Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access.
History Of Ransomware…
The earliest forms of ransomware were first detected in the late 1980s in which a very early form of what we know as ransomware was used. The first genuine case of ransomware was reported in Russia in 2005, and since then it has spread like a virus Today, ransomware attackers order that payment be sent via cryptocurrency or credit card, with the former being harder to track and attackers target individuals, businesses, and organisations of all kinds.
Since then, ransomware has spread all over the world, with new types of ransomware threatening cybersecurity globally. Over recent years, there has been a sharp upturn in ransomware attacks, and the ransom fees are only getting larger.
Recent Major Incidents of Ransomware
The number of ransomware attacks in 2021 was astronomical compared to previous years, with an increase of 151% over 2020 alone.
Here are just a few examples of recent major incidents of ransomware attacks:
- MediaMarkt – In early November 2021, this company suffered a huge ransomware attack. This affected as many as 3,100 servers, rendering cash registers across numerous stores incapable of accepting credit cards or printing receipts. Although the organisation behind the ransomware, Hive initially demanded $240 million, the ransom was negotiated down.
- Kaseya – In July 2021, the infamous REVil hacking group demanded $70 million to restore the damage they had inflicted on the IT company. This affected up to 1,500 organisations by infecting roughly 50 managed service providers that use Kaseya’s products. Though Kaseya refused to pay, they had to enlist a third-party security firm to develop a universal decryption key to undo the attack. However, the size and scale of the attack caught the attention of Homeland Security, and the Cybersecurity and Infrastructure Security Agency (CISA) published ransomware guidelines less than two weeks later.
- JBS – REvil was also behind the May 2021 attack on JBS Foods, a major meat producer which halted production in at least five facilities, including the company’s five largest. JBS opted to pay the ransom, $11 million. Security professionals advise against paying these ransoms, JBS Foods reported that they did so to avoid further disruption, including meat shortages in restaurants and supermarkets across the nation.
- Colonial Pipeline – In May 2021, Colonial Pipeline was hit by a huge ransomware attack perpetrated by the group Darkside. The attack resulted in gas shortages and widespread panic as one of the country’s largest pipelines shut down. Despite its massive scale, the attack itself was fairly straightforward: exploiting a legacy VPN profile that didn’t have multi-factor authentication (MFA) turned on. Colonial Pipeline paid the $5 million ransom a day later.
- The University of California at San Francisco – The group Netwalker targeted this university in June 2021, and they were not the only University this group had targeted. It is thought that they infected the network through the use of a phishing email. The school paid the ransom after some form of negotiation, as they were totally unable to decrypt its systems otherwise.
How MFA Can Help Prevent Ransomware Attacks
Ransomware threats are now targeting increasingly more businesses, and now it is vital to swiftly take proactive steps in order to protect your business’s data and applications. One of these steps is enabling multi-factor authentication (MFA) wherever possible within your business.
MFA is a very solid method of security that validates a combination of factors requested of the user, with the most common one being their credentials, and the second being a one-time password, biometric, or a personal key card. These additional steps of authentication mitigate cyber-attacks when an account is compromised and reduces unauthorised access since the attacker would need to pass the required combination of factors during authentication.
Without MFA, an attacker only needs compromised user credentials to gain system access (single-factor authentication). Often, this is where traditional backup systems fall victim to cyber-attacks and are often targeted during a ransomware attack. This is done in a malicious fashion as this is done to eliminate the amount the victim can recover to increase the likelihood of a ransom being paid.
Undoubtedly, targeted ransomware attacks will continue to rise, making it ever more apparent that modernising your business’s cybersecurity measures is vital. Enabling MFA wherever possible in the environment (especially backups) is a critical step to help mitigate the threat of ransomware. Without MFA, a compromised credential could easily escalate to your business can no longer recover applications or data, and your business may be forced to pay a ransom.
Protecting ourselves from cybercriminals is essential, and knowing what to look out for is only half of the battle. At Fitzrovia IT, we can help protect your business, to find out more about MFA, or any of our other preventative measures, get in touch today.