Tag: ransomware gangs

  • If you’re an Outlook or Gmail user, you’ll want to be aware of this ransomware warning just issued by the FBI

    If you’re an Outlook or Gmail user, you’ll want to be aware of this ransomware warning just issued by the FBI

    A new ransomware targeting Gmail, Outlook and other popular email providers has made enough waves for the FBI to issue a warning about it. In addition to targeting these email providers bad actors have narrowed their search to those in specific fields like medical and tech.

    The ransomware is called “Medusa” and it first came on the scene in 2021, emerging as part of a new group of ransomware found under the “Ransomware-as-a-Service (RaaS) umbrella. This means the hacker are not necessarily the creator of the ransomware but are instead utilizing scripting created by others as a means to profit from ransoms paid in lieu of getting your data back.

    The creators of Medusa have been linked back to a group called Spearwing, which are particularly ruthless in that they try to extort victims twice. First, they steal your data and extort payment to not expose it and they also encrypt it and will not provide victims with a method to decrypt it until they receive a second payment. Spearwings ransom demands have ranged from $100,000 all the way up to $15 million.

    There hasn’t been a definitive answer as to how the latest breaches were conducted, so it’s uncertain at this time whether the attacks were accomplished due to user error or through another method of breach. As such the FBI and CISA have recommendations as to how users can protect themselves from the Medusa ransomware that include:

    1. Mitigate known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date within a risk-informed span of time.
    2. Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization.
    3. Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.

    Proactive services (including cyber security) are a keystone offering for Valley Techlogic. With ransomware threats becoming more sophisticated and lucrative year over year, you need a team behind you to protect against outside threats. Below are five ways Valley Techlogic approaches cybersecurity protection for our clients:

    1. 24/7 Threat Monitoring & Incident Response – We provide continuous monitoring of networks, endpoints, and cloud environments to detect and respond to threats in real time.
    2. Advanced Endpoint Protection (EPP) & Endpoint Detection and Response (EDR) – We deploy antivirus, anti-malware, and behavioral analytics tools on all endpoints and use EDR solutions to detect, analyze, and remediate suspicious activities on client devices.
    3. Security Awareness Training & Phishing Simulations – Our security awareness training educates employees on cybersecurity best practices and how to recognize social engineering attacks. We also run weekly phishing simulations to assess and improve employee readiness against cyber threats.
    4. Regular Security Audits & Compliance Management – We can conduct penetration testing, vulnerability assessments, and risk audits to identify security gaps at the client’s request. We also offer specialized support for compliance with industry regulations like GDPR, HIPAA, NIST, or CMMC to avoid penalties and data breaches.
    5. Consistent and Layered Approach to Backups – Our backup program TechVault is our multifaceted approach to backups, which includes separate backups for Microsoft (including Outlook), daily backups for servers, and an immutable copy that is write once read only. This approach gives us a wider array of options should a breach or data loss event occur.

    Interested in learning more? Schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • College shuttered after 157 years due to ransomware attack

    College shuttered after 157 years due to ransomware attack

    While ransomware wasn’t the only thing behind the decision to close Lincoln College, located in rural Illinois and established in 1865, it was the final blow after taking substantial financial losses due to the COVID-19 pandemic.

    The school, which had survived through the Spanish Flu, the Great Depression, two world wars and even a fire in 1912 will close its doors for good on May 13th, 2022.

    The ransomware attack which occurred in December 2021 crippled their recruiting and fundraising efforts for two months, not being resolved until March 2022 as a statement on the school’s website reads.

    “Furthermore, Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections. All systems required for recruitment, retention, and fundraising efforts were inoperable.

    Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

    The school made attempts to avoid the closure, but the efforts came too late, and we’re sorry to say they’re far from unique in being a school that was targeted by a cyberattack. According to this report over 1043 schools suffered ransomware attacks in 2021.

    Cyber criminals don’t think twice when targeting schools, hospitals, and infrastructure that’s needed by the community. We reported on the on Colonial Pipeline hack that created a major disruption at gas stations across eastern US last May.

    Schools and hospitals are appealing targets because investing in cyber security measures is not generally a priority and they often store large amounts of PII (Personal Identifying Information) in their systems.

    Many senators have taken note of this and have called on the Department of Homeland Security to instate measures that would bolster the security of our schools, especially K-12.

    A ransomware payment isn’t the only thing attackers stand to gain when they successfully infiltrate a network, here’s a chart with the way hackers “double dip” from during their attacks:

    Hacker Motivations Infographic

    In the end Lincoln College did choose to pay the ransom to gain control of their systems again, but it sadly made no difference in saving the college.

    60% of businesses close within 6 months following a ransomware attack, and only half businesses have a cyber response plan available to quickly respond to an attack. The slow response time will only add insult to injury as you try to get back on your feet and as we’ve seen in this case, it can be fatal to your business.

    Valley Techlogic can help you not only have a contingency plan in place, but also help you enact cyber security measures in your business that will prevent an attack from occurring in the first place. Learn more today through a quick consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • The ransomware attack crippling a major repair firm that no one’s talking about

    The ransomware attack crippling a major repair firm that no one’s talking about

    Dell, Lenovo, even Apple brand computer and device repairs might be seeing major repair delays at the moment as a top repair firm they use was hit by a ransomware attack that ground their operations to a complete halt.

    This has been seemingly squashed as a news worthy event for the moment but we think customers should be made aware that if they send their desktop or laptop in for a repair at this time they face major delays in getting it back. In fact, there may be a delay in even getting a box to send the machine back in as even shipping has also been affected by this ransomware.

    Reported briefly by ItWire, this attack aimed at the security firm Symantec has taken down a number of systems across the country. From the attackers’ view point they were able to disable one of the end point protections allowing access, and to make matters worse the software was up to date at the time, leading to major questions as to how this was able to occur at all.

    CSAT, used by Dell, Lenovo, Apple and more was hit just over a week ago and customers have been facing problems ever since.

    We haven’t been able to confirm that any customer data was leaked, however, according to the ItWire article a number of screenshots of computer directories were placed online.

    If the General Data Protection Regulation (GDPR) that governs in the UK applied in this case, these companies should have reported any exposed customer data within 72 hours. It’s possible no customer data was leaked but the scope of this apparent ransomware has us questioning whether that’s true.

    We’re uncertain if business support class customers are facing the same delays as home users however as with most things there may be a trickle-down effect.

    The ransomware that allowed this to occur was called NetWalker and it’s been responsible for 10 major breaches just this year. It’s clear to us ransomware as a service is not going anywhere soon when the payouts are so lucrative.

    Released in April 2019, the average payout on a NetWalker attack is $175,000 in bitcoin following each successful campaign. One of the highest payouts was $1.14 million from the University of California. It’s estimated the NetWalker ransomware gang has made $25 million in all.

    This latest attack shows that it’s not only a loss of data and having to pay a hefty sum that come as side effects from being hit with ransomware, the affected security firm and repair firm are also experiencing a major loss of credibility with customers that they may never fully recover from.

    You may think your business is too small to be hit with a ransomware attack, but the fact is ransomware as a service has made orchestrating these attacks easier than ever. Even a small payout of a few thousand dollars may be worth it to some individuals with low moral standing just looking for some quick cash.

    Or maybe they’re not interested in your money at all, maybe they’re interested in your data which may be more lucrative for them. Also, many hackers commit their attacks just for the thrill of it and will think nothing of dismantling your technology operations and leaving you stranded.

    We don’t think this should happen to anyone; we can help businesses located in the Central Valley beef up their cyber security provisions to stop ransomware gangs in their tracks.

    VTL Cyber Security

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

    Looking for IT Services in Fresno, Modesto, Stockton, Ceres, Atwater, Merced, Visalia or Lodi? We cover all these areas and more!