Open-E Pro Tips: How to Avoid the Consequences of a Ransomware Attack?

According to multiple sources, in the first three quarters of 2023, more cyber intrusion attempts than in all of 2022. In the first quarter of 2023, ~51 million attacks were recorded. The number increased significantly in the second quarter, which recorded ~89 million. There has been a steady increase in such attacks for several years – the number is constantly growing and becoming more frightening. It’s not getting any better in 2024. In Q1, there were 192 publicly disclosed ransomware attacks, a 48% increase over Q1 2023. The number of undisclosed attacks also increased by 22% year-over-year.

Terrifying statistics, isn’t it? They underscore the growing threat from ransomware and the importance of robust cyber security measures. We are seeing new techniques to protect against the attacks themselves related to new hacker tactics and new ransomware families. That’s why it’s also increasingly important to focus on protecting against the consequences of ransomware to minimize the possibility of downtime, as well as loss of reputation, money, and, most importantly – data, which can even lead to bankruptcy.

Cybersecurity at Risk

In 2023, the average cost of recovering after a cyber attack for an enterprise company and the average ransomware payout keeps on growing. According to Stationx.net, the total ransomware payment has risen to an unbelievable number. During Q1 and Q2 2023, it reached more than $449 million. This was $176 million more than the same period in 2022. If the current pace of attacks continues, ransomware attackers are predicted to extort $899 million from victims in 2023.

Ransomware attacks and payments rose sharply in 2023, breaking previous records. If this trend still persists into 2024, we can anticipate even higher ransomware costs this year. According to the WatchGuard report, the average cost for enterprises to recover from a ransomware attack was $4 million in 2023. This substantial recovery cost, extending beyond ransom payments, is expected to remain relevant in 2024.

Home office employees, often lacking network security, also became easy targets for data breaches, with over half of the attacks originating from simple phishing emails. This issue affects all, from individuals to large corporations.

Cyber Warfare and Global Safety

The escalating Russia-Ukraine and Israel-Palestine wars have led to increased cybersecurity risks. Military cyber units’ actions against the enemies affect electronic communications, including email, phone calls, and social media, which of course, also affects any company still operating during a horrific time of war.

These conflicts have highlighted the importance of robust cybersecurity measures for businesses and organizations, especially those operating remotely or from home offices. It’s crucial to stay vigilant and ensure that appropriate security protocols are in place to protect against these increasing cyber threats. It’s likely to affect the companies that are partners or customers of these attack victims, which may lead to crucial business processes interruptions.

Biggest Ransomware Attacks in 2024 so Far

Some of the biggest attacks in 2024 provided by the BlackFog service were:

1. LockBit claimed responsibility for an attack on the Capital Health hospital network which caused IT system outages and impacted operations for at least one week. LockBit listed the healthcare company on its data leak portal, claiming to have stolen 7TB of sensitive medical information valued at $250,000. The ransomware gang stated that it purposely did not encrypt the hospital’s systems so as not to interfere with patient care.
2. According to a post on BreachForums, ShinyHunters claimed to have stolen data relating to 560 million Ticketmaster Entertainment LLC customers. The compromised information is said to include names, addresses, emails, phone numbers, ticket sale information, event information, and order details. ShinyHunters also claim to have credit card details, but these only include the last 4 digits of the card numbers and the expiration dates. The database is up for sale for $500,000. Ticketmaster is yet to address these claims and it is not clear if this information is new or related to previous breaches.
3. The local government of Washington County in Pennsylvania authorized a ransom payment of $350,000 in response to a cyberattack in January. The incident caused the government to shut down its servers following a warning from the CISA. According to reports the threat actors seized control of the county’s network, “basically paralyzing all of the county’s operations.” It was confirmed that hackers had pilfered large amounts of sensitive data, including information about children in the court system. It is not known who was behind the attack.
4. RE&S Holdings, a Japanese multi-food brand, announced on Jan 11 that it had initiated data recovery following an attack that impacted the data on its servers. RE&S activated business continuity plans and has seen no significant impact on its business operations. The company reported that it had not observed any evidence of data exfiltration or the compromise of any personal sensitive information following preliminary investigations.

How to Avoid a Ransomware Attack?

Talking about safety measures – there’s no such thing as enough security tips, so we’ve listed some of the cybersecurity must-haves for all to be remembered at all times:

1. Never click unsafe or unknown links.
2. Use multi-factor authentication.
3. Don’t share personal information.
4. Don’t use unknown USB sticks.
5. Keep your systems and apps up to date.
6. Never download software or media files from unknown sites. 
7. Use VPN services on public Wi-Fi networks.

What about safety measures within businesses? Of course, apart from the safety measures listed above, you can, for instance, give users only the bare minimum privileges needed to do their jobs, purchase a cybersecurity insurance policy, invest in file activity monitoring (FAM) solutions, and/or use endpoint detection and response (EDR) and extended detection and response (XDR) tools. 

Plus, the most important – train your employees! Provide your staff with cybersecurity workshops, present them with all the benefits of following the proper cyber hygiene and teach them how to detect potential dangers.

Now take a look at the essential tip left for the very end to highlight its importance to the maximum. So ….

BACKUP! BACK UP YOUR DATA!

Always back up your data to external devices or off-site locations. Take backups seriously by not only copying your data daily but also keeping some critical ones in other locations and disconnected from your primary network. This way, they’ll definitely be much less vulnerable to a ransomware attack. Why is external backup so important?

In the unfortunate case of a ransomware attack, decryption is no longer possible. Data backup protects you from the obnoxious consequences of a ransomware attack due to the fact that if you keep a backup in the event of an attack and are still able to prevent the malware from reaching and encrypting it too. This way, companies and organizations guarantee a safe and easy way to recover the data. Not being forced to pay the ransom.

Handle the Worst-case Scenario through Backups with Open-E JovianDSS 

Open-E JovianDSS is a ZFS- and Linux-based data storage software that contains the On- & Off-site Data Protection feature that is designed especially for backup. The feature allows users to back up and restore crucial company data in case of an unexpected disaster by creating consistent read-only snapshots and thanks to asynchronous snapshot replication to local and/or remote locations. Due to the fact that snapshots are read-only and thus cannot be encrypted,  the backup server can stay online all the time. Replication tasks in turn, can be well-organized according to advanced retention plans, which control the creation and deletion of snapshots both on the source device and the backup one. 

With Open-E JovianDSS On-&Off-site Data Protection, you can create an unlimited number of consistent snapshots of basically everything, including databases or virtual machines, with all the applications saved. This feature provides instant access to all data, which is a quick way to roll back to the state before a ransomware attack. So, why tempt fate by not having a backup solution if you can rest assured your data is actually safe?

See it Yourself – Rollback from WannaCry Ransomware

Want to see how to prevent the ransomware consequences with a single data storage solution? There you go, we’ve prepared a manual of how to do it in just a few simple steps, based on Open-E JovianDSS data storage software. 

Ransomware Attacks Archive

To show you the scale of ransomware attacks over the years and to highlight the perspective of how many enterprise companies face this problem, we decided to also include an archive of attacks from previous years. Be aware and stay safe!

2023

1. LockBit attacked Shimano, seizing 4.5 TB of sensitive data, including employee information, financial documents, and customer databases. Shimano was given three days to pay the ransom or face data publication. LockBit threatened future attacks if the ransom wasn’t paid and has already published some data.
2. Coca-Cola FEMSA was attacked by TheSnake who posted stolen data on a hacking site. The data included company info, photos, files, passwords, financial documents, and employee data. $12 million was demanded, and Coca-Cola negotiated a payment of $1.5 million. Some files remain for sale on the dark web for $65,000.
3. Ransomed attacked Sony, selling stolen data instead of demanding a ransom. The disclosed data included 2 MB of files, but hackers claimed to have stolen 260 GB, valued at $2.5 million. Other groups also claimed responsibility for the attack. Sony is investigating and declined to comment further.
4. Cadre Services, a Wisconsin-based staffing provider, was attacked by BlackCat, who seized 100 GB of data including job seeker info, financial data, and porn from the CFO’s computer. The ransom was $300,000. Cadre offered $25,000 and $35,000, but BlackCat released some data, including 4,400 files with personal info.

2022

1. On February 23rd, Nvidia was attacked by a cyber gang Lapsus$ who threatened to publish 1TB worth of data demanding a $1 million ransom. The data included employee details and crucial company data. As a result of this attack, the company went offline for two days. Luckily Nvidia handled the situation pretty well, and, what is more, some say they have hacked the hackers back. Even if not confirmed, it still sounds like a pretty interesting weapon to fight cyber gangs.
2. Another example is the case of the Costa Rica Government. This might have been the most spoken-of ransomware attack this year due to the fact that it was the first time ever that a country was forced to declare a state of national emergency. First, the Costa Rican government was threatened by a group Conti to pay $10 million, which soon increased to $20 million, and later another group attacked the country. In general, the social security fund, ministry of finance, and healthcare systems were deeply crippled
3. Next, Puma, a sports manufacturer, reported data breach issues after a ransomware attack at Kronos (one of Puma’s solutions providers). The original Kronos attack happened in 2021 during which the personal information of over 6,632 employees was stolen.
4. The biggest ransomware attack was reported in Bernalillo County, New Mexico, which took not only a number of county departments and government offices offline, but also the county jail. Because the malware affected the CCTV and automatic doors in the Metropolitan Detention Center, inmates couldn’t leave their cells. The situation could have turned into a possible violation of settlement agreements and ended up with much harsher consequences.

• backupcybersecuritydata safetydata securityOn- and Off-site Data Protectionransomwareransomware attackretention plansSnapshots