Sage Advice - Cybersecurity Blog

Ransomware attacks can have devastating consequences for organizations. Downtime is often more detrimental than ransom costs. Recovery is expensive, and there is a significant cost in system disruption, emergency response, and reputation damage.

Ransomware continues to be a significant threat to organizations of all sizes. Victims of an attack are denied access to their data. Many times, files are encrypted, and a ransom is demanded to restore access. If hit, the best-case scenario is that you have clean backups to restore your systems and can avoid paying the ransom.  However, downtime is often more detrimental than ransom costs. Recovery is expensive, and there is a significant cost in system downtime, emergency response, and reputation damage.

Local governments and school districts are falling victim to ransomware attacks with alarming frequency and devastating consequences. At any organization, having tools in place to improve cyber resilience is a necessity, especially as hackers get more sophisticated every day.

In early 2016, CEO and co-founder of PhishMe, Rohyt Belani, was quoted as saying "Ransomware attacks have the potential to become the biggest crime in digital history. They threaten every major sector, from the healthcare industry to government agencies, drive unquantifiable financial losses and, in the case of healthcare, could have life and death implications." 

Ransomware has been a threat to businesses across all sectors for more than a decade, but in recent years its popularity has exploded. According to Verizon’s 2017 Data Breach Report, ransomware attacks increased by 43% from 2015 to 2016. Then, in May of 2017, ransomware went global with the WannaCry pandemic.

Though it’s been around in various incarnations for a couple of decades, ransomware is one of the hottest topics in the world of cybersecurity, and for good reason. It’s malware on the rise, thanks to its role in a growing number of successful cyber-attacks and the high ROI it delivers.

People responsible for cybersecurity in every industry are familiar with the scourge of ransomware. If hit, your organization could be exposed to some very serious regulatory consequences on top of the public embarrassment, technical costs, and financial losses from the incident. For Healthcare entities, HIPAA guidance on exposure of patient information can be very difficult to navigate. An important issue for Healthcare entities is, can they avoid triggering the Breach Notification Rule if hit with ransomware?

As Ransomware attacks continue to escalate in scale and scope, it is more important than ever to be able to defend your organization against this type of cyber attack. Especially when it comes to preparing your incident response protocols. Preparation and practice are the secrets to success. So, if you are comprised, you can recover quickly with little or no damage… and without having to pay a ransom. 

Here’s how you can ensure that your organization is ready to confidently respond to, and survive, a ransomware attack.

Back in the day, hackers needed to write their own code to exploit systems.  But times have changed!  Today’s hackers can license software, known as exploit kits, from other hackers – sometimes for less than a night on the town – that make attacking your systems quicker and easier than ever before. 

2016 has seen widespread use of a new type of ransomware known as MSIL / Samas.A. Attackers are actively scanning the Internet for vulnerable systems, and exploiting systems to gain access to the internal network. One tool being used is JexBoss, this tool discovers and exploits vulnerable JBoss servers.