Contact Us At
What would you do if someone suddenly held your company's data hostage? Ransomware attacks are on the rise.
What Is Ransomware?
As the name suggests, ransomware is a form of malware that encrypts the victim's data, rendering its files inaccessible. The responsible hackers then demand payment to unlock it.
Cybersecurity specialists warn against settling the ransom since it doesn't guarantee recovery. Businesses should take proactive measures instead to avoid the following consequences:
- Compromised trade secrets, client contracts, employee information, and other company data
- Business downtime, legal fines, and other financial losses
- Reputational damage that can lead to lost clients and partners
- GDPR or CCPA compliance violations
A New Strategy in the Ransomware Playbook
According to a report from Sophos, threat actors are abusing legitimate online services to launch large-scale attacks while bypassing the need for custom infrastructure.
After investigating multiple ransomware incidents, the cybersecurity team discovered that all these attacks came from one source. The culprit was using Windows servers with identical hostnames, which are names assigned to a device on a network. Each system turned out to be a virtual machine made from the same prebuilt Windows templates.
Ransomware Infrastructure Is Getting an Unfortunate Upgrade
Sophos warns that cybercriminals are exploiting virtual machines at scale through bulletproof hosting (BPH), a service provided by hosting companies that intentionally ignore or evade abuse complaints, takedown requests, and law enforcement actions.
The researchers eventually uncovered thousands of servers with the exact same hostname. Around 95% came from several Windows templates, many of which were KSM-enabled. So far, investigators have connected the servers to the following malicious operations:
- Ransomware strains: ALPHV/BlackCat, Conti, LockBit, Qilin, and WantToCry
- Malware campaigns: ClickFix, Lumma Stealer, and PureRAT
- Trojans: TrickBot, Ursnif, RedLine, and NetSupport RAT
A majority of the infrastructure also belongs to the hosting companies First Server Limited and Stark Industries Solutions.
Ransomware Threat Mitigation for Businesses
With cybersecurity risks only becoming more and more sophisticated, companies should take their digital defenses seriously. Common strategies include:
- Conduct regular employee training to build awareness about phishing scams and social engineering.
- Partner with a trusted cybersecurity firm to monitor, detect, and respond to threats 24/7.
- Enable multi-factor authentication (MFA) to add an extra layer of security to sensitive systems.
- Back up critical data frequently and store backups offline.
Denial-of-service (DoS) attacks, ransomware, malware delivery, and phishing are some of the more common threats you should prepare for. Take the proactive route by training staff, conducting regular audits, and implementing stronger cybersecurity protocols to mitigate risks.
