When "The Matrix" premiered in theaters in 1999, the premise - that humanity was unaware it was collectively trapped in a simulated reality - seemed far-fetched. Or did it?
Okay, so for some (of us) it got our minds racing with wonder. Or fear. Or dread. Or .. resignation, maybe?
Back to ransomware. Here we are, going into another calendar year with another one of those "what's to come" write-ups - and unlike the lists of movies or albums or TV shows - this one may not be a fun one. Buckle up.
Where were we going with all that "Matrix" talk?
Well, if you think about the premise of the "Matrix" movie franchise, humans that had detached from the Matrix began attacking the machine hosts of the simulated reality with ... malware. Viruses. Anything to trip up the "programming."
Rest assured this isn't a geeky "down the rabbit hole" blog-long analogy but this comparison is somewhat apt; except the people looking to disrupt aren't doing it to earn their freedom. We're not rooting for them.
No, malicious software (malware) hackers are looking to hold your business or organization hostage - for "ransom." First, let's define what "ransomware" is.
Not a lot of time? Jump to:
What is Ransomware?
When reviewing some of the earliest 2021 ransomware attacks nearly a year ago, we defined what ransomware is: a form of malware (also known as malicious software) that encrypts personal or company data and holds it for ransom. Once a victim's data is encrypted, hackers threaten to publish, destroy, or sell the information on the dark web if their monetary demands are not met.
Ransomware is typically spread through phishing schemes or direct hacking of a company's network. Phishing schemes allow a hacker to trick a victim into providing personal information such as account logins, which can then be used to hack their network.
RELATED: How Ransomware Works
Who's Behind These Attacks?
According to the latest Microsoft Digital Defense Report (DDR), more than half of the malicious groups are based in Russia, with Iran, China and North Korea not far behind. Predictably, the United States is the most targeted nation.
Profile of a Ransomware Victim
According to KeLa, the ideal target will be U.S.-based, with at or better than $100 million in annual revenue, will be outside the healthcare, government, education and non-profit sectors, and will target either Remote Desktop protocol (RDP) and/or a business' virtual private network (VPN).
The trend has seen attackers moving away from smaller businesses and higher frequency in 2019, to fewer, more sophisticated ransomware attacks on larger entities; but before you go sighing relief, understand that any business that uses a computer system is at risk - and because a small business is, well, smaller, they're usually easier targets. Smaller businesses usually lack security or time training employees how to avoid traps.
The top sectors targeted in 2021 - according to the Microsoft DDR - were (in order) retail, insurance/finance (scary!), manufacturing, government ,healthcare (again, scary!) and education.
In particular, local schools/school systems and local governments are alarmingly among the least-prepared entities. Just this January, a New Mexico jail was targeted, sending the facility into lockdown, with jailers having no access to security camera feeds or databases where prisoner files and internal records of incidences like fights, use of force and sexual assault were stored.
What is the Cost of a Ransomware Attack in 2022?
That number keeps growing; in 2021 the average was - are you sitting down? - $1.85 million, up from $283,000 in 2020 and a "mere" $141,000 in 2019. Again, ransomware seems to have migrated from targeting smaller entities to bigger trophies, but that doesn't mean smaller and medium-sized businesses aren't targeted. Smaller organizations are often more vulnerable, so they remain low hanging fruit for cyber criminals.
Still, if your business only had to shell out $141,000 to restore its network and computer storage function, can it afford that hit? What about the hidden costs of being unable to do business for days or weeks? It's not as if we need to go further back than to the 2020 economic shutdowns as the pandemic began to imagine the impact of doing no business.
Biggest Ransomware Attacks of 2022
In short, the future is bleak. Experts say the "Great Resignation" employers are experiencing now - where long-term employees are choosing not to come back to work vs. returning to in-person employment again - means newer, less experienced employees being hired who represent a security vulnerability for organizations.
What's more alarming - in 2021, Risk Based Security Inc. determined that 37% of all companies, globally, had been hacked in some capacity.
Here's what we're seeing so far in 2022...
Jackson Hospital - Marianne, FL
A Florida panhandle hospital system managed to avert a crisis-level hack by shutting down its entire computerized records system -sending nurses and doctors back to "paper and pen" for days, when it was attacked with ransomware on January 9th.
Kronos Workforce Central
+Kronos, a payroll and staffing company utilized by many American companies announced on January 22nd that their systems have finally been restored after a ransomware attack left the unable to keep track of timekeeping for their clients' employers to properly pay their employees.
Nvidia - Santa Clara, CA
The world's largest semiconductor chip company confirmed in late February that it was hacked. Officials say the Nvidia hack involved the stealing of employee credentials and "proprietary company information." Self-proclaimed, non-politically affiliated group, Lapsus$, has claimed credit for the attack. In an interesting turn of events, Nvidia responded by hacking and installing ransomware on the Lapsus$ network, however, Lapsus$'s data had already been backed up, making the hack immaterial.
Meyer Corporation - Vellejo, CA
Reported in February of 2022, the American cookware distributor was actually hacked in October of 2021. The hack reportedly affected thousands of the Meyer Corporation's employees.
San Francisco 49ers - San Francisco, CA
The NFL professional football team confirmed that they were a victim of ransomware after it was discovered that the company was listed on a dark web leak site. Sources report that the ransomware-as-a-service (RaaS) software BlackByte was used in the hack. The attack is believed to have stolen company financial data, but as of this update, no customer data has been reported as stolen.
Oiltanking GmbH Group - Germany
Blackcat ransomware is the source of the attack according to Germany intelligence report obtained by Handelsblatt. The result was a shutting down of IT systems for the oil company, and effectively shutting down gas stations throughout Germany. Clients of the company include a number of mid-sized providers as well as oil giant, Shell.
Brownsville Public Utility Board - Brownsville, Texas
One of the largest cities in south Texas (pop. 200,000) had its water and power provider compromised. Upon discovering they were named in a much larger attack, BPUB acknowledged the incident and took steps to mitigate the attack and investigate further.
Various Financial Institutions
Financial institutions Certified Title Corporation, Horizon Actuarial Services, and Medaglia & Murphy Inc all experience ransomware attacks. Horizon Actuarial Services reported paying the ransom back in November, bringing light to the reality that many businesses are choosing not to report these attacks until their hands are forced via discovery.
PressReader Attack - Vancouver, Canada
More than 7,000 online newspapers, magazines, and information sources were taken offline in early March thanks to a cyber attack. Ransomware is suspected, although as of the writing of this update (4/13/22), ransomware has not been officially reported.
TransUnion - South Africa
The South African division of TransUnion (a US-based corporation) announced it had suffered a ransomware attack in March. The hacking group allegedly accessed 54 million personal records through a users password, cleverly named 'password.' The ransom demand was $15 million and included data from major car manufacturers, banks, and more.
Microsoft - United States
The hacking group Lapsus$ stuck again, this time attacking mega-corporation, Microsoft. The group reportedly stole 37GB of Microsoft's source code from its Azure DevOps server and released it on the dark web. The source code is for various Microsoft projects, including Bing, Cortana, and Bing Maps.
Note: We will continue updating this list throughout the year.
Predicting the Rest of 2022
We'll discuss alternatives to prevent loss of security no matter the employee turnover later, but for now, let's focus on the threats experts are predicting this year.
Forbes' senior contributor Edward Segal asked experts in the field what they foresee happening with '8 Crystal ball predictions,' if you're interested.
The most chilling excerpt for businesses: "Nick Rossmann is the global threat intelligence lead at IBM X-Force, a threat intelligence sharing platform. He said that, “In 2022, we’ll see more and more triple extortion ransomware, whereby a ransomware attack experienced by one business, becomes an extortion threat for its business partner."
Oh wow; it's one thing to have your own systems held hostage. What if a key supplier your business relies on is attached, and the attacker comes to you, knowing you can't afford the supply chain disruption?
Even more embarrassing, what if your partner(s) are targeted for ransom because your system(s) weren't protected against being breached? Would your business partners stick with you afterward?
We saw this scheme make national and international headlines when the US government experienced a cyber attack in 2020. Here, Russian backed hackers infiltrated the US Treasury Department through software via their supplier, SolarWinds.
How to Prevent Ransomware Attacks
Keep Current with Patches and Updates
It never fails; the pop-up notification that there’s a necessary update to your anti-virus software or firewall upgrade usually arrives right when you’re in the middle of something, so “now’s not a good time.”
While that’s a nuisance, every day you wait to update your cyber security infrastructure after new versions emerge leaves you more vulnerable to ransomware attacks. At the very least, put your settings to auto-update in an overnight hour you know you won’t be on the device(s) before brushing the notification to the side. Boom; you get to keep working on that project you’re dialed in on and when you show up and/or log in the next day, you’re all set - and secure.
Educate Staff About Cyber Security
Computers and security software are designed to be perfect (or at least as perfect as is possible), humans aren't. This isn’’t some science fiction movie where we can plug ourselves in at night to “auto update” our features. Yet. Employee cyber security errors are one of the most common methods that hackers use to gain access to your network and deploy ransomware. In tech support lingo, the acronym PICNIC comes to mind: “problem in chair, not in computer.”
One password tip: you should limit how much you write them down. Writing a password down anywhere leaves it susceptible to being found by hackers. If you have too many passwords to remember, consider a secure password-storing program such as MyGlue.
Create passwords that don't use easy-to-find information such as birthdays or your children's or pet(s) names. When creating a password, make sure it's long and complex.
Additionally, install two-factor authentication on your devices, if possible. This involves an email address and/or phone number to send a text message to if/when when you are logging in, or when a new password is being created.
This prevents you being shut out from your own device(s), cloud storage, email, or other important accounts if a hacker tried to take them hostage.
Phishing emails are a common way hackers deploy ransomware on a victim's network. By training employees to spot phishing email red flags, such as urgent language and to look for and identify oddly formatted email addresses, you can reduce the chances of an employee falling for a phishing scheme and compromise their password.
Don't forget Your Copiers and Printers
Printers and copiers are often overlooked as security risks. Be honest; when you read this sub-headline, did you think “how are they vulnerable to an attack?”
Whether you’re a business with corporate (or even leased) machines or an individual with a home copier, there are risks.
Consider that personal copiers often have a "print from anywhere" feature that lets you print documents to the copier even when you're away from it. Well, the "from anywhere" feature has very little security because it has to create a hole in your firewall to allow you to even communicate with the machine “from anywhere” in the world. Best to turn this feature off if you have it.
If it’s in the budget, consider upgrading to a newer copier or printer. Some newer models created within the last 5-6 years have data security kits that you can enable. These kits can have data encryption functions, which scramble the data stored on your copiers and printers, rendering the information useless to a hacker.
Additionally, on some newer models of brands like Canon and Sharp, data security kits might also have features that, when a document is scanned, copied, or printed, erase those documents from the hard drive sometimes as many as 28 times.
Consider Managed IT Services
If you are a business, and especially if you do not have any in-house staff to manage your cyber security, the thought of instituting the changes described above may sound daunting.
Managed IT services can help put all of the above cyber security suggestions (and more) into action. Managed IT services layers your cyber security infrastructure and then employs a team of IT experts to address any threats or issues that pop up.
To take the tedious burden of updating software off of you, a managed services provider can update all cyber security software for you and install necessary security patches.
Managed IT services can help you create a password policy and role-based security that works for your business too. In the event that a ransomware attack happens or your network goes down, they can reduce downtime by quickly recovering data due to their use of frequent and secure backups.
From Forbes' '8 Crystal ball predictions': "Lisa Sotto is the head of the global privacy and cybersecurity practice at law firm Hunton Andrews Kurth. “Every company, regardless of industry sector, will need to be laser-focused on strengthening their security measures."
Have more questions? Drop a comment below or click the button.
Posted by Andre Schafer
Andre Schafer is a Technical Account Manager at Standard Office Systems. He has spent his entire career in the Office Technology and IT fields. For nearly 30 years, he has held various roles, including Technician, Trainer, Analyst, and Account Manager. Andre’s focus has always been to understand his customers' business needs to provide the appropriate technologies and services.