Hackers Are Demanding Extra Ransomware Payments From Victims

Free Dark Web Report

Hackers who use ransomware to conduct their attacks have a new trick up their sleeves. A ransomware family has begun employing the tactic of not only demanding payment to unlock infected systems, but also demanding an additional payment.
They're demanding an extra payment to keep them from publishing copies of the files they stole before encrypting everything.

Hackers have been making the claim for years that they were doing more than just encrypting files, but actually exfiltrating data too. It wasn't until recently, though (November 2019) that a group actually published stolen data as proof that this was, in fact, occurring.

Although this tactic is only currently in use by a hackers deploying the Ako Ransomware, you can bet that the idea will spread like wildfire. After all, there's no real downside as far as the hackers are concerned, and they can coax a bit more money out of the companies, individuals, and organizations they successfully attack.

Bleeping Computers recently interviewed an Ako operator, who confirmed that the tactic was in use and had been successful. The operator said that the tactic was only used on certain victims, depending on the size of the company and the type of data that was stolen. They were very upfront and matter of fact about it.

This underscores two important points:

First, ransomware attacks are data breaches. The hackers aren't just encrypting your files, they're making off with copies too.

Second, backups are incredibly important! Having up to date backups won't prevent a hacker who successfully breaches your system from releasing the data they stole if you don't pay. At the very least, however, you can get your company up and running again in short order without having to pay to have your files decrypted. Sadly, too many companies still don't have a robust backup plan in place. If that describes your company, it's well past time to change that.

The risks are tremendous, and they are growing.

What Happens When Victims Pay Up After A Ransomware Attack?

For several hackers all over the globe, one of the most lucrative business is ransomware. Even though these kinds of malware samples have existed for several years, they have continued to provide several attackers extremely high monetary profits.

As a matter of fact, a statement from the U.S. Deputy Attorney General Rod Rosenstein back in 2017 during the Cambridge Cyber Summit that ransomware attacks have affected more than 100,000 end points every day. The complexity and severity of these cyberattacks as well as how frequent at which victims pay the ransom demands has let hackers earn almost $1 billion. But you need to know that not all cyberattacks are the same, and even in some instances when the victims pay the demands of the hackers, the promised access to the data isn’t always given or returned.

Should You Pay or Not?

If you see a ransomware notification on your screen, you will have a lot of questions and there will be a lot of things that need to be considered. How will the firm proceed with the day to day operations? How will the users get access to crucial data and files? Are there any backups set in place?

One of the most important questions you need to ask is if you should pay the ransom or not. According to the FBI, victims on ransomware should not give in to the demands of the hackers. Data from Kaspersky Labs’ revealed that one in every five firms that fall prey to a cyberattack and pay off the ransom don’t get the decryption key that was promised to them. That means, companies lost a lot of cash and they have not regained access to their critical data, files, and applications.

Indiana Hospital Pays Ransom After SamSam Infection

Hancock Health, a hospital based in Indiana, decided to pay $55,000 after its systems were infected by a ransomware called SamSam. However, even with the quick notification and awareness by employee end users, the IT team of the hospital was still unable to prevent the spread of the ransomware sample.

All of the essential IT systems of the hospital was infected and users can no longer access their email. The electronic health record system was locked as well as other crucial internal platforms. Their access to 1,400 files were blocked. The hackers encrypted the files and had it renamed to “I’m Sorry.” But the hospital managed to regain control of their system and access to their files after paying the ransom.

Kansas Hospital Hacked Again After Paying Ransom

Unlike the Indiana hospital, Kansas Heart Hospital in Wichita suffered a ransomware attack back in 2016. The hospital offices opted to pay the ransom even if patient data and daily operations were not affected.

However, compared to what happened to the Hancock Health case, the access to the data and files wasn’t returned even if they paid the small ransom amount. Instead, the cybercriminals demanded another ransom and the systems that were affected in the first infection remained encrypted.

This situation isn’t unique. There are many hackers who ask for a small ransom amount during the first attack but then demand another payment, which is much higher, after the second attack.

The demands of hackers are increasing and the problem is that many organizations are willing to pay.

Call SpartanTec, Inc. now and let our team set up effective cybersecurity measures to prevent this from happening to your business.

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

What You Need To Do If You’re A Victim Of Malware

Learn T Protect Your Company

The internet has evolved over the past twenty years. What was once a novelty, has become an integral part of the everyday life of consumers and the daily operations of businesses. The internet has totally changed everything from how consumers shop, how people learn, socialize, and communicate. It has come to a point where it will be hard to imagine life without it.

Even if the internet has become an indispensable tool, using it leaves you vulnerable to all kinds of online threats. These include ransomware, adware, bots, Trojan horses, spyware, macro viruses, rogueware, phishing attacks and worms that target users of internet on a daily basis. Crimeware attacks as well as identity fraud can happen to anybody at any given time. The more you use the internet, the more vulnerable you become to these threats.

There are different kinds of computer security measures that you can set in place to reduce the risk of malicious attacks. In case you’ve fallen victim to it, here are the steps you need to do.

Crimeware

Disconnect

If you have suffered a crimeware attack, you have to disconnect from the Internet right away. In case you are connected through an Ethernet cable, phone, or Wi-Fi, you have to disable the connection right away to stop data from being transferred back to the criminal. Breaking the internet connection is an excellent way to stop an attack.

Disconnect your internet by unplugging the connection physically from the network connection or the router. You can also disable your device’s connection to the internet through these steps:

• -       Click on the start menu
• -       Choose settings
• -       Choose network connections

-       Right click and choose the disable option

In case an attack takes place while you are still at work, you must get in touch with an IT department right away. The IT experts of your company must be informed about the infection so they could stop it from compromising or spreading your company and personal data. Your IT department will do what needs to be done to deal with the damages incurred. In case an attack happens on your personal device, you have to get in touch with your internet service provider.

Scan Your Device

Having an anti-virus installed will be helpful during this kind of situation. Anti-virus and anti-spyware software help protect against crimeware. You should perform periodic scans using your software; schedule automated scans regularly to provide further protection to your device.

Aside from being able to detect crimeware threats from your device, which may be unnoticeable on your part, antispyware and antivirus can often get rid of the threats, too.

In some cases, the software may even detect the crimeware by may not be able to get rid of it. When this happens, you can refer to the removal tool listings of Symantec for you to see if there is a dedicated tool to remove that threat.

Create a Backup

You have to create regular backups of your folders and files. You can use a backup software, a removable media, or hard drive.

Track Your Online Behavior

Make sure that you know what you are clicking on. Don’t click on suspicious adverts and websites. Also, if something looks too good to be true then it probably is. It’s better to avoid it than to get yourself into bigger problems.

Reinstall Your Operating System

Depending on how severe the attack is, you may have to reinstall your computer’s operating system. Some online threats are complex and have the ability to conceal themselves in your system through rootkit techniques. You may still be able to recover your files by reinstalling your operating system.

Online Fraud

Close all your accounts

If you have been a victim of identity theft or online fraud, you need to close all the accounts that have been affected right away. If you move immediately, you can close your accounts even before the hacker tries to access them. Freezing or closing your accounts can save you time and stress when the time comes that you have to dispute any fraudulent purchases.

Set up fraud alerts

There are three consumer reporting agencies and you can set up fraud alerts so that creditors will get in touch with your right away before they make any changes to your accounts or before letting you open new ones.

Monitor your credit report

Keep track of your credit reports from all the credit reporting agencies. It may take some time for fraudulent activities to appear on your reports and that is why you need to monitor them regularly.

Watch out for signs of identity theft

You should be extra vigilant especially if you have become a victim of identitytheft. Be wary of things you get that you haven’t applied for like a new credit card and get in touch with your vendor right away.

Additional steps and precautions

It’s also a good practice to avoid using unsecured networks, create strong passwords, and stop oversharing on social media platforms. Install a good internetsecurity software, and backup your data regularly.

Call SpartanTec, Inc. if you need help in setting up effective cybersecurity measures to protect your company and client information from online threats.

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

GODADDY BREACH HIGHLIGHTS THE IMPORTANCE OF CREDENTIAL SECURITY

Web domain and hosting provider GoDaddy is in the news again for a breach. The latest incident involves the compromise of account credentials for approximately 28,000 web hosting customers. The company’s security team discovered an altered SSH file in GoDaddy’s hosting environment and suspicious activity on several servers. The breach occurred in October 2019 and users were notified in April 2020.

 After a string of similar incidents in 2019, strengthening cybersecurity should have been GoDaddy’s top priority, an oversight that may hamper them from attracting new business. These days, your clients and partners aren’t going to want to do business with you if they can’t trust you to keep sensitive data and credentials safe. These smart cybersecurity choices can help demonstrate your commitment. 

Multifactor authentication is one reason why employing a secure identity and access management solution like Passly is the ideal choice to quickly, effectively, and affordably throw up a barrier between your data and cybercriminals and it’s easy to see why: 

• Use a secure way to secure passwords and other credentials. A central, secure password and login storage vault that comes with a secure access and identity management solution like Passly not only gathers all those valuable credentials in one easy-to-defend place, it makes life easier for your IT staffers too, which is a win for everyone. 
• Strengthen your login security to mitigate potential compromise. It’s far too easy for even novice cybercriminals to get their hands on password cracking software these days. Improving your password security by building better passwords and adding multifactor authentication to the login process quickly nets security gains.  
• Always stay on guard for potential and growing threats. If you’re not using Dark Web monitoring, you’re not getting the intelligence that you need to be ready to respond to trouble. The continuous monitoring and analysis provided by Dark Web ID makes sure that you’re alerted if your company’s data, passwords, or other vital information hits the Dark Web. 

Don’t put yourself in the position of having to apologize to your clients and partners after a credential compromise incident. Or worse, having to try to salvage your relationships and your reputation after an even more serious cybersecurity disaster. Make sure that your credentials are protected by strong security and ask an expert for advice on how you can make it even better. 

Read original article here. 

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto