COVID-19 Update

Report: Six Ransomware Gangs Bank Up To $45 Million So Far This Year

As ransomware runs amok on the internet, is your integration firm ready to defend against and respond to a ransomware attack?

Leave a Comment

If cybersecurity isn’t high on your list of priorities going forward, then you should really rethink your company’s strategy.

If you haven’t been paying attention, a good chunk of news headlines lately have chronicled an influx of cyberattacks over the last few months. Seemingly every week, a new company is coming forward to disclose that they were the victim of a cyberattack, or cybersecurity researchers are spreading the word of a large-scale nation state compromise of some tech product.

And lately, it’s been ransomware that has grabbed headlines. If you’ve been to the gas pump lately, then you’ve seen the effects of the Colonial Pipeline ransomware attack.

What the cybersecurity community is adamant about is that these attacks could happen to anybody – including your integration firm.

According to a new report from cybersecurity company eSentire, 2021 has been a goldmine for ransomware operators, as six ransomware gangs have claimed more than 290 new victims in 2021 for potential gains of up to $45 million.

The company teamed up with dark web researchers to track the activity of some of the most prolific ransomware gangs, including Ryuk/Conti, Sodin/REvil, CLOP, DoppelPaymer, DarkSide and Avaddon.

The results are very alarming, especially considering that this is just six ransomware groups:

Those six groups (including DarkSide, which claimed responsibility for the Colonial Pipeline attack) have collectively compromised 292 new organizations this year through the end of April, and victim lists include manufacturers, transportation companies and construction firms.

According to eSentire’s report, one of DarkSide’s alleged victims was a U.S.-based IT services company from whom they claim to have stolen financial data, passports, Active Directory passwords and more. Organizations like IT service providers and audiovisual integrators are attractive targets because they could potentially hold the keys to many others networks.

The security company suggests several key things to help prevent ransomware, including:

  • Backing up critical files offline
  • Requiring multi-factor authentication
  • Only allowing administrators to access network appliances on a VPN
  • Endpoint detection and response
  • Employing the principle of least privilege with staff
  • Network segmentation
  • Disabling RDP
  • Regularly patching systems and user awareness.

Meet with your business teams to create an action plan and be sure to have an incident response (IR) plan mapped out that clearly defines which systems need to be put back online first. • Prep your

eSentire also suggests forming an action plan and payment method, regardless of if you ever plan to pay a ransom or not. The company claims nearly 75% of enterprises say they would never seriously consider paying a ransom, but more than 65% end up paying. Setting up a cryptocurrency account in the midst of an attack can waste precious time.

You should also establish a partner ecosystem both to help prevent a breach but also to coordinate a response well before any shady actor is demanding a ransom for you data, the company says.