Following the cyber-attacks that occurred in Baltimore and Florida, last week, Monroe College in New York, had multiple campuses hit, and taken offline, by ransomware, crippling the college’s network. This has not just affected the school’s administrative departments; however; it has also hurt students and teachers. The ransomware is asking for an obscene $2 million for the safe return of the college’s data. Jackie Rugger, the executive director of public affairs at the college, said in an interview on Friday (07/12) with Inside Higher Ed that the school was still unsure who had carried out the attack, but that the school was actively working with local law enforcement and the FBI in order to determine where the attack originated from. There was no comment on whether the school would pay the $2 million ransom. For now, Rugger said, the school continues to operate. However, they have been forced to resort to using “historic” methods. Students and teachers have still been able to attend classes, with homework being turned in on paper. Ransomware infections are usually due to someone on the network falling victim to a phishing email scam. It is difficult to determine the severity and exact amount of ransomware attacks that occur daily, but cybersecurity firms believe that attacks are on the rise. What makes this attack different is that ransomware attacks that focus on colleges usually focus on a specific individual rather than the entire network, said Ben Woelk, according to Insider Higher Ed. He stated that this attack is demanding an amount of money he had ever witnessed before. Depending on how Monroe College reacts to this technological hostage situation could determine whether we see a string of upcoming ransomware attacks on colleges across the country. Cybersecurity analysts, as well as the FBI, believe that no business or institution should pay the ransom, should their network become infected. With no guarantee that the criminals would provide a key upon payment, it seems as though not paying would be a company’s best option. However, with ransomware, companies must understand that with each day, the ransom will continue to increase. In Baltimore, the city government refused to pay to ransom, opting to revamp its network, costing over $18 million. Therefore, despite the lack of reliability on criminals, businesses, and institution placed in this situation must come to terms with the lesser of two evils. At Hammett Technologies, our partners never have to worry about ransomware attacks. We use state-of-the-art cybersecurity software and hardware to ensure our partner’s data security, while not interrupting or slowing down their work process. Hammett Technologies practices prevention, halting cyber-attacks before our partners even know they were there. Want more information as to how we can help your business grow? Click here!
The Microsoft Defender Advanced Threat Protection Research Team have released a warning to all Windows users informing them that a notorious malware has resurfaced and has begun to spread once again. This malware, named Astaroth (The Great Duke of Hell), steals user credentials without ever needing to install malicious software. What makes this malware so notorious is not just that it deploys keyloggers and monitors the clipboard, aiding in its ability to steal login credentials, instead it does all this without downloading any executable file onto the user’s machine. The attack begins when the user opens a link within a phishing email. The link, unbeknownst to the user, opens a shortcut file which launches a terminal command that downloads and runs JavaScript code. From there the JavaScript pulls and runs two DLL files which do the dirty work of keylogging the user’s information and uploading it to the remote attacker. It does this entire process without the user ever knowing it is going on, raising serious concerns for businesses and personal machines. To stop the Malware, Anti-Virus programs need closely monitor how WMIC command-line code, applying rules to such code when necessary. This includes regularly checking the age of the files being called and flagging or completely blocking newly created DLL files. However, Microsoft’s anti-virus, as well as other anti-virus programs, have been updated to watch for such occurrences. Nevertheless, it is crucial that you remain cautious when online. Malware like this, even though modern anti-virus has been updated to watch for these suspicious actions, is not full proof. You should never look at your anti-virus as being the first line of defense; that what you are! If you are worried that an email may be a phishing scam, the chances are that it is. Always verify with the sender before you click on any links or download any files, and you will ensure that your computer and data remains safe! If you are worried that your business may be vulnerable to cyber attacks, contact Hammett Technologies! We use only the latest cybersecurity technology to ensure that your data is always safe. To find out more about what we can do to assist your company, click here!
Microsoft Teams is known for being a reliable chatting software that many businesses use for communicating and sharing documents within your company. We utilize Teams every day at Hammett Technologies and could not be happier with its overall ease of use, innovation, and productivity. However, recently, security researchers have discovered an exploit within the business chatting software from Microsoft. This exploit could potentially allow for malicious files to be downloaded and executed. How Can It Happen? Microsoft Teams utilizes the Squirrel project, which deals with installation and updating. Through the use of the “update” command, hackers can potentially upload and execute malicious files into Microsoft Teams. Along with this are other exploits, allowing for remote download and execution of malicious files. What Can I Do to Secure Teams? When it comes to computer viruses, the rule of thumb is always to make sure you and your team have strong passwords in place. This can deter unwanted guest from gaining access to your accounts and causing damage to your company. This rule applies here, as well. The only way malicious files can be uploaded Teams is through access, therefore, ensure that all members have strong passwords, ensure that permissions are set in place to ensure that those less trusted, or those with temporary access, are unable to upload or download documents. If you are unsure about the security of your Microsoft Teams environment, call Hammett Technologies! Our free assessment scans for issues like these and will bring security risks to your attention immediately. With us as your IT department, you can rest easy knowing your network, and online presence is secure! If you would like to find out more about what we can do for your company, click here!
A new malware strain has begun to attack IoT devices, wiping their firmware and rendering them useless. As of the writing of the article the malware has been live for a day and has already claimed a confirmed 2,000 victims in about 3 hours. Reports state that, Silex, the name of this malware, will continue to grow in scale and destructive nature. How Does Silex Work Reports state that Silex operates by destroying an IoT’s devices storage, removing the devices network config, dropping firewall rules, and ultimately ending by halting the device’s ability to operate. It does this by logging into the system using know default login credentials. In terms of destructive capabilities, this strain of malware is extremely threatening. If infected by the malware, the only option is to reinstall the device’s firmware, an operation many users will find to difficult to do. Experts believe this malware will lead to infected users throwing their devices away, thinking they were malfunctioning, rather than suspecting malware to be the case. For now, Silex appears to only be targeting Unix-like systems with default login credentials, but the malware also has a Bash shell version as well, meaning it could also be used to target systems running Unix like operating systems. This could spell disaster for Linux servers that have unsecured Telnet ports and poor admin or user credentials. At the time, the malware uses Iranian hosting services to operate, which has already been blacklisted by URLhaus. However, it is still recommended that you make sure your passwords are up to date and are anything but the default.
Across the United States, hackers have been targeted cities through the use of ransomware. Ransomware is a malicious attack on a computer system which completely locks the user out of their computer until a “ransom” is paid (usually in bitcoins). For those who think paying the ransom will be the easiest option should be aware that there is no guarantee that, upon payment, a decryption key will be provided. What makes ransomware especially threatening is the timer that not only counts down how many days left the user has before all files are deleted but also increases the price of decryption each passing day. Ransomware attacks should not be news to residents of Maryland. A similar attack has plagued Baltimore’s city government for a while, and the price of recovery has skyrocketed to $18 million. As of today, Lake City, Florida, another US city infected with ransomware, has decided to pay the ransom in order to regain access to their technology network. Despite Lake City’s technology department successfully disconnecting all infecting computers within a matter of minutes the virus was able to snake its way through the entire government’s network, with the police and fire departments being the exception. Lack City, Florida government officials have agreed to pay a ransom of $500,000. Upon payment, Lake City was granted a recovery key after paying the ransom, something other cities should take note of. Baltimore and Lake City are not the only two cities to have been plagued with the attack. Other cities such as Lynn, Massachusetts, Cartersville and Jackson County, Georgia have also been faced with this serious cyber-attack. These attacks, while expensive to fix, are a wakeup call to local governments. Ransomware is often targeted and successful on outdated systems, something each of the cities listed had. In order to combat these issues, and ensure they do not happen again, regular maintenance, updates, and patches are not only necessary but required. These attacks not only cripple the state government, but they also hurt the general public.
At Hammett Technologies, we cannot stress enough how important it is that you have proper security in place to protect your company and personal information from potential attacks. Most malware today is designed to steal sensitive information from a victim’s computer, making healthcare providers high-priority targets. Cyber security expects in Israel recently hacked into a local hospital, changing CT and MRI images of patients, either adding or taking away cancerous growths. While this attack was simulated, though the use of algorithms, cyber security researchers were able to accurately remove and add cancerous growths. This edited images caused doctors, as well as the hospitals own AI-assisted tools, to misdiagnose over 90% of their patients. This attack was meant to spread awareness to the vulnerability of not just hospital, but all healthcare providers. If hackers were to replicate this attack, the consequence would be massive. This type of attack can lead some to believe they have cancer, or worse can lead someone to die by thinking they do not. Furthermore, this kind of attack could go hand in hand with ransomware. If attempting to steal money from the hospital, a hacker could infect the machine with ransomware, “…holding the medical imagery hostage,” stated the cyber security team. It is important to understand that this issue does not relate to just hospital, but all healthcare providers. If your company handles sensitive information, your company is being watch by hackers. Therefore, it is vital that you take steps to ensure that customer information is safe. Ensure that all HIPAA Compliances are met, for both your company’s safety and the customers. Ensure firewalls are in place and are regularly updated and maintained. Lock down the network and all devices with strong passwords (8+ characters, symbols, numbers). If you are worried about your company’s compliance or safety, give Hammett Technologies a call! We can give you a free assessment and let you know where you stand against potential threats. When you partner with Hammett Technologies you don’t become a client, you become family. Sources: https://arxiv.org/pdf/1901.03597.pdf
The internet can be a dangerous place. Therefore, as we traverse the digital landscape we must always stay on high alert! Recently, a new type of phishing email has hit our digital world. Be one the lookout for emails that are from my-sharepointdrive@notification.messages365.org. At first glance, this email appears to come from Share Point, giving oneself a false sense of security, but do not be fooled! This email, if opened, will contaminate your computer. This false sense of security is only further by the header of the message reading “This mail is from a trusted sender.”. If you receive a message that looks like this, do not open the attachment! When you receive a suspicious email, always make sure to carefully go over the sender information. Ask yourself these questions: “Do I know this sender?” and “Does this email pertain to something I am familiar with?”. Even if you can answer “yes” to both questions, you should remain vigilant. Always be on the look out for anything that is out of place or suspicious. By playing it safe and paying attention you will save yourself both time and money! At Hammett Technologies we put your online security as a top priority. Be with a team you can trust, become a Hammett Technologies Partner today!
- 1
- 2