Throughout the year, Ransomware attacks, including those targeting high-profile organizations and critical infrastructure, have taken a back seat in our newsfeed, which has been dominated by the gloom of ongoing wars, the rising cost of living and political uncertainties around the world. However, despite not making it to our newsfeeds, the threat of ransomware attacks has remained constant, with data showing cybercriminals keeping pace with the pace set in 2021.
Why are Ransomware Attacks Still a Threat?
Despite not making it to the front page, the past few weeks have seen a sustained effort by cybercriminals using ransomware attacks. These attacks have included the Azov Ransomware data wiper, which has been was reported late last month to be highly circulating through pirated software, key generators and adware bundles. According to reports, the Azov ransomware was designed to frame well-known security researchers by claiming they were behind the attacks. The Azov Ransomware attacks were also a change of tact from cybercriminals who mostly use Ransomware to extort money and instead anchored on spreading political messages rallying against the west.
In November, there have also been multiple reports indicating ransomware attacks may be surging. This has included reports of the attack on Continental automotive giant, which the company indicated happened in August. Last week also saw reports of cybercriminals threatening to release Medibank data, a health insurance company based in Australia, a new Dharma ransomware variant being discovered, Lockbit ransomware using bot malware to deploy ransomware and the US Health Department warning of the Venus ransomware that has been targeting healthcare organizations.
As seen above, Cybercriminals have not slowed their attacks on organizations, especially healthcare providers, despite the problem not being reported widely. The recent attacks also indicate industries such as veterinary practices remain vulnerable to cyberattacks.
One example that is likely to be used against veterinary practices is the Venus ransomware, which the US Department of Health and Human Services warned it was targeting the country’s healthcare organizations. According to reports, the group behind the Venus ransomware prefer to act in silence by not releasing information about the organizations they compromise. There is also no known data leak site where the cybercriminals behind Venus ransomware have published stolen data. Therefore, it is highly likely that some of their victims have been from veterinary practices.
What we do know is that once deployed, the Venus ransomware gives access to victims’ publicly exposed Remote Desktop Services, which allows cybercriminals to encrypt windows devices. The ransomware is also known for terminating their victims’ computer database services and office applications.
As a veterinary practice, you should also expect your event logs to be deleted. Venus ransomware also shadow copies volumes and disables Data Execution Prevention on compromised endpoints.
Therefore, for ransomware that has been in circulation since August and only came to the attention of authorities last week, there is a high likelihood that it is already spreading within the veterinary practice industry. Fortunately, there are a number of steps you can take to protect your practice from ransomware attacks, including:-
1. Training your staff
As seen above, one of the reasons why ransomware such as Venus and Azov was able to spread was due to downloading pirated software, key generators and adware bundles. Having staff that does not understand why downloading free versions of paid software is not a good idea can put your veterinary practice in danger.
Training can also help in preventing your staff from opening phishing emails and texts. They will also be able to identify an attack in progress and possibly stop it.
2. Antimalware and firewalls
Ensuring your computer systems are always protected by anti-malware can prevent ransomware attacks. It is also advisable to have a firewall that restricts traffic coming to your network. This can help you filter infiltration by cybercriminals and prevent your systems from getting compromised.
3. Data Backup
Having a secure data backup is also a good cybersecurity measure. The Backup can come into play after a successful ransomware attack, whereby you don’t have to negotiate with cybercriminals to get your data back because you can revert to your data backup and continue running normally.
4. Two-factor authentication
For accounts requiring a log in, it is important to have two-factor authentication that will help put cybercriminals away from your data if they get your login credentials.
Clint Latham