Popular Digital Photo Company Shutterfly Hit By Ransomware Attack

Recently digital media giant Shutterfly was hit by a major ransomware attack.

The attack disrupted broad swaths of the company's services including those offered under their GrooveBook, BorrowLenses, and Lifetouch brands.

According to a report received by BleepingComputer, Shutterfly was targeted by the Conti gang. That group was able to encrypt more than four thousand of the company's devices and 120 VMware and ESXi servers.

Like so many ransomware attacks in recent months the Conti gang did not start encrypting files immediately upon breaching the Shutterfly network.  Instead they lurked for a time while quietly exfiltrating files to a server they control.

The Conti gang has created a private Shutterfly data leak page that contains screenshots of the data the group allegedly stole prior to launching the encryption phase of their attack.  The purpose is to use the stolen files as leverage to prompt the company to pay the ransom demanded. The ransom in this case is reportedly in the millions of dollars.

Based on the screenshots on the data leak page it appears that the Conti gang made off with legal agreements, merchant account info, and a wide range of login credentials for corporate services.

The company has released a brief statement about the matter that reads as follows:

"Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.

As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate."

Based on the above there's little for users of those services to do at present. Out of an abundance of caution if you do use the impacted services you will probably want to change your password and improve your computer security right away.

Call SpartanTec, Inc. now if you need help in protecting your information against ranswomare attacks and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New Ransomware Named AvosLocker Uses Multiple Tricks In Attacks

There's a new strain of ransomware to be concerned about in the form of AvosLocker.

This is from security firm Sophos who warns that the new strain of human-operated ransomware is one to watch.

AvosLocker burst onto the scene over the summer of this year (2021). Having enjoyed some success with their product the gang behind the code is now on the hunt for partners in a bid to fill the gap left by REvil's departure.

One of the key features of the malware's design is the fact that it leverages the AnyDesk remote IT admin tool while running it in Windows Safe mode. We've seen malware that leverages Windows Safe Mode. Safe Mode loads with a minimal set of drivers and it is less well-protected but it isn't exactly a common tactic.

AnyDesk is of course a perfectly legitimate tool used by thousands of professionals all over the world every day.  Here however it is being put to nefarious use and by combining it with running in Safe Mode and it allows the hackers to deal serious damage to their targets.

Peter Mackenzie is the Director of Incident Response at Sophos. Mackenzie says the group behind this new strain relies on simple but very clever tactics and methodologies to get the job done. So far, they've been amazingly successful.

The company had this to say about the new strain:

"Ransomware, especially when it has been hand-delivered (as has been the case in these Avos Locker instances), is a tricky problem to solve because one needs to deal not only with the ransomware itself, but with any mechanisms the threat actors have set up as a back door into the targeted network. No alert should be treated as "low priority" in these circumstances, no matter how benign it might seem."

Wise words indeed.  Stay alert out there.

Call SpartanTec, Inc. now if you need the help of IT specialists in setting up the most effective cybersecurity measures to protect your business against various online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Ransomware Attackers Look For Unpatched Systems To Exploit

Not long ago Microsoft patched a critical MSHTML remote code execution security flaw being tracked as CVE-2021-40444.

Beginning on August 18th of this year (2021) the company spotted hackers exploiting this flaw in the wild. So far there have been fewer than ten attacks made that exploit this flaw but it's inevitable that the number will increase.

So far all of the attacks that have been tracked exploiting this flaw have relied on maliciously crafted Word documents and all have resulted in the installation of Cobalt Strike Beacon loaders.

Beacons deployed on at least one of the networks that were attacks communicated with infrastructure connected with a number of cyber crime campaigns. Those include the ones that utilize human-operated ransomware.

Microsoft Notices A Spike in Ransomware Attacks

At least two of the other attacks tracked to date have delivered Trickbot and BazaLoader payloads. Microsoft observed a huge spike in exploitation attempts from multiple threat actors including some affiliated with ransomware-as-a-service operations.

Microsoft is continuing to monitor the situation but the bottom line is simply this: This flaw has been patched. Researchers connected with Bleeping Computer have independently verified that the exploit no longer works after applying the September 2021 security patch.

Hackers around the world are actively scanning for unpatched systems in order to exploit the vulnerability. If your system is vulnerable then your risk in this instance is extreme. The best course of action is to patch your way out of danger at your earliest opportunity.

If for any reason you are unable to apply the patch be aware that Microsoft has published a viable workaround that includes disabling ActiveX controls via Group Policy and preview in Windows Explorer.

Kudos to Microsoft for addressing the issue and for coming up with a workaround for those who are unable to patch their way to safety.

Call SpartanTec, Inc. now if you need help in protecting your business against ransomware and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Used with permission from Article Aggregator

Hackers Behind REvil Ransomware Are Back Online

Not long after successfully attacking Kaseya the band of cyber criminals behind the REvil ransomware strain went dark. Their "Happy Blog" mysteriously went offline.

It is not known if the group went into hiding as a safety precaution after their attack drew worldwide condemnation. It could have been as a result of action by law enforcement agencies. The truth is not currently known.

Many credit Presidents Biden and Putin because the group went silent not long after the two leaders spoke. Biden pressed the Russian leader about ransomware attacks that originated from Russian soil.

Kaseya is a global IT support solutions company based in Ireland. The REvil attack impacted thousands of end users in more than a thousand small to medium-sized companies that Kaseya serves. Whatever drove the hacking group offline temporarily the pressure seems to have faded. The group has returned. Security researchers from both Emsisoft and Recorded Future have confirmed that most of the gang's infrastructure is back in operation.

Ransomware expert Allan Liska had this to say about the group:

"Things definitely got hot for them for a while, so they needed to let law enforcement cool down. The problem (for them) is, if this is really the same group, using the same infrastructure, they didn't really buy themselves any distance from law enforcement or researchers, which is going to put them right back in the crosshairs of literally every law enforcement group in the world (except Russia's).

I'll also add that I've checked all of the usual code repositories, like VirusTotal and Malware Bazaar, and I have not seen any new samples posted yet. So, if they have launched any new ransomware attacks, there haven't been many of them."

BlackFog's CEO Darren Williams added that he's not surprised that the group resurfaced. REvil is one of the most successful ransomware variants of 2021. With so much demand from hackers around the world it would have been virtually impossible for the group to remain hidden and offline. REvil is back and it is just a matter of time before REvil attacks begin anew.

Call SpartanTec, Inc. now if you want your data and network protected against ransomware and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Exchange Servers Are The Target Of This New Ransomware

A new ransomware gang known as "LockFile" has recently burst onto the scene. They specifically target Microsoft Exchange servers to gain access then proceed to encrypt everything they can find.

LockFile employs a trio of vulnerabilities that are collectively known as ProxyShell to gain access to a targeted exchange server.

ProxyShell was given its name by Orange Tsai. Tsai is the Devcore Principal Security Researcher who initially chained them together to create the cyberattack. All three issues had been known previously but it was Tsai who first thought to daisy chain them to create a new attack vector.

The issues are being tracked separately as follows:

• CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779)
• CVE-2021-34523 - Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779)
• CVE-2021-31207 - Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435)

All of these issues have already been patched per the notes above but of course there is no guarantee that they're patched on your network. Your IT support staff may or may not have gotten around to applying the patches referenced above. If not then your network is at risk.

It should also be noted that hackers are actively scanning for Exchange servers vulnerable to ProxyShell attacks. So if your network is at risk then it's just a matter of time until LockFile finds you.

Bookmark this article to serve as a reference and have your IT staff double check to be sure that the patches referenced above have indeed been applied on your network. If they haven't then make sure they are as soon as possible in order to minimize your risk.

Very little is known about the LockFile gang and their motivations. It should be known that their ransomware is incredibly dangerous. Lack of action to protect vulnerable systems could have tragic consequences.

Call SpartanTec, Inc. now and let our team of IT experts help protect your company against ransomware and other online threats by setting up effective cybersecurity measures.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Lockbit Ransomware Is Trying To Become Unstoppable

Over the last couple of years ransomware has become the malware of choice for hackers around the world. It's easy to understand why. Hackers using malware win in two different ways. If they successfully breach a corporation they can steal copies of important files and sell them on the black market. They can simultaneously demand a fat payout from the company itself.

A strain called Lockbit has been around since at least 2019 and is aiming to become the ransomware of choice in the hacking world. The code talent behind Lockbit has been working hard to upgrade their malicious code with increasingly advanced capabilities that make it more effective, more efficient, and harder to stop.

Even more troubling is the fact that Lockbit's owners have been offering their code as 'ransomware-as-a-service' on the Dark Web. This allows hackers to rent the code for a relatively modest price which increases its usage rate.

This 'ransomware-as-a-service' scheme has also accelerated the pace of the malware's development. This is as the coders get suggestions and requests from their rapidly growing user base which are quickly incorporated into the code.

According to researchers at Trend Micro Lockbit's popularity is booming and it is now one of the most popular and widely used ransomware strains on the market today.

Trend's researchers indicated that a lot of Lockbit's current success stems from the fact that the hackers behind the code emulated the moves of the most successful cyber gangs of the past. The group also seems to have benefited from the recent disappearance of a few high profile gangs taken down by law enforcement officials from around the world.

The bottom line is that the people behind Lockbit know what they're doing. They've got a growing body of experience and are committed to updating their code. That means Lockbit will be a serious threat for the foreseeable future.

Call SpartanTec, Inc. now if you want to protect your company from ransomware and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Even Computer Hardware Manufacturers Can Get Hit By Ransomware

Retailers, hospitals and financial institutions tend to be the targets of choice for the hackers of the world. Of course they're not the only targets of ransomware and other online threats. The simple truth is that any company can find itself in the cross hairs of a hacker.

The most recent victim is Taiwanese motherboard manufacturer Gigabyte. In addition to shutting down manufacturing operations in Taiwan the attack also took a number of the company's web-based systems. They include its online support and the Taiwanese website itself.

The investigation into the matter is ongoing. The early indications are that the company fell victim to the RansomEXX strain of ransomware. In addition to locking files on a number of Gigabyte's network devices the hackers made off with some 112 GB of data. The hackers have published portions of this data on their own website on the Dark Web as proof that they were indeed behind the attack.

The Ransom EXX strain has an interesting history. It began life in 2018 as a strain called Defray. For the first couple of years of its life it gained little traction among the hackers of the world. It wasn't used in many high profile attacks.

It seemed to go dormant and re-emerged in 2020 as RansomEXX with a raft of new capabilities. It is not clear whether it was abandoned and picked up by a new hacker group or the original Defray authors used their initial experiments to refine the code. In its current form RansomEXX is a dangerous threat indeed and is capable of infecting both Windows- and Linux-based systems

The group controlling the malware has used it to attack a number of high profile targets in recent weeks, including:

• The Texas state Department of Transportation
• The Brazilian Government
• IPG PhotonicsAnd more.Be on your guard against this one. You definitely don't want to be the hackers' next victims.

Call SpartanTec, Inc. now if you need help keeping your company protected against ransomware and other  online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Coalition Of Big Names Coming Together To Fight Ransomware

If you're worried about ransomware attacks know that help is on the way.

The CISA (Cybersecurity & Infrastructure Security Agency) has announced a partnership with some of the biggest names in tech. The specific purpose of this collaborative effort called the Joint Cyber Defense Collaborative is to put an end to ransomware and other serious cyber threats.

In recent years ransomware has emerged as one of the favored tools of hackers around the world. It allows hackers to profit in two ways from networks they break into. They can sell any data that they collect prior to locking files and they can charge the victim a hefty fee to get their files unlocked.

The collaborative effort has gained global attention and the following companies have joined the government to assist:

• Amazon
• Google
• Microsoft
• Crowdstrike
• AT&T
• FireEye
• Mandiant
• Lumen
• Palo Alto Networks
• And Verizon.

The Collaborative will be expanded as time goes by and will eventually include other companies as well per the CISA. Also note that the CISA is not the sole governmental agency participating in the Collaborative.

The other agencies involved include:

• The FBI
• The Office of the Director of National Intelligence
• The Department of Justice
• The NSA (National Security Agency)
• And US Cybercommand

This isn't a half measure. There is much width and depth of expertise in the two lists above. It is apparent that the Collaborative means business and has the resources to get the job done.

No one is expecting that the Collaborative effort will be able to put an end to cyber attacks. With the capabilities of this group they will undoubtedly be able to make some serious headway. The very existence of the Collaborative may be sufficient to give at least some hackers pause.

This is great news indeed if you're at all concerned about cybersecurity and the threats that hackers around the world pose.

Call SpartanTec, Inc. now if you want to protect your company from ransomware and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Kaseya Ransomware Attack: What We Know

An international ransomware attack that started with Florida-based IT firm Kaseya will not fetch the entire $70 million that its Russia-linked hackers are demanding, Huntress CEO Kyle Hanslovan told CNBC on Tuesday.

“It wouldn’t surprise me if someone was to pay the ransom for it to be closer to the $40 [million] to $50 million ballpark,” said Hanslovan, whose cybersecurity company has been helping Kaseya with its incident response and disaster recovery since Friday’s breach.

“With that said, I haven’t seen anything that’s suggesting that Kaseya will pay for the universal decryptor, meaning the one that decrypts both their customers and their customers’ customers,” Hanslovan added in a “Squawk Box” interview.

The REvil hacker gang is publicly demanding $70 million in cryptocurrency to unlock data from the attack, which spread to hundreds of small and medium-sized businesses across a dozen countries.

 

Call Now

 

Jack Cable of cybersecurity-focused Krebs Stamos Group told Reuters that one of the group’s affiliates, in a private conversation, already expressed a willingness to lower the asking price for a “universal decryptor” to $50 million. While it can be difficult to determine who speaks on behalf of the hackers, Cable said that his conversations suggested they are “definitely not attached” to their $70 million demand.

Kaseya CEO Fred Voccola said Monday that between 800 and 1,500 businesses were affected by the attack, with the fallout expected to continue Tuesday as people return to the office after the Fourth of July weekend.

“My guess would be [that the] total number of companies, and from everything we’ve seen, the hackers don’t have a feedback loop into just how many people were compromised,” Hanslovan said, adding that hacker claims of infecting 1 million systems are just “bragging.”

Network security experts said the gang targeted software supplier Kaseya using its network-management package to spread the ransomware through cloud-service providers. The breach temporarily shut down hundreds of Sweden’s Coop grocery stores after cash registers were locked up. It also affected more than 10 schools and several kindergartens in New Zealand.

The company is headquartered in Miami and has offices all over the U.S., Canada, Europe and the Asia Pacific region.

“Everybody was awakened to a synchronized attack. What that means is they target managed service providers, and it’s kind of a one-to-many attack that impacts many industries,” Hanslovan said, pointing out that health-care companies, legal firms and even federal entities have faced similar attacks.

The White House said Sunday it’s reaching out to victims of the attack “to provide assistance based upon an assessment of national risk.”

This article originally appeared on CNBC.

 

Call SpartanTec, Inc. now and let our team of IT experts assess your network and determine if you're safe from data breach.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Malware Called Phorpiex Delivers Ransomware With Old School Tactics

If you're involved with internet security on any level, then you're probably already familiar with the name Phorpiex. The malicious botnet has been around for years, and the people who control it have taken steps to keep it relevant.

They're finding new ways to deliver ransomware and other online threats, and sometimes, by moving in the other direction and going decidedly Old School. Recently, this has included the use of worm-like functionality to replicate itself far and wide.

Of interest, Phorpiex itself came under attack back in the early part of 2020, when an unknown attacker hijacked it on the back end and started uninstalling the modules that allowed the botnet to spam copies of its malicious payload.

According to the security firm Check Point, one of the more common payloads associated with Phorpiex is the Avaddon ransomware, which is widely used because it's a "ransomware as a service," which means it gets rented out to other hackers, allowing it to infect an even wider range of targets.

 

Call Now

 

As Check Point analysts note:

"Phorpiex is one of the oldest and most persistent botnets, and has been used by its creators for many years to distribute other malware payloads such as GandCrab and Avaddon ransomware, or for sextortion scams."

In recent months, the botnet has found its way onto Microsoft's radar. Its controllers have tweaked it so that it modifies Windows registry keys in order to disable antivirus and firewall popups and override browser settings, which makes it more difficult to detect and stop.

Enterprise clients have the ability to circumvent these shenanigans by enabling Tamper Protection in Microsoft Defender for Endpoint, but home users aren't so lucky including those who don't pay much attention to cybersecurity.

Based on Check Point's statistics, Phorpiex is currently the largest botnet in existence. Since law enforcement recently defanged the dreaded Emotet botnet, and researchers have tracked its activities across more than 160 different countries, giving it a truly global reach. Stay alert for this one. It's a legitimate threat that can hit you no matter where you are, or where you do business.

 

Call SpartanTec, Inc. now and let our team help develop effective cybersecurity strategies and managed IT services Myrtle Beach to keep your company safe from malware, ransomware, and other online threats.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

How to Protect Your Computer from Ransomware and Other Malware

What if you didn’t have to worry about ransomware or any other viruses? Unfortunately, cybercrime has become a major problem for the Chief Technology Officer (CTO) who is tasked with protecting the company’s computer systems, as well as the CEO who has to deal with the consequences of an attack. Large corporations such as Merck, Mondelez, Sony and DLA Piper have been infected by malware. Hospitals and organizations around the world have not been spared. It has become a global problem.

There are a number of virus protection programs that attempt to block malware from entering the system, but none of the solutions work all the time.  A good solution is to be more careful with email, but it is hard to control everyone in the organization. An extreme solution is to take the computer off the Internet, but this prevents access to people who need the data.

 

Call Now

 

What if we could prevent any virus from changing the data in our hard drives? Well, now there is a new solution that provides the malware protection we all need. HDWrite1X technology was initially developed for the Department of Justice (DOJ) to ensure the integrity of digital evidence. An early application was to protect video evidence recorded from IP camera systems.

To understand the new technology, let’s go back to the early 1980s when Sony introduced the Write Once Read Many (WORM) discs.  The WORM disc was the precursor to CD-discs. This optical technology provided archival media but also had the characteristic of only writing once. It meant that any data you placed on the discs could not be changed.  Now there is a new way to do the same thing using a standard hard drive.

The virus protected storage solution uses modified hard drives instead of WORM optical discs. The secret is to add special hardware controls that emulate write-once capability. Unlike optical discs, this emulation technology allows you to turn the write-once function on as required.  The write-once technology prevents data from being changed, yet the storage system looks exactly like a standard hard drive system to all your application programs and operating system.

HDWrite1X Protection

There are two versions of HDWrite1X. The first type, called HDWrite1X-OS protects the operating system by preventing any changes to the master boot records and partition tables.  The second version, called HDWrite1X-HD protects all your static data files. In general, the system can protect data temporally, provide incremental permanent protection, or lockdown a complete disk. It can even provide instant lock-down of data when a cyber-attack is detected.

This type of system provides a much more secure barrier to malware attack than anti-virus tools. The HDWrite1X solution has been tested by Defense Information System Agency (DISA), Department of Justice (DOJ), disk manufacturers, NIST, Raytheon, and others.  Nobody has been able to penetrate it.

How to Protect Your Computer

There are various types of malware. Malware includes viruses, worms, Trojans, bots, and ransomware. Here is how to protect your computer from these threats.

Ransomware Protection

This is a crypto virology type threat that prevents user access to files. Used to extort money.  By using HDWrite1X-OS to protect the operating system and HDWrite1X-HD to protect the data, files such as .doc,  .pdf, .xls, etc. cannot be modified.

Worms and Virus

The worm malware replicates itself so that it can spread to other computers. Virus malware tends to be more complex than the worm. In both situations, the code is replicated and can infect both the operating system as well as other applications. It usually hides within other programs.

By using HDWrite1X-OS to protect the operating system and HDWrite1X-HD to prevent changes to data files, the attack is blocked.

Trojans and Backdoors

A Trojan uses a misleading method to gain access and load malicious software. Even if malware infects your computer system, all the HDWrite1X protected files and disks cannot be modified. Any program that tries to modify data is aborted by the protection system. The backdoor malware bypasses normal authentication and can get into your computer system, but HDWrite1X protection is at the hardware level. This means that you can even remove the hard disk and try to modify data using special equipment. The protections built within the HDWrite1X drive protects the data.

Strategy for Malware Protection

Total protection of the computer system is more than just write-once protected disks. Normal computer operation requires the rewriting of data, so we cannot prevent changes all the time. Database programs constantly change their information as new data is added or old data is modified.  Even the email data that is resident on your server changes data just like the database programs.  How do you handle this?

Backup to HDWrite1X protected drives

By consistently backing up your data to a drive that can’t be modified by malware, you always have a way to recover if you are hacked.  What if you did not do anything else? What if you did not segment your data or prevent people from clicking on contaminated emails? The backups protect your data. You can go back in time to previous generations of backups and find uncontaminated versions that allow you to recover quickly from a malware attack.

Controlled Protection

You can protect your data at various security levels, either temporarily or permanently. You can select protection of a complete disk, or incrementally protect files as they are changing, or you can protect a disk or files temporally.

Complete disk protection is the simplest operating mode. In this mode, you write your data to the HDWrite1X protected disk. When operations are complete, the disk is finalized (write-protected). This is very similar to the way a DVD-R works.

Incremental disk protection protects your data as you process information. In this case, you write data, have it protected (Enforce), then at a later time write more data, have that protected, and continue until you are done. Once the data is enforced it can’t be modified. At some point, the disk either fills up, or you choose to protect the entire disk by finalizing the disk. The disk is now permanently protected from modification or deletion..

Temporary disk protection allows an area of the disk to be temporarily protected against data changes. This is a lock function that sets the files to read-only. It can be unlocked and data can then be changed.

HDWrite1X-OS is configured so that the sensitive operating system boot and partition information is permanently protected. This allows the OS to operate normally but prevents a hacker from damaging these sensitive areas of the disk.  Your systems will remain bootable even after a cyber-attack.

Summary of Malware Protection

Malware is one of the challenges that keep the CTO and CEO from sleeping at night. Many organizations think their data is secure, only to discover a major breach that allows their valuable information to be stolen or lost. The latest write-once technology protects the operating system and the data from being modified thus protecting the computer system from malware attacks. You can also seek out companies that offer managed IT services.

 

Call SpartanTec, Inc. now and learn how our managed IT services can help protect your business against ransomware, malware, and other types of online threats.

 

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Treat Ransomware As Data Breaches And Report It Right Away

It’s only been a few months into the year but there’s already been a significant increase in the use of ransomware that steals data. It is a type of ransomware that encrypts the data of the victim and extracts it to the server of the attacker.

The data that’s been stolen will then be used to force the victim into paying their specified ransom. But, evidence shows that cybercriminals also utilize the data to execute phishing attacks on customers and business partners of the victim firm.

IT experts suggest that businesses disclose these ransomware incidents as soon as possible. Reporting incidents, especially the ones that involve ransomware that’s can exfiltrate data is important to prevent other companies from falling victims to a similar attack.

Lack of Disclosure

As of the moment, companies are not legally required to report ransomware incidents. Organizations that have fallen victim to ransomware could fix the problem, by paying or not paying the cybercriminals and resume regular business operations, without telling their partners, customers, or the public about the cyberattack.

This is a common response with traditional ransomware. The data of the company was encrypted but it was not read, altered, or extracted. In theory, PII or personally identifiable information was exposed so the company doesn’t have to deal with business interruption and reputational loss that come after they report the incident.

This kind of reasoning won’t hold up when it involves data-stealing ransomware. Nemty, DoppelPaymer Sodinokibi, Maze, and other ransomware groups have started using methods that allow them to extract the data of their victim to a remote server where they could read, manipulate, and use the data however they like. The data that was stolen will be used to force their victims to pay the ransom. But it can also be used for spearfishing attacks.

Data Theft and Spear Phishing

Spear phishing refers to a cyber attack that targets certain people in a company to access crucial data like staff credentials, financial data, in this situation, deliver ransomware through suspicious email attachments.

Given that actors have access to the data of the company, and in some cases, emails – lets them make very convincing email messages. In certain instances, those emails might even look like a reply to a message, which makes it look like it is a legitimate email to the victim.

Companies Stand Silent When It Comes To Cybersecurity

When a business face a ransomware attack, its business partners, suppliers, and customers will be on the lookout for targeted attacks. But, this is not the case. Because organizations are not required to report ransomware incidents, there is some motivation for businesses to come forward and admit that their company was hit by ransomware.

What Should Businesses Do?

Data stealing ransomware are becoming increasingly rampant. Now is the time to start referring to ransomware incidents like data breaches.

All ransomware incidents must be thought of as data breaches until they are proven otherwise. Governments create a legislation wherein ransomware attacks to be considered as data breaches and ask the affected business to immediately issue notifications.

Call SpartanTec, Inc. now and let our team set up the most effective cybersecurity measures to protect your business against today’s most common online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/