused some movement to improve system security, but nowhere near as much as is required. Now, with the push to use renewable energy and more efficient systems of deployment, more technology has been added to these systems than at any time in history. These smart systems, coupled with a resounding lack of security, means that the next cybersecurity catastrophe is just around the corner.

 

The pandemic didn’t help matters. Systems that are being updated are increasingly being connected to public and private networks for remote access. All it takes is one vulnerability and hackers can exploit and take control of systems that affect the lives of millions of Americans. Hackers causing a gas shortage is scary, but hackers taking down power grids or other systems that the public depends on to live could be looked at as an act of war.

 

The scariest part is it seems as though no system is immune to these problems. According to CISA, the Colonial Pipeline hack is the fourth major cyberattack of the past year. You have the Solar Winds breach that allowed Russian Intelligence to infiltrate thousands of corporate and government servers; an attack where Chinese nationals rented servers inside the U.S. to invade a still unnumbered amount of Microsoft Exchange servers; and a still-unknown hacker that hijacked a tool called Codecov to deploy spyware on thousands of systems.

Microsoft is widely renowned as being at the forefront of cybersecurity and Solar Winds is itself a cybersecurity company. This tells you a little bit about where we are about protecting essential systems. It’s not a good situation.

 

While you can’t always worry about cybersecurity everywhere you are, you have to prioritize it for your business. If you want to talk to one of our security experts about your cybersecurity, give Point North Networks, Inc., a call today at 651-234-0895.