There has been a surge of ransomware attacks during 2021. Fred Voccola, CEO of the Florida-based information technology firm Kaseya, estimated that as many as 1500 businesses worldwide have been affected by a ransomware attack within the past 6 months, including Kaseya falling victim to an attack themselves. Ransomware is a special type of malware, which as the name suggests involves cybercriminals demanding a ransom in order to release a victim’s files and data back to the owner. The victim must pay a fee, usually in Bitcoin, to receive the decryption key or they risk losing their data or having it leaked.
Colonial Pipeline
The Colonial Pipeline attack has been one of the most covered ransomware attacks so far in 2021, making news across the USA in late April. Touro College Illinois Cybersecurity Program Director, Joe Giordano, explained that this particular attack had so much coverage due to its strong impact on infrastructure in America, saying “Taking the system down disrupted gas supplies all along the East Coast of the United States, causing chaos and panic.”.
The hacking group behind the attack, The Darkside, took aim at Colonial Pipeline’s billing systems and internal network, causing huge disruptions within the company and for their customers. Colonial Pipeline was eventually forced to give in to The Darkside’s huge demand of $4.4 million in Bitcoin. Fortunately, US law enforcement was able to recover the majority of the $4.4 million ransom payment. However, members of the group behind the attack still remain unknown and at large.
Houston Rockets (NBA)
Proving that all types of businesses and organizations are vulnerable to ransomware attacks, hacking group Babuk chose the Houston Rockets as their target in mid-April. Babuk made claims to have stolen over 500 GB of data from the NBA team, and threatened to publicize this private information including contract details and financial data if their demands were not met.
A spokesperson for Houston Rockets has publicly acknowledged the ransomware attack and confirmed an investigation is underway, but claimed that the attack was not a serious issue for the team, saying “… our internal security tools prevented ransomware from being installed except for a few systems that have not impacted our operations.” It has since been reported that the initial ransom message has been removed from Babuk’s dark web page, indicating that Houston Rockets may have come out on top in this case.
CD Projekt
CD Projekt Red are a popular game development company who are responsible for the likes of The Witcher series and more recently Cyberpunk 2077. In February of this year the Poland-based games company was subject to a ransomware attack performed by hacking group, HelloKitty. CD Projekt seemed initially unphased by the hacker group, saying they had no intentions of paying a ransom or negotiating with HelloKitty, additionally claiming they had backups to restore all lost data and no personal information from employees or customers had been affected by the attack.
However, it appears that the initial evaluation of the situation was incorrect. The CD Projekt Group came forward with a new statement on their company website at the start of June, now claiming they had reason to believe stolen data was being circulated on the internet. Furthermore, they commented that although they cannot confirm exactly what is being circulated, they believe it includes employee and contractor details and data related to their games.
Some quick and more easily implemented tips to try and avoid falling victim to a ransomware attack include:
Always backup your data in a safe place
Use a reputable antivirus software and firewall
Keep all systems and software up-to-date with the most recent patches
Do not provide private information over email, text message, or during unsolicited phone calls
Use a Virtual Private Network (VPN) if you are using public Wi-Fi
At Euclid Security we are experts in building companies’ cybersecurity defence, including putting in place strong recovery systems and procedures, to help prevent cybersecurity attacks and reduce their impact if they do happen. If you need help with anything cybersecurity-related, including the prevention of ransomware attacks, then get in touch today for a no-obligation discussion.