While millions of Americans were celebrating a long Independence Day weekend, something sinister was happening behind the scenes. Considered to be one of the largest ransomware attacks ever, more than 1,000 businesses worldwide were suddenly locked out of their own IT systems with demands to pay up to $5 million each to regain access to their encrypted business data.
According to Quartz, the initial breach occurred at a Florida-based software company called Kaseya on Friday, July 2. This conveniently coincided with Americans winding down their work and starting their long-awaited Fourth of July celebrations.
As families fired up their grills, watched neighborhood parades and chatted with friends, the ransomware attack spread like wildfire from Kaseya to approximately 1000 firms that used their software. But it didn’t stop there.
The bad actors then encrypted each company’s data and demanded a ransom payment ($50,000 for smaller businesses and $5 million for large companies) in exchange for a data key that would provide access to the company’s own files. Today’s hackers are no longer recreational individuals or small-time troublemakers. They’ve become sophisticated, slick global enterprises that continue to level up their expertise and affiliations.
Strategic and Stealthy
So we’ve already addressed the fact that the hackers chose a long holiday weekend because they knew Americans would be distracted by socializing and relaxing. But we also need to recognize that this wasn’t a sudden attack.
The reality is much more insidious than it being a last-minute, random hack. In most of these massive ransomware attacks, the predators have been quietly crawling around your networks for months, gathering information and exfiltrating your data to another server (typically in another country), preparing for the final attack.
Imagine thieves hiding out in your corporate headquarters, manufacturing plant or warehouse for 120 days without anyone realizing they’re onsite watching every move. Then one day you arrive at work to discover that you’ve been locked out of your building and the thieves have access to everything – you’re at their mercy. Bad actors in the cyber sector are doing the same thing, virtually.
Ongoing Danger
In addition to the obvious frustration of not being able to operate your business during a breach, your company is exposed to a high level of risk that could be devastating. Bad actors can wreak havoc when they have access to financial information, healthcare records, proprietary trade secrets and other critical data.
The early July attack on more than a thousand businesses wasn’t a one-time event. It’s still happening, with hackers throughout the world quietly engaged in various stages of infiltration, encryption and lock-out. Even worse, their work is becoming increasingly automated, which elevates their ability to carry out a larger number of – and increasingly sophisticated – ransomware attacks.
The risk is real. Even for business-savvy professionals.
But we’re just getting started! Don’t miss Part 2 of our cybersecurity awareness, assessment and risk reduction report coming Thursday.
Article by Don Dawson, President
