Atlantic.Net is providing this security advisory as a news item. We want to reassure our customers that Atlantic.Net does not use any of these exploited products internally or in any of our service offerings.
Barely a week goes past without a breaking news report about the latest high-profile business or government organization to be targeted by ransomware. Ransomware is everywhere, and cybercriminals are stealing business revenue in the form of cryptocurrency and hijacking sensitive data at an alarming rate. Ransomware is not a new phenomenon, but it has been growing into a serious threat over the last decade. Year after year, the threat is becoming more profound.
Until recently, victims have been held to ransom after an attacker gained unauthorized access to critical IT systems. These systems were encrypted, locking legitimate users out and essentially paralyzing day-to-day business operations. Fortunately, many businesses were able to recover from backup relatively quickly, and the few that had invested in disaster recovery capabilities were up and running in no time. However, there were still far too many paying the ransom due to inadequate security safeguards.
Today the scope of the attacks is changing. Businesses are still targeted with ransomware that renders their systems unusable with encrypted files, but besides encrypting files and folders, the cybercriminals are stealing sensitive business data such as intellectual property or sensitive employee and customer data; sometimes entire company email systems are breached.
Whilst the attack vectors remain identical, successful phishing campaigns and RDP attacks are still the most popular ways of gaining unauthorized access. The type of victim is changing, too; more recent attacks have focused on the supply chain, targeting one big fish to get access to all of the other, smaller fish that use the big fish’s software or infrastructure.
In this article, we will discuss some of the biggest ransomware attacks in 2021. Then, we’ll discuss what a managed services provider like Atlantic.Net can do to reduce your attack surface and how we can protect your IT investment.
The Biggest Ransomware Attacks of 2021
2021 started in turmoil after the Solarwinds Hack of December 2020. Businesses and government agencies were still reeling from the supply chain cyberattack that impacted a large percentage of SolarWinds customers. Even today we are still learning about the impact of this data breach, but the incident started a trend where cybercriminals began targeting US infrastructure as well as businesses.
The Colonial Pipeline breach was reported on May 7th, 2021; what makes this breach significant is the direct impact it had on ordinary citizens. The oil refinery is one of the biggest in the United States, serving gas to over half of the east coast. It caused an instantaneous spike in gas prices. People were panic buying, and long queues were observed at many gas stations.
To make matters worse, the Colonial Pipeline Company paid the ransom of approximately $4.4 million. Some of this money has been recovered by the Department of Justice, but unfortunately it sends the wrong message to the hackers involved and arguably gives the attackers further reason to pursue victims with ransomware.
Another major recent supply chain attack was against JBS Meat Plants, a pork and poultry company that serves ⅕ of the US meat market. Again, JBS paid the ransom, believed to be $11 million! The attack resulted in factories being closed and production being ceased, causing supermarkets and restaurants to run low on meat products. Just one day’s closure threatened the wholesale price of meat, with the average restaurant adding $4 for beef dishes.
These are just three examples that have jeopardized businesses and government organizations in the last 6 months. Only last week, a huge demand of $70 million has been made against US IT management company Kaseya. This attack is still unfolding, but it could be worse than the SolarWinds breach.
What can companies do to help protect their livelihood and business?
The US government now considers ransomware attacks to have the same priority as terrorism, and in recent meetings with Vladamir Putin, ransomware has been increasingly on the agenda. This change in stance is important, and we hope that more resources will be given to fighting the threat and finding these attackers.
Atlantic.Net has 25 years of experience in providing security-defined, hardened, and robust managed services for our customers. Many of our customers have additional security requirements necessitated by HIPAA-compliant hosting or PCI-compliant hosting. Leveraging our Cloud services will protect you from ransomware infection and ensure that your infrastructure and network are in a healthy state to give the best possible protection.
Our managed services teams and professional consultancy services create added protection. Let us manage your server infrastructure and we will take care of all your security patching requirements on top of the day-to-day upkeep we perform on our cloud platform. One of the best methods to protect against malware is to ensure that your infrastructure is patched to the very latest levels. This includes host server patching, operating systems updates, firmware updates, and microcode updates.
A tried and tested backup strategy should also be a priority. If the worst does happen and you are impacted by ransomware, often the quickest resolution is to restore from backup. Regular offsite backups should be completed on a daily, weekly, and monthly rotation to reduce the likelihood of the backups also being infected.
Atlantic.Net Consultants can create and test a disaster recovery solution, including a scenario where a total outage is caused by ransomware. This will typically be a disaster recovery setup at a secondary site.
Vulnerability scanning is a technique of testing external and internal computer infrastructure against all known vulnerabilities. It’s a solution that is highly effective at preventing hacked systems since you are able to take preventative measures to patch any vulnerabilities. Atlantic.Net systems are tested for weakness often, and our team can recommend some of our trusted partners to test your systems directly with penetration testing.
Atlantic.Net can also advise and offer key safeguards that can be implemented. One such safeguard is to create a system inventory of all your business assets; cataloging what assets you own will allow you to create a baseline to work from to create a risk analysis. A cybersecurity risk analysis is a process to identify security weaknesses and create a priority list of what to fix first.
Finally, training! Probably the best protection against ransomware is to train all employees about the risks of ransomware. This should help them to understand what cybersecurity is and what to look out for in avoiding risks. Common examples include being on the lookout for phishing, scams, and fake websites; our experts are available to recommend training suitable for your teams.
If your business is concerned about cybersecurity, please feel welcome to reach out to Atlantic.Net. We are specialists in Managed Services, Cloud Hosting, and HIPAA Compliance. Security of our infrastructure is of paramount importance, and we work hard to ensure we have the best security processes in place.
Atlantic.Net has a full suite of Managed Security Services to help be proactive and prepare in advance for any security issues. Get in touch today.