With a statement from FBI officials on August 25, it was said that a newly formed ransomware group “Hive” is attacking the health system in the USA. The Hive ransomware gang crashed the IT systems at Memorial Health System, disrupting healthcare and putting the lives of several patients at risk.
Like what Hive did in the past months, reports were also reflected in the media that many people could not access health services and even lost their lives due to ransomware attacks. Ransomware attacks are increasingly becoming the focus of both media and cybersecurity.
From the beginning of 2020, it was observed that the number of attacks increased exponentially. As SOCRadar, we decided to devote this October to ransomware. During Cybersecurity Awareness Month, we will focus on ransomware attacks holistically. We will try to show what can be done by ensuring that the subject is handled from all aspects.
Before we start discussing ransomware attacks this month, it’s a good idea to refresh your memory a bit. With the frequency of attacks increasing, you need to be prepared if an attack happens to you/your company. That way, you know how to prevent an attack and deal with it if you fall victim to an attack.
What is a Ransomware Attack?
Various ransomware groups target specific industries and demand a ransom to prevent disruption of services.
It is malicious software that attackers use to hack data. After hacking computers and data, attackers demand a ransom in return. Ransoms are usually cryptocurrency-based to avoid being tracked. It is not always possible to recover your data after the money given in return for these ransoms.
They work in several ways. One is to lock the screen, and the other is to lock the disk, the other is to close the pin, the last method is by encrypting the passwords. SMEs (small business owners and entrepreneurs) are at risk because they are more vulnerable. Unfortunately, decryption is not possible with current technology. Attackers also use different algorithms to protect their software.
Then there are two things you can do when faced with ransomware: Reset all your systems. But doing so is not very profitable. Because your company has valuable accounting data in the locked data, it is not possible to continue your business without them. Pay the money. The way that attackers usually resort to is to tell you the traces you can take to reach your information; your information does not come back to your computers as it used to be.
One of the most common methods used is sending malware via email. You may have heard that lists of emails on the Internet are available for very cheap or even free. It is not very difficult for attackers to access the email information that is often leaked in attacks on the database of some companies.
Then you will receive a file that looks like a PDF format, which can often look like a quote, a resume. You need to be careful with attachments to this type of email. If you click on such files, your security software will attack, and your data will lock regardless of what it is. Another method is those infected by systems that scan for vulnerabilities in firewalls. In this way, attackers do not interact with users.
Some sites scan for vulnerabilities. Open-scanning sites can scan for vulnerabilities according to the region, city, and internet provider used and give them to attackers very cheaply. Thanks to the information in automatic scans, these browsers can sometimes create situations that can easily access your screen.
Why Should You Care About Ransomware?
You may think documents and data in your company are unimportant, but you never know what is vital to ransomware groups like Hive. No target has proved too small for hackers, who are constantly on the hunt for new opportunities. Some criminals enjoy variety, focusing on specific groups for a while before they move on to the next group.
So ransomware attacks can affect every industry in the same way because even a day’s loss in your data will affect your company’s income. But given that ransomware takes most target companies offline for at least a week or sometimes months, the losses may be more substantial. Systems go offline for too long, not only because the ransomware crashes the system but because of all the efforts required to clean and restore networks.
And it’s not just the sudden financial hit of ransomware that can hurt a business. Consumers also tend to be wary of giving their information to organizations they believe are unsafe.
Attackers are looking for an easy way to make money, and they are trying to do everything they can these days. Therefore, unfortunately, many ransomware victims, especially in healthcare. The impact of the COVID-19 pandemic has crushed the healthcare system, and all other sectors also highlight that every industry and person has become an easy target for attackers.
What Can Companies Do to Protect Themselves?
It is possible to protect yourself and your company from ransomware attacks in a few simple ways you can carry out.
– Do not click on unfamiliar files while checking your emails
– Back up your data and keep a backup offline
– Make sure all applications in your operating system are up-to-date
– Use up-to-date and multi-layered security software
– Limit or turn off the remote desktop (ADP) protocol
– Do not use simple passwords
– Make sure to check for weaknesses that may occur in your firewalls
– If users connect to the company network from outside, they must be connected with a VPN.
– Train your staff on cybersecurity
– To create competent teams in this regard within the company, to receive external support if it cannot be created internally
What SOCRadar can do as a tool to prevent ransomware attacks?
To prevent threat actors disrupting your business, get alerted via SOCRadar whenever there’s a new critical vulnerability or exploit for the pre-defined product components and technologies associated with your auto-discovered digital footprint.
SOCRadar notifies and informs you immediately when;
- Critical ports are opened, such as RDP port,
- There is a crucial vulnerability for your attack surface,
- Any sensitive information or data is available about your organization on the dark web.
SOCRadar vulnerability intelligence;
- Tailored for you: Select products and technologies you’d like to monitor.
- Twitter CVE trends: See the worldwide vulnerability trends by tracking millions of tweets
- Instant alerting: Rapid data collection, structuring, and analysis to notify on time.
- Filter and search: Find vulnerability information by filtering based on keyword, CVSS score, or report time.
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Try for free