Login | June 03, 2020

Discussing ransomware updates

Technology for Lawyers

Published: October 4, 2019

Ransomware has been in the news a bit lately, so let’s see what’s going on.

To review, ransomware takes over and encrypts a computer system. The system can’t get back online until the ransomware is paid and the holder of the encryption key releases the data back to the owner. Either that, or the owner has created an entire system backup (and very few systems are fully backed up enough to obviate the ransom demand).

A few months ago, the city of Akron was held hostage. Then a few weeks ago, a number of smaller cities were taken hostage. But a couple of lightly reported ransomware stories may actually hold important keys (pun intended) to this trend.

First off, a security firm is reporting that brute force attacks are becoming the preferred entryway of ransomware attempts. F-Secure set up some front-facing servers with configurations to attract these attacks, and then determined how they were seeking entry. It turned out that the preferred attacks were of the brute force variety—cramming the entryway with a series of every password their bots could come up with.

Even though the vast majority of system break-ins still come out of phishing attacks, brute force can work because most people and apparently most sysadmins still do not have sufficient password protection, either. So wake up, already.

But maybe even the more interesting story comes out of a number of dental clinics in Oregon and Washington who were all simultaneously attacked with ransomware.

In this case—and in many others—the ransomware attack did not come directly into the towns’ systems, but into a Managed Service Provider (MSP) which handled the IT needs of these several small dental clinics. Once in the MSP, the ransomware spread into the clinics. In this case, the MSP subsequently closed down, leaving these clinics hanging in space.

And then one Texas MSP was attacked, spreading ransomware into and shutting down systems in 22 Texas cities (which you may have heard about). The attack was greased through incompetent MSPs.

This is a widespread problem, reportedly affecting dozens or more MSP’s around the country.

So, if you employ an MSP, make sure that their anti-ransomware protocols are correct. Cause if you don’t….