Tag: Ransomware

Categories
Casserly Consulting Blog

Android Ransomware Kits on the Rise

android_phone_ransom_400.jpg

The do-it-yourselfers of the world have enjoyed the autonomy that the Internet brings into their lives. They can now look up how-to guides and YouTube videos on how to do just about anything. However, the Internet has also given hackers and other cybercriminals access to all sorts of technology that makes using malware and other threats easier than ever before–even for inexperienced users.

Malware kits are certainly not a new concept, although you might be surprised to hear that the first kits first emerged as early as the 1990s. The introduction of the Dark Web made the transfer of illegal goods and services easier on a global scale, and developing technologies like cryptocurrency have only contributed to the rise of contraband being spread without consequences. The anonymity provided by virtual private networks is simply the icing on the cake, making it difficult for authorities to investigate the activity.

While most of these kits target the Windows operating system, there is an increasing number of malware kits that target other operating systems. In the past year alone, cybersecurity analysts expect an increase in ransomware kits that target Android smartphones. These types of kits are called “ransomware as a service,” in which just about any user with basic knowledge of how computers work to pull off a legitimate ransomware attack.

The type of malware that’s targeting Android smartphones can potentially cost your business thousands of dollars, and that’s not mentioning the data and reputation lost from the incident. These kits go for about $200 on the black market, making them a very lucrative solution. To make matters worse, there are plenty of reasons why Android devices are ideal targets for these types of attacks. Android is used on the vast majority of smartphones–approximately 86% of smartphones around the world. The fact that a $200 investment can yield untold profits makes it tempting, regardless of how ethical the decision is.

Furthermore, statistics show that many Android users are running outdated versions of the operating system, which means that there are patches and security updates that aren’t being implemented on these devices. This makes it more likely that the ransomware attack will succeed on Android-based devices.

It’s almost guaranteed that your business will eventually have to deal with mobile devices in the workplace, accessing important data and information from your network. The best way to ensure that mobile devices are secure from these types of threats is to implement a mobile device management policy that takes into account security and network access. To learn more about how you can keep your business safe from ransomware, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

“It Redirected Where?” — A Case Study in Security Precautions

adults_only_website_400.jpg

Imagine what it would be like to discover that your website was suddenly redirecting to content that was decidedly more… adult... than what should be representing your business. For a company in Phoenix, Arizona, this was the unfortunate reality after they had let their IT administrator go.

The administrator, Tavis Tso, created a web in which he attempted to snare a client in an extortion scam. After lying to the client, claiming that he didn’t have their credentials to login to their GoDaddy domain registrar account, Tso changed the credentials to the GoDaddy accounts and created a separate Microsoft account that gave him considerable power over his target. His first steps were to block employees from accessing their email accounts and to redirect the company’s home page to a blank webpage. Tso then demanded $10,000 from the company to fix the problem that he had caused.

The company did not comply with his demands.

Once it was clear that the company wasn’t going to cooperate with Tso, the cybercriminal upped the ante. Rather than just redirecting the company’s home page to a blank site, Tso redirected all of the website’s traffic to a pornographic website. This redirect took several days to resolve.

Tso was ultimately sentenced to four years of probation, in addition to $9,145 as restitution for a count of wire fraud. While it is nice that a cybercriminal has been brought to justice, the damage done will be hard to undo, as he had considerable access to his company’s systems.

Would your business be able to recover from an incident like this? A good first step is to ensure your recovery is to reconsider the permissions of the users on your network–and more importantly, the permissions of former users. There is no reason to grant access to your IT where it is not needed, and there is no reason to keep an IT resource on your system once they are no longer part of your organization.

COMPANYNAME can help you to make these changes, as well as many others that will benefit your IT and your network security. Reach out to us at PHONENUMBER to start a discussion.

Categories
Casserly Consulting Blog

TheDarkOverlord Solutions Is at It Again! This Time the Hacker Group Is Targeting Schools

ransomware_school400.jpg

While many youngsters enjoy it when their school shuts down, this was likely not the case in Flathead Valley, Montana, where the cybercriminal group ‘TheDarkOverlord Solutions’ targeted the entire Columbia Falls school district. This attack caused the three-day closure and otherwise disrupted over 30 schools, and the personal information of teachers, students, and school administrators was supposedly to be released if the group didn’t receive a ransom payment.

Furthermore, and more alarmingly, parents received reportedly graphic death threats against their children from the group. These threats alluded to an infamous, and still painfully recent, school shooting. This is the first time that TheDarkOverlord Solutions have gone to these lengths as far as is known.

The district server for Columbia Falls was ultimately targeted; records detailing the addresses, medical history, behavioral history, and other pieces of information valuable to cybercriminals were accessed that detailed the personal data of current and former students, their parents, and the school’s staff members. As a result, the 30 schools closed (as referenced above) and weekend events and activities were cancelled. With a heightened security presence, students returned to classes on Tuesday, September 19th.

TheDarkOverlord is no stranger to the news, or to targeting vulnerable individuals. In July of 2017, there was an online sale for a tantalizing data set that would allow cybercriminals to leverage information harvested from healthcare providers, just weeks after putting almost nine and a half million records for sale. These records came from a clinic, a healthcare provider, and a health insurance provider.

Somewhat less threateningly, the same group also took credit for releasing the fifth season of the Netflix hit series Orange is the New Black before its official release date, despite receiving about $50,000 worth of cryptocurrency in ransom from an audio post-production studio.

This piece of history shows why the Columbia Falls school district is right in their decision to not pay the ransom, as it in no way guarantees that the cybercriminal (or group) responsible will hold up their end of the bargain. Even if they do, it only proves that the victims are willing to pay, designating themselves as the perfect target for repeated attacks.

The key to your safety is to ensure your data is secure against the entire spectrum of threats. COMPANYNAME can help you to do so. Call us at PHONENUMBER to get started.

Categories
Security

These Police Officers Called for Backup… and it was Infected with Ransomware

b2ap3_thumbnail_police_ransomware_400.jpg The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Before you start to worry too much about this terrible new strain of ransomware, you should know that “Osiris” has been identified as a recent version of the Locky ransomware. The police department likely only referred to it as “Osiris” due to their encrypted files all sporting the extension “.osiris.”

This began as many ransomware attacks do; an on-screen message notified the police that their files had been locked, and would only be unlocked if the department paid up the demanded $4,000. As happens far too often, the ransomware was introduced into their system when a member of the department opened a spoofed email that appeared to be an official department communication. In keeping to best practices, the police’s IT department elected to restore the infected server’s files from a backup.

Unfortunately, the backup they had to restore from was taken after their systems had been infected, meaning that all they had were more locked and infected files.

This caused Cockrell authorities no small amount of trouble, as the encrypted files included years and years of photographic and video evidence to be used to prosecute cases. Time will only tell how much of an impact this will have on legal proceedings.

These events serve as a warning to all who rely on data in order to do their job, including businesses everywhere. It is essential to remember that your security is only as good as the people who are given access to your data. Furthermore, it reinforces the importance of keeping more than just one backup of your system. Backing up incrementally, and storing archived backups off site will usually safeguard a business from having the entire backup corrupted in the event of ransomware like this.

Reach out to us at PHONENUMBER so we can optimize your IT to protect you against ransomware and other critical issues.