July 4th Weekend Explodes with Major Ransomware Attack.

By Clinton Pownall
 President & CEO
 Computer Business

July 4th Weekend Explodes with Major Ransomware Attack. The holiday weekend began with news of another mass ransomware attack, in which bad actors encrypt data making it unusable, and demand a ransom to be paid in bitcoin to unlock the files. The target this time was Kaseya, which makes a popular software used by many managed service providers. This makes it a “supply chain” attack, as by compromising Kaseya’s code, the ransomware attack was spread to Kaseya’s customers. The Wall Street Journal carries the headline “Ransomware Hackers Demand $70 Million to Unlock Computers in Widespread Attack.” The article reads, in part: “Concerns about ransomware are at an all-time high, following extremely disruptive attacks on the Colonial Pipeline and food processor JBS SA . In May, President Biden ordered U.S. agencies and software contractors that supply them to boost their defenses against cyberattacks that officials have said pose a growing threat to national security and public safety.”

Ransomware Attack Affects Five Continents—Including Some Supermarkets in Sweden. Reuters reports up to 1,500 businesses have been affected by the ransomware attack against Kaseya, and says “Although most of those affected have been small concerns—like dentists’ offices or accountants—the disruption has been felt more keenly in Sweden, where hundreds of supermarkets had to close because their cash registers were inoperative, or New Zealand, where schools and kindergartens were knocked offline.” Reuters reports the company’s president “had spoken to officials at the White House, the Federal Bureau of Investigation, and the Department of Homeland Security about the breach but declined to say what they had told him about paying or negotiating. … The topic of ransom payments has become increasingly fraught as ransomware attacks become increasingly disruptive – and lucrative.”

“Russian Hackers Seemingly Behind Latest Ransomware Attack, Demand $70M.” That’s the headline for a New  York Post article that reports “In a post on a blog typically used by the Russian-linked REvil cybercrime gang, a group of ransomware hackers appears to have taken responsibility for the cyberattack that hit over 200 US companies Friday, demanding $70 million in bitcoin for the data to be returned.” The article also reads, “Ransomware and other cyber attacks have skyrocketed in recent months, as US foes worldwide— unable to successfully take on America’s armed forces—turned their attention to our weaker digital defenses.”

U.S. Exposes Details of Russian Hacking Campaign. The New York Times reports American and British intelligence agencies have exposed the details of what they called a global effort by Russia’s military intelligence organization to spy on government organizations, defense contractors, universities and media companies. Underscoring the importance of every organization to adopt tight security practices, the article notes: “There is nothing particularly unusual about the methods the United States says the Russian intelligence unit used. There is no bespoke malware or unknown exploits by the G.R.U. unit. Instead, the group uses common malware and the most basic techniques, like brute-force password spraying, which relies on passwords that have been stolen or leaked to gain access to accounts. … That lack of sophistication means fairly basic measures, like multifactor authentication, timeout locks and temporary disabling of accounts after incorrect passwords are entered, can effectively block brute force attacks.”

“CISA Emphasizes Urgency of Avoiding ‘Bad’ Security Practices.” That’s the headline in a recent BankInfoSecurity article about a new effort by the Cybersecurity and Infrastructure Security Agency to protect the nation’s computer systems. The first two bad practices cataloged are obvious—but need pointing out, as many organizations are still guilty of them. The first is use of unsupported or end-of-life software, which CISA notes is “dangerous and significantly elevates risk to national security, national economic security and national public health and safety” as older products generally cannot receive security updates and technical support. The second bad practice is “Use of known/fixed/default passwords and credentials.” BankInfoSecurity points out “This practice creates risks, in particular, for internet-accessible devices, the agency notes. Cybercriminals can easily obtain standard login details, making network devices exceedingly vulnerable to takeover.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. He is a member of the Florida Police Chiefs Association, and advises law enforcement agencies on cybersecurity. Pownall serves on several boards and committees and has a strong affiliation with various arts and education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He’s served as a Vice President of the Board of Director for the Orlando Shakes Theater and is actively involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.