Ransomware is Exploding! What you need to know about the latest threats

Imagine yourself walking through a crowded train station, getting ready to board a train. It isn’t until you’re in your seat that you realize a pickpocket has stolen your wallet. But there’s a twist: The thief decided to leave his business card in your pocket so you could contact him and pay a few hundred dollars to get your wallet back.

For the past few years, cyber thieves have been hacking into countless networks and scrambling the critical data that is the lifeblood of individuals, as well as companies large and small. Then they demand a substantial ransom in exchange for an encryption key to restore important data.

Just over the past few weeks, we have seen a whole new level of ransomware explode—hackers are breaking into businesses and scrambling servers full of data and leaving an email address for the business to contact to get the data back. However, before you actually get access to your scrambled data, another hacker gets into your system and deletes the previous hackers’ information and leaves his own. Now when you go to pay your ransom, you are actually paying the wrong hacker for the data.

CrySiS is the aptly named form of the most recent ransomware that is rocking the cyber world. Hackers are either getting into computer servers by using brute-force attacks on unsecure or open RDP connections or they are getting into through a MongoDB, a free, open-source cross-platform document-oriented database program. Once the connection is authenticated and the attacker gets access to the network, they encrypt or hijack data and leave an email address to contact them so victims can “negotiate” getting their valuable data restored.

First reported to the FBI late last year, these attacks have exploded just over the past few weeks. For example, during the week of December 27th there were only 200 reports of these attacks. But during the last two weeks of January, there have been 20,000 reported attacks that have compromised thousands of servers. Literally thousands of cyber thieves have left multiple demands, along with multiple calling cards.


Call on an outside expert

Businesses have found that outside experts are invaluable in identifying unseen security gaps in their networks. These hired hackers bring a “fresh set of eyes” and the most effective solutions. In fact, they rarely find a network that doesn’t have substantial network vulnerabilities.

Don’t touch it just once a year

More than ever before, business executives are realizing that cyber security is ongoing and have IT security contracts in place to ensure monthly monitoring and protection. The monthly cost for protecting a business networks are insignificant compared to the business and reputation risks associated with a cyber breach.

Complex passwords are our friends

Forcing all remote users to use complex passwords is the easiest way to prevent hackers from getting in through RDP or VPN connections.  A complex password should minimally be eight characters in length and should not contain any part of their username.

Implement dual (multi) factor authentication

Dual factor authentication will require devices accessing the network to first be accepted by the network device and then allow the user to put in the password. Implementing dual factor authentication on a network will help to mitigate remote hackers from deploying CrySiS on a system.

Tanner - John PohlmanJohn Pohlman is an information security expert and the director of information security services at Tanner LLC, the largest locally owned accounting and professional services firm operating in Utah.

Utah Business fosters connection, insight and recognition for Utah’s thriving professional community. Through our events, magazine and website we highlight the ideas, innovations and people behind Utah business success stories. We are all-in on Utah—and we can’t wait to tell your stories.