Xchanging, a subsidiary of DXC based in the UK,  was attacked with ransomware on July 4th, 2020.  Mark Hughes, senior vice president of offerings and strategic partners at DXC Technology, wrote an article in the Harvard Business Review titled “5 Lessons We Learned From Our Ransomware Attack”. Hughes explains that a message was received from the attacker with a cartoon character making an obscene hand gesture and the note:  “We have your data.  We’ve encrypted your files. If you want to negotiate, we can talk on a secure tool or chat session.”

You might think Hughes’s first move would be to strike up the negotiations with the attacker. Instead, Hughes pinpointed the systems that were accessed and quickly isolated and neutralized the threat. The average ransomware attack takes 16 days to restore back to operational functioning. On July 5th, just one day after the attack, Hughes’s team had already cleaned and restored the impacted environment, and by Monday, July 6th Xchanging was processing insurance policies again.  

Hughes’s experience can provide many valuable lessons on how to deal with ransomware but we will just review his top 5 from the article. 

Know Your Infrastructure

First, know your infrastructure.  You need to regularly apply basic software patching hygiene. Also, make sure all networks and firewalls have enterprise security tools in place as they will alert you to malicious activity. In Hughes’s ransomware attack, the hackers used “grayware” to exploit Microsoft Windows and launch malware. While the attack was not prevented, Hughes’s team was quickly alerted that something wasn’t right and they were able to identify where the network was compromised. 

Include Senior Management

Hughes’s second point is to include senior leadership from the start. The reason why you want to include senior management is that they can make critical decisions quickly. For example, in Hughes’s crisis, senior management made the decision to sever all connectivity with Xchanging systems. This involved action from IT teams in the UK and India, and as Hughes puts it “engaging leadership from those teams allowed the shutoff to happen quickly and efficiently.”

Contact Your Authorities

Step three is to engage authorities and experts early. Law enforcement and security experts have experience dealing with ransomware cases and can give ideas on how to manage the attack and get legal support. In Hughes’s case he notified law enforcement in the United States that the ransomware was programmed to send Xchanging data to website domains in the U.S. By the end of the day, he had already received a court order to take control of the attacker’s internet domains.

Don’t Pay the Ransom

Step four is to gain as much leverage as you can and don’t pay the ransom. The experts agree – don’t pay the ransom. In the U.S. and UK measures are being taken to legally enforce against paying ransoms in a cyberattack. Hughes suggests that if you do decide to negotiate a ransom with cybercriminals, bring an experienced ransom broker on board.  

 Be Transparent

And finally, be transparent. Sharing information can help keep others safe and mobilizes a whole bunch of help from those you are in contact with including colleagues, authorities, and the security community. Hughes notified the public with a news release on Sunday, July 5th, and a few weeks later to inform the public that the ransomware was contained.

Ransomware attacks can be a messy business. There is much to be learned from Hughes’s experience on how to overcome ransomware. The writer concludes that Hughes is a hero because he not only saved his company but also passed on that saving information to us. 

 

  • Up until April 2019, 540 million Facebook users’ data was up for grabs. Thankfully the insecure data was removed from unprotected cloud servers when it was discovered by Bloomberg.  The insecure data included account names, IDs, and details about comments and reactions to posts.

  • First American left 885 million documents exposed on the web for years.  They were finally notified of the data exposure in May 2019 and immediately took the records down. Social security numbers, tax documents, and personal information was exposed in this breach.

  • In 2019, Dubsmash made a statement that almost 162 million users’ account holder names, email addresses, and hashed passwords were hacked. The data thieves posted the breached information on the dark web in February 2019.

  • Also in 2019, a hacker gained access to Zynga’s, a popular mobile game producer, customer account log-in information. The hackers not only gained access to log-in credentials but also usernames, email addresses, log-in IDs, some Facebook IDs, some phone numbers, and Zynga account IDs of about 218 million customers.  

  • In 2018, Under Armour had a data breach that affected 150 million users of the company’s mobile app, MyFitnessPal. Hackers stole usernames, passwords, and associated email addresses.  After the hack, the company’s stock plummeted.

  •  2018 was a busy year for hackers. Marketing and data aggregation firm Exactis, exposed 340 million records by building their database on a nonsecure server.  Almost 2 terabytes worth of data was exposed including email addresses, home addresses, phone numbers, and other personal information.

  • Also in 2018, Marriott (Starwood) hotels were hacked and over 300 million people who stayed at the property had their names, addresses, contact information, and passport numbers compromised. 

  • Last but certainly not least in 2018, Veeam, a data management firm, mishandled customer data. For 10 days “marketing databases [were] mistakenly left visible to unauthorized third parties”.  About 445 million records were exposed in this breach.

  • In March of 2017 River City Media, an email marketing company leaked 1.4 billion records.  While configuring a backup the company accidentally put their entire database online. 

  • In June of  2017, Deep Root Analytics, a conservative marketing firm, was hired by the Republican National Committee.  Unfortunately, Deep Roots did not keep voter information secure and voter information for 198 million Americans was publicly accessible.

  • In September of 2017, one of the largest data breaches in history hit Equifax.  Around 147 million consumers were affected (nearly 56% of Americans). Personal information such as names, social security numbers, birth dates, addresses, and numbers of some driver’s licenses was hacked from Equifax.

  • In 2016, Yahoo had the largest data breach in history.  Yahoo was the victim of multiple attacks that ended up exposing the names, email addresses, telephone numbers, and dates of birth of over a billion people.

  • Additionally, in 2016, a data breach compromised more than 412 million accounts from a network of mature-content sites. Some of the sites included AdultFriendFinder.com, Cams.com, iCams.com, Stripshow.com, and Penthouse.com.

  • In 2014, login credentials for 145 million users of eBay were stolen. Although the company wasn’t sure how many people were affected in all, eBay still chose to warn 145 million of its users to change their login credentials.

  • In 2013, Target went through a data breach that exposed 40 million credit and debit card accounts. According to cybersecurity guru Brian Krebs, Target got hacked after a third-party heating and air conditioning contractor working for Target was compromised.

  • Also in 2013, Adobe had 152 million records stolen in a data breach. Adobe declared at first that 3 million accounts were affected and later updated that number to 38 million.  The final count came from a database dump with over 150 million breached records.

 

Don’t let these data breaches just spook you. Take action to protect your data. Fibernet offers managed IT services that will help prevent these embarrassing data breaches.  Check out our managed IT services today!

 

The best way to avoid cyberattacks is to be prepared. Small businesses are especially at risk of attack because they are like low-hanging fruit to hackers – the most vulnerable, with the least amount of security policies and practices implemented. A little prevention will save you a lot of headaches and money in the long run. 

1. Avoid phishing scams through email

Phishing is quite common. It is the practice of sending fraudulent emails professing to be a reputable person or company. For instance, a hacker might send you an email posing as a coworker. The email appears to be legitimate but it’s not. Often the perpetrator is trying to glean personal information like passwords, employee data, company credentials, or even credit card numbers.

It’s important to screen all your emails before clicking on any links or responding to them. Don’t click on links or open attachments unless you are certain about who the sender is. If it seems questionable, forward it to your IT team for them to investigate it.

2.  Avoid malware and ransomware through a virus

Viruses can infect your computer through either email or a download from the internet. Working remotely has increased the likelihood of infecting your computer with malware or ransom because those who previously worked closely with a team are now physically distanced with less communication between coworkers. You need to have a strong anti-virus strategy in place to safeguard against the potential threat. 

This is also why it’s also important to have a backup system in place. Back-ups are your plan B when your organization’s data infrastructure is eventually compromised with malware or ransomware. They provide your organization with assurance of data security and integrity.

3. Use Strong Passwords

Don’t underestimate the strength of a good password.  Although often overlooked, a good password is a first step in protecting your system. A strong password would be at least 12 to 15 characters in length and include capital and lowercase letters, and numbers. Use a new password that is long and hard to break for each of your password-protected sites. 

You can keep all these passwords securely in a password-protected keeper service.  You will only need to remember the password to enter your vault.

4. Be sure to train your employees

Your employees are your front-line defense against cybercriminals. It’s important to have them well-trained on how to spot a cyber threat. Enroll your employees in cybersecurity training, or create and regularly conduct your own training specific to your organization. There are certain trainings that are required by the industry such as PCI training requirements.       

5. Keep all your software up-to-date

Hackers are looking for holes in your software’s programming code that will allow them to infiltrate your network. Developers are continually updating their code to provide “patches” for these holes. It’s important to keep your devices up-to-date with the most current patches.  

6. Back up everything, all the time

In the best-case scenario, you need to have three copies of all your data:  the original, a backup for yourself, and an offsite copy. There are many off-site backup options that will monitor your data for changes and automatically update as changes occur. External hard drives, a separate computer, or a flash drive are all ways you can also back up your data.            

7. Become a limited user

You want to become a limited user on your computer instead of an administrator.  Administrators have the authority to install and remove software. This means if you innocently stumbled across a website that has malware on it, the malware could instantly go to work infecting your computer. “However, if you’re not your computer’s administrator, the malware won’t work. Why? Because only the administrator has the authority to make changes to your system’s software.”

8. Don’t solely rely on antivirus programs to protect you.

Antivirus programs may provide you with a false sense of security. They can’t keep up with all the threats out there. They can provide warnings and even block some malware or attacks.  Be sure to update them regularly.   

9. Don’t trust anyone.  Always think before you act.

Hackers will use your friends, family, or business to lull you away into a false sense of security. Before you click on a link or attachment from a friend take a moment to consider whether you’re expecting an email from them. Remember never to give out your account number or password.

10. Don’t become complacent about cybersecurity

Hackers are banking on you letting your guard down. Stay vigilant and assume you’re always under attack from outside threats.