Radio and television station KQED has been taken “back to the stone ages” because of an advanced ransomware attack launched in June of 2017. No one is sure how the ransomware got into KQED’s system.
Ransomware brought this public television and radio station to a grinding halt— All Internet-connected devices, tools and machinery were cut off in an attempt to isolate and contain the attack that infected the station’s computers. More than a month later, many remain offline. Although the station has continued its broadcasts, it’s found that functioning in a non-Internet world is extremely frustrating and difficult.
This incident highlights the need for businesses like yours to protect themselves and their IT devices from debilitating cyberattacks. We’re more vulnerable today than ever before. It’s up to you to take proactive measures to protect your business. (Contact us to learn more.)
Ransomware: An Old Threat Reborn
Ransomware isn’t new. In fact, it’s one of the oldest types of malicious software programs, and is becoming increasingly prevalent as more people rely on IT and Internet connections for their day-to-day operations.
Ransomware essentially locks a user out of their system, or holds data hostage until a ransom is paid. Once the ransom is paid (generally through a wire transfer or cryptocurrency transaction), the data or service is unlocked, and (theoretically) the user can recover their data.
However, there are more issues of concern:
- Ransomware is a type of virus, so it can self-replicate throughout computers, servers, and other devices operating on the same network.
- Paying the ransom doesn’t necessarily mean your system will be unlocked. Some forms of ransomware are designed to just disrupt, while others may have been long abandoned by its creators.
- Paying the ransom can be expensive. While some ransomware attacks only amount to a few hundred dollars, others can be in the range of thousands—especially those targeting large enterprises.
- Paying the ransom doesn’t mean your data hasn’t been copied or otherwise breached. You still need to react as though your data has been shared, including confidential identity and financial information.
KQED’s Ransomware Attack
KQED’s ransomware spread quickly throughout their network, including their Internet of Things devices. The ransomware then encrypted data on their Microsoft computers, but was halted before it could encrypt a significant number of systems. The problem was that it had already infected the network; if the system was brought back up, it would only continue to propagate. Consequently, Internet access had to be removed for many of the systems until the issues could be properly isolated and dealt with, device by device.
To avoid further infection, all Windows computers had to be wiped and restored, and KQED had to upgrade its security measures. This attack came in the wake of—but was not related to—several global ransomware attacks, which took down computers throughout the world.
In order to decrypt the files, the ransomware requested approximately $3,637 for each file to be decrypted. The total ransom requested was in the millions, which was impossible for KQED to pay.
How Can You Defend Against Ransomware Attacks?
In the past, many security systems were limited to only identifying already known attacks. This meant new vulnerabilities and custom attacks were impossible to defend against. KQED was vulnerable to attack even though it had relatively up-to-date security—This may have been the case because its security system was running based on antiviral templates.
New security systems scan for the presence of ransomware attacks and can mitigate the majority of these threats, not only by identifying individual attacks, but also being able to identify suspicious behavior. Machine-learning algorithms and artificial intelligence have now made it possible to scan for the behavior of potentially malicious programs.
KQED was struck by a new piece of software that had not yet been identified. However, it’s unknown whether its suspicious behavior might have been flagged by a more advanced threat-detection system.
Note: In addition to having up-to-date security measures, your systems must be regularly backed up. You should be able to deploy a backed-up instance of an entire system to protect your organization from virtually any threat—including physical hazards such as fire or earthquake.
KQED had a single network composed of many different devices, which couldn’t be reset altogether. The ultimate consequences for KQED were that:
- They couldn’t complete a significant amount of work for weeks.
- Online broadcasts went down for more than twelve hours.
- They lost a significant portion of their work and weren’t able to use their computers or the Internet for a substantial amount of time.
- It took weeks to even begin to repair the damage—and these are weeks the station will need to pay for in terms of man hours and IT costs.
All of this could have been prevented through better security measures and security training for their employees.
Cybersecurity is our specialty and priority at Intivix. Cyber threats are growing exponentially, and we’ll block them by eradicating all potential security weaknesses. Your systems will be protected by a next-generation firewall, antivirus, and spam-filtering system. Plus, we’ll conduct security awareness training for you and your staff on an ongoing basis, so they can recognize a threat in an email, or on a web page.
For more information about IT security for your business in San Francisco, contact us:
Toll Free: 888-499-1703
Direct: 415-543-1033 ext. 103
Or on The Web at: http://intivix.com/contact-us/