Enterprise Business and Ransomware | TorchLight Security

Preserve business continuity by protecting operations and developing a reputation for security among your clients. Here’s what to know about recent attacks so you can adapt your security strategies.


Enterprise Business and Ransomware

As the threat from ransomware continues to grow and evolve, it is more important than ever to protect customer data and maintain continuous operations. Preserve business continuity by protecting operations and developing a reputation for security among your clients. Here’s what to know about recent attacks so you can adapt your security strategies.

Typical Attack Vectors Used Against Enterprises

Ransomware techniques constantly progress and evolve, allowing cybercriminals to utilize more tactical and discreet approaches. In the past decade, hackers used a randomized approach, attacking different types of enterprise businesses, to see if they gained entry to one that could be a good target for a ransomware attack. Today, enterprise ransomware attacks have not only become more specialized, but they’ve also become micro-targeted.

Threat actors select a target and watch them over time, uncovering vulnerabilities and planning an ideal time to attack. Enterprise businesses have been subject to standard asymmetric encryption algorithms, searching for overlooked system vulnerabilities (phishing email, leaked access credentials, etc.). Often, the threat actors that were able to find these vulnerabilities are different than the ones perpetrating a ransomware attack. That is how sophisticated and specialized this process has become.

Once they have access, hackers adopt a mostly “lateral movement” technique, silently establishing their presence throughout the network and encrypting all devices at once. Once the threat actor has access, they can plan an attack for a crucial time when the business is most likely to pay a ransom.

Enterprise Attacks and What to Learn from Them

JBS USA Attack

JBS USA processes 1 million pounds of the nation’s meat supply, which is equal to a quarter of America’s beef. The meatpacker was hit by the infamous Russian ransomware group known as REvil. JBS was forced to halt operations for one day at 13 plants, causing disruptions and delays. They ended up paying $11 million in bitcoin to avoid further disruption and mitigate damage to other food suppliers (farmers, grocery stores, restaurants). “We felt this decision had to be made to prevent any potential risk for our customers,” said the CEO. Enterprise businesses can learn from the experience of JBS. Being proactive with protection is important and knowing where your vulnerabilities lie is the first crucial step toward improving security hygiene and minimizing the effects of attacks.

Colonial Pipeline Attack Causes throughout the East Coast

One of the most impactful ransomware attacks of 2021 was the Colonial Pipeline attack. DarkSide ransomware group froze the financial IT systems of the Colonial Pipeline, impacting millions of drivers by causing gas shortages throughout the southeastern U.S. The attack caused the Colonial Pipeline to shut down the fuel supply on the east coast for six days. After a few days of uproar and chaos, Colonial Pipeline paid the group $4.4 million.

The Colonial Pipeline attack had a larger impact on the ransomware community than originally expected. The attack caused increased scrutiny from government operators, which forced DarkSide underground. Additionally, many ransomware operators went dark for several months to wait out the period of intense scrutiny. However, you shouldn’t let the absence of high-profile attacks lull you into a false sense of security. After this high-profile attack went wrong for DarkSide, security experts now expect threat actors to go after lower-profile (but still lucrative) targets, which could mean that your business is next. What can you learn from the Colonial Pipeline attack? All of your systems, endpoints and assets are important – not just those in operations. A complete defense includes comprehensive security coverage.

Kaseya Attack and the Trickle Down to Small Businesses

Kaseya, an IT solutions developer for MSP and enterprise clients, experienced a supply chain breach over the Fourth of July weekend. Attackers recognized a vulnerability in the software Kaseya was using and leveraged it against them. They were able to compromise IT solutions used by multiple MSPs and their customers, using network-management packages as conduits to spread ransomware throughout cloud-service providers. As a result, an estimated 800 to 1500 smaller-sized companies worldwide may have been compromised through their MSPs (partnered with Kaseya). This attack calls attention to the need to secure businesses of any size – and to demand the utmost in security from service providers. You’re only as safe as the weakest link in your network, so coverage is essential.

How to Prepare for and Mitigate Attacks

It is important to take all the necessary precautions to minimize the likelihood and effect of a ransomware attack. Failure to do so can cause serious damage to not only your business, but others down the supply chain. TorchLight can help protect your company by:

  • ​​Partnering with you. We understand your business’ unique needs, and we will customize protection for you. TorchLight integrates security strategy into business strategy to make security a tool for business progress.
  • Properly securing your networks with cybersecurity technology. For example, TorchLight can help you automate your backups separate from primary systems. Isolating backups will help ensure you have a clean, uninfected system.
  • Ensuring your employees are aware of cybersecurity practices. Training your staff on how to recognize potential threats and what to do if a security breach occurs. We’ll help you put a backup plan in place so that your organization is prepared and can continue operations as much as possible.

How can TorchLight help?

Contact us to uncover and protect your business’s vulnerabilities from bad actors.