AXEL.org

Andriy Yatsunov

Another Day, Another Cyberattack: Kaseya Software and the Future of Ransomware

Once again, a major ransomware attack has affected businesses and consumers across the globe. Kaseya, a software company that provides IT infrastructure for managed service providers, was the victim of this latest cyberattack. Over the 2021 Independence Day weekend, REvil, a Russian-based hacker gang sent out a malicious software update to Kaseya’s clients, resulting in up to 1,500 small businesses being compromised[1]. Now, the group is asking for USD 50 million to undo the damage, the largest ransomware demand in history[2].

While the effects on some compromised businesses were minor, others were hit hard. For example, hundreds of grocery stores in Sweden were forced to close after their cash registers became inoperable following the attack, with railways and pharmacies in the country also being affected[3]. Additionally, some New Zealand schools were taken offline because of the attack[4]. This worldwide attack shows how crippling ransomware attacks can be, and highlights the importance of businesses protecting and securing their data.

The History of REvil

REvil, short for Ransomware Evil, is a Russian-based group of cybercriminals that attacks businesses by encrypting their data and rendering it unusable until a ransom is paid to them. Founded in 2019, REvil quickly gained prominence and, recently, has increased the scale of its attacks. While the average ransom demand from REvil was just USD 728,000[5], recent attacks have shown the group’s willingness to aim for more. For example, REvil attacked JBS, a meat processing company, in May. While food shortages were avoided, the company still paid REvil USD 11 million to prevent further supply chain interruptions[6]. Even worse, REvil uses its ransom money to hire new hackers and research new ransomware technology, becoming a thriving business of cybercrime[5]. In just two years, REvil has become a powerful group, launching successful ransomware attacks across the globe.

A Troubling Trend

Unfortunately, the Kaseya attack is just one example of a larger problem faced by businesses around the globe. Hacker groups seek to attack and exploit any business they can by threatening to destroy or leak data unless a massive payment is made. Much worse than simple computer viruses, ransomware attacks can grind business to a halt within hours.

Cyberattacks involving ransomware have increased further in 2021, with recent attacks affecting people and businesses around the globe. In May, an attack on the Colonial Pipeline affected millions of Americans, causing fuel shortages in the Southeast. Even though Colonial Pipeline paid the ransom within hours of the attack, the effect was still felt by millions. 

The Colonial Pipeline attack was just one of the thousands of expected ransomware attacks in 2021[7], and, unfortunately, they show no sign of slowing down. As long as hackers continue to find vulnerabilities in business security, ransomware attacks will continue. With more and more work being done online, data becomes more and more vulnerable. Ransomware attackers can strike at any time, destroying a business’s ability to function. And even if a business pays the ransom, it can take a long period of time to get back to normal. 

So while ransomware prevention can be a headache, it helps make sure you are as protected as possible from attackers. After all, there is nothing hackers love more than a business with lax cybersecurity.

Tips to Prevent Ransomware Attacks

Create and Frequently Update Offline Backups of Data: While this is a time-consuming process, this is the best way to ensure your business can still function if a ransomware attack occurs. Backing up your data offline ensures that if you are affected by ransomware, your important data will be safe from hackers. Simply delete your affected systems and reupload your offline data onto a new system.

Consider Using White Hat Hackers: While hackers have a negative connotation, white hat hackers can help businesses tremendously. They ethically check and test your cybersecurity measures and inform you of any potential vulnerabilities. Once you know the issues, you can fix them and protect your business from the hackers who wish to hurt rather than help.

Update your Antivirus Software: This is the simplest, easiest way to make sure you and your business are protected from ransomware attacks. Each update of antivirus software helps patch vulnerabilities that are present. Staying up-to-date helps ensure you are as protected as possible from unethical hackers who check for holes in security. If your business is on an older version of antivirus software, hackers can find a way past the protection and hold your business hostage. Patching these holes through software updates keeps you safe from old security bugs that attackers often exploit.

The Future of Ransomware

As technology evolves further, unfortunately, so do the practices of unethical hackers. Every day, businesses and individuals put data at risk of cyberattacks. While businesses and antivirus softwares try to ensure every security vulnerability is patched, hackers may still find a way to attack. However, following the tips mentioned before and safeguarding your data can make you less likely to become a victim of a ransomware attack.

Unfortunately, if attackers obtain data and threaten to sell or leak it unless a ransom is paid, a business has few options other than paying the ransom or losing the data. Once attackers have access to the data, there is not much a business can do. This is why the best defense against ransomware is prevention. Taking the time to secure your data, update your software, and find vulnerabilities will increase your protection from cybercriminals who wish to wreak havoc on a business.

Securing Your Data

At AXEL, we believe data privacy is a right. Unlike other tech companies, we will never sell your data to third parties, helping ensure your data is only yours. Our file-sharing application, AXEL Go, uses blockchain technology and AES 256-bit encryption to provide the most secure cloud-sharing system in the industry. Whether for business or personal use, AXEL Go helps protect your most important files. 

Sign up today to receive a free 14-day trial of our Premium service with all of AXEL Go’s features unlocked. After the trial period, you can choose to continue your Premium account for just $9.99/month or use our Basic service free of charge. Together, we can help protect data from malicious attackers.

[1] “Up to 1,500 Businesses Compromised by Latest Ransomware Attack, Kaseya CEO Says.” CBS News. July 06, 2021. http://www.cbsnews.com/news/ransomware-attack-kaseya-1500-businesses/.

[2] “In Private Conversation, Hackers behind Massive Ransomware Outbreak Lower Demand to $50 Million.” CNBC. July 05, 2021. http://www.cnbc.com/2021/07/05/revil-hackers-behind-massive-ransomware-outbreak-drop-demand-to-50m.html.

[3] Browning, Kellen. “Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack.” The New York Times. July 03, 2021. https://www.nytimes.com/2021/07/02/technology/cyberattack-businesses-ransom.html.

[4] Satter, Raphael. “Up to 1,500 Businesses Affected by Ransomware Attack, U.S. Firm’s CEO Says.” Reuters. July 05, 2021. http://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/

[5] Javers, Eamon. “Axis of REvil: What We Know about the Hacker Collective Taunting Apple.” CNBC. April 23, 2021. https://www.cnbc.com/2021/04/23/axis-of-revil-inside-the-hacker-collective-taunting-apple.html.

[6] Bunge, Jacob. “JBS Paid $11 Million to Resolve Ransomware Attack.” The Wall Street Journal. June 10, 2021. https://www.wsj.com/articles/jbs-paid-11-million-to-resolve-ransomware-attack-11623280781.

[7] Hum, Thomas. “Over 65,000 Ransomware Attacks Expected in 2021: Former Cisco CEO.” Yahoo! Finance. June 14, 2021. https://finance.yahoo.com/news/over-65000-ransomware-attacks-expected-in-2021-former-cisco-ceo-125100793.html.

Digital Assistants are Invading your Privacy

Digital assistants have been a part of daily life for millions of people since Apple acquired Siri in 2011 and integrated it into the iPhone 4s. Now, all the big players are in the game. Google, Amazon, and Facebook are competing to be the consumer’s choice for in-home digital help. While the commercials make them look convenient and nearly indispensable for modern life, the truth is users are inviting Big Tech surveillance into their most private moments. In this blog, we’ll make the argument that you should think twice before using one of these services.

Privacy nightmares

The digital assistant marketplace is pretty crowded. Although many smaller companies and startups are coming up with solutions in the space, Apple’s Siri, the Amazon Echo, Google Home, and Facebook Portal dominate the sector. All of Big Tech wants to have an always-on, AI-enabled voice recorder in your home. The question consumer should be asking themselves is ‘Why?’

Well, first off, it’s a growing industry. The market size is over $3 billion this year, and analysts believe it could grow to be an over $40 billion industry by 2027[1]. Obviously, this type of explosive growth is going to attract Big Tech investment.

But what other incentives are there? Well, we know that all of the major tech corporations have had issues with privacy violations in the past. Even Apple, which makes its money from hardware sales and has less reason to harvest mass amounts of user data, has had public privacy issues. To their credit, they at least seem to listen to privacy advocates and either change their policies or at least make them transparent. Unfortunately, you cannot say the same for the others in the space.

Amazon wants to sell more retail items and therefore wants as clear of a profile as possible on its users. That way, it can advertise to them more efficiently. Google and Facebook are even worse. Their entire business models revolve around offering free services to consumers. Nearly all of their revenue comes from personalized advertising. Thus, they have the biggest incentive to collect and analyze everything their customers do while using their products (and many times even after they’re finished using them!)

The pitch

So knowing that these companies don’t take privacy seriously, why do they keep attracting new users? They make a compelling pitch about modern convenience. We live in a society where time is at a premium, and any new gadget that can save a few precious moments is the next best thing. Digital assistants use voice commands, so users don’t have to type out questions or commands. Instead of tapping through a few screens on your phone, you can simply say ‘Call Grandma, ’ and before you know it, you’re chatting with granny about all the birds she’s seen in the yard that week.

This kind of functionality is powerful. You can make and begin music playlists for the big dinner party, schedule appointments on your calendar, or even integrate digital assistants into your smart home. Then, adjusting the thermostat or checking on the oven timer is easier than ever before. But just stop and think for a moment. How much time are you actually saving? Tapping a few buttons is already much more convenient than any previous generation. Suppose your swing-dancing, bird aficionado grandma wanted to make a playlist for a party. In that case, she’d need to have the records she wanted to play at the ready and manually change them out continuously. Sitting at a computer and pulling out your phone, and tinkering for five minutes is already so much easier. In our opinion, the marginal utility you gain from digital assistants is not enough to overcome the privacy issues.

The issue

The main problem with these devices is that they never stop listening as long as they receive power. They may not be recording until they hear the ‘activation word’ (typically some version of ‘Hey!’), but they always listen for that phrase. So, that in of itself is more than a little creepy. But, it opens you up to opportunistic hackers. If a malicious agent wanted to, they could exploit a vulnerability in the device’s software and then have full access to your personal conversations. In the case of the Facebook Portal, which comes equipped standard with a high-definition camera, a bad actor could gain access to video of your home. The truth is, this technology isn’t foolproof either. The devices can mishear the activation word and begin recording conversations you’d prefer to remain private.

Even if a hacker doesn’t actively target you for surveillance, the open secret about digital assistants is that a representative from the manufacturer’s company could be listening to you. They all are known to employ people to do randomized quality assurance checks. In fact, some have heard about the users’ illicit activities! In some jurisdictions, recordings from digital assistants can be used against you in a court of law[2]. Talk about an unwelcome snitch.

Overall, we believe that if you have any concerns about your privacy at all, don’t use a digital assistant. Do things the old-fashioned way (from 2010) and use your fingers. It may mean an extra 15 seconds multiple times throughout the day, but you get the peace of mind of knowing that your private moments aren’t compromised.

Privacy first

AXEL believes that privacy is a right and that tech companies shouldn’t infringe on it. This philosophy drives the development process of all of our software solutions, like AXEL Go. AXEL Go is a secure, private file storage and sharing platform. It gives you the power to choose precisely how private you want your files to be and never collects your personal information or mines your content. Try it now for free and receive a 14-day trial of our Premium service. All of the fantastic features are unlocked and you can see for yourself that tech products and privacy don’t have to be mutually exclusive. Take back control of your data with AXEL Go.

[1] Sneha Korad, Rachita Rake, Vineet Kumar, “Global Intelligent Virtual Assistant Market”, AlliedMarketResearch.com, 2020, www.alliedmarketresearch.com/intelligent-virtual-assistant-market

[2] Erica Vowles, Jeremy Story Carter, “Your Google Home or Fitbit could be used against you in court”, ABC.net.au, March 8, 2018, https://www.abc.net.au/news/2018-03-09/your-google-home-or-fit-bit-could-be-used-against-you-in-court/9510368