What do I do when I’m hit with Ransomware? (Level 2)

What do I do when I’m hit with Ransomware? You might have noticed that I used the term ‘when’ and not ‘if’.  Kaspersky’s research showed that in 2016, one in five businesses worldwide suffered and IT incident involving Ransomware.  There’s a 20% chance you were hit last year.  What are the odds for 2017? So, what do you do when you’re hit?  Don’t panic.  First step is to call in your Chief Security Officer/Director of IT/or your trusted Managed Services Provider (that’s Preferred Business Solutions, right?)  There are decryption tools for some of the Ransomware families.  Don’t pay the ransom. The Dutch National High Tech Crime Unit advises not to pay the ransom: You’ll become a bigger target, the criminals have zero motivation to release your data (unless…), your next ransom will be higher, and you’re encouraging the criminals.  Remember that Ransomware is a criminal offence, so report the incident. 2016-12-20 MDux

How do I mitigate the risk of Ransomware? (Level 1)

How do I mitigate the risk of Ransomware? The lifeblood of most businesses is data. Make sure you backup data regularly, and move the backup off the network.  Some Ransomware looks at your network and encrypts everything.  If you data is backed up on a network share or Networks Attached Storage (NAS), that data may be encrypted as well.  Off network backups or archives.   Spend some time thinking about your backup policy and how long you can afford to be down and without access.  Separate your critical business data and restrict access. Backup everything. Always.  If you’re unsure, consult with an expert.  Call me, ‘I know a guy’. 2016-12-19 MDux

How do I stop Ransomware? (Level 1)

How do I stop Ransomware? Preventing Ransomware is a complicated endeavour.  As mentioned before, the most common method of becoming a victim of ransomware is opening a file that is designed to look like something you want to open, or clicking on a link on a website, again designed to get you to click.  User education is going to be the best solution to prevent Ransomware.  Unfortunately, this is also the most difficult.   Ransomware Prevention Checklist: Use a quality Firewall (I know a guy) Make sure that Firewall is configured correctly by a security expert (I know a guy) Keep all software up-to-date Treat email attachments from people you don’t know as hostile Stick to websites that you need for business. Don’t follow the clickbait Share this with your coworkers The security world is a lot like a chess game, the bad guys find the holes, the good guys build the fixes. There is a software solution right now that is designed to prevent a Ransomware attack and halt the process.  It’s at a decent price point as well, especially if you look at the cost of either paying the ransom (don’t do it!) or attempting to recover from backups and the loss of revenue/time in that process. 2016-12-18 MDux

How do you get Ransomware? (Level 1)

How do you get Ransomware? Most malicious software utilizes one of the most insecure and insecure-able aspects of the computing environment. The User. Yes, you and your coworkers are the most vulnerable part of your network.  Social engineering, in the form of “Phishing” and it’s evil son “Spear-Phishing”.  I’ll save the deeper dive on those for another post, but just think of them as attacks designed to get you to click on a file or link that you shouldn’t.  An email with an attachment from someone you don’t know is by far the most common Ransomware method of attack.  HR departments will get an email with an attachment that is titled “resume.doc”, or Sales will receive an email with an attachment that is titled “PurchaseOrderRush.doc”.   2016-12-17 MDux

What is Ransomware? (Level 1)

What is Ransomware? Ransomware is not a new term, and it’s certainly become more well known in 2016.  You can bet that we’ll see a lot more ransomware headlines.  There are two basic forms of Ransomware, and what is most common is the cryptor.  This malicious program encrypts data on your device and demand money, usually in the form of Bitcoin, for its release. The more advanced cryptors will scan your network and attack other computers, servers, and drives..   The less common form of Ransomware is the locker. While cryptors actually modify the data on your computer with encryption, lockers simply prevent your access to your data, typically with a large screen coving ransom letter.  The more creative locker program claim that your data has been seized by a law enforcement agency or other state agency.   Ransomware most feared in 2015 were CTB-Locker, CyrptoWall, and TeslaCrypt. Most active and feared in 2016 were Locky, Cerber and CryptXXX.

More on this to come. 2016-12-16 MDux

Ransomware Data Points (Level 2)

Ransomware Data Points In the next five days I will walk through some basics of Ransomware. This post lists out some data points from Kaspersky (with a few exceptions).  This should scare you. If you're not at least alarmed, then you definately need to read the next few posts! Ransomeware Data Points: Statistics from Kaspersky Labs (Security software company) 2016 gave us: 758,044,650 attacks launched from online resources located all over the world 62 new ransomware families           (most malware will have an original, and several versions.  Those together are called a family as they are all related) 11 fold increase in modifications to various malware from Q1 to Q3. 1 in 5 SMBs that were infected AND paid the ransom, never got their data back. 1 in 5 businesses worldwide suffered and IT security incident as a result of a ransomware attack. 42% of SMBs were hit with ransomware from Oct 2105 to Oct 2016 32% paid the ransom 67% of those affected lost part or all of their corporate data.  1 in 4 spent several weeks to restore access 97% of malware is unique to a specific endpoint, rednering signature-based security virtually useless 98% of Microsoft Office- targeted threats use macros (Microsoft, 2016) 600%+ incrase in attachement-based vs URL deliverd malware attacks from mid 2015 to 2015 (Proofpoint, 2015) 6000% increase in ransomware from 2015 to 2016 (IBM, 2016) Who got hit, by sector? Education – 23%  (23% of the Education sector was hit by Ransomware) IT /Telcom – 22% Entertainment/Media – 21% Financial Services - 21% Construction - 19% Government/Public Sector/Defense – 18% Manufacturing – 18% Transport – 17% Healthcare – 16% Retail/Wholesale/Leisure – 16% 2016-12-15 MDux