Another Day, Another Ransomware Attack – Are You Next?

Another Day, Another Ransomware Attack

Ransomware is an undeniably major threat to businesses around the world today. Do you think that’s an exaggeration?

Are you?

The Latest Ransomware Victim…

On Monday, Oct. 14, Alphabroder announced that it had been the victim of a ransomware attack. Despite the many security parameters they had in place, cybercriminals were able to penetrate their systems.

“No customer data or account information has been compromised or is accessible by this malware,” Alphabroder said in an official statement. According to their Chief Marketing Officer David Clifton, the ransomware attack only affected their ability to process orders.

Alphabroder was infected with a type of ransomware known as SODINOKIBI, a notoriously difficult to detect malware. According to Malwarebites, this type of ransomware targets all files except those listed in their configuration file, including .jpg, .jpeg, .raw, .tif, .png, .bmp, .3dm, .max, .accdb, .db, .mdb, .dwg, .dxf, .cpp, .cs, .h, ,php, .asp, .rb, .java, .aaf, .aep, .aepx, .plb, .prel, .aet, .ppj, .gif, and .psd.

As a business with more than $1.5B in annual revenue, one would assume Alphabroder would have appropriate security measures in place to protect against malware. And according to Clifton, they do.

“Unfortunately, it’s a sophisticated malware, and was able to work around those protections,” Clifton told Counselor.

What Does This Mean For You?

The primary lesson here is that if a business as big as Alphabroder can get hit by ransomware, so can you. You have to assume you’re defenses could be penetrated – what will you do if it happens? Do you have contingencies in place to protect you in the event of a ransomware infection?

Is Ransomware The Only Threat?

Unfortunately, no. Ransomware is just one of the primary threats posed to your business, but there are others…

CEO Fraud

CEO Fraud is a scam where cybercriminals spoof company email accounts and impersonate executives to try and fool employees into executing unauthorized wire transfers or sending them confidential tax information. It takes aim at personally identifiable information, rather than merely tricking accounting staff into scheduling fraudulent wire transfers.

This is a form of Business Email Compromise (BEC) where a cybercriminal impersonates a high-level executive (often the CEO). Once they convince the recipient of the email (employee, customer or vendor) that they are legitimate, they then attempt to get them to transfer funds or confidential information.

Key examples include:

Phishing

Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.

The average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents (e.g. the rate of phishing attacks increased by 65% in recent years) is that you get desensitized to the whole thing.

Types of phishing include:

  • “Sextortion”: Have you ever sent nude pics to someone?Even if you haven’t, they sometimes claim that they’ve got some from your webcam or they’ve buried pornography on your computer that they plan to expose to the authorities if you don’t pay them.If you own a business, then this can be a crime that pays well for thieves. They send the business owner a little sample of the erotic photos, then demand money or else they’ll publish them on the Internet.The problem with this crime is that there’s no guarantee you’ll get all copies of the photos back. You may pay the criminals and still not be sure.
  • Gift Cards: You may get a phone call from someone saying they’re from a creditor or the IRS. They will speak in hostile threatening tones. They’ll claim that if you don’t pay up immediately, terrible things will happen—maybe your car will be repossessed.Next, they instruct you to go to a local store like Walmart and buy gift cards in the amount you owe. Once you buy them, you call the thief back and give them the numbers found on the back of the cards.
  • Wire Fraud Scam: Hackers are targeting the human resource functions of businesses of all types with phishing. They’re convincing employees to swap out direct deposit banking information to offshore accounts.

How Can You Protect Yourself From Ransomware And Other Threats?

Ask for help – Acapella Technologies will help implement robust security measures, deploying security devices like firewalls, patching, antivirus software updates, intrusion and gateway protection, to name a few.

Furthermore, we will support your cybersecurity processes and practices, by implementing 2-factor authentication, employee security training, and password reset policies for your company.

Like this article? Check out the following blogs to learn more:

Will Your Business Be Impacted by the End of Microsoft Exchange 2010?

Everything You Need to Know About the Dark Web

Capital One Data Breach Affects More Than 100 Million Customers