Ransomware attacks

2021 brought a new wave of cyberattacks that proved to be detrimental to the era of digitization. With more and more industries embracing work from home and treading into the digital world, an increase in network vulnerabilities is inevitable; however, neglecting to address these unseen vulnerabilities can make organizations targets for cybercriminals.

Often, critical industrial sectors face ransomware attacks that lead to them losing out on large sums of money. Ransomware refers to a category of malicious software that, when deployed, prevents one from using their own computer. For the user to be able to access their computer again, they must meet the demands of the hacker by paying a considerable amount of money. Let’s dive deep into some of the massive ransomware attacks of 2021 and look at how to dodge them.

Acer’s encounter with one of the biggest ransomware demands

Taiwanese computer giant, Acer, was hit by not one but two ransomware attacks in 2021. The first attack was by the REvil group, who demanded a ransom of a whopping $50 million. The REvil group, also known for executing another ransomware attack on Travelex, gained access to Acer’s network through a Microsoft Exchange vulnerability. The same vulnerability had earlier led to the hacking of 30,000 US governmental and commercial organizations’ emails. This was one of the biggest ransomware demands made to date.

Acer faced a second hit by the Desorden Group in October 2021, which claimed to have breached Acer’s servers and stole 60GB of files. Reportedly, it is unclear whether the hackers demanded a ransom for the attack. They may have exploited the ProxyLogon flaw in an unpatched on-premises Microsoft Exchange Server to gain server access. Upon detection, the necessary security protocols were activated by Acer. 

The Colonial Pipeline shutdown

One of the largest and most essential pipelines in the US, which consists of more than 5,500 pipelines and handles the supply of fuel for half of the East Coast, was affected by ransomware in May 2021. A hacker group who identifies itself as the DarkSide, gained access to the Colonial Pipeline network through an exposed password for a VPN account. It stole around 100GB of data and infected Colonial Pipeline’s IT network with ransomware, which impacted its computer systems, including billing and accounting.

To stop the ransomware from infecting systems further, Colonial Pipeline had to shutdown the pipeline, which resulted in fuel shortages that directly impacted the airline industry, including American Airlines, and caused disruptions at Atlanta and Nashville airports. The shortage caused a spike in fuel prices and initiated panic-buying, which also led to some people ignoring safety protocols and filling plastic bags with gasoline. The Colonial Pipeline had to pay a hefty ransom of 75 bitcoin ($4.4 million) to obtain the decryption key to regain access to its systems. The ransom amount was later partially recovered with the help of the FBI.

CNA Financial Corporation’s debt caused by ransomware

One of the largest insurance companies in the US, based in Chicago, encountered a breach in March 2021. A new type of malware called Phoenix CryptoLocker was used in this breach, which is believed to be associated with the Russian threat group Evil Corp.

Phoenix CryptoLocker camouflages itself as legitimate software and gains access to networks through remote desktops or exposed credentials and targets files with multiple extensions while leaving behind the signature ransom note of the threat group.

This attack had led to the exposure of personal information of 75,000 individuals. The data may have included names, health benefit information, and Social Security numbers of the company’s present and former employees. As per media reports, CNA Financial agreed to pay a heavy sum of $40 million to regain access to its network.

How can we mitigate the threat of ransomware?

Amongst the ever-increasing amount of technology and simultaneously increasing cyberthreats, IT administrators can do a number of things to help keep their organization’s network out of harm’s way. 

1. A patch in time saves nine 

Deploying the necessary patches without delay can prevent organizations from falling victim to cybercrime related to outdated software and hardware. Using a patch management tool to automate your patch deployment process reduces the manual effort and time consumed for patching all systems throughout a network.

Keeping an eye on your systems and grading them according to their patch status gives insight into missing patches to be deployed and sheds light on existing vulnerabilities that need to be curbed. Having your systems patched and updated can certainly save you from a vast number of attacks.

2. Prevention is better than a network breach 

After experiencing an attack, the damage is done and the trust lost isn’t easily repairable. Stay one step ahead of credential-based attacks by enforcing protective policies that strengthen passwords and employing password and other credential manager tools to ensure safety of multiple accounts. Eliminating password fatigue and using real time alerts for credential management can help with avoiding credential-based vulnerabilities.

3. An antivirus update a day keeps ransomware away 

Those who create malware are well aware of existing network vulnerabilities and build malicious codes targeting these vulnerabilities to enter your network unnoticed. Installing an antivirus solution is essential, however, security management does not just end with the installation of an antivirus solution. It also requires regular updates to know about the latest virus definitions.

With new virus definitions coming out everyday, it becomes tedious to track them manually and update them consistently. It will also cause a bandwidth bottleneck if your PCs are configured to communicate with the download server of the antivirus vendor directly, which hinders effective network management. Automating the task of updating the antivirus solution so that updates run during non-business hours can prevent this bottleneck and save IT administrators’ time. 

A step closer to network security and a leap away from cyberthreats with Desktop Central

Desktop Central is a unified endpoint management (UEM) solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location to help you avoid falling victim to cybercrime. It’s a modern take on desktop management that can be scaled as per organizational needs.

Automate regular endpoint management routines like installing patches, deploying software, and imaging and deploying OSs. In addition, it also lets you manage assets and software licenses, monitor software usage statistics, manage USB device usage, and take control of remote desktops.

Desktop Central can be used to avoid ransomware by:

  • Enforcing the System Health Policy to gain visibility on vulnerable systems and missing patches to be deployed. It can also automate patch management with testing and approving of patches to ensure compatibility.

  • Automating anti-virus updates and tracking and optimizing bandwidth consumption, which also helps increase the productivity of IT admins by eliminating these time-consuming tasks.

Desktop Central provides several other endpoint management capabilities such as power management, software allowlisting, and declining patches. Start your free, 30-day trial today!