Cybersecurity News Ransomware

Cybersecurity News: The Importance of The White House’s International Meeting on Ransomware

October 16, 2021

Recently, efforts by the United States Government to fight back against ransomware have been in full swing.

To better combat these growing threats, The White House has met with representatives from numerous nations in order to focus on the threat of ransomware and other cyberattacks that have been plaguing industries both private and federal.

This meeting of over thirty nations comes after growing concern as to the capabilities of malicious parties using ransomware. In short, ransomware allows for malicious parties to target gaps in cybersecurity to get ahold of private data, or, if a firm dealing in assets is concerned, take hold of said assets.

These malicious parties are often not local to the United States, rather, they have strong footholds in other countries, and manipulate the private information of those abroad. This causes issues when it comes to avoiding ransomware attacks in the U.S., as many nations that are host to these criminal hackers may not take the necessary steps to eliminate these threats.

The cybersecurity meeting between nations includes numerous like-minded nations that seek to end the threat of ransomware. While it is certainly a tough task to deal with hackers from abroad, the goal is for these nations to reach a common ground in which a global effort can mitigate ransomware breaches.

What spurred the U.S. into action was a recent attack in June of 2021 in which a ransomware attack shut down notable international meatpacker JBS. This also coincided with a major pipeline ransomware attack that produced one of the first detailed efforts of the U.S. government to fight back against ransomware.

By bringing to light, on a global scale, the importance of modernizing our federal cybersecurity programs, the United States is proving to the world the necessities of cybersecurity. Whether you are a small firm or a large scale federal body, cyber attacks are here to stay and will be targeting those without precautionary measures.

No matter your cybersecurity needs, the experts at Drawbridge will see to it that your firm has plans in place to fight back against the rise in cyber threats.

Contact Drawbridge today to schedule a demo.

 

Cybersecurity News: New Guidance Against Ransomware

September 3, 2021

Throughout the global COVID-19 pandemic, reliance on web-based services has strongly increased. With this comes several downsides in regards to cybersecurity, and this is certainly true of the threat of ransomware.

Ransomware comes in many variations and can target anything from personal data, to bank account information, and more. Malicious parties causing these breaches of privacy will then issue a ransom for this data or property under threat of theft or destruction.

Ransomware is typically distributed through email campaigns, though there are other methods where potential breaches become available such as through use of USB thumb drives.

There are numerous reasons why ransomware is becoming more common outside of a growing reliance on the internet and online software. Ransomware is advancing, and allowing for a greater number of perpetrators to utilize ransomware more effectively.

Due to the uptick in ransomware-related breaches, the Cybersecurity and Infrastructure Security Agency (CISA) has released new procedures that organizations are meant to follow in the case of ransomware:

  • Maintain Offline, Encrypted Backups of Data
  • Regularly Test Your Backups
  • Create, Maintain, and Exercise a Cyber Incident Response Plan
  • Mitigate Internet-Facing Vulnerabilities

With these measures in place, your firm can be protected from potential ransomware breaches, but little can substitute for solid cyber security programs being put in place.

This is where the experts at Drawbridge can help best. With deep experience in the cybersecurity industry and numerous different ways to approach and protect from threats such as ransomware, your firm could benefit greatly from scheduling a demo with Drawbridge today.

 

Cybersecurity News Cycle: Hackers Going After Physical Infrastructure with Ransomware Attacks

July 12, 2021

We have seen it with government agencies, private companies, and more recently, the Colonial Pipeline and major meat producer JBS USA.

Cyber threats are more prominent than ever, and they are targeting companies both big and small.

Cybersecurity can be overwhelming, especially when you are scrambling to protect your firm in light of recent occurrences. Ease your worries and let Drawbridge manage all of your cybersecurity needs, so you can continue doing what you do best—running your business.

Ransomware is nothing new in the realm of cyber attacks, but recent months have seen an uptick in ransomware and other cyber threats. Ransomware threatens vulnerable firms by gaining access to a company’s digital system and either locking programs or dismantling them.

The US Department of Justice declared last year “the worst year ever when it comes to ransomware and related extortion events,” and as a result, formed a task force to contain cyber threats, according to an article by the Wall Street Journal.

Ransomware attacks surged as a result of the pandemic moving many operations online last year. Firms both big and small have experienced cyber-attacks, although attacks on bigger firms tend to offer hackers bigger returns.

According to an article by CNN, “Many people think of cyberattacks as just that: an attempt by hackers to steal sensitive data or money online. But now hackers have found a significant moneymaker in targeting physical infrastructure. These attacks have potential to spark mayhem in people’s lives, leading to product shortages, higher prices and more. The greater the disruption, the greater the likelihood that companies will pay to alleviate it.”

Growing cyber threats means it’s time to upgrade your firm’s measures of digital protection. Drawbridge is well equipped and dedicated to keeping your business safe and secure. Contact us today to schedule a demo.

 

Kaseya Ransomware Update

July 6, 2021

Beginning on Friday, July 2nd, 2021, reports started to come in of a large-scale attack on the software used by 1000’s of Managed Service Providers and IT Teams.

Kaseya is used by these teams to provide remote assistance to desktops, laptops, servers, and other endpoints. Kaseya VSA on-premise appears to be the sole product affected by the attack and at this time, it is believed that Kaseya has contacted all of its clients and had no further reports of infected customers since Saturday, 3rd July; with their current estimation that 60 Clients were effected and approximately 1500 “downstream” clients of the Service Providers being compromised too.

The restoration process is still ongoing. As a first step, Kaseya released a tool designed to test an environment for compromise. That was released on Saturday, July 3rd and updated on Monday, July 5th with further capabilities of detection. It is highly recommended by Kaseya to re-run this tool with the updated version if Kaseya VSA was in use within your Environment.

A patch to correct the zero-day vulnerability that was exploited in this attack has now been developed and is undergoing testing. Kaseya has tentatively scheduled their cloud service to be restored on July 6th, 2021. A set of instructions on best practises is likely to be released to on-premise clients soon after, then the corresponding patch.

NOTE – This appears to be a single attack vector ransomware. The attackers REvil have stated that the only attack is the encryption of systems and the demand for a ransom. They claim to have not taken a copy of the data for further attacks (either further ransom threats to prevent leaking the data or the sale of that data). At this time Kaseya has no comment on the demand of $70 million ransom to provide decryption to all Kaseya Clients and their Clients respectively.

How to Protect Yourself:

At this time, your IT Team and Managed Service Provider should have been informed by Kaseya if they were at risk. Regardless of that message, if any Kaseya products are in use within the environment we would recommend using the detection tool to ensure no ‘Indicators of Compromise’ are found within the Servers and Endpoints.
kaseya.app.box.com/s/0ysvgss7w48nxh8k1xt7fqhbcjxhas40

IT Teams should proactively follow the Kaseya website here to understand when the next updates will take place:
www.kaseya.com/potential-attack-on-kaseya-vsa/

They should carefully follow any instructions regarding the hardening steps to be released by Kaseya, the FBI, and CISA in the next 24 hours (to be published on the same link as above)
Kaseya systems should not be restored before the Kaseya timeline.

Further technical information about the attack can be found here:
helpdesk.kaseya.com/hc/en-gb/articles/4403584098961

Further third-party news can be followed here:
www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/
www.welivesecurity.com/2021/07/03/kaseya-supply-chain-attack-what-we-know-so-far/

 

Cybersecurity: Ransomware Alert

July 12, 2020

On July 10, 2020, The SEC’s Office of Compliance Inspections and Examinations (OCIE) released an alert on the growth of the ransomware threat for financial services market participants and its commitment to providing advisory to assist these firms in taking proactive measures to protect their businesses. Phishing attacks and other social engineering campaigns are being designed by attackers to specifically attack financial services firms to deploy ransomware, a type of malware designed to prevent companies from accessing their network until the ransom is paid. OCIE has reported an increase in the sophistication of these attacks targeting not only investment advisers and broker-dealers, but the service providers to these registrants as well.

OCIE is recommending market participants to follow its advisory in conjunction with advisory released by the Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA), including an updated alert published on June 30, 2020, on recent ransomware attacks.

To enhance cybersecurity protections and preparedness, OCIE recommends implementing the following measures observed within institutional cybersecurity programs:

  • Vulnerability Management
  • Incident Response Planning & Testing
  • Cybersecurity Training & Awareness
  • Access Management & Risk Assessment
  • Operational Resiliency

View the SEC’s Cybersecurity Spotlight webpage here.

Drawbridge assists alternative investment managers in delivering institutional cybersecurity software and services to combat ransomware threats and meet the SEC’s requirements. Contact sales@drawbridgeco.com for more information.