In 2020, one in four cyberattacks were the result of ransomware: a network  hijack capable of locking business out of crucial data for weeks on end. And although cyber-criminal groups are not extremely picky in the victims they target with these attacks, the more digital assets a business has on file, the higher the risk they face.

Take, for example, the recent events surrounding Polish video game developer, CD Projekt Red. On February 9, 2021, the team responsible for some of today’s most popular games awoke to locked network files and a ransom note, stating that the source code of four valuable projects had been stolen from their database. In turn, hackers offered to return the codes in lieu of CD Projekt Red paying an undisclosed ransom that is projected to be in the million-dollar range.

Important Update pic.twitter.com/PCEuhAJosR

— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021

Should You Pay a Ransomware Attack?

But while many businesses may quickly cave to hacker demands and fork over the cash, this is never the right idea. Should a business pay, a target is placed on their back, signaling other hackers that a payout is likely from a successful attack. As stated by the Federal Bureau of Investigation, paying a ransom doesn’t guarantee an organization will get the data back. Alternatively, hackers may take the money and continue selling the stolen data to the highest bidders online.

Although CD Projekt Red took this advice, it seems as though the damage had already been done, as an auction for each of these source codes went up February 10, with an anonymous winner completing the sale offline for over $7 million dollars.

Update: a mistake was made. They stated starting bid $1kk. This was assumed as a typo for $1,000. They meant $1,000,000. They are also selling immediately for $7,000,000.

Attached images supplied by @DrFurfagMD pic.twitter.com/JnOcwnGqZk

— vx-underground (@vxunderground) February 10, 2021

While CD Projekt Red has since released patches for its games, it’s likely that the source code will be used to develop new cheats and discover deeper vulnerabilities within each of the organization’s current products. But despite CD Projekt Red ensuring customers that no personal information was compromised in the breach, recovering a public image will likely be a long journey for the organization.

What Is HelloKitty Ransomware?

Every day 350,000 new strains of computer viruses hit the web, seeking to complete various malicious tasks on behalf of a hacker. So, what makes the attack that hit CD Projekt different? And how were the security measures of one of the video game industry’s most popular developers bypassed?

Known as HelloKitty ransomware, this virus targets over 1,400 process and Windows services to shut down and encrypt the files of the victims it attacks. Once infected the malware secretly navigates the compromised network, going unnoticed while data is sent back to the virus’s owner. Once the task is complete, the data is locked by the attacker and a note is left to inform the victim of the next steps. Typically, these notes include a link to the dark web, where victims are enticed to chat and negotiate with the attacker.

How to Prevent Ransomware

So, what can business leaders do to mitigate the risks associated with ransomware attacks? For starters, organizations with an IT team should reevaluate their current cybersecurity infrastructure to pinpoint potential vulnerabilities. On the other hand, for businesses without IT departments or the manpower to conduct a security audit, Rocket IT services may serve as a viable tool to provide strategic foresight and solve urgent issues. Regardless of the solution a business chooses, the following technologies and initiatives may be helpful to prevent a ransomware attack.

Backups

As mentioned previously, ransomware attacks seek to lock individuals out of business-critical information. For businesses that only keep their information in a single on-premise server, this can prove to be detrimental. In turn, organizations that don’t deploy off-site backups of their files will be left with no other option but to pay the ransom. That said, even if the ransom is paid, there’s a slim chance the decryption key received will not work. If that occurs and no backup is present, the entire business infrastructure could potentially fall apart.

Multi-Factor Authentication

On some occasions, ransomware attacks not only seek to encrypt files, but also gain control over employee accounts and entire applications. When this does occur, multi-factor authentication serves as a strong barrier between the hacker and a business’ resources. Whereas most application logins ask that individuals enter a password, employing a MFA service requires an individual to provide yet another method of identification to login. Most commonly, this secondary verification is tied to an individual’s smartphone and may utilize biometric verification, software tokens, push notifications, or a static PIN. For more information on MFA, check out this article.

Application Restrictions

Some newer ransom-based malware use legitimate programs to attack networks. By setting proper security policies, business leaders can set permissions to ensure only certain individuals are able to install specific applications on work devices. In turn, should a threat breach a business’ network, taking this step can greatly reduce the likelihood of the virus’ spread.

Endpoint Detection and Response

Traditional antivirus software tracks and blocks known viruses based upon the unique signatures that each carry. With new ransomware being developed on a daily basis, it’s impossible for these programs to update their lists to account for new threats in a timely manner. Alternatively, endpoint detection and response services track unusual behaviors that many individuals are not likely to make on their devices, halting these actions and reporting the findings to a business’ security lead for review.

Phishing Training

Phishing attacks are confidence scams, typically sent via email, where attackers pose as a reputable person or organization in hopes of stealing information or gaining access to a network. To train individuals on the tell-tale sign of these attacks, phishing prevention systems can create harmless emails posing as an online meeting invitation or document sharing links. By checking to see which individuals click on these emails sent through the training software, organization leaders can pinpoint vulnerable employees and provide further training to prevent a real breach.

Patching

While a large portion of ransomware attacks arise from email phishing, another risk lies in outdated programs or operating systems. When a developer issues an update or patch for a program, many times they are resolving a security vulnerability. If these patches are not pushed across an entire business quickly, hackers can successfully deploy codes to take advantage of the software’s flaws. Depending on the severity of the vulnerability, malicious code can be developed to gain remote access to a computer, escalate user privileges, and creep deeper into the now accessible network.

In 2020, 1,300 organizations lost data due to a ransomware attack. And although this number alone is staggering, the magnitude really sinks in when you realize that this number does not include the large number of victims that ultimately made the mistake of paying hackers to potentially stop a leak. Keeping this in mind, the recent events surrounding CD Projekt Red should serve as a cautionary warning to businesses in every industry. And while the technologies listed above are the first step to proactively secure an organization’s network, every business is different. Through Rocket IT’s Roadmaps, our team helps businesses review their current tech-stack, tailor a plan, and implement innovations to decrease risk, increase efficiency, and increase revenue. Ready to take the next step? Take Rocket IT’s roadmap assessment to see if a Roadmap is the solution for your business’s needs. Need immediate assistance? Don’t hesitate to give Rocket IT a call any time at 770-441-2520.