Posts

Emotet malware strikes in a cyber attack

UHS Cyber Attack and the Rise of Ransomware

The major hospital and health care network Universal Health System was hit by potentially the largest cyberattack in U.S. history so far.

The computer infrastructure of Universal Health Systems (UHS) showed signs of failure on Sunday morning throughout the United Kingdom, Puerto Rico and the United States. The attack took down UHS’ network cross the United States. As the situation worsened patients have been moved to different rooms and facilities. Appointments and test results were also delayed as a consequence of the attack.

The attack encouraged one the UHS hospitals to move towards an all paper filing system, according to some individuals familiar with the situation. UHS operates more than 400 hospitals and facilities with over 90,000 employees.

The fortune 500 company said that there was no evidence that patient or employee had been misused, stolen or copied. Bleeping Computers, the online publication that first reported on the attack, spoke to employees who determined the ransomware attack had the tell-tale signs of the Ryuk virus.

What is Ryuk Ransomware?

Justin Heard, Director of Security, Intelligence and Analytics at Nuspire, noted that up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare.

Ryuk is a type of ransomware that uses encryptions to cut off access to systems, files, and devices until the victim pays ransom. The ransomware is placed in a system by other types of malware.

The most common is TrickBot, however Ryuk can also gain access through Remote Desktop Service.

The Ryuk ransomware takes payments through Bitcoin and instructs victims to deposit the money in a particular Bitcoin wallet. The demand is usually between $100,000-$500,000 in Bitcoin depending on the conversion price of the cryptocurrency.

Once installed, the Ryuk malware spreads through the network infecting as many servers as it can.

The Ryuk Attack

An employee told Bleeping Computer that, during the cyberattack, files were being renamed to include the .ryk extension. This extension is used by the Ryuk ransomware, reports BleepingComputer. “Another UHS employee told us that one of the impacted computers’ screens changed to display a ransom note reading “Shadow of the Universe,” a similar phrase to that appearing at the bottom of Ryuk ransom notes. Based on information shared with BleepingComputer by Advanced Intel’s Vitali Kremez, the attack on UHS’ system likely started via a phishing attack,” BleepingComputer says.

An employee of UHS told Bleeping Computer that files were being renamed to include the .ryk extension as the cyber-attack took place. Based on information provided to Bleeping Computers the attack on UHS’ system began as a phishing attack.

Many health care workers posted notes about the situation at various Universal Health facilities in a Reddit thread. One in Florida noted that it was “a hot mess in the ER today.” Ambulances with heart patients were being diverted because the facility’s catheterization lab was down, the person posted.

Another nurse in a facility in North Dakota said computers slowed down and then didn’t turn on Sunday morning.

Ransomware & Medical Facilities

Hospitals are high valued targets for cyber attackers because they hold incredibly valuable personal information that can be sold on the dark web or used as leverage for a ransom payment.
A ransomware bug called WannaCry was used in 2017 to target Microsoft Window’s operating system at the time. It spread through an exploit named EternalBlue and reached the U.K.’s National Health System.

The WannaCry ransomware impacted 80 medical facilities although there were no reported deaths as a result.

Hospitals are the perfect target for threat actors because they rely on critical and immediate care to assist patients in need. That means solutions and treatment are time sensitive and dependent on drug history and other medical information to proceed. Without this information patients can suffer or die. This makes hospitals likelier to pay a ransom instead of risking lives by delaying.

Ransomware and other Businesses

Hospitals are not the only industries suffering from malware. We’ve covered cases of schools, businesses and entire cities being impacted by ransomware attacks.

In October, 2019 the technology company Pitney Bowes, was attacked by malicious ransomware. Its shipping and mailing services were compromised and disrupted client access to their services.
Ransomware is a growing problem as over 140 attacks were reported in 2019 targeting state and local governments as well as health care providers like UHS.

As we’ve shown, hospitals and the health services industry are prime targets but are not the only targets. For this reason many businesses are adopting Managed IT services to help deal with this rise in cybercrime.

Emotet Malware

In July 2020 there was a rise in Emotet malspam campaigns. Emotet is a banking malware that infects systems to try and steal sensitive financial information.

The Emotet Malware was first identified in 2014. It was originally just a banking malware. However, later versions were designed to include spamming and malware delivery services. This made it more dangerous and easier to spread.

These campaigns infected victims with Trickbot and Qbot malware. If you’ve been paying attention, you’ll recognize TrickBot malware from earlier.

Emotet is a Trojan that spreads mainly through spam emails. These malicious emails might take on the disguise of legitimate emails. As a result they often persuade users to click on a link or button.
That’s how most likely how the UHS attack took place. As we’ve seen with Emotet, these ransomware attacks only get more sophisticated and more popular as their success rate increases.
Ransomware has become the most popular form of attack growing 350 percent since 2018. What’s more, ransomware from phishing emails like Emotet have increased by 109 percent since 2017.

What should be Done?

There are researchers that are calling for a ban on paying ransomware. However, that recommendation is controversial and not mainstream. They argue that refusing to pay ransomware reduces any incentive a hacker might have and will reduce the rise of malware hacks.

This solution doesn’t address the fact that hackers who gain access to company data can still use it.  Cyber attackers can sell it on the black market, or continue to freeze should the ransom remain unpaid.

The only real solution so far is to educate and train employees as much as possible to avoid malicious or fraudulent email scams.  IT services companies often play a role in educating their clients on these matters but it falls on the business to teach personnel of the risks.  IT consulting can benefit many smaller and medium sized companies who aren’t equipped with the appropriate tools needed to combat these threats.

Even the most dedicated cyber security team with the most sophisticated digital tools will mean nothing if an employee opens the wrong email, clicking on an infected link. Companies that don’t dedicate the time to training their employees turn them into liabilities and the more vulnerable your employees, the more vulnerable the company.

Workplace remote work.

Workplace: What You Should Know

Software-as-a-service companies are more and more common these days. With many industries seeing the benefits of SaaS, there is growing interest in these types of services. However, finding the right service is the key. Of all hosted services, Workplace_ is among the best.

Workplace promotes remote team collaboration and improves employee productivity for your company. A cleaner, user-friendly interface allows you and your co-workers to find, access and share files, websites and apps easier than ever before.

What’s more, Workplace’s key upgrades assure its users better security and regulatory compliance, as well as make the platform a tool for remote workers and organizations who care about keeping their data safe.

So, what are the main changes that will transform your Workplace_? 

Makeover of the Workplace Web App in Windows and Mac

On Windows, you are able to resize the app as big as you wish, even entering full-screen mode in your computer. You could also minimize it as small as you want so it doesn’t take the entire screen if you’re working with multiple applications or browser windows.

On Mac, Workplace works perfectly with the OS version, Mojave. Upgrades were installed, fixing an issue that previously affected users: the inability to see some virtual graphics products. Developers working on improving this app went above and beyond not only fixing what users weren’t able to see or the app wasn’t able to display, but also enabling Workplace to function on multiple monitors.

Pin Any File or Folder to Your Launch Page

Workplace has a feature that allows users to “star” websites, applications, folders and files that you can open directly from the Launch page with just a simple click.

Workplace’s Feature: Websites

You are able to see all the websites you visit and work with on a daily basis in a section dedicated specially for that! You can “star” (or pin) a website to your Launch page and see the Websites section there, or you can visit the sidebar menu on the left to see all of your featured and frequently visited sites.

Also, you can save websites with or without including login credentials and set up your username and password without depending on a company manager to do so. And let’s not forget about the feature that allows you to share bookmarks and websites with your colleagues, increasing collaboration and team productivity levels.

Find All Your Hosted Apps in One Place

Talking about simplifying workflows and increasing productivity, Workplace gives Citrix (“hosted”) applications their very own section. Click on “Hosted Apps” on the app sidebar and you will find all your hosted applications, or “star” the apps you use the most appear in your Launch page for quick and easy access.

Streamline device management, business continuity, & consistency of your remote operations with our Workplace cloud solution.

See If You Have Compliance Issues

All apps in the Workplace desktop platform have a feature that perfectly aligns with the company’s mission of keeping our customers’ data safe and improving security compliance. “Compliance Status”, the latest feature on Workplace, is implemented on both Windows and Mac machines. It checks your devices to see how your compliance level compares to the industry’s best practices.

What’s more, if you have compliance issues, recommendations will be made to fix the problem and get you to 100% compliance.

Run your Firm from the Cloud

Workplace provides a comprehensive solution that combines cybersecurity and compliance needs. The all-in-one, cloud based platform delivers and intuitive experience that reduces risk of data leakage.

You can protect your firm’s most important data by ensuring that all applications run only from this unified cloud environment. There is also improved continuity and disaster recovery features so your operation stays fully functional through any event.

Multi-Factor Authentication Keeps Your Firm Secure

Workplace also reduces the risk associated with logins and passwords. Employees access customized applications with one-click access. It also comes with multi-factor authentication that conforms to NIST (National Institute of Standards and Technology) guidelines.

Furthermore,  Multi-Factor Authentication enforces authentication methods required by regulation.  These methods are supported by both iOS and Android as well so employees can use them, regardless of device.

 

For more information on the cloud, cybersecurity and more, visit our website.

 

Nerds Support Contact Us Leaderboard

Coronavirus Malware Phishing Scams Thumbnail

How Cyber Attackers Use The Coronavirus to Steal Your Data

Coronavirus Email Scams

The recent coronavirus outbreak has motivated cybercriminals to send virus related malware attacks across the world.

Phishing emails claiming to possess information on protecting against the virus have appeared, spreading misinformation and malicious software. These emails encourage victims to open attached documents containing malware that can freeze or completely steal valuable data.

Scammers use fear and uncertainty to manipulate victims into infecting their computer with malware. However, incorporating tragic events, potential pandemics or natural disasters into their attacks is nothing new.

Beware of Phishing After Any Big Event

Attackers customize phishing emails to current or upcoming events like tax season, hurricane season, and holidays. Regardless of the occasion, the goal is the same: to access valuable information. The attacks prey on people’s desperation for answers and suggest that they have can give them to you.

Furthermore, there have been cases of scams emerging in places like Michigan and New York. Officials in these states are warning residents to be vigilant of emails asking for donations or personal payment card information.

Coronavirus scam emails were popping up in early February which prompted Michigan’s Department of Health and Human Services to warn citizens on their dangers.

The Federal Trade Commission even sent out a memorandum advising people on how to spot email scams and stay safe online.

Additionally, the FTC says cyber criminals could be setting up fraudulent websites that sell fake products using illegitimate emails, social media posts and texts to trick people into sending them money or personal information.

An example of a phishing email scam offering fake information about COVID-19.

Common attributes of a fake email are spelling and/or grammar errors.
If you receive a suspicious link, hover your cursor over it to view the destination url.

Protecting Against Coronavirus Phishing Scams

Here are some tips recommended by the FTC to keep safe against scammers:

1) Be suspicious of emails claiming to be from the Center for Disease Control and Prevention (CDC) or anyone purporting to be an “expert” with information on the virus.

2) Avoid emails that allude to any “investment opportunities.” Social scams will promote products claiming they can cure, detect, treat or prevent the disease are fake.

3) If you’re going to donate, do the proper research into the organization and payment method. Don’t be pressured to donate and especially if it’s through an email link.

4) Ignore offers for vaccinations. Ads that say they have the cure or treatment for coronavirus are probably scams. Any medical breakthrough will be announced on mainstream media networks.

5) For up-to-date information on the virus visit the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO)

Don’t Be Misled

These scams will continue to spread and they won’t go away any time in the near future. In fact, scammers will certainly take greater advantage of the misinformation and fear from media coverage.

Moreover, cyber scammers in China were reported sending malicious emails containing malware. It’s difficult to protect yourself from these types of attacks but

Threat actors also targeted users in Japan with a campaign that spread malicious documents with supposed information on the virus.

Unsurprisingly, these social engineers even sent emails impersonating the CDC to lure unsuspecting users into malware traps.

The Coronavirus is a real threat but it’s important to keep a level head and not expose yourself to even greater harm online.

Ultimately, even Facebook has begun planning to ward off misinformation on the virus. Other social media platforms have voiced concern about the spread of false claims on their platforms as well.

The virus has attracted the attention of a global audience but that doesn’t mean you have to fall victim to those looking to profit off of that attention.

Coronavirus Malware Phishing Scams Leaderboard

New York Ransomware Payment Ban Thumbnail

New York Proposes Bills Banning Ransomware Payments

Two New York state senators proposed bills to ban local governments from paying ransomware with taxpayer money.

The bills, S7246 and S7289, are virtually the same except S7246 proposes to create a state fund to help municipalities strengthen their cyber-security. This is the first time states have proposed such a law.

Why is this happening?

In 2019 alone, there have been over 100 reported ransomware attacks across the U.S. in government entities and municipalities.

Texas suffered from 9 separate attacks. Florida had 8 and New York, Connecticut, and North Carolina each had 6 reported attacks.

Moreover, 37 of the 104 ransomware attacks, or 35.5%, were committed against schools. This isn’t surprising considering the fact that schools are particularly easy targets.
The reasons for this are simple: schools lack security. They lack security because they have limited budgets.

Neglecting cyber security has been a practice for both businesses and governments alike and now the consequences are being felt. In fact, school ransomware attacks are  so problematic, the United States Senate also introduced a bill in December that would mandate bolstering they cyber security and infrastructure of schools.

Local Governments

The problems aren’t just the schools, however. Six figure payments have been made to hackers freezing stolen data from other government facilities in cities like Riviera Beach, Fla., New Orleans and 22 separate municipalities in Texas.

In New York specifically, Albany County Airport authority chose to pay out a ransom demand and two school districts within a two month period were infected by ransomware.

Last July, the US Conference of Mayors adopted a resolution declaring they would not pay ransom demands after an attack and presented their cyber security plans, but the resolution was informal and toothless.

The bill indicates something Cyber security experts have been saying for years: If our society doesn’t prepare itself for the digital age it will cost everyone. Luckily for governments, they were able to rely on tax money to pay a ransom. The question is, what about a small, private business with no cyber security plan in place?

Who Really Pays?

The main point is, this type of negligence always costs.  An article  released by the New York Times stated in 2019, 205,280 organizations turned in files that were eventually hacked in a ransomware attack.

Furthermore, the average payment to went up to $84,116 towards the end of 2019.

Ransomware attacks have led to the shutdown of numerous businesses as well. The Heritage Company was forced to send more than 300 employees home after their IT department failed to recover last October.

The Heritage Company is by no means an isolated case. In fact, one in five businesses are forced to shut down after a ransomware attack according to a report by the security firm Malwarebytes.
All of the experts warn that cyber-attacks are becoming more sophisticated, targeted and costly.

Ransomware is the most damaging from of cyberattack because both businesses and governments haven’t kept up with security.

It’s as if someone invented a buzz saw and banks kept all of their money behind a wooden door.

They’re Getting Away With IT

As for the robbers, tracking them down has proven difficult because they ask for ransom in the form of bitcoin. Bitcoin is untraceable and can be encrypted to ensure anonymity.

Riviera Beach Fla., another victim of ransomware, agreed to pay over $600,000 to criminals and they still haven’t been identified. With payouts like those ransomware attacks are not going away.

The F.B.I. said it received nearly 1,500 ransomware reports in 2018 and the agency acknowledges all report numbers are under-reported. In other words, the problem is even bigger than anyone knows.

What New York is doing only begins to scratch the surface of this epidemic.

Cities, like Lake City,Fla., are rushing to improve and strengthen their back up systems and infrastructure. It’s even adopted a cloud-based back up system that cost $60,000 a year.

Then again, what would you pay to protect your business?

For more on cyber security, cloud and tech, follow us on social media to stay updated.

New York Ransomware Payment Ban Leaderboard

What Should Concern Businesses About the New Orleans Cyberattack

The city of New Orleans experienced a cyberattack so severe Mayor Latoya Cantrell declared a state of emergency.

The attack occurred on Friday, Dec. 13 and caused the city to shutdown government computers. Officials announced the shutdown via social media posts.

City Shutdown Government Computers

The attack started at 5 in the morning, according to the city of New Orleans. At around 11 a.m., employees noticed what they considered suspicious activity. As a result, the city’s IT department ordered employees disconnect from Wi-Fi and close down their computers.

Fortunately, an investigations into the attack is currently underway as Federal and State agencies gather more information. As of now, nothing is known about the malware used during the attack and the Mayor said no ransom demands had been made yet.

Louisiana’s Third Cyberattack

This ransomware attack is the third to affect Louisiana in five months. In November, another attack prompted Louisiana’s Office of Technological Services to shut down multiple state agencies. And in July, cyber criminals attacked several Louisiana school districts, shutting down their networks for ransom.

As a result of the schools attacks, Governor John Bel Edwards declare a state of emergency that allowed state agencies to help local governments recover from the attack.

What’s the Damage?

Unfortunately, it’s always difficult to tell the extent of the damage. It could take months and, in some cases, years to truly understand what information was stolen.  Furthermore, hackers could have stolen government employee information, financial information and more from New Orleans.

Moreover, they will have to contact financial institutions and implement new procedures to address cyberattacks like this as well as increase security on their networks.

This begs the question, if State governments have to shut down entire systems and declare a state of emergency to deal with a cyberattack, what will it cost a small business?

Since the attack in November, The National Governors Association (NGA) has urged states to develop a formal continuity plan for responding to cyber threats. Additionally, cyber forensic experts will need to be brought in to investigate the breach.

New Orleans Government Cyber Attack Statistics

 

Cyber Response Plan

The NGA released a State Cyber Response plan in July, that governments are developing and 15 states have made their plans public.

Without a doubt, the impact of ransomware attack is nothing to scoff at and governments are learning the hard way. Ultimately, having a continuity plans in place ensures recovery from a breach runs as smoothly as possible.

Cybercriminals Declare Hunting Season

The FBI issued a warning in October declaring an increase of cyberattacks on “big game” targets. These are targets with money and sensitive information, willing to pay ransoms to restore their systems.

That doesn’t just mean local and state governments, municipalities and agencies. For instance, hackers often target businesses, hospitals, accounting firms and financial advisers for their data.

Additionally, businesses have to adapt and invest in security if they expect to succeed. The first of several security lessons: no one is too big or to small to get hacked.  Sensitive data is always in high demand. More importantly, dark web marketplaces, like Joker’s Stash, are always willing to sell it.

The Future of Cybercrime

Researchers warn that ransomware attacks will intensity in 2020. What’s worse, attacks are getting more sophisticated.

On the other hand,with the year coming to a close and a new one beginning, now is the perfect time to audit your IT infrastructure and verify it’s competency against these types of threats. Fortunately, 2020 will also see the rise of things like cyber insurance, AI and cloud-based security solutions.

Transitioning to a cloud-based solution, like a hybrid cloud,  might help industries across the board avoid scenarios like the ones in Louisiana.

You can read our article on how businesses can protect themselves from a cyberattack.

If you want to know more on cybersecurity news, the cloud, managed IT services and more contact us or visit our blog.