Have you ever noticed how hackers never stay silent? Just when you think you know what they are doing, they find another way to attack. Which brings us to Storm-0501. A hacker group that is now operating with ransomware, and using the cloud to do it. Crazy, right?
The issue with this, is that almost every business today is already using it to store files, applications, and data. So, if hackers are going to lock your cloud data up with ransomware, it is almost like locking up the entire business.
• Fake emails (phishing) dupe people out of their cloud login,
• Poorly configured accounts, do not require additional security, like two-factor login.
• Stolen authentication tokens can let hackers in without a password.
Once inside, they quickly spread ransomware and lock files. Then the ransom message shows up: "Pay us, or say goodbye to your data."
In many instances, it leaves them with only two options: pay the hackers or lose everything.
• Enable two factor login, aka MFA, for all accounts regardless of the type or association with a business.
• Update software so hackers cannot exploit previously known bugs.
• Keep backups that are not cloud-based, which means they are excluded from the ransomware.
And for everyday people, like us? Stay vigilant with emails, check your alerts from logins and do not ignore your security updates.
So, who exactly is Storm-0501?
Storm-0501 is not a small-time gang. Storm-0501 has done some big-time stuff such as, phishing emails, password stealing, and spreading malware. To add to this list, these guys are increasing in levels of sophistication. Instead of just attacking your regular personal computer, they have moved to ransomware attacks using someone else's computer, the cloud.The issue with this, is that almost every business today is already using it to store files, applications, and data. So, if hackers are going to lock your cloud data up with ransomware, it is almost like locking up the entire business.
How can they do this?
The hackers are clever hackers. They don't just knock down a door—they stealthily walk in through a weakness. Here are some ways:• Fake emails (phishing) dupe people out of their cloud login,
• Poorly configured accounts, do not require additional security, like two-factor login.
• Stolen authentication tokens can let hackers in without a password.
Once inside, they quickly spread ransomware and lock files. Then the ransom message shows up: "Pay us, or say goodbye to your data."
How does that make it worse than before?
Because cloud services are continually running, I think that if they stop, the whole business indeed stops. Also, many backups are stored in that same cloud. So, if there is a ransomware hit, that backup can also get locked. So, businesses do not have an option to get out.In many instances, it leaves them with only two options: pay the hackers or lose everything.
What can you do?
Don't be alarmed: there are things you can do to keep safe. Businesses and individuals can:• Enable two factor login, aka MFA, for all accounts regardless of the type or association with a business.
• Update software so hackers cannot exploit previously known bugs.
• Keep backups that are not cloud-based, which means they are excluded from the ransomware.
And for everyday people, like us? Stay vigilant with emails, check your alerts from logins and do not ignore your security updates.
