U.S. businesses fell victim to yet another ransomware attack over the Fourth of July weekend. The attack targeted Kaseya, a Miami based software company. The hackers attacked Kaseya though a vulnerability in their systems, and then targeted Kaseya’s customers through a software update. While customers thought they were receiving Kaseya’s latest update, what they were really downloading was ransomware. Thousands of small and medium-sized US businesses were forced to pay an estimated $70 million to retrieve their information. The origin of this ransomware is thought to be REvil, a Russian cybercriminal group behind the hack of Canadian meat processer JBS back in May.

What is ransomware?

Ransomware is a form of malicious software (malware) that blocks access to a victim’s computer system or data. Once access has been blocked, cyber actors will

a. Demand a ransom payment in return for access to the blocked data/computer system and/or
b. Threaten to publicly disclose the victim’s private files

Many of these attackers target small and medium sized businesses. This is because these businesses are often more vulnerable to cyberattacks since they have fewer resources to invest in protection. In the case of the Kaseya hack, businesses were charged anywhere from a few thousand to 5 million dollars for return of their data.

What are we doing?

1. Ensuring that we are continuing to follow best practices to maintain our client’s security
2. Maintaining regular communication with our third-party vendors to monitor and review their security practices
3. Consistently training our employees on security and security vulnerabilities

What should you do?

Once a system has been attacked, there are limited options. There is no guarantee that the data can be recovered upon payment of the ransom, and the payment itself may incur a civil penalty. According to DDKInfotech’s director Raj Katyal, “The best way to protect your business is to take proactive steps. There is no one methodology for blocking ransomware, and it has become a real threat. Protecting your business therefore requires a layered approach.”

Four steps your company can take to protect itself from ransomware attacks

1. Make sure you have a reliable IT consulting company protecting your network at all times.
2. The best step a company can take is to ensure its employees understand the threat landscape. This is of the utmost importance. There are very affordable user awareness trainings available to guide employees and make them aware of the risks that exist.
3. Having next generation endpoint protection is extremely helpful. This layer of protection also mitigates certain types of ransomware, as some antivirus and anti-malware protections do not actually protect you from ransomware.
4. If all else fails, having a tested backup continuity and disaster recovery solution will always save the business.

Ultimately security is a shared responsibility, and it is vital that all members of an organization are properly trained and prepared for today’s threat landscape.

If you have any questions about ransomware or how to best protect your business, feel free to contact us at 212-997-0600.