Medservicegroup is a Ukrainian company that supplies and installs medical equipment. Like all companies, it is fundamentally dependent on an IT infrastructure to manage back office and front office processes and support remote working. And also like many other companies it recently fell victim to a cunning phishing attack which carried a deadly payload; Dharma ransomware.

This malware was first detected in 2016 and following several code iterations is still around and thriving in the criminal underground. Dharma has proven so successful in extracting ransoms that cybercriminals are reportedly offering its source code ‘as-a-service’ for $2,000 so other criminals can ‘hire’ it to create their own attack campaigns.

The Dharma attack on Medservicegroup came via a phishing email. An employee clicked on a link in the email and the ransomware downloaded into the company’s financial and accounting systems. It was clearly a blow but what also surprised Medservicegroup was that its existing antivirus protection was powerless to identify or to block Dharma.

As it embarked on its ‘clean-up’ operation Medservicegroup also searched around for a much more robust malware protection platform, ultimately choosing BullGuard Small Office Security over competitive products thanks to several unique and compelling reasons:

  • Award-winning, multi-layered antivirus defences provide advanced detection and protection.
  • Sophisticated machine learning algorithms that deliver lightning-fast threat detection against new, emerging and advanced threats such as new ransomware and iterations of known threats
  • Easy to set up, simply send a download link to each employee, deployment takes minutes
  • Protects PC, Mac, and Android devices
  • All devices are managed and administered from a centralised cloud portal
  • Real-time notifications
  • Detailed reporting for devices, tasks, and threats
  • Easy to use on mobile devices
  • Doesn’t require significant technical expertise to deploy, run and manage

The move to BullGuard has provided peace of mind for Medservicegroup and the surety that it is unlikely to fall victim to ransomware again, even if an employee mistakenly clicks on a malicious link in an email or on a website.

As Medservicegroup knows only too well ransomware is a deadly threat and one that is also globally prolific.

  • It’s difficult to estimate the true cost of ransomware infections but it’s generally agreed that billions of dollars are siphoned every year.
  • One report puts the figure at $7.5 billion in the US alone during 2019.

And it’s not large enterprises alone who are targeted.

  • The Datto Global State of the Channel Ransomware Report discovered in 2019 that one in five ransomware attack victims worldwide were small and midsize businesses.

You might reasonably think that antivirus would successfully deal with ransomware infections. But as Medservicegroup testifies to not all antivirus protection is created equal.

The Dharma ransomware clearly slipped through the net and only days ago a new ransomware strain was detected that targets business networks, large and small. Dubbed Tycoon this ransomware strain is unusual in that it makes extensive use of the Java coding language to infiltrate, exploit, and lock down networks.

However, different ransomware strains find common ground in their use of AES encryption, as Medservicegroup discovered.

  • AES encryption has never yet been cracked and using current computing technology is unlikely to be ever broken. This is why some organisations have ended up paying half a million dollars and upwards to recover their data following a ransomware attack.

Clearly, the best defence is to ensure you’re never infected with ransomware in the first place.

To help small businesses ensure it doesn’t happen to them, especially during these distracting days of pandemic, we’re offering a 90-day free subscription to BullGuard Small Office Security for any small business.

It’s a strictly no strings attached offer; you don’t even need to provide payment card details.

Read full blog here…