RANSOMWARE ATTACKS ARE THE PROBLEM FOR WEB HOSTING FIRMS
You might have heard about the RANSOMWARE fuss on some occasions. It may be the case where you have got a pop up on your computer screen about the warning of a ransomware infection.
Ransom malware, or say Ransomware is a kind of malware that gets into the user’s computers and stop them to access their system. This, in turn, demands the ransom payment to regain access.
The first Ransomware was developed in the late 1980s and is known as the PC Cyborg or AIDS. It would encrypt all the files in all DIRECTORIES after around 90 reboots and ask the users to renew their license by giving $ 189 via mail to PC Cyborg Corp. The encryption used was simple enough to reverse and it posed a little fear upon those who were before computer savvy.
Till 2004, a true ransomware threat didn’t arrive on the scene yet. At this time, GpCode used weak RSA encryption to hold the personal files for ransom.
After this in 2007, WinLock signaled the growth of a new type of ransomware and it shut people out of their desktops instead of encrypting the files. WinLock took all over the victim’s screen and displayed the litter images and demanded the payment via paid SMS to remove those images.
In 2012, there came a new form of Ransomware i.e. law enforcement ransomware. Now, in 2017, CryptoLocker re-open the world to encrypting ransomware. This was far more dangerous. Here, the CryptoLocker used military-grade encryption and stored the key required to unlock files on the remote server. So, it became all the way impossible for the users to get the data back without paying the ransom. Therefore, this type of encrypting ransomware still has a presence today as it is amazingly validated efficient tool for cybercriminals to make the maximum money.
Ransomware attacks are a problem for web hosting firms. The web hosting companies get affected by the Ransomware attacks.
Let us take an example of a South Korean web hosting company. It was infected by the Erebus ransomware attack in 2017. This affects more than thousands of South Korean websites and the Linux servers. The company reported 153 of its Linux servers were infected with Erebus which, in turn, infect 3400 websites on the web hosting company’s servers. It was discovered that this Erebus ransomware uses a User Account Control (UAC) bypass method to run at higher privileges without even alerting the user. The company got that much affected so that in the end, they have to negotiate with the hackers. But, there was no way left to decrypt the Erebus encrypted files for free.
From the following, you can know how these people blackmail the users having their business online.
My boss tell me, your buy many machine, give you a good price 550 BTC
If you do not have enough money, you need to make a loan
You company have 40+ employees,
every employees’s annual salary $30,000
all employees 30,000 * 40 = $ 1,200,000
all server 550BTC = $ 1,620,000
If you can’t pay that, you should go bankrupt.
But you need to face your childs, wife, customers and employees.
Also, you will lose your reputation, business.
You will get many more lawsuits.
This is how the cybercriminals blackmailed in the case of Erebus ransomware attack on a South Korean web hosting company.
Now, let us discuss the impacts of a Ransomware attack on web hosting firms:
- Ransomware attacks can have extending effects on the performance of the companies.
- It does not only lead to data loss but has far wider-reaching effects on the performance as well as the revenue of the company.
- The companies may lose access to data for days, weeks or months.
- As long as the attack may encounter, it produces various devastating effects on the business. Majorly, the revenue loss, the loss of production due to no access to the data, the loss of reputation in the market which automatically drives your company to a modest level.
- Apart from the ransom that the cyber attackers have been paid, the victim company also suffers the major revenue downfall due to the restricted system access.
Let us go through some of the staggering facts of Ransomware attack:
There are a lot of cybersecurity professionals who got surveyed by big brands and do not even know that their organization is already groomed to confront a ransomware attack. Just in 14 seconds, every new organization would fall victim to ransomware in this current year and it will occur in every 11 seconds by 2021.
Every month around 1.5 million new phishing sites are being created and this attack is spreading like a fire in the past two years. Around 34 percent of businesses got hit with the malware and it took more than weeks to regain access to their entire data.
This graph depicts that 97% of US companies denied paying the Ransom, 75% of Canadian companies paid and which is further followed by 22% of German businesses as well as 58% in the UK.
What to do when you are infected with a Ransomware attack?
If you find yourself infected with ransomware then never pay the ransom. This would be the very first rule. This input is endorsed by the FBI. The reason behind not paying the ransom is not encouraging cybercriminals to launch the additional attacks against anyone. Other than this, you will be able to retrieve some encrypted files with the help of free decryptors.
You need to mind the fact that not all ransomware families had decryptors in specialized cases where ransomware is utilizing advanced and sophisticated encrypting algorithms. Even if there is a decryptor for some ransomware, we cannot be sure that either its the right version of the malware. It would be more harmful to encrypt the file with the help of the wrong decryption script. Therefore, we should always take care of the ransom message itself or it is better if we ask the security/IT specialist advice before trying anything on our own.
Some other ways to resolve the ransomware infection includes downloading the security product which is known for remediation and running a scan to remove the threat. In this case, you may not get all the files back but the infection will certainly get cleaned up.
For the screen-locking ransomware, you can restore the full system. If it doesn’t work out, you can run a scan from a bootable CD or USB drive.
So, if you want to prevent an encrypting ransomware infection in an action, then you need to be a keen watcher. And, if in case you notice that your system is getting slow, then you can shut it down and disconnect the internet. If once you boot up, the malware would be still active, this will still not able to send or receive the instructions from the control server. Therefore, this time, you need to install the security product and run a proper full scan.
Preventive measures against the Ransomware attack:
As we all know, Prevention is better than cure so as in the case of a Ransomware attack. We need to set up our mindset like this that we have to stop this Ransomware attack even before we listen to rumors.
In fact, the ways to stop being infected from Ransomware attack are mentioned below that requires a lot more technical skills. So, this is recommendable in case of avoiding the fallout from the ransomware attacks.
The first step in ransomware prevention is to invest in the awesome cybersecurity. Cybersecurity is the program with real-time protection and is well-designed to prevent advanced malware attacks like Ransomware. You must also look out for the features which will both safeguard the vulnerable programs from the threats and block Ransomware from holding the files hostage.
Next is, to create secure backups of your data regularly. It would be better if you use cloud storage that indulges high-level encryption as well as multiple-factor authentication. Though, you can have USBs or the external hard drive where you would be saving new or updated files but make sure you physically disconnect the devices from your computer after having a backup. If you don’t do this, it can also become infected with ransomware.
Next, you need to stay certain of the fact that all your systems and software are updated. If we talk about the WannaCry ransomware outbreak, it took advantage of a vulnerability in Microsoft software. The company had released a patch for the security loophole in March 2017. Many folks didn’t install the update and that left them open to attack. Everyone knows that it is utmost difficult to be the top in the list of ever-growing updates from the growing list of software and applications which is used in our daily life. That’s why it is suggested to change the settings to enable automatic updating.
Last but not least is to stay informed. One of the most adopted ways with which computers are getting infected with Ransomware is with social engineering. You must also educate yourself on detecting malspam, suspicious websites as well as other scams. Next, is to give a try when you suspect something.
Security checks against the Ransomware attack:
Check out the following:
- Make sure that you keep your local system free from viruses and malware.
- You must use a certain OS in your system.
- You should use anti-virus, firewall as well as anti-malware tools to protect your system.
- You must use tough passwords such as, including capital, small letter, numerical as well as special characters.
- You need to keep changing the passwords for mail.
- You need to secure your network and IT environment.
- You need to make sure that your website and web hosting are free of malware as well as security vulnerabilities. If you are using third-party scripts as well as codes on your site, then it would mean running the latest secure version.
- Also, it is vital for you to maintain your website, email, database backup in multiple locations preferably in the external devices such as a USB hard disk and you need to keep it safe.
- You can also use income mails spam filtering practices.
- You can also make the system administrators as well as email administrators knowledgeable.
What is more important for web hosting resellers is internet security. Be the smart web hosting providers so that people choose you over other web hosting providers and get them the best advice at the accurate time.
In fact, recently, the cloud computing provider iNSYNQ experienced an attack by ransomware which made the company shut down their servers and gift them the malware infection which spread like a virus.
iNSYNQ is the most accredited Microsoft, Intuit and Sage host that avails the customers with cloud-based virtual desktops and which is also designed to host business applications like QuickBooks, Sage, Act, and Office. So, the attack has happened on 7/16/19 and is inflicted by the unknown malicious attackers. This attack impacted the entire files which were referred to certain iNSYNQ clients and delivers the data inaccessible.
So, as soon as iNSYNQ discovered the attack, they took steps to recover it. This includes turning off servers in the iNSYNQ environment. These efforts were drawn to protect the client’s data and backups. At the time, this cloud hosting firm hired cybersecurity experts to restore the access to the affected data of the customer and all the clients’ virtual desktops with the major traction.
Their entire team was working diligently to curb and restore access to the impacted data.
But, at last, the company believes that the customer data would be recovered and restored but it would be time-consuming until the entire backups are checked so that they can be sure that the malware wouldn’t affect in any way.
WGS follows the approach that would minimize security risks. We have a security platform that processes multiple levels of security. It ensures unparalleled security for the entire services.
Get in detail with our entire security approach.
1. Datacenter security
In our thorough process, security and stability are the most vital variables in the process. We have our data centers equipped with surveillance cameras, biometric locks, policies of authorization, limited access to data centers, security personnel as well as various processes and operations.
2. Network Security
We have our global infrastructure deployments that organize the DDoS mitigators, Intrusion Detection Systems(IDS) and firewalls at both the edge and rack level. We can tackle the frequent hacking as well as DDoS attempts and which would be without any degradation.
Protecting against Distributed Denial of Service attacks (DDoS)
Denial of service comes under the top source of financial loss because of the cybercrime. The main goal of the Denial of service attack is to rattle the company’s business activities by ceasing the website’s operation, email or web applications. They achieve this by attacking the servers or network that host these services and overloading the key resources like bandwidth, CPU as well as memory. The motives basically behind these attacks are fraud, bragging for the rights, political statements as well as worst damaging competition, etc. Any organization that virtually connects to the internet is liable to these attacks. So, the business impact of uninterrupted DoS attacks is enormous and it would lead to closer to no profits, dissatisfied customer, productivity loss, etc and that is due to the unavailability or service degradation. The DoS attack is that much powerful that it would even land you with the huge bandwidth coverage invoice which you have ever seen.
We have a distributed denial-of-service protection system that provides incomparable protection against DoS and DDoS attacks on the internet faced infrastructures which indulges your websites, email as well as mission-critical applications while using refined state-of-the-art technology that triggers itself whenever the attack is launched. What does the mitigator’s filtering system do is block all the fake traffic and provides that the consistent traffic is permitted for the largest extent possible? These systems have protected various web sites from the wide disruption caused by the concurrent attacks as large as 300+ Mbps earlier. Therefore, it allows organizations to focus on the business.
We do have a relentless firewall protection system which secures the perimeter and carries a fine line of the protection system. It uses profoundly flexible as well as progressive inspection technology to protect the data, website, email as well as web applications by blocking unauthorized network access. It ensures controlled connectivity between the servers which will store your data as well as the internet via the imposition of the security policies which are devised by the subject matter experts.
Network Intrusion Detection System
We have the network intrusion detection, prevention as well as vulnerability management system that provides fast, rigorous as well as extensive protection against targeted attacks, traffic inconsistency, unknown worms, spyware/adware, network viruses, rogue applications, and other zero-day exploits. It also uses modernized high-performance network processors which carries out so many checks on every packet flow together with no apparent increase in the inactivity. Moreover, as the packets pass through our systems, they are fully checked to determine whether they are reasonable or harmful. Therefore, this method of spontaneous protection is the most compelling mechanism of assuring that the dangerous attacks do not stretch to their targets.
3. Host Security
We have graded on hardware vendors that consist of the record of high-security vendors as well as quality support. Therefore, most of the infrastructure, as well as datacenter partners, uses the equipment from Cisco, Juniper, HP as well as Dell, etc.
Host-based Intrusion Detection System
With the arrival of the tools which are capable of bypass port blocking perimeter defense systems like firewalls, it has now become vital for businesses to deploy Host-based Intrusion Detection System. This focuses on monitoring and analyzing the computing systems internals. We have our host-based intrusion detection system that helps in detecting as well as pinpointing the alterations to the system as well as configuration files. It can be done either by accident, from malicious tampering or the external intrusion with the usage of heuristic scanners, host log information as well as by monitoring system activity. In fact, the fast discovery of changes decreases the damage risks and also lessens the troubleshooting and recovery times. Therefore, it further decreases the overall impact and creates improvisations in the system and security availability.
4. Software Security
We have the applications which run on myriad systems with the myriad server software. Our operating system consists of several flavors of Linux, BSD, and Windows. Our server software includes the versions and flavors of Apache, Resin, IIS, Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd, etc. We ensure security despite the diverse portfolio of software products that we utilize by following the process-oriented approach. We ensure security despite the process-oriented approach being followed by us for the software products.
Timely application of updates, bug fixes as well as security patches
The entire servers are registered for the automatic updates to assure that they consist of the latest security patch installed and the new vulnerabilities are amended asap. Various intrusion results from the exploitation of the well-known vulnerabilities, configuration errors or virus attacks where countermeasures are available already. Therefore, various systems and networks are impacted by the systems as they haven’t consistently expanded the patches that were released.
Moreover, we do understand your requirements for the strong patch as well as update management processes. Like the operating system and server software gets more complex, every newer release is cluttered with the security holes. Most of the information and updates for the new security threats get released daily. We have built up consistent, repeatable processes along with the reliable auditing and reporting framework that also makes sure that system remains up-to-date.
Periodic security scans
You would deal with the frequent checks that run with the help of enterprise-grade security software to determine whether any server have any known vulnerabilities. The servers are also scanned against the all-inclusive and up-to-date databases of the known vulnerabilities. Therefore, in this way, we can protect our servers from attacks and ensures the business continuity by identifying the security holes or vulnerabilities before the occurrence of an attack.
Pre-upgrade testing processes
Generally, software vendors release software upgrades frequently. While every vendor follows their testing procedures before any release of the upgrade. They cannot test the interoperability issues between software. For example, a new release of a database is tested by the Database vendor. However, the impact of expanding this release on the production system running several other FTP, Mail or web server software cannot be determined directly. Our system administration team cites the detailed analysis of several software upgrades and if one of them is recognized to have a high risk, then it is known to be first beta-tested in our labs before live formation.
5. Application Security
All the application software which is used in the platform is built by us. Basically, we do not outsource development. Any of the third party products or the components go through this all-inclusive training as well as testing procedures where all the project elements are broken down and the knowledge about their architecture as well as implementation is shifted to the team. It can let us completely control the variables which are involved in any specific product. The entire applications are engineered using proprietary product engineering process which follows the ardent approach towards security. Every application is broken down into several components such as user interface, core API, backend database etc. Every layer of abstraction has its own security checks, that is performed by a higher abstraction layer. All the sensitive data is stored in the encrypted format. We do engineering and development practices which ensures the high level of security in regards to all the application software.
6. Personnel Security
As we all know that the weakest link in the security chain is the people you have trust in. It can be anyone from your personnel, development staff or vendors. We follow the holistic security approach that minimizes the security risk brought by the “Human Factor”. The information gets uncovered on a “need-to-know” basis. The authorization gets expire when the requirements get out of date. Most importantly, the personnel is coached in the security measures. Each employee which has administrator privileges to any server goes through the detailed background check. The companies which skip this process, are putting to risk all the sensitive as well as important data in regards to their customers and there would be no matter how much money is invested into these high-end security solutions. So, having the right amount of access can create much damage than any other external attack.
7. Security Audit Processes:
Audit processes are needed to ensure the replication of the process as well as discipline. You will come across many questions related to servers, backups, offsite backups, accurate reference checks, timely alerts by security equipment that indulges investigations, surveys, ethical hacking attempts as well as many interviews. Our audit mechanisms make us alert to a crimp in our security process before some other users discover it.
Get in touch with our services if you are looking for 24*7 server management team who can dedicatedly secure your server. We are specialized in outsourced web hosting support, outsourced server support along with the overall security services. We have been managing, monitoring and providing solutions to the number of servers with 100+ active customers globally.