Recently, data loss and leakage incidents have occurred frequently. An employee of Weimeng deleted the database of its own company alone, causing the market value to evaporate over 3 billion Hong Kong dollars. RMB compensation. In addition, the American AI startup Clearview AI was also exposed to a scandal of leaking more than 3 billion face data of customers, and was jointly “blocked” by technology giants. All this has sounded a wake-up call for enterprises – “data security is greater than the sky”.

At the same time, closely related to data security, ransomware, a network virus that broke out in 2017, seems to be making a comeback recently.

Ransomware works again

Tesla and SpaceX parts maker Visser confirms data breach

In a brief statement from Techcrunch, Visser Precision confirmed in a brief statement that its company had recently been the target of a cybersecurity crime that stole data. Security researchers say the attack was caused by DoppelPaymer ransomware, a new file-encrypting malware that threatens to leak company data. The ransomware hacker threatened to release the stolen files if the ransom was not paid. The DoupelPaymer ransomware has been active since the middle of last year, targeting both the Chilean government and Mexico’s state-owned oil company Pemex.

Visser’s stolen documents included a list of clients including Tesla, SpaceX, aircraft maker Boeing and defense contractor Lockheed Martin. Some of the files are available for download, and some include nondisclosure agreements between Visser and Tesla and SpaceX. The website hosting the stolen files said there were “many” more files to be released.

A spokesman for Visser said the company continues to investigate the attack and that all operations are operating normally.

So far, Tesla, SpaceX, Boeing and other companies have not responded to the incident.

Based in Denver, Colorado, Visser Precision manufactures custom precision parts for many industries, including the automotive and aerospace industries, with a wide range of services, including security defense. The company’s website has the tagline “Visser at the forefront of cybersecurity work tirelessly.” But even so, it has also suffered a network security incident that is hard to prevent.

U.S. telemarketing company lays off nearly 300 jobs in ransomware attack

Arkansas-based The Heritage, a 61-year-old telemarketing company, laid off nearly 300 employees in the days before Christmas 2019 after failing to recover from a ransomware infection.

In an apology letter to employees, company CEO Sandra Franecke said two months ago, the company’s servers were attacked by hackers who demanded a ransom to unlock the system. Although the ransom was paid to the attackers, it severely affected the company’s finances. The company could no longer pay salaries, so the CEO decided to let everyone go, saying that the company’s IT department would continue to work to restore the company’s systems as best they could. Employees can contact the company on January 2, 2020 to learn about system recovery and determine if they can return to work.

On that day, the employee called the company and got a reply: the restoration of the IT system has not been successful, and the employee can look for a new job.

According to statistics, The Heritage company lost hundreds of thousands of dollars before and after.

The laid-off employees were very dissatisfied. They didn’t know in advance that the company had been hacked, but they were suddenly laid off, feeling inexplicable. In response, the company responded that the reason for making such a sudden notification was because it did not realize that the attack would cause such serious consequences!

Victims are far more than that…

Like The Heritage, many businesses or medical institutions were unable to bear the heavy losses caused by ransomware and were forced to close their doors.

In April 2019, due to a ransomware attack that compromised the Electronic medical record system, a doctor at a medical clinic in Michigan, USA, decided to permanently suspend business and retire a year early. Similarly, another medical office in California was hit by a ransomware attack that shut down patients’ personal medical information and lacked funds to pay the ransom.

French media group M6’s Weather Channel and shipping service Pitney Bowes, were also hit. In the summer of 2019, two small Florida towns spent $1.1 million to unlock their data.

In December 2019, security service operator Allied Universal was also threatened by the ransomware DoppelPaymer because it refused to pay a ransom of $2.3 million, and sensitive information related to employees and businesses was released.

On December 31, 2019, hackers also launched an attack on the network of foreign exchange firm Travelex, forcing the company to shut down its websites in 30 countries to curb the “spread of the virus and protect data”. The hacker gang demanded a $6 million ransom from Travelex. Travelex wouldn’t say whether it paid the multimillion-dollar ransom, but the global currency changer’s website remains down.

According to foreign media news, a professional report said that the ransomware threat has reached crisis level in the United States, and ransomware has caused $7.5 billion in losses in 2019, and the situation is expected to continue to worsen. Governments face the very real problem of sensitive or classified information being made public by hackers.

At the end of February this year, the Federal Bureau of Investigation (FBI) unveiled at RSA2020, the most watched annual event in the global cyber information security industry, and released a statistic: ransomware victims have paid attackers more than $140 million. The agency came up with this figure by analyzing bitcoin wallets and ransoms, and the actual ransom amount may be higher because they have no way to obtain complete data.

Ransomware ‘virus’ ‘brilliance’ in 2017

The earliest known ransomware appeared in 1989 under the name “AIDS Information Trojan”, but ransomware became known to the public in May 2017, when the ransomware WannaCry swept the world, initially affecting the UK National Health System (NHS), but this quickly turned into a massive global event.

In the first ten hours of the attack, at least 45,000 computers in 74 countries were attacked. On the first day of the attack, infections were reported in 99 countries and territories around the world. According to statistics, the WannaCry ransomware virus broke out worldwide, at least 150 countries and 300,000 users were recruited, resulting in losses of up to 8 billion US dollars. The scale of the attack, described by Europol as unprecedented, is the most serious ransomware attack to date.

Citing data from Kaspersky Lab, the four worst-hit countries are Russia, Ukraine, India and Taiwan. And many large companies and institutions are also difficult to survive the attack, including the British National Health System (NHS), Deutsche Bahn, FedEx, the Ministry of Internal Affairs of the Russian Federation, Renault, Telefonica, PetroChina and other large companies and government departments. List.

The biggest victims on this list are public hospitals run by the UK’s National Health System. A total of 48 hospitals were severely damaged in the initial attack. Although most of the attacked hospitals quickly resumed normal operations thanks to the efforts of cybersecurity personnel, a large number of surgeries were cancelled and cases were lost.

Ransomware viruses come in many varieties and variants. Some media list ransomware 2017 “ten sins”: in addition to WannaCry, there are NotPetya (ransomware worm), Bad Rabbit (bad rabbit), GIBON, Sage, Matrix, Tyran, Locky new variants, FakeCry and Miner, these On a global scale, ransomware has caused unprecedented losses to many key information infrastructure fields such as government, education, hospitals, energy, communications, and manufacturing.

According to Kaspersky Security Reports, around 96,000 existing ransomware and new variants were detected in 2017, compared to 54,000 in 2016.

According to Kaspersky Lab’s annual IT security survey report, 65% of companies hit by ransomware attacks in 2017 said they lost a lot or even all of their data; while 29% said they were able to decrypt data , but a large number of files suffered devastating damage.

According to the 2017 Cyberspace Security Report, about 6,300 platforms around the world offer ransomware transactions, and ransomware sales increased by about 2,502% between 2016 and 2017. Malicious actors tend to encrypt the data of infected devices and send them to victims. extortion of cryptocurrencies (mostly Bitcoin).

In the face of inevitable ransomware, businesses and governments must prepare

If you know yourself and your enemy, you will be able to fight a hundred battles.

Ransomware is a type of computer virus with the ultimate goal of extorting victims. After the virus infects the host, it will encrypt the files in the computer, which can only be decrypted if the corresponding decryption key is possessed. The victim is then asked to hand over a hefty ransom in exchange for key recovery files.

The form of ransom includes real money, bitcoin or other virtual currencies, and since the outbreak of the ransomware virus in 2017, hackers have only chosen bitcoin as the way to pay the ransom, which is inseparable from the properties of bitcoin. Bitcoin has a certain degree of anonymity, which makes it easy to hide your identity; secondly, it is not restricted by regions and can be collected worldwide; at the same time, Bitcoin also has the characteristics of “decentralization”, which allows hackers to automatically process victims’ ransoms through programs, allowing Regulators are difficult to track down.

It has to be said that the emergence of Bitcoin has also contributed to the spread and development of ransomware.

Typically, ransomware authors also set a time limit for payment, and sometimes the ransom amount increases over time. Sometimes, even if the user pays the ransom, the system cannot be used normally and the encrypted files cannot be restored.

According to the statistics of Symantec, a world-renowned security company, ransomware can infect almost any file type and uses RSA-2048 for encryption. Therefore, until the use of quantum computers, there is almost no practical method invented by humans to decrypt infected files. document. Therefore, it can almost be considered that the only effective way to decrypt files is to pay the ransom and contact the extortionist.

With its simplicity, scalability and low risk, ransomware is a neat tool for cybercrime.

It is worth reminding that not all hackers deliver ransomware, it is likely just ordinary people like you and me. Christopher Elisan, intelligence director at cybersecurity firm Flashpoint, reminded that an ordinary person who doesn’t understand hacking skills can start a ransomware company as long as he buys ransomware.

After the prestige of WannaCry in 2017, hackers found that the people who paid the ransom after the real ransomware were often very few, so the hackers adjusted their direction and gradually turned to attack those with limited defense measures, but after being blackmailed, they would have a significant impact and had to pay. Ransom money is the only targeted target to restore business, and small and medium-sized enterprises have become the focus of these attackers. Statistics show that although the overall ransomware attack fell by 20% in 2019, the attack on small and medium-sized enterprises increased by 12%.

Small and medium-sized enterprises are “stared”, which is inseparable from their own characteristics. Small and medium-sized enterprises are often not as invested in network security as large enterprises, and have a fluke on network security incidents, and once damaged, small and medium-sized enterprises will cause irreparable losses.

In addition to small and medium-sized enterprises, sensitive data of the government and hospitals are also “hot buns” in the eyes of hackers. Hackers have hit the governments of Baltimore, New Orleans, and a slew of smaller cities over the past year, taking down city email servers and data, police incident reporting systems, and even 911 dispatch centers. “Ransomware started out as targeting individuals,” said Herb Stapleton, a section chief in the FBI’s cyber division. “It started targeting smaller companies without strong Internet security protections, and now it’s targeting larger corporations. and municipal bodies.”

The destructiveness of ransomware can be described as ferocious, and in the era of increasing dependence on data, protecting data is especially important, and enterprises and governments must be prepared.

The foreign media interviewed a former hacker through video, and his suggestion was to improve the basic common sense of network security.

FBI Special Agent Joel DeCapua said at RSA2020 that the Windows Remote Desktop Protocol (RDP) is the most common method used by attackers to access victims’ computers, accounting for 70-80% of victims. Because of this, the FBI recommends that businesses or institutions use Network Level Authentication (NLA) for extra protection, and the technicians also recommend using complex passwords on their RDP accounts and checking for updates as soon as possible, installing the latest versions of applications and operating systems. At RSA2020, the FBI also emphasized the importance of identifying phishing sites and ensuring data backups are in place to prevent falling victim to ransomware attacks.

The Links:   SKKH460/22EH4   LM150X08-TLC1   PM100RSE120