MINNEAPOLIS — Coming soon to a company near you, a ransomware attack.
The latest one, launched over the holiday weekend, could create financial headaches and a host of worries for hundreds of companies in the US and worldwide.
What did they have in common? They were using a network-management package offered by a software company known as Kaseya. The attackers apparently used a virtual service administrator, or VSA, offered by Kaseya to wreak havoc with those companies' computer systems.
It appears to be the work of the Russian hacker gang known as REvil, or other cyber crooks using ransomware created by REvil.
"We’re not sure if it’s the REvil ransomware gang themselves, because they also run what’s called an affiliate program," Evan Francen, a cyber security expert who heads FRSecure based in the Twin Cities.
"Ransomware as a service, so anyone who wants to pay can go buy a ransomware kit and use their ransomware to attack others. So, we’re not sure if was REvil themselves or an affiliate of REvil."
The latest attack took advantage of the fact that many small and mid-sized companies can't afford to hire their own IT people, so they outsource many tasks including maintaining their computer servers.
"This managed server has all sorts of access to all their customers. So, if I get to that server, I have access to potentially hundreds, maybe thousands of other customers though that."
Francen said the rising cyber-crime wave benefits by the fact that that cryptocurrency is growing in popularity for both legitimate transactions and money laundering activity.
"Cryptocurrency has become accepted enough that a lot of the places you buy things will accept cryptocurrency. In some cases, I don’t even need to convert it, right? The place I’m buying something from will accept cryptocurrency as payment."
The state of North Dakota recently deployed a free online tool created by Francen's company that helps people assess how vulnerable their home devices and networks are. The S2me online tool is available to anyone to use, regardless of where they live.
Protecting yourself starts with knowing what doors you may be leaving open at home and at work.
"The average person at home has 11 devices on their home network, and I think most people have no idea. You can’t possibly defend the things you don’t know you have, so start there," Francen remarked.
"You have to account for those risks. What level of access do they have to my environment? If something did go terribly wrong how badly could it affect me?"
The cyber crooks are becoming increasingly sophisticated, even casing out their potential victims ahead of time.
"A lot of times they’ll be in your environment for a while looking for your insurance policy because they want to find out what your insurance policy covers," Francen explained.
"And then they’re going to ask for a ransom that’s slightly below that."
Ransomware schemes represent a growing global crime wave that could cost economies around the world $10 trillion dollars by the year 2025, according to some estimates.
But it goes beyond the financial costs of paying ransom. It makes societies as a whole vulnerable to crippling consequences of computer networks freezing.
"If I were to attack somebody, I would attack the person who’s most likely to pay. So, if I can take down a pipeline, take down a hospital, take down a retail operation, they’re more likely to pay me, right? Because it’s not so much the data that has been lost as it is that we have lives to save, we have customers to serve, or we have gas to get to the pumps."
Francen's company employs 100 people working to protect their customers' IT systems. He said people often add software without assessing the added risk and complexity.
"Complexity is the worst enemy of security."