Managed IT Services Firm

It’s Hard to Recover from Those Big Ransomware Attacks

Published Date: March 4, 2022

Ransomware refers to malicious software that prevents one from using their computer. With ransomware attacks done by REvil, Conti, DoppelPaymer, LockBit, and Phoenix affecting 800 million computers worldwide it is extremely necessary to protect your computer today with these attacks. However, not everyone has the expertise to update their devices.

The latest cyber-attacks have cost U.S. businesses hundreds of millions of dollars, according to the Cisco Talos Cyber Intelligence Unit.

Ransomware attacks are on the rise – with companies like SOCA, JBS, and Washington DC Metropolitan Police Department being victims.

These ransomware attacks can result in shutdown of critical infrastructure, shortages, increased costs for goods, loss of money due to the attack, and payments made to hackers.

The Most Daunting Recent Ransomware Attacks

Cyber-attacks on U.S. companies have not only impacted individuals but have also led to shutdown of critical infrastructure on a massive scale, resulting in public safety concerns more severe than previously thought.

This article reviews the top ransomware attacks that were reported in the news.

Delta-Montrose Electric Association (DMEA)

Date: 7th November, 2021

Attack Details: DMEA suffered a cyber-attack which shut down 90% of company internal controls and wiped 25 years of company data.

The attack also affected their company’s internal systems, customer-facing tools, payment processing tools, and billing platforms.

Solution: While the energy company is warning customers about their new process for collecting payments, they have promised that people can avoid disconnection by paying through January 31, 2022.

CNA Financial

One of the largest insurance companies in the USA has been attacked with ransomware. The breach happened in March and has not been fully fixed yet.

Date: March 2021

Attack Details: The 15,000 computer devices were encrypted using malware called Phoenix CryptoLocker. The hacker group connected with the Evil Corp was able to shut down employee computers remotely since many were working remote.

Solution: Media reports state that earlier this year, CNA Financial agreed to make a $40 million ransom payment in order to get access to their network.

COLONIAL PIPELINE

The Colonial Pipeline is the largest pipeline system in the United States for the transport of refined oil products.

Date: Late April, 2021

Attack Details: The DarkSide gang interrupted gas supplies to multiple states in America by hacking the company’s billing system and their internal business network. With this new form of ransomware, hacking can create widespread shortages.

Solution: To avoid the disruption, Colonial Pipleline eventually conceded to the demands and paid the group $4.4 million in bitcoin.

The chaos later subsided after government officials confirmed that Colonial’s security measures were not up to par—a problem that may have been prevented if stronger ransomware protection had been put in place.

Fortunately, US law enforcement managed to track down much of the kidnapped money through cryptocurrency monitoring, digital wallets, and other information sources.

JBS FOODS

JBS Foods, one of the biggest meat processing companies in the world.

Date: May, 2021

Attack Details: The Russia-based hacking group that attacked Acer, REvil, is guilty of multiple hacking crimes. Although their attack had little impact on the food supply chain, it still caused panic among consumers using the internet to buy meat—fears of a possible “hardware attack” are baseless.

Solution: As of June 10th, it was confirmed that food company JSB paid the $11 million ransom demand after consulting with cybersecurity experts. This is the largest ransomware payment ever made to date.

QUANTA

Most people don’t recognize Quanta as a technology powerhouse, but they’re Apple’s major hardware partner. The company also produces a wide range of components for many different industries.

Date: April,2021

Attack Details: The REvil gang created a cyber-attack to extort computer manufacturers Quanta and, after their refusal to pay the ransom, targeted Apple instead. The attack penetrated user information and designs of Apple products.

The attack was halted this week when the hacker group composed that they gained everything they wanted from both companies.

Solution: Quanta Computer’s information security team– in response to cyber-attacks on a small number of Quanta servers– has worked with external IT experts and reported any suspicious activity in order to protect and abide by the law and company values. There is no material impact on the company’s business operation.

KASEYA

Date: July, 2021

Attack Details: Hacker group REvil initiated an attack on Kaseya, a provider of IT management services.

They used a fake software update to infiltrate both Kaseya’s direct clients and their customers. The attack impacted up to 50 Kaseya’s client and 1000 businesses in total, which forced Coop to close 800 stores. REvil did require a ransom of $70 million in bitcoin.

Solution: The FBI quickly gained access to REvil’s servers after the attack and was able to extract the necessary encryption keys needed to resolve the hack.

Unfortunately, no ransom had been paid and Kaseya was not able to restore its client’s IT infrastructure, however, it immediately patched the vulnerabilities and ensured potential future damage.

ExaGrid

ExaGrid is a backup storage company that works with different types of data, compatible with the different back up schedules.

Date: In May,2021

Attack Details: A breach of the ExaGrid network by the Conti ransomware group has left 800GB of confidential data, including client records, contracts and source codes, in the hands of unauthorized individuals.

Solution: The information was passed on by LeMagIT, who reported that ExaGrid paid around US$2.6 million to reclaim its files after finding out about the malware issue.

Acer

Acer is a hardware and software business.

Date: March, 2021

Attack Details: The multinational computer giant was recently hit by a REvil ransomware attack, demanding US$50 million in bitcoin. Hackers behind the attack announced their presence when they posted images of files purportedly stolen from Acer on their data leak site.

Solution/ After Effects: The ransomware gang is willing to provide custom solutions for WannaCry victims, albeit on the condition that the victim provides arbitrary identifiable information. Acer was warned not to repeat the fate of SolarWind.

Accenture

Accenture is a global consulting firm that helps Fortune 500 companies. Accenture has over 624,000 employees around the world offering IT services and consulting to their customers.

Date: August 31, 2021

Attack Details: Accenture was attacked by LockBit, but heard of it thanks to monitoring its systems.

Regardless of any malware present, Accenture continued its operations and clients’ computers were safe. Accenture had the option to pay the ransom and none of its data was leaked, so they instead opted not to.

Solution/ After Effects: Accenture does not seem to be following the best practices for such security incidents.

After waiting too long without paying the attackers, they found themselves having to clean up a major data breach that included over 2,000 files and risk continuing to lose more.

This should not have happened as Accenture was able to quickly contain the incident and restore affected systems from backups.

HOW vTech CAN HELP YOU MITIGATE RISK OF RANSOMWARE

With vTech being a leading Multilayered IT security company, we can provide complete insights about how to prevent Ransomware intrusion’s into your company.

In addition, we have multiple levels of protection that prevent or stop an infection before it has the chance to reach your managed network services.

vTech can provide businesses with insights that some other solutions struggle to capture, which helps defend against Ransomware.

vTech’s Managed Security Solution is mission-critical and innovative business outcomes for the government agencies, leveraging NIST and FISMA compliant next-generation security technologies.

Conclusion

Ransomware is a serious problem and it needs to be resolved now. Organizations need a number of things to prepare themselves for cyber-attacks.

One is an information security team that works with external IT experts in response to abnormal activities, and reports them to relevant law enforcement authorities.

Share this post:

Resources

Get Updates!

Why Government Websites Choose Drupal as Their Preferred Content Management System

88% of US citizens interact digitally with government officials. For government agencies, digital transformation is more important than ever. During the COVID-19 pandemic, demand for

Upgrade and Migrate: Time to dive into DRUPAL 10

It is crucial to stay up to date with the latest technologies to maintain a secure, efficient, and user-friendly website. If you’re a Drupal enthusiast

Download The Blog

https://www.vtechsolution.com/wp-content/uploads/2022/03/Its-Hard-to-Recover-from-Those-Big-Ransomware-Attacks-min.pdf

Security and Compliance

Managed Cloud Infrastructure

Professional Services