Focused Ransomware Attacks

June 28, 2019/in Managed Cybersecurity/by Ostra Cybersecurity

Costs Rise for Vulnerable Businesses

Ostra can prevent cyber-criminals from cashing in on SMB targets.

Ransom demands nearly doubled in 2019 and recovery time from a ransomware incident also rose sharply. This record-setting trend is something SMB’s need to pay particular attention to. The dramatic increase in ransomware costs stem from the new powerful strains of sophisticated ransomware. High-resource businesses targeted by Ryuk in early 2019 are beginning to resist egregious ransom demands, so criminals will be looking for other businesses to attack. SMBs with less sophisticated security solutions are the perfect target.

The average ransom demand paid during the first quarter of this year was up 89% from $12,762 compared to $6,733 at the end of last year. However, that is just a fraction of the actual cost of an attack. New variants of ransomware effectively disable or destroy backups, and use encryption methods that make it extremely difficult to decrypt. This resulted in increased downtime after an attack by 47% over late 2018, translating to an average recovery cost of $64,645. Rising ransom demands that were absorbed by mid-market and large enterprises could cripple SMB targets.

Smaller operations with limited resources and staff are focused on their craft, and rely on security products that criminals know how to circumvent. Investing in IT security and backup policies can also be difficult for SMBs. Criminals know that many SMBs have a low tolerance for data loss and downtime, which makes them vulnerable ransomware targets.

Ostra’s Enterprise Grade Security Solution was designed to solve this problem. Our multi-tenant platform gives SMB’s access to layers of security solutions used to protect large corporations. Contact Ostra to learn how to protect your data and your business.

Ostra Cybersecurity

As Your Trusted Cybersecurity Team, Ostra makes cybersecurity simple and accessible to businesses of all sizes. Ostra provides its partners and their clients with a multi-layered, comprehensive and fully managed Security as a Service.

MSP Ransomware Infections

June 25, 2019/in Managed Cybersecurity/by Ostra Cybersecurity

Cybercriminals hit the jackpot with MSP Ransomware Infections:

Tools and capabilities MSPs use to serve customers were used against them. Ostra has a solution for that.

MSPs have what cyber-cyber-criminals want the most — access to potential victims and infrastructure designed to make that access easy and direct. A ransomware gang got just that type of easy access this week through several MSPs, whose clients became the infected victims. In an MSP worst-nightmare scenario, attackers gained access to the MSP network via exposed RDP and elevated privileges to uninstall anti-virus software on their clients’ systems. Adding insult to injury, the attackers distributed and installed ransomware undetected because they were using the MSP’s own software to do it.

Attacks targeting MSPs are on the rise because even a relatively small MSP may offer attackers as many endpoints as a major corporation. Earlier this year a wave of GandCrab attacks against a mid-sized MSP faced a $2.6 ransom when all 80 of its clients were infected, encrypting an estimated 1,500-2,000 endpoints.

Security is paramount to client trust, so when an MSP entrusted in keeping client networks functioning securely is breached, trust quickly erodes. MSPs often deal in the currency of trust, so loss of trust directly affects the bottom line.

Attackers target MSPs because they are often relatively small operations with specialized knowledge and tools but limited staff and resources. MSP security systems may not have the robust capabilities required to prevent a sophisticated attack. In the attacks this week, prevention measures such as exposing vulnerable RDP endpoints, preventing removal of anti-virus, and detecting unusual network activity were not in place. To face rising attacks targeted at their business and customers, MSPs need to have a comprehensive enterprise-grade security solution that provides integrated prevention, detection and response tools to recognize and halt advanced threats.

Ostra Cybersecurity

As Your Trusted Cybersecurity Team, Ostra makes cybersecurity simple and accessible to businesses of all sizes. Ostra provides its partners and their clients with a multi-layered, comprehensive and fully managed Security as a Service.

Breach and Bankruptcy

June 25, 2019/in Managed Cybersecurity/by Ostra Cybersecurity

Breach puts top debt collection supplier out of business.

Ostra can help make sure SMB suppliers are not the weak link.

American Medical Collection agency (AMCA) was a supplier of medical debt collection services to large clinical laboratories, hospitals and physicians groups until a data breach put them out of business last week. The breach exposed personally identifiable information (PII), healthcare and financial data belonging to enterprise customers, and almost immediately after it was discovered four of AMCA’s largest clients — Quest, LabCorp, Conduent Inc. and CareCentrix Inc. — stopped doing business with the company. In early attempts to reverse the situation, CEO Russell H. Fuchs personally lent the company $2.5 million, but loss of revenue along with an estimated $4.2 million in remediation costs ultimately drove the company out of business.

Third party SMBs like AMCA are integral to the enterprise business ecosystem, and SMB’s lacking strong security increasingly find they are targets of attack. Many SMBs rely on entry level commodity security products such as traditional anti-virus and firewall defenses that only address one risk. While some larger SMB’s may utilize more comprehensive products, these are non-enterprise grade solutions that hackers understand and can exploit. According to recent cybersecurity statistics over the past 12 months SMB’s accounted for over 58% of all data breaches. At an average cost of $3M the impact is enormous and possibly devastating for SMB’s.

As AMC discovered in the wake of their breach, large enterprise customers are quick to decide ongoing business is too risky and terminate the business relationship. Costly forensics to determine what data was stolen may not provide a definitive answer, escalating remediation costs to include notification of all potential victims and incurring legal fees if the breach leads to a lawsuit. All of this can be too much for an SMB to absorb, as was the case for AMCA who filed for bankruptcy early last week. How can SMBs avoid being targeted, breached and ultimately ruined by an attack? SMB’s who supply services to large enterprise customers need to understand that security solutions reliant on traditional methods have holes that hackers know about. Bad actors can enter and remain undetected inside networks that are protected by non-enterprise grade solutions, and use intelligence gathering software to carry out planned sophisticated attacks that maximize damage and theft. To avoid an attack that could lead to the dire outcome faced by AMCA this week, SMBs need to have an enterprise-grade comprehensive security solution that provides integrated prevention, detection and quarantine tools based on threat behavior characteristics.

Ostra Enterprise Grade Security solution gives SMB’s access to the best-in-class security services used by their enterprise partners. Ostra not only protects the SMB IT environment, but more importantly protects the SMB’s ability to stay in business.

Ostra Cybersecurity

As Your Trusted Cybersecurity Team, Ostra makes cybersecurity simple and accessible to businesses of all sizes. Ostra provides its partners and their clients with a multi-layered, comprehensive and fully managed Security as a Service.