Business Devastated By Ransomware
It seems like we don’t go very long these days without hearing about new ransomware attacks. They are becoming increasingly common and are a growing concern not just for large businesses, but smaller ones as well. The effects of being targeted can be devastating, as in the case of Fran Finnegan.
During his vacation in New York City shortly before the Fourth of July weekend, Finnegan was surprised to receive a text message from one of his customers, asking why Finnegan’s website was down.
Unaware of anything that could be amiss, Finnegan managed to gain access to a computer to check out the site for his business, SEC Info, which provides access to millions of documents that have been filed with the Securities and Exchange Commission. Much to his dismay, he found himself witness to an attack in progress. The security of his site had been breached, and the hackers were encrypting all his files, making them inaccessible to him and his customers.
Finnegan acted quickly to block them, but it was already too late. Four days had already passed since the start of the attack. Four days during which the attackers had free reign to do as they pleased with no one the wiser. Once done, they left him a message accompanied by a skull and crossbones, reading “Your Files Are Encrypted.”
“I lost everything that essentially makes up my whole operation,” Finnegan commented.
The attackers provided him with an email address where they could communicate with him and inform him of the cost of a decryption key to recover his files.
Sadly, Finnegan’s experience is hardly unique, or even uncommon. Ransomware attacks are occurring with greater frequency, with hackers restricting users from accessing their data and demanding a ransom to release it.
Often, these attacks target those with the ability to pay exorbitant amounts and a need to recover their information quickly. This can include large businesses, universities, hospitals, even government agencies. The recent attack on Kaseya, a provider of IT management software, is perhaps the most infamous of recent ransomware attacks, both for the size of the ransom demand and the number of those affected.
According to consumer information service Comparitech, there were 92 ransomware attacks against US healthcare organizations in 2020. The result of those attacks in ransom paid, downtime, and recovery reached approximately $21 billion.
It’s believed that hackers were able to access Finnegan’s site with the use of a stolen password. When SEC Info was set up, Finnegan used a password to protect his administrative privileges, but unfortunately, it was the same password he used for his Yahoo email account. That password was likely stolen in 2013 during a massive hack that compromised the personal information of 3 billion Yahoo account holders. Although Yahoo advised users to change their passwords, Finnegan had forgotten that he had used it for his administrative password.
Finnegan chose not to contact the hackers through the provided email, as he has discovered it’s associated with a group that may be taking the ransom, but not providing the decryption key. This has left him with the task of restoring everything manually, which may take several weeks. He is not even capable of contacting his customers because his list of users and their contact information was among the information encrypted.
It was just a matter of time before the hackers breached his site once his password was stolen. His firewall could protect him against a random attack, but not one that used a legitimate password. Starting on June 26th, his hackers pinged his system 2.5 million times before landing on the right password.
This attack and others like it serve to demonstrate again the need for greater awareness and security. Unfortunately, there seems to be no end in sight for ransomware.
Don’t leave yourself open to a ransomware attack. Contact Safe Harbour today.