Online crime is on the rise, and there has never been a better time to be a cybercriminal. The ease, low cost, low risk, and high payoff of ransomware and malware attacks drive a global crime spree by organized gangs of international cybercriminals. With the end of the year still months away, 2021 has already seen some of the boldest examples of cyberattacks in history; and at around $150k on average, ransom demands are at their highest levels ever.

Cybercrime has rapidly evolved from digital vandalism by teenage pranksters into a lucrative criminal enterprise that threatens our economic and national security. Cybercrimes are growing in sophistication, and recent high-profile attacks, like those on Kaseya, JBS Foods, and Colonial Pipeline, demonstrate that cyberattacks can happen without warning, bringing businesses to their knees. Cybercrime can be relentless and expensive to remedy. 

Cyberattacks are equal opportunity crimes. They can devastate local businesses and global enterprises alike, undermining brands and consumer confidence, as well as destroying goodwill and hard-earned reputations. Businesses of any size can learn from the recent attacks, and they can use the lessons learned to help formulate good cybersecurity policies. Cybersecurity awareness training, cybersecurity proactive support services, and continuous IT back-ups aren’t just good ideas. They are now part of doing business in our current environment. 

Just as you take certain precautions, practice situational awareness, and implement healthy practices to avoid becoming a victim at home and on the go, your business can also implement and practice good habits in cyberspace to reduce exposure to cyber-predators. With small businesses targeted at an alarming pace, it pays to be paying attention now more than ever. 

Developing cybersecurity plans and policies focused on resilience, continuity, and recovery after an attack, combined with cybersecurity certification training programs for employees, and implementing protective IT solutions are just as crucial to business as physical security measures such as locks, access control, and cameras. Being proactive on cybersecurity matters has never been more critical than it is today. Implementing a cybersecurity program can go a long way toward safeguarding businesses from various cybersecurity risks, including phishing, social engineering, and of course, malware and ransomware, as well as other common cyberattacks and online scams.   

Cybercrime is Big Business

In 2019 alone, malware was used to extort billions of dollars in ransom, typically paid in untraceable Bitcoin by businesses that did not adequately protect themselves against such attacks. This year, the average haul from an unsuspecting or unprepared company is about $150,000 per incident. But ransomware and malware, the malicious bits of code designed to prevent users from accessing their computer systems until a ransom is paid, aren’t the only problems.

Email phishing scams send fraudulent links to unsuspecting employees, infiltrating business communications while extracting personal and confidential information. Add social engineering, man-in-the-middle, SQL injection, denial-of-service, zero-day exploitation, and other cyber scams into the mix, and the potential to become a victim is greater than ever before.

Is 2021 the Year of the Cybercriminal?

This year has seen more than its share of high-profile cyberattacks on business and government agencies. Victims of successful cyberattacks in 2021 include computer hardware manufacturer Acer, Microsoft Exchange Server, Colonial Pipeline, the most extensive pipeline system for refined fuel products in the US, and JBS S.A., the world’s largest meat producer. 

Australia’s parliament was also hit, and Australia’s Channel Nine television programming went off-the-air. In the UK, services at the eight campuses of the University of the Highlands and Islands in Scotland were disrupted for weeks. There was even a shot at poisoning the water supply of a city in Florida. 

These are just a few high-profile incidents that drew media attention. As recently as Independence Day weekend, Miami-based Kaseya, a cloud-based IT management and security software provider, was hit with the most significant ransomware attack in history. The scheme was perpetrated by REvil (Ransomware Evil; a.k.a Sodinokibi), a private ransomware-as-a-service (RaaS) criminal organization with suspected ties to Russia. 

REvil learned of a zero-day software vulnerability in Kaseya’s VSA remote monitoring & management (RMM) software platform just as Kaseya became aware of the issue. As Kaseya raced to develop a software patch to mitigate the risk, REvil went to work to create a hack to exploit the newly disclosed vulnerability. 

The timing was critical. REvil beat Kaseya to the punch. REvil pounced on the opportunity and began exploiting the weakness just as Kaseya installed its fix to correct the problem. Kaseya was too late. REvil was able to deny administrative access to as many as 1,500 businesses and Managed Service Providers (MSP). As one might expect, REvil demanded a staggering ransom. In this case, it was $70 million from 200 US firms for a universal decryption key to free the hostage data. 

REvil eventually lowered their ransom demand to $50 million. Some victims paid individually, while others refused to pay anything. Although we may never know exactly how much ransom money REvil received, we do know that at least one victim reportedly shelled out $220,000 in the attack.

Why are Cyber Attacks on the Rise?

With billions of dollars readily paid in ransom, ransomware attacks are becoming more prevalent. Ransom demands have increased dramatically as the number of successful cybersecurity breaches has risen into the tens of thousands. This year alone, cybercriminals have shut down large sectors of the US economy, affecting businesses of all sizes in locations around the globe and close to home. 

The underlying reasons for this troubling trend are simple. Ransomware attacks are inexpensive and easy to execute from remote locations where criminals can operate with impunity or even state support. At the same time, cryptocurrency payment methods make it easy for criminals to get paid with untraceable funds.

Today, businesses are becoming ever more dependent on digital infrastructure and are more willing to pay off criminals. There is little to deter cybercriminals and lots of easy money to be made; so, there is plenty of incentive for criminals to perpetrate cyberattacks on the unsuspecting and the unprepared.

Don’t Allow Your Business to Become the Next Victim

If the average ransom paid in a malware attack isn’t painful enough, the downtime for a business targeted in a ransomware attack averages 16.2 days. Restoring normal operations can take even longer, costing far more than ransom and downtime alone. Multinational corporations may absorb the outlays associated with a successful cyberattack, but the costs to small businesses can be devastating. In perspective, the relatively low expense of ongoing Managed Cyber Security Services is easy to justify in today’s high-risk online space.

Partner with Kustura for Your Cybersecurity Needs

Fortunately, even in this current climate of online criminality, your business can maintain its edge and avoid becoming a victim. With the integration of cybersecurity and IT support, our Peace of Mind Plan™ takes the guesswork out of your IT security needs and puts the load on our cybersecurity professionals, allowing you to focus on running your business. So, consider making Kustura your cybersecurity partner. Together we can develop your cybersecurity policies and training while implementing best practices cybersecurity measures to help defend your business against cybercrime.

We understand that 54% of small businesses don’t have adequate cybersecurity measures in place. With cybercrime tactics constantly evolving, we also know it can be hard to stay a step ahead of hackers, cyber vandals, and cybercriminals. That’s where we can help. Contact us today at (904) 855-8885 to schedule your cybersecurity evaluation and discuss your cybersecurity needs. For more information about cybersecurity and related topics, visit us online at https://www.kustura.com/business-cyber-security-and-protection-jacksonville-fl/.

Cyber-Preparedness Checklist

•          Do your IT solutions include Proactive firewalls, anti-spam and content filters?
•         Are your employees provided with cybersecurity training?
•          Are you partnering with a responsive Cybersecurity service provider like Kustura?