Hospitality Menace: The ALPHV Ransomware Gang
As we’ve previously covered, ransomware continues to be a major threat to hoteliers. Major names like MGM Grand have recently suffered costly attacks. Although the breaches themselves have been widely covered in the news, there has been little discussion of the criminals behind the acts.
One of the most prolific is the ALPHV gang, also known as Blackcat or Noverus.
Who are these criminals? What do they want? What are their techniques? What can you do to stop them?
This week’s feature of the VENZA Echo will answer these questions and more.
Let’s dive in.
About ALPHV
ALPHV is a ransomware-as-a-service (RaaS) provider. They develop and support the software that facilitates ransomware, then sell that to “affiliates” who conduct the actual attacks.
Due to its favorable business terms, ALPHV has proven to be a very popular and widely used service provider. Since 2021, it has reportedly targeted the computer networks of over 1,000 victims. Notable ALPHV-led breaches include those of Motel One and MGM. They have also been active in targeting other industries, especially healthcare.
The group is Russian-speaking but has not been publicly linked to official support from the Kremlin.
How Do They Work
Typically, ALPHV-style attacks begin with social engineering. Posing as members of the Help Desk or IT teams, ALPHV affiliates gain access to their targets’ networks by convincing their employees to provide them. Once within the network, ALPHV uses a range of tools to extract MFA and login credentials. It then exfiltrates data and threatens the target with public release unless a ransom is paid.
ALPHV attacks often increase the damage through a technique known as “triple extortion.” By (1) locking system data, (2) threatening its public disclosure, and (3) further threatening non-paying targets with focused distributed denial-of-service (DDoS) attacks, ALPHV creates immense pressure on its victims.
Staying Secure
VENZA recommends that you take the following steps to decrease your risk of ransomware from criminals like ALPHV:
1. Train Diligently
While ALPHV uses sophisticated software tools, the typical point of entry is as old as time—manipulation of unsuspecting frontline employees.
The best way to prevent this is simple: conduct regular, ongoing security awareness training for your staff, like that offered by VENZA.
By focusing on training, organisations can ensure that employees are familiar with the latest cyber threats, understand the best practices for cyber hygiene, and are willing to participate in a culture of open reporting that makes successful attacks far less likely.
Training should include formal courses delivered at least annually and ongoing learning interventions like phishing simulations, workshops, microlearning interventions, and more.
2. Use Robust Backup and Recovery Procedures
One way to insulate your organisation against the pressure of ransomware is to have regular offsite data backups which make it difficult for your information to be locked down.
Ensure regular backups of all critical data are made and stored securely, preferably offsite or in the cloud, where they cannot be accessed through your network. Regularly test these backups to ensure that they can be restored quickly and effectively in the event of a ransomware attack. This helps minimize downtime and the impact on business operations.
3. Design Secure Networks
Build your network systems with security in mind.
Use robust segmentation to limit access to critical data and systems. Dividing the network into different segments prevents the spread of ransomware if one segment is compromised.
Utilize comprehensive endpoint security solutions, including antivirus and anti-malware with real-time scanning capabilities. Regularly update these programs to detect and prevent threats based on the latest malware definitions.
Feeling overwhelmed? Don’t be. VENZA is here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success Team.
Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.
***
Take VENZA’s free Phishing Test to assess gaps in your human firewall today!
Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.
***
Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.