Radware Customers Share Their Personal Ransomware Story
Just the word ransom lets you know that ransomware isn’t a welcome visitor. No industry is immune to it. In fact, many attacks on healthcare systems have prevented patients from getting medical care. Yes, it can be that evil.
What is a Ransomware attack?
Ransomware is a type of malicious software that encrypts a victim’s files or data, making them inaccessible until a ransom is paid. Cybercriminals typically demand payment in cryptocurrency to avoid being traced.
Even when ransoms are paid, attackers are exfiltrating data, setting it aside to be used for other nefarious purposes. Ransomware-as-a-Service (RaaS) is available for those who want to enter this underground world but don’t have the technical acumen to create their own platforms and threats. It has ramped up to include attacks on supply chains, which harm an array of victims in one fell swoop. And unpatched software and phishing remain as the ransomware-launching stalwarts. Why wouldn’t they? They continue to work well for bad actors.
What is your most memorable story related to a ransomware attack?
It’s not hard to gather stories from victims of ransomware because it isn’t hard to launch. It is that prevalent. Ransomware makes up over 20% of all cybercrimes. According to a Forbes article from 2022, the vast majority of companies have been hit with ransomware attacks. Over 40% of attacks get in through phishing and they only need one fish to take the bait.
We recently queried Radware customers and asked them to share a ransomware story that has affected them. Once again, they didn’t disappoint. Their responses were informative and interesting and reflected the importance of practicing sound digital hygiene.
Two things emerged from the customer testimonials:
First, it isn’t very hard to be infected by a ransomware attack; in most cases an innocent, human action opened the door to the attackers.
Second, while it is not difficult to plant the seed to the attack, the damages are large and it takes days, even weeks, to recover from an attack.
Radware customers’ first-hand testimonies
One downloaded e-mail attachment was all it took
“In 2020, I made the mistake of downloading one attachment from an email. This enabled macros that encrypted my entire system within minutes. I couldn’t open anything. Since then, our data has become very secure.”
3rd party software results in ransom to be paid in Bitcoin
“A few months ago, one of my office colleagues downloaded some 3rd party software from the internet. After the software was executed, all the folders on his laptop were encrypted. He then got a message that all data had been encrypted and that we’d have to pay the ransom in Bitcoin.”
BlackCat ransomware enables attackers to exfiltrate intellectual property
“In October of 2022, the BlackCat ransomware group launched an attack that affected 86 laptops, re-routing supplies to different depots. The attack was believed to have leveraged vulnerabilities in two software applications — Microsoft Exchange and Zoho ADSelfService Plus, which is a password reset management program. The BlackCat ransomware enabled the attackers to exfiltrate [withdraw] secrets and intellectual property. They also feared that the attackers may have infiltrated the networks of our customers and service providers.”
Overall business impact was unimaginable
“Five years ago, I worked in Mexico City at the help desk for an American oil company that had an international presence. While I wasn’t in security yet, I got to see firsthand the impact that ransomware can have on an organization. One day, I received a phone call from my boss telling me to disconnect all computers from the internet immediately. Well, the Mexico City office was where a lot of high-ranking managers worked, including the deputy director and the general director.
“I asked everybody to disconnect their Wi-Fi connections and turn off their laptops. I was immediately and urgently asked by everybody why they had to do this, that they had a lot of work to do and needed to finish it now! This occurred for a couple of days because the situation was not improving. This affected offices in the U.S., U.K., Mexico and India. Two entire weeks passed! I can’t imagine the overall business impact this had. We were finally able to turn on our computers but with extremely limited access.
“Here’s what’s frightening — it was the result of a single user who opened a fraudulent email. The launched virus encrypted data throughout the company. What was interesting is that no ransom was demanded from the company. It was a case of corporate sabotage. Maybe they were just trying to destroy the company’s image in the public’s eyes.”
Ransomware attack will always be a blot on the victim’s organization
“We were doing POC on a client’s devices; they are one of the largest healthcare organizations in the country. We had heard the rumor that there was some type of emergency and medical equipment wasn’t working as a result. It got pretty tense, as day-to-day patient care required manual processes as a result.
“A committee was formed to help better understand this matter and how it happened. Through their discovery and assessment, we learned that the client had been affected by ransomware as a result of some of their medical equipment and IoMT (internet of medical things) devices. It affected many important hospital services, including its smart lab, billing, reporting and IP-based devices. It severely affected servers.
“While they recovered from it, the effects of the ransomware attack will always be a blot on their organization. The good news is that through the assessments they were able to find out about challenges they were facing and the vulnerabilities that were present in their network.”
Hive ransomware group attacks large Indian utility
“After its privatization, the utility industry is arguably the most demanding. Now, attackers are gaining traction and day-by-day utilities are facing the risks of cyber-attacks. After the Russia/Ukraine conflict began, the instances of cyber-attacks increased at multiple places and in many industries in India and our overseas locations.
“In December of 2022, we faced a huge ransomware attack. The Hive ransomware group claimed responsibility and began leaking stolen and very private data. Among other things, it included employees’ PII (personally identifiable information) and salary information. In addition, there was proprietary company information, including engineering drawings, financial and bank records, and client information.
“In the stock filing soon after, it was disclosed that the attack had taken place. The Hive group has allegedly been very prolific. They claimed to be behind the ransomware attacks on the New York Racing Association, a Bell Canada subsidiary and the Memorial Health System. Patient data was stolen and it had to cancel surgical and diagnostic operations.”
A week of data needs to be rebuilt due to the WannaCry ransomware
“In 2019, my organization was hit with the infamous WannaCry attacks. Our entire service database was encrypted by it. We were helpless at that time. All our work was on that database and was now encrypted. Even though we had backups, it was for a week prior to the attack. It was very hard to make up for that entire missing week of data. It drastically changed our entire organization. After that, our security posture got a lot better.”
All files were encrypted the night before a presentation to executives
“I was working late one night in my lab and downloaded some software off the internet to convert my MS Word files into PDFs. Immediately, all my files were encrypted. And I was supposed to review my presentation the next day in the office. Files were all encrypted and I couldn’t even get to a browser. It was a bad night. The next day may have been worse.”
Summary
Ransomware attacks have become increasingly common and sophisticated, affecting both individuals and organizations. These attacks can result in significant financial losses, data breaches and reputational damage. Victims often report feeling violated, helpless and frustrated.
It is crucial to take preventive measures, such as making regular backups, using strong passwords and updating software to protect against ransomware attacks. In case of an attack, victims should seek professional help and report the incident to the authorities.
Almost everybody’s response ended with this sentiment — after the attack, their security strategy and plan became a lot better. While that’s not surprising, it highlights the need to make sure you’re protected before an attack occurs.
For more information about upping your security game, reach out to the talented, tenured cybersecurity professionals at Radware. They would love to hear from you.
If you’re going to attend the RSA Conference in San Francisco on April 24-27, make sure and stop by the Radware booth (#2139). Meet with our team of experts and take your cybersecurity to the next level. Better yet, you can set up an appointment with them here.
