Tuesday, October 29, 2019

RobbinHood Ransomware Another Reason To Back Up Your Systems


The creators of the dreaded 'Robbinhood' ransomware strain are putting their reputation to work for them.  The hackers have recently modified their ransom note in a couple of important ways.

First and foremost, they stress that there's no public decryption tool currently available to recover files encrypted by RobbinHood and that they are monitoring the situation to make sure that the company impacted by the malware does not contact law enforcement.  Any attempt to do so "will damage your files," the warning reads.

Those two recent additions are bad enough on their own, but the hackers took an additional step. They are now directing victims to a web search highlighting an incident that occurred in Greenville North Carolina and another that impacted servers in the city of Baltimore.

Robbinhood was used in both attacks, and while the ransoms demanded in both cases weren't excessive (less than $100,000 initially demanded), the aftershocks arising from those attacks wound up costing the city millions.  In fact, according to CBS Baltimore, the city "put more than $18 million into the attack."

Clearly, the recent changes to the ransom note used by the attackers is aimed at convincing those impacted by their malware to pay up and keep quiet.  How well that will ultimately work remains to be seen, but at this point, the hackers are correct.  There is no public decryption tool.

What they don't mention, of course, is the fact paying the ransom isn't the only way to recover encrypted files.  If your company is in the habit of making good, complete backups at regular intervals, then a ransomware attack doesn't have to be devastating.  With a proper, timely response, it could be little more than an inconvenience.  Naturally, the hackers don't want to draw attention to this, but it is something you and your IT staff should keep very much in mind.

Call SpartanTec Inc. in Wilmington now and let our team set up a business continuity strategy that's suitable for your business needs. We offer reliable data backup and computer hard drive backup services, which can help lessen the effects of ransomware attacks like RobbinHood on your business. 


SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Sunday, October 20, 2019

Ransomware Sets Sights On Healthcare Organizations

A string of hospitals in both the US and Australia have come under attack by hackers in recent weeks. They have been targeted by ransomware attacks that have effectively shut a number of them down.  As of the time this article was written, the Northport Medical center, Fayette Medical Center, and DCH Regional Medical Center in Alabama have only limited access to their computing systems.

A spokesman for the hospitals had this to say about the attack:

"The three hospitals of the DCH Health System have experienced a ransomware attack.  A criminal is limiting our ability to use our computer systems in exchange for an as-yet-unknown payment. That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical center are closed to all but the most critical new patients.  Our staff is caring for the patients who are currently in the hospital and we have no plans to transfer current patients. Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records."

The situation is hardly better in Australia, where a total of seven hospitals were impacted.

A spokesman for the hospitals in Australia had this to say:

"The cyber incident, which was uncovered on Monday, has blocked access to several systems by the infiltration of ransomware, including financial management...Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection."

Like the American hospitals, the infected Australian hospitals have lost access to their patient records, booking and management systems and have fallen back to keeping manual records to maintain some level of functionality.

This is a serious, coordinated attack and is no doubt a harbinger of things to come.  Lives are very definitely at risk and unfortunately, as the hackers refine their approach, their attacks are only going to get more devastating.  Dark times.

Hackers are becoming more clever and strategic when it comes to infiltrating the devices and networks of their victims. Don't fall prey to them. Protect your devices and your personal or business information. Call SpartanTec, Inc. in Wilmington and let our IT consulting team help you.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, October 14, 2019

Browser Update Warnings May Actually Be Malicious Hackers

Researchers at FireEye have recently unearthed a particularly nasty new campaign that is both multi-faceted and dangerous. At the heart of the attack are hacked websites which display seemingly innocuous popup message informing the site visitor that their browser is out of date. It will helpfully provide a one-touch solution to the non-existen21t problem via a button that promises to download the latest version of the browser in question.

Naturally, it does no such thing.  Instead, it uses a series of JavaScripts to gather information about the target computer and send the details back to the command and control server.

The server then responds to the findings reported by the initial script by uploading the initial payload.  This varies based on the details gleaned, but generally includes some type of banking trojan malware and a backdoor such as Dridex, NetSupport Manager RAT, or similar.  If the initial scan reveals that the target computer is part of a corporate network, then an additional payload is also injected onto the target machine, but we'll get to that in a moment.

The first part of the payload will busily ferret out login credentials and other sensitive information, exfiltrating any files of value back to the command and control server.

Only when this operation has been completed and if the computer is part of a corporate network will the second stage we referenced earlier trigger, which is a strain of ransomware, normally BitPaymer or DoppelPaymer. The ransomware spreads through the network as far as it is able, encrypting files network wide.

These two ransomware strains are known for their hefty ransom demands, which often run into the hundreds of thousands, or even millions of dollars.

This multi-stage approach is dreadfully effective.  It not only allows the hackers to squeeze a wide range of sensitive data from infected systems, but then, locks them down hard and demands a hefty payment.  Be sure your staff is aware.  This one's about as dangerous as they come.

Hackers are becoming more clever these days. They have found several other ways to get into the computers of their victims. Fortunately, there are ways to keep your computer and network safe. Call SpartanTec, Inc. in Wilmington and let our team set up security protocols to keep your personal or business information safe and protected against various kinds of online threats. 

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Friday, October 11, 2019

The Importance Of Cybersecurity

Why did cybersecurity become so important all of a sudden? Before, it was just something that tech savvy people worry about. In the corporate world, it was a task that was left to the IT department. Other believed that as long as their firewalls, anti-virus software, and encryption tools were set up and working, they could simply hand over their IT security to professionals and  concentrate on running their business.

Now, you are most likely aware that cybersecurity is not something that you can ignore. Unless you totally conceal yourself from the world’s media, you should know that hacks as well as data breaches always affect firms of different sizes. Usually, these incidents are massive enough to make the news, which causes irreparable damage to the firms involved. 

What Has Changed?

Basically, we are living in a much more technically advanced world than a decade ago. In case you need more convincing, think about the fact that the iPad has just been around since 2010 and the iPhone came out a few years before that. Meanwhile, the broadband speeds increased five times over the last decade, which made it possible for individuals and businesses to do much more online.

One good example of the change that this has facilitated is the emergence of document sharing, email that is available on each device, as well as databases accessible from almost everywhere. As the years go by, enterprises have boosted their deployment of business critical applications in the cloud, given that Amazon’s Elastic Compute Cloud was only introduced in 2006.

Improve Your Cybersecurity

Given all these, you should now know the importance of cyber security. What can you do to stand up against this growing threat? Here are a few ideas you need to consider.

Stay Informed

It is no longer fair or realistic enough to expect your IT department to eradicate every IT security risk. Several contemporary cyber security threats come from social engineering, exploits to the browsers, user mistakes, as well as other things that the tech teams could only do so much to protect you from.
Cybersecurity is something that everybody needs to pay attention to, and a large number of incidents are because of people disregarding mainstream advice not to click on suspicious links and securing their passwords.

Do More Than Just Install Anti-Virus

Anti-virus software is an integral part of the IT security methods that you need to have. But relying on that alone is not enough to protect you from today’s online threats. Technical teams require several other tools, solutions, and resources, and a few of them are quite costly. But, they are less likely to be as expensive as the price of clearing up after an online breach.

Get Insured

The sector that offers cyber insurance has boomed over the years and it is now something that firms of all sizes need to consider. Cybersecurity insurance is not just about protecting against the financial risk. In case your company gets hit by a breach, there will be a lot of damage that needs to be contained, and you might need the help of a team of IT experts as well as damage limitation specialists that your insurer could provide.

Don't wait for a security breach to happen. Find yourself a reliable team of IT experts who can help you set up safety protocols to improve your cybersecurity. 



SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255

Monday, October 7, 2019

DoorDash Leaks Personal Data Of Users And Drivers

Another week, another high-profile data breach.

This time, DoorDash confirmed on a recent blog post that data on nearly five million of its users had been accessed by an unauthorized (and at this point unknown) third party. According to information released by the company, the breach occurred on May the 4th, 2019.

The unknown parties accessed information on the company's drivers, merchants and customers who joined DoorDash on or before April 5th, 2018.

The data taken by the unknown attackers includes:  names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords.  The only silver lining in that is the last item. It will require significant effort on the part of the hackers to decrypt the passwords and make use of them.  Even so, with so much personal information, including physical addresses, the hackers have more than enough data to steal identities.

Part of the company's formal statement into the matter reads as follows:

"We deeply regret the frustration and inconvenience that this may cause you.  Every member of the DoorDash community is important to us and we want to assure you that we value your security and privacy."

While the response isn't a bad one, and the company didn't make any major missteps in the immediate aftermath of the breach, it's all starting to feel very canned at this point.  Most companies say the same thing, and yet, these kinds of events keep happening.

Sooner or later, the platitudes aren't going to be enough to assuage the very real concerns of consumers who are becoming increasingly fed up with seeing companies they trust lose control of their data.  Once a certain threshold has been reached, there's bound to be a backlash.  We're not there, but the frustration and anger are growing, and rightly so.

Call SpartanTec, Inc. in Wilmington now. We will help protect your business from potential online breach that would not only put your company information at risk but that of your clients' as well. Our IT experts will set in place the appropriate and effective online security measures to keep your company safe from online attacks.

SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255