Cybercriminals are launching targeted ransomware attacks and extortion scams to get your data — and your money, but there’s a lot you can do to protect yourself.
Earlier this month, the Department of Homeland Security and FBI released a US-CERT (computer emergency readiness team) alert about SamSam ransomware, also known as MSIL/Samas.A. SamSam’s not a new type of malware; it was first discovered in early 2016. What makes it noteworthy, however, is that it doesn’t operate like typical ransomware variants that employ phishing schemes to trick users into clicking links or email attachments. SamSam is deployed using Remote Desktop Protocol (RDP) credentials to sneak onto victims’ networks. The actors sometimes use brute force attacks, but more often they use stolen login credentials acquired from darknet marketplaces. The latter approach makes the ransomware very difficult to detect because the malware enters through an approved access point.
Once criminals gain access (within hours of purchasing the credentials), they escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action, authorization or knowledge.
Another type of cyberattack that’s becoming more prevalent — which uses stolen credentials like SamSam — is CryptoBlackmail. This type of attack, also known as a “sextortion” scam, typically starts with the threat actor contacting the victim via email insisting they have video evidence of the victim viewing adult sites. The actor threatens to expose the victim’s “secret” unless the victim pays a ransom within 48 hours. Included in the email are the username and password to one of the victim’s previously breached online accounts, which causes many recipients of the scam to pay the ransom. In fact, when this threat first emerged in July 2018, one threat actor earned $15,500 USD (2.5 Bitcoin) in just two days.
With the new year upin us and as we reflect on these ransomware threats and extortion scams, it’s a good time to brush up on our computer and network security practices and strategies. Here are eight tips to help reduce your chances of being a SamSam or CryptoBlackmail victim in 2019.
Where patch management becomes difficult is when companies run custom apps, which can’t just be automatically updated each time a new patch is released. The updates have to be tested first to ensure the program is still stable. For organizations with limited IT personnel, it’s easy to fall behind on testing patches and before you know it, you’re six months and three software versions behind.
Outsourcing this task to an IT services firm is often the best way to solve this issue without having to hire another full-time IT admin. A managed IT services company like Magna5, for example, works with customers’ developers to coordinate software updates with their maintenance windows. After rolling out the updates, Magna5 continues to monitor and validate everything’s working properly.
This is particularly helpful if, for example, your company only does business in the US and Canada, the firewall can block incoming traffic from Norther Korea, Russia and China which are hotbeds for cyberattacks. Additionally, this change in technology has affected antispam solutions as well. Traditional antispam had weaker abilities to detect advanced malware and phishing attempts. It could stop the most obvious messages (e.g. the dethroned Arabian prince who wants to gift you with $5 million) but failed to detect social engineering attempts. Advanced antispam solutions can give users insights into phishing techniques coming from outside the company. For example, a message sent to someone in accounting purporting to be the CEO asking for $20,000 to be immediately wired to a bank account is more easily detected as fraudulent when it’s market “[external] within the subject line.”
Nextgen firewalls and antispam solutions are integrated with threat intelligence databases, which are updated in real time with the latest malware signatures and other threat information. Not every vendor is the same though, so selecting companies well known in threat migration is important.
Conclusion
Protecting your company from ransomware or the latest online scam isn’t easy, but it’s a must in this day and age. Don’t forget that you don’t have to go it alone. There’s help available, and it’s not as expensive as you might think. It just might be the smartest investment you make for your company in the new year.
About the author: Matt Kimpel, Director of IT Engineering of Magna5, brings more than a decade of experience in the IT services industry and significant expertise in the areas of networking and security. He leads the Managed Services Advanced Engineering team and oversees the delivery and growth of the Managed Security Services, as well as plays a key role in new product development within Magna5.