Earlier this month, Taiwanese computer giant Acer — the world’s 6th-largest PC vendor by unit sales, as of January 2021 — was hit with a ransomware attack by the REvil gang, who is demanding a $50 million ransom.
The largest ransomware attack ever announced, it serves as a reminder: Ransomware remains an enormous threat to organizations of all sizes.
Most hackers depend either on organizations who fail to update their systems, or upon employees vulnerable to phishing attacks.
Fortunately, there are many resources, from online guides to outsourcing experts, that are available to help.
Let’s break it all down.
The Problem’s Scope
According to the FBI’s IC3 Internet Crime Report, U.S. citizens and businesses suffered losses of $4.2 billion in 2020 – a 69% increase over 2019.
Of course, this estimate is based only on losses that are publicly admitted, so true losses are certainly higher.
Business email compromise (BEC) scams continue as the most costly, with $1.8 billion in damages recognized by the FBI. Nonetheless, phishing remains the most prevalent complaint, while enduring a ransomware attack continues to climb the list.
BEC and phishing, which depend on human error, can be reduced through training. A ransomware attack, however, tends to rely upon technical weaknesses – especially unpatched vulnerabilities.
Many organizations maintain cyber insurance, but the limits of older policies can quickly be exceeded by the enormous expenses following an attack. A ransom as large as the REvil gang attack would be difficult to cover.
Breach investigation, system repairs, business disruption costs, damaged reputations, and legal expenses quickly add up.
It’s projected that the city of Atlanta, which was victimized by a ransomware attack in 2019, will pay around $21 million to fully recover. Additionally, Universal Health Services projects a $67 million dollar recovery payout stemming from a 2020 attack.
Ransomware Attack & Patching
On March 16, the FBI’s Cyber Division warned of increased Pysa ransomware attacks on K-12 schools, higher education, and seminaries.
This ransomware gang uses the same methods of attack as many others. They gain entry through phishing or stealing remote desktop (RDP) credentials and disable anti-malware solutions. Then, they exfiltrate sensitive files and deploy the ransomware payload.
However, many of these methods require organizations with out-of-date systems.
HP’s Bromium estimates that nearly 75% of all exploits in FY 2020 used a particular memory corruption vulnerability detected and patched three years earlier.
Although attackers continue to innovate and pursue zero-day attacks, unpatched flaws remain much simpler to exploit. Companies maintain anti-virus and anti-malware software to block attacks, yet researchers report that it takes an average of nine days for tools to start to recognize new malware.
In fact, Acer’s ransomware attack may also be related to patching. Experts found evidence the REvil gang targeted Acer’s Microsoft Exchange server.
Acer may be the first high-profile victim in a cyberattack using the ProxyLogon vulnerability.
We’ve covered the ProxyLogon attack previously, as governments around the world urged IT teams to patch their systems and investigate for signs of compromise.
Thanks to the REvil gang attack, Acer now stares down a $50 million ransom for being slow to secure their systems.
Is it enough to cause other organizations to act?
Securing Your Network and Outsourcing
Healthcare organizations were hit so hard by ransomware in 2020 that non-profit MITRE organization created the Health Cyber Ransomware Resource Center.
The site includes resources organized for use by business managers, technical managers, and cybersecurity practitioners to help address the ransomware attack threat.
MITRE combined expertise from its own researchers, provider best practices, and government sources to create the resource center and self-help tools. While currently targeted for healthcare, any organization can use the site to gain useful information.
Still, if many attacks use old vulnerabilities that could have been patched years ago, perhaps the problem isn’t a lack of knowledge. Most IT teams know to patch, and they try to do so when they can.
Teams that allow systems to remain unpatched generally fall into two categories:
- Overworked teams that have not been able to investigate systems for missed patches
- Those running obsolete systems, to maintain older software or hardware that would be disabled by patches
Sometimes overworked teams don’t hire additional staff because of budget constraints. Unfortunately, if a ransomware team exploits an unpatched system, the costs to remediate will quickly surpass any cost savings.
If a full-time staff addition is too costly, consider outsourcing the burden of patching so that the in-house IT team can focus on other tasks. This way, the systems remains up-to-date.
Obsolete systems often support older equipment in healthcare, manufacturing plants, and utilities (water, sewage, power, etc.). But, just because an obsolete system needs to exist, that doesn’t mean it needs to jeopardize an organization.
Network segmentation can separate vulnerable systems from an organization’s key resources.
Alternatively, an unpatched or obsolete system can run within a container on a fully protected and up-to-date server.
Need additional support in order to avoid a ransomware attack? We’re here to help!
Ideal Integrations provides outsource expertise for patching, network segmentation, and virtual servers. Contact us today at 412-349-6680 or fill out the form below , and we’ll help your team evaluate options, compare technologies, and assist with any updates.
Our team is by your side, 24/7/365, to keep your data safe and your network secure.