RYUK Ransomware attacks 3 Alabama Hospitals

RYUK Ransomware attacks 3 Alabama Hospitals

Alabama Hospital System crippled by RYUK Ransomware

Three Alabama hospitals are turning away “all but the most-critical new patients,” in response to a ransomware attack according to BBC.

DCH Regional Medical Center, Fayette Medical Center and Northport Medical Center were all affected by the attack. The hospitals are all a part of the DCH Health System, which became infected with RYUK ransomware on Oct. 1st.

It is unclear as of today, the scope of the hospital’s affected systems. The hospital did say that as of October 5th, they had “obtained a decryption key from the attacker” and were beginning to test and restore a limited number of systems. This likely means the hospital system agreed to pay the ransom. The ransom amount was not stated.

“We will continue to divert any new admissions, other than those that are critical, to other facilities,” said DCH.

According to the statement, ambulances are being redirected away from the affected hospitals. Doctors are “using paper copies in place of digital records”.  

This comes on the heels of at least 621 reported ransomware attacks on government agencies, healthcare, and schools in the last nine months. 

A ransomware attack is considered a security incident under HIPAA

What Is Ryuk?

Ryuk is a ransomware strain discovered in August of 2018. After initial infection, Ryuk can go days or months without being detected. It then enables a threat actor to attack an organization’s critical systems.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

5 Ways Managed IT Services Can Make Your Life Easier

5 Ways Managed IT Services Can Make Your Life Easier

Managed IT service providers are unsung heroes for many businesses. A good MSP provides real-time support to staff but also ensure that systems are up to date and optimal. Your data is important and needs a back-up strategy. MSPs ensure your organization is safe from...

read more
Top 10 Reasons to Choose Managed IT Services

Top 10 Reasons to Choose Managed IT Services

As technology has increasingly become a must-have, organizations are rapidly moving to managed IT services. The benefits of outsourced IT are becoming a more viable option for businesses around the nation. Every business must choose their approach to manage their...

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293

 

ITonDemand Named to 2019 MSSP Alert Top 200 Managed Security Services Providers List

ITonDemand Named to 2019 MSSP Alert Top 200 Managed Security Services Providers List

Third Annual List Honors Leading MSSPs, MDR Service Providers & Cybersecurity Companies

September 20th, Ocala, Florida: MSSP Alert, published by After Nines Inc., has named eResources ITonDemand to the Top 200 MSSPs list for 2019. The list and research identify and honor the top 200 managed security services providers (MSSPs) that specialize in comprehensive, outsourced cybersecurity services.

Previous editions of the annual list honored 100 MSSPs. This year’s edition, at twice the size, reflects MSSP Alert’s rapidly growing readership and the world’s growing consumption of managed security services. MSSP Alert’s readership has grown every month, year over year, since launching in May 2017.

The Top 200 MSSP rankings are based on MSSP Alert’s 2019 readership survey combined with aggregated third-party research. MSSPs featured throughout the list and research proactively monitor, manage and mitigate cyber threats for businesses, government agencies, educational institutions and nonprofit organizations of all sizes.

“Information security and compliances’ have become a pain point for business, and we are proud to offer a solution of this caliber that is now internationally recognized,” said Jeremy Hodges, Director of Sales for ITonDemand.

“It’s an honor to receive this recognition because it speaks to the quality of the security platform we’ve built for our customers,” said ITonDemand Chief Executive Officer, Dusty Gulleson.

“After Nines Inc. and MSSP Alert congratulate eResources ITonDemand on this year’s honor,” said Amy Katz, CEO of After Nines Inc. “Amid the ongoing cybersecurity talent shortage, thousands of MSPs and IT consulting firms are striving to move into the managed security market. The Top 200 list honors the MSSP market’s true pioneers.”

MSSP Alert: Top 200 MSSPs 2019 – Research Highlights

The MSSP Alert readership survey revealed several major trends in the managed security services provider market. Chief among them:

  • The Top 5 business drivers for managed security services are talent shortages; regulatory compliance needs; the availability of cloud services; ransomware attacks; and SMB customers demanding security guidance from partners.
  • 69% of MSSPs now run full-blown security operations centers (SOCs) in-house, with 19% leveraging hybrid models, 8% completely outsourcing SOC services and 4% still formulating strategies.
  • The Top 10 cybersecurity vendors assisting MSSPs, in order of reader preference, are Fortinet, AT&T Cybersecurity, Cisco Systems, BlackBerry Cylance, Palo Alto Networks, Microsoft, SonicWall, Carbon Black, Tenable and Webroot (a Carbonite company).
  • Although the overall MSSP market enjoys double-digit percentage growth rates, many of the Top 200 MSSPs have single-digit growth rates because they are busy investing in next-generation services – including managed detection and response (MDR), SOC as a Service, and automated penetration testing.

The Top 200 MSSPs list and research are overseen by Content Czar Joe Panettieri (@JoePanettieri). Find the online list and associated report here: http://www.msspalert.com/top200.

eResources ITonDemand has significantly expanded its cybersecurity offering in the last year to include Security+ and Compliance+. These services tackle expanding compliances and information security needs in the expanding digital world.

About eResources ITonDemand

eResources ITonDemand is an industry-leading managed information and cybersecurity service provider to SMBs, Nonprofits, and Associations. For more information, visit www.itondemand.com.

About After Nines Inc.

After Nines Inc. provides timeless IT guidance for strategic partners and IT security professionals across ChannelE2E and MSSP Alert. ChannelE2E tracks every stage of the IT service provider journey — from entrepreneur to exit. MSSP Alert is the global voice for Managed Security Services Providers (MSSPs).  

  • For sponsorship information contact After Nines Inc. CEO Amy Katz, Amy@AfterNines.com
  • For content and editorial questions contact After Nines Inc. Content Czar Joe Panettieri, Joe@AfterNines.com

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

5 Ways Managed IT Services Can Make Your Life Easier

5 Ways Managed IT Services Can Make Your Life Easier

Managed IT service providers are unsung heroes for many businesses. A good MSP provides real-time support to staff but also ensure that systems are up to date and optimal. Your data is important and needs a back-up strategy. MSPs ensure your organization is safe from...

read more
Top 10 Reasons to Choose Managed IT Services

Top 10 Reasons to Choose Managed IT Services

As technology has increasingly become a must-have, organizations are rapidly moving to managed IT services. The benefits of outsourced IT are becoming a more viable option for businesses around the nation. Every business must choose their approach to manage their...

read more

Ransomware attacks Dentists Offices

Ransomware attacks Dentists Offices

Ransomware attacks Dentists Offices

An online data backup service called DDS Safe that archives medical records, charts, insurance documents, and other personal information for dentist offices were attacked with an extremely advanced and fairly recent strain known variously as REvil and Sodinokibi

DDS Safe is offered by Digital Dental Record who uses a cloud management provider called PerCSoft. PerCSoft was hit with the ransomware strain on Monday, Aug. 26th and encrypted the patient information for 400 dental offices. 

At this time, roughly 80-100 of the offices have had their information restored after PerCSoft paid an undisclosed amount for the decryption key. 

Threats against Healthcare

While government agencies seem to be facing the brunt of ransomware attacks, healthcare is facing roughly 30% of all attacks. According to the HHS, “The presence of ransomware (or any malware) is a security incident under HIPAA that may also result in an impermissible disclosure of PHI in violation of the Privacy Rule, and a breach, depending on the facts and circumstances of the attack.”

Layering both Security+ and Compliance+ by ITonDemand helps to mitigate the risk of a ransomware attack. 

How can I protect my practice/business against ransomware?

  • Data Backups are a Necessity: It’s important to maintain both cloud and offline backups of PHI or sensitive information. In the event one becomes inaccessible, the other can be restored with minimal downtime. 
  • Systems Inventory: Have an IT systems audit performed where and systems that are outdated or no longer secure can be isolated.
  • Continous Security Education: Perform security awareness training regularly and keep security awareness programs up to date.
  • Patch Cycle Program: Use a patch management program where patching is performed at least every 30 days including third-party applications.
  • Perform application whitelisting: Application whitelisting ensures systems run authorized applications.
  • Endpoint detection and response (EDR): Baseline systems and keep an eye out for any new or rogue processes.
  • Secure email gateway: Deploy a secure email gateway solution that removes malicious emails from users’ mailboxes.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

5 Ways Managed IT Services Can Make Your Life Easier

5 Ways Managed IT Services Can Make Your Life Easier

Managed IT service providers are unsung heroes for many businesses. A good MSP provides real-time support to staff but also ensure that systems are up to date and optimal. Your data is important and needs a back-up strategy. MSPs ensure your organization is safe from...

read more
Top 10 Reasons to Choose Managed IT Services

Top 10 Reasons to Choose Managed IT Services

As technology has increasingly become a must-have, organizations are rapidly moving to managed IT services. The benefits of outsourced IT are becoming a more viable option for businesses around the nation. Every business must choose their approach to manage their...

read more

Someone clicks a link, 23 Texas Cities attacked with Ransomware

Someone clicks a link, 23 Texas Cities attacked with Ransomware

Ransomware hits 23 local Texas governments.

On August 16, the state of Texas reported that 23 local governments had been hit with a ransomware attack. The Texas Department of Information Resources stated in their report that the attacks were performed by a single threat actor. 

The affected government systems remain offline three days later. 

These attacks are growing more common.

Hackers have been increasingly targeting state and local governments with ransomware and having great success doing so. A trio of Florida cities were affected by ransomware in June. Those attacks cost upwards of $1.1 million. The city of Baltimore refused to pay a May ransomware attack and the estimate to rebuild the city’s systems is upwards of $18 million.

As of July 2019, ransomware attacks have hit at least 170 county, city, or state government systems in the United States since 2013. Moreover, 22 of those attacks occurred in the first half of 2019, according to The U.S. Conference of Mayors.

“Threat Education is a more critical component of cybersecurity than most are willing to recognize,” said Steve Condit, Director of Partner Development at ITonDemand. “Every staff member is a potential vulnerability. Proper cybersecurity training is a necessity for all organizations in 2019.”

What are some security best practices? 

  • It is everyone’s responsibility to remain cyber aware and practice information safety.
  • Do not open suspicious or unexpected links or attachments in emails.
  • Hover over hyperlinks in emails to verify they are going to the anticipated site.
  • Be aware of malicious actors attempting to impersonate legitimate staff, and check the email sender name against the sender’s email address.
  • Use unique strong passwords or pass-phrases for all accounts.
  • Do not provide personal or organizational information unless you are certain of the requestor’s authority, identity, and legitimacy.
  • Alert ITonDemand HelpDesk if you have any concerns about the legitimacy of any email, attachment, or link.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

5 Ways Managed IT Services Can Make Your Life Easier

5 Ways Managed IT Services Can Make Your Life Easier

Managed IT service providers are unsung heroes for many businesses. A good MSP provides real-time support to staff but also ensure that systems are up to date and optimal. Your data is important and needs a back-up strategy. MSPs ensure your organization is safe from...

read more
Top 10 Reasons to Choose Managed IT Services

Top 10 Reasons to Choose Managed IT Services

As technology has increasingly become a must-have, organizations are rapidly moving to managed IT services. The benefits of outsourced IT are becoming a more viable option for businesses around the nation. Every business must choose their approach to manage their...

read more

LookBack Malware Targets Utilities Companies

LookBack Malware Targets Utilities Companies

LookBack looks to shutdown US Utilities

The U.S. utilities sector is starting to see higher levels of spearphishing attacks using “LookBack” malware. 

According to a security researcher, spear phishing email campaigns have been identified containing the malware initially targeting three major US utilities companies. The fraudulent emails impersonate a U.S.-based engineering licensing board, with emails originating from a threat actor-controlled domain.

The emails contain Microsoft Word attachments that use macros to install and run the LookBack malware. The malware specifically contains a remote access Trojan (RAT) module and a proxy mechanism used for command and control (C&C) communication. As soon as the attachment was opened, LookBack was initiated.

What to watch for:

Any email that contains attachments should receive hyper-vigilance and speculation. If you employ advanced email security, emails are scanned for malicious content and attachments but you shouldn’t leave that to chance. 

July’s LookBack attacks on U.S. utilities have not been associated with a known actor, and no infrastructure or code overlaps were identified.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Other Articles You Might Be Interested In:

5 Ways Managed IT Services Can Make Your Life Easier

5 Ways Managed IT Services Can Make Your Life Easier

Managed IT service providers are unsung heroes for many businesses. A good MSP provides real-time support to staff but also ensure that systems are up to date and optimal. Your data is important and needs a back-up strategy. MSPs ensure your organization is safe from...

read more
Top 10 Reasons to Choose Managed IT Services

Top 10 Reasons to Choose Managed IT Services

As technology has increasingly become a must-have, organizations are rapidly moving to managed IT services. The benefits of outsourced IT are becoming a more viable option for businesses around the nation. Every business must choose their approach to manage their...

read more