Ransomware Situation Report in South Carolina

Has there been a business risk for organizations like a ransomware attack in South Carolina? An unprecedented incident that instantaneously damages your company? An attack that afflicts entities regardless of their industry, size, or relevance? One that finds even the most prepared companies unprepared?

Three decades ago, ransomware was nonexistent. But the threat has now turned into an existential cybersecurity threat to any organization. Companies have arguably never encountered a threat of this scale.

Digitization and the massive migration to remote work made 2020 and 2021 an excellent year for threat actors. Even worse, this threat is getting more complicated by the day.

A More Complex Cybersecurity Landscape In South Carolina

Ransomware gangs have shifted their attention to the “big game” and are now targeting companies’ entire networks. Their new tactics involve getting someone to click on a link that’s a phishing entry point to the whole infrastructure.

The primary objective is not to deploy ransomware; they nowadays extend their visits and move laterally as they escalate privileges. Once they find your digital assets and data, they’ll begin deploying ransomware to as much of the infrastructure as they can.

Big-game attacks typically begin from these specific initial compromise points:

• Phishing – Here, a threat actor may present themselves through impersonation, acting like a familiar party seeking personal information. For instance, they may imitate your financial institution and prompt you to share account details via email.
• Remote desktop protocol – With this approach, an attacker may exploit a remote desktop software solution then use the network access authorization to steal data.
• Network edge vulnerability – Ransomware attacks may also enter your network via exploitable vulnerabilities resulting from unpatched network equipment.

Ransomware gangs have successfully deployed several attacks in South Carolina, and organizations like Mt. Pleasant P.D., Bluffton Township Fire District, and Newberry County Memorial Hospital have reported such incidents.

Types of Ransomware Attacks

Here’s an overview of the most common ransomware attacks targeting small and large organizations in South Carolina and beyond:

Conti

A report by Conti DFIR classifies this as 2021’s most prominent ransomware. This group targets sectors like finance, consumables, technology, and the public sector. Attackers use phishing attacks to install Trojans that grant them remote access. They then harvest unencrypted data and steal credentials, then remain undetected until they deploy the ransomware on the network.

REvil

This attack also goes by the name Sodinokibi. It was first spotted in April 2019 and has since then spread through vulnerability exploits, backdoored software installers, and exploit kits. Experts have linked the threat to the Gold Southfield gang. It’s highly configurable and can elevate privileges and encrypt non-whitelisted folders and files. Typical targets include food production companies.

Avaddon

This ransomware was first reported in June 2020 and targets technology and manufactured consumable industries. The group uses double extortion, where they threaten victims into paying ransom for their captured sensitive data. Notably, Avaddon is delivered through malicious email attachments. Once opened, it encrypts files and deletes backup copies.

CL0P

This ransomware is an advanced variate of the cryptomix family and was first observed in February 2019. The first reported victim was Sofware AG, a German tech service, and the attack was on October 2020. The infection spreads via phishing campaigns in doc.x and zip files and can be easily detected using the .CLOP file extension. Previous targets include ExecuPharm, Inc, Stanford University, Carestream Dental LLC, and Nova Biomedical.

Darkside

This is another double-extortion operated by threat actors. It has been around since August 2020, and the average requested payment amount for the attack is $6.53 million. The group gained global attention after the Colonial Pipeline attack of May 2021. They also leaked data belonging to at least 13 law firms. Despite announcing that they had ceased operations, its affiliate called UNC2465 still portrays an active attack infrastructure.

Doppelpaymer

Trend Micro first observed this ransomware variant in 2019. It uses the Process Hacker to jeopardize processes and services like backup, security, database software, and email. By doing this, it prevents access violations as it encrypts data at a faster rate. It presents itself through malicious emails that contain document-like attachments and spearfishing links. It also downloads other malware.

Babuk

Initially known as Vasa Locker, Babuk Locker is now among the common ransomware attacks. It was observed during the initial months of 2021 and has affected over 38 organizations. In one of the cases, the attackers parted with $85,000 in Bitcoin. The daring gang targeted Washington D.C Police and got away with 250 GB of data.

Netwalker

This ransomware is a brainchild of the “Circus Spider” group and was first observed in August 2019. Just like other similar attacks, its initial foothold lies in phishing emails. Treat actors then extract data and encrypt sensitive files and folders before requesting massive extortion. Apart from holding the data, they’ll lead a section of it online to pressurize victims into paying the requested ransom.

How To Beef Up Your System Against Ransomware

There’s no silver bullet to establishing an infrastructure that’s entirely safe from ransomware attacks. But these key steps will drastically lower the risk of this nasty infection:

• Always be repaired – An excellent way to prepare for this threat is deploying robust backup solutions and updating the backed-up data regularly. Once attackers encrypt your data, the backup restoration will be the only viable solution. Otherwise, you’ll either pay the requested amount or lose your crucial data.
• Prevent – User education will help staff understand ransomware activity. This way, they’ll know how to identify and avoid the threat.
• Protect – The best mitigation strategies include minimizing administrative privileges, patching apps, and operating systems, and whitelisting files. It’s also essential to leverage managed endpoint security tools, which boost your anti-malware and antivirus effectiveness.
• Avoid paying – If a ransomware attack finds you unprepared, you’ll likely be tempted to spend. However, this can be risky. You may lose your money and data since a ransom payment can’t make a criminal any honorable.
• Stay productive – If an attack is focused on business disruption, you can increase your business continuity by moving to the cloud.
• Prioritize regular updates – Most of the time, ransomware gangs leverage outdated systems. If you haven’t updated your systems, they can easily find vulnerabilities and infiltrate your networks.

Ransomware Specialists In South Carolina

Securing business data and digital assets is a necessity for every organization. When establishing robust security systems for your data, ransomware should be among the highly prioritized threats. To keep your infrastructure and data secure, you must pay attention to employee best practices, business technology, and backup systems.

Unfortunately, following all the best practices is no easy feat. As a result, savvy organizations in South Carolina now partner with third-party providers. Servcom USA is your reliable South Carolina IT partner that can help you address all your cybersecurity needs.

Reach out for the ultimate solution for your I.T. security.