Why the Big Russian Ransomware Attacks Affect YOU!

These attacks may have affected you immediately depending on where you live, but the number one reason you must be concerned about the Big Russian Attacks is that for every big, splashy attack that hits the news feed, there are tens if not hundreds of thousands of attacks on Small and Mid-sized Businesses (SMBs). SMB attacks are the daily bread and butter of the great bulk of Ransomware hackers – they just don’t make the news.

When you consider that by last estimate, there were over 65,000 Ransomware criminals in Russia alone, but only a handful of these huge, news-making attacks, it doesn’t take long to figure out where most of these crooks are making their money: from you.

We’ve all seen the reporting on the big attacks: First, the East Coast scrambled to deal with the effects of the crippling Ransomware attack on the Colonial Pipeline, which caused 1970s era gas lines and ‘No Gas’ signs at gas stations up and down the Eastern Seaboard.

Then there was the massive Ransomware attack on the JBS Beef production facility in Greeley Colorado, which produced a ricochet effect that shut down meat packing plants across the globe.

The Colonial attack was devastating on the East Coast, but here in California, we felt nary a ripple, while the JBS Beef attack didn’t keep any steaks off my grill – maybe prices went up a little, but any increase was lost in the swirling mass of skyrocketing costs across the board.

The 2 areas where both of these companies were asleep at the wheel were:
1) Paying the ransom - $5 million for Colonial; $11 million for JBS – just makes you an ‘easy mark’. When you give the schoolyard bully your lunch money, they don’t go away – they come back tomorrow.
2) These companies were woefully ill-prepared for these attacks.

Should you pay a ransomware attack?

The short answer is ‘No’.
The long answer is ‘HELL NO!’

As Sean Connery said in ‘The Untouchables’: “Thus endeth the lesson.”

But let’s backtrack just a bit: there are two reasons why you might consider paying the ransom:
1) You’re stupid
2) You’re really stupid
For the purposes of ‘the lesson’, in this instance we define ‘stupid’ as having no reliable and secure backup systems in place, and ‘really stupid’ as not having reliable and secure backup systems in place but believing mistakenly that you do. The advice (or lack thereof) of ‘Bad IT support’ may contribute to
this false sense of complacency.

The FBI has flat-out stated NOT to pay the ransom, but granted, it’s not that simple. You simply must make sure that you have a three-tiered backup system in place: standard backup on each computer or localized server, for ease of day to day data retrieval to facilitate work, a local backup that is not connected to your operational network (this is the fastest way to restore data after an attack), and cloud backups for an extra layer of security against Ransomware and other catastrophic events, such as a fire.

As a Managed IT Services provider, and longtime member in good standing of the IT Support Los Angeles Community, we admit that none of our clients are as big as Colonial or JBS as we serve Small and Mid-sized Businesses (SMBs), but the concepts and Best Practices remain the same regardless of size.

Make no mistake: regardless having your IT support and services team install the best, state-of-the-art cyber-defenses, these attacks WILL happen. Over 85% of attacks are a result of an end user foolishly opening a malicious email attachment or clicking on a bad link in an email. That is why we insist on holding IT Support Security Training Sessions on an ongoing basis for our clientele – still, users slip up.

How often does ransomware happen?

Earlier this year, based on the exponential increase in attacks during 2020 due to the COVID-caused relocation of much of the workforce from office to home, experts predict a ransomware attack on businesses (not consumers) will occur every 11 seconds, although data is not yet available to prove this prediction. It’s not surprising to us in the IT support and services industry – we routinely separate and defeat routine ‘phishing’ attacks (emails which carry a malicious link or attachment). In the even a user does click on a link that gets past the filters, and Ransomware takes hold, we can generally isolate the infection, shut down affected devices, wipe them clean, and re-install the data from secure backups – usually within 2 hours or less.

What is the biggest ransomware attack?

The biggest Ransomware attack in history occurred only about a week ago – in the beginning of July. Over 200 US firms were hit, and hundreds more across the world. $70 million in total ransoms were demanded - to paid with Bitcoin or other cryptocurrencies to the REvil Ransomware Hackers, based in Russia. As this attack and its effects unfold, we no doubt will see some ill-prepared companies paying the ransom while other businesses who have taken the exponentially increasing Ransomware threat more seriously, will not pay.

In this slew of cyber-assaults, one key company was Kaseya, a company which provides ‘back end services’ for Managed Services Providers worldwide.

As predicted in the past, Ransomware hackers are stepping up their attacks on Managed Services Providers – by hacking the main servers at the Managed IT Services data center, a crook can gain access to the networks at hundreds or thousands of client networks. The January attack on SolarWinds was seemingly more of a dry run as the hackers did not get very far, although self-reported details from SolarWinds are ‘hazy’ at best.

One of the major IT support issues that arose from last week’s massive attack was the targeting of Kaseya, which created and supplies Unified IT Management software to Managed Services Providers as well as other models of IT consulting services worldwide.

How did REvil hack Kaseya?

While it is still under investigation, Tech Times reports that former Kaseya employees have attested that Kaseya was aware of security flaws in its software due to outdated code as far back as 2019. That will certainly come out in the wash as the investigation proceeds.

How did the Kaseya attack threaten Managed IT Services?

Kaseya has 2 products – 2 methods by which IT Support and Services companies use their software:
1) Physical, in-house servers: Managed Services Providers using this method were infected by the REvil attack. This is a case of negligence as a result of trying to save money – having the servers and Kaseya software on premises is cheaper, but also vulnerable.
2) In the cloud: IT Service Providers, like us here at IT Support LA, who used the more expensive/more secure cloud-based platform were not touched.

Once a data breach occurs at any Managed IT services provider, each and every one of their clients is at risk, and under attack as well. It has been known for years that Ransomware hackers were targeting Managed Services Providers, so to find the number of companies that endangered their clients’ data by ‘cheaping’ on their security is disheartening.

By proactively investing in the security of our infrastructure, IT Support LA ensures every day that we will never be ‘caught with our pants down’.

We know that our clients would not be happy with that – in more ways than one.