Boost IT

IT Management, Cybersecurity, & Cloud

Cryptolocker

The Ransomware Nightmare and Its Real Cost

by

Every day people go on the internet and are at risk from cyberattacks. Some of these attacks use highly sophisticated technology that can create a ransomware nightmare. Ransomware attacks by locking you out of your system and demanding a ransom to unlock it.

The Ransomware Attack

In Atlanta, there was a healthcare provider doing business as usual. One day an employee from the company received an invoice in an email that looked like a standard invoice from a doctor in their network. When the invoice was opened, the computer and all data on the company server was compromised with a cryptolocker Trojan. On the screen was a message demanding thousands of dollars in payment via bitcoin to get the password to unlock the files.

This wasn’t your average medical invoice but a particularly nasty ransomware called cryptolocker that targets computers running Microsoft Windows. Cryptolocker usually gets delivered as an emailed invoice. The email should have seemed suspicious because of the unusual sender e-mail address, but once opened, it was too late. Files were encrypted and the entire system froze, bringing the entire company operation to a screeching halt. The message clearly explained that the company’s data was encrypted and would not be restored until the ransom was paid, and there is no way around it other than restoring your data from a ransomware-resistant BDR system.

Ransomware attacks can affect everyone using desktops, smartphones, and other devices, and in every industry from medical to engineering, retail to real estate, hosspitals to public schools, and to government agencies. For a small business, it will mean the entire business’ digital assets are inaccessible. With increased sophistication from cybercriminals, ransomware is targeting bigger businesses, too, and spreading into their networks.

The Ransomware Nightmare

According to the FBI, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015. In addition, sometimes demand for payment is in bitcoin. Do you know how to get bitcoin if you need it? If the company doesn’t have bitcoin payment options, they must scramble to get it. But the biggest problem is loss in productivity.

Based on Intermedia’s 2016 Crypto-Ransomware Report, most businesses experience an average of two days of downtime. Business downtime is a far bigger cost than the ransom itself. It’s the loss of productivity and lack of access to critical data, even emergency data, that can create the real ransomware nightmare.

It is devastating when your data is locked or encrypted. Ransomware locks up entire systems and your servers, stops critical processes from running and denies access to the records and other data needed for major decisions. The longer it takes to get back to normal, the higher the potential for problems. Projects are put on hold and clients become upset, and customers may avoid doing business with you in the future because your system has been compromised.

In some instances, such as with the Atlanta healthcare provider, that data involved critical patient information that was needed by doctors to properly make a diagnosis or approve prescriptions. It meant a patient went untreated. And it could have been far worse if a patient’s life was at stake. There was an increased immediacy to get the data back up and running.

The Solution

When ransomware strikes, a business has a hard decision to make. Stress levels are very high. Time is of the essence. Either the business spends multiple days recovering locked files from backups or pays the ransom, and if you pay, the hacker may have your credit card information. Without proper backup already in place, businesses often have no choice but to pay the ransom. In early 2016, operations at a Los Angeles hospital came to a near halt, leaving staff to use faxes and paper notes to communicate before a $17,000 ransom was paid.

Even with a good backup plan, recovery can be tricky and take time. And unlike previous Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because you can’t retrieve locked files without the attacker’s private key.

The solution is a defense against Ransomware that combines education and training, proper backup and disaster recovery, regular maintenance and software updates, and improved communication. Find information in our article “Learn to Protect Yourself and Your Clients from Malware” and read about “Cybersecurity Tips for Small Business”.

Boost IT can help you be prepared. To learn more, contact us at 404-865-1289.

Malware Detection, Protection & Removal

by

Part 2: Malware Detection, Protection & Removal with Antivirus & Security Software

With your users adopting this safer, preventative behavior, the chances of being attacked by malware are slimmer, but not impossible. To minimize the volume of threats that reach your clients’ network, strengthen your remote monitoring and management (RMM) solution with a solid firewall, anti-malware and antivirus software. Be sure to maintain regular management of both, checking that they’re active and up-to-date.

Anti-Virus (AV) Solutions

AV software is your end-to-end malware security defense. When activated, it monitors your clients’ networks for incoming threats. Common security suites often include spam filtering in email and a firewall, which blocks suspicious websites and applications from running. One common issue with threat intelligence, however, is that victims can be targeted without knowing when their system has been compromised. With AV solutions, you can configure a scan to run regularly and automatically to search files for known viruses and evidence of suspicious activity which could signify an infected system. While this latter function often reports false positives, it also helps detect new viruses or ones that may have been sneakily encrypted. Lastly, an AV solution takes care of malware removal. As explained by AntivirusWorld, once a corrupted file is flagged, the software “can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.”

What should you look for in a business-grade AV solution, such as Webroot? Your antivirus software should:

  • detect and protect clients from both major threats like CryptoLocker and minor vulnerabilities which could escalate later
  • not consume too much network bandwidth or PC disk capacity
  • not slow down processing speed
  • provide a hassle-free end user experience

Anti-Malware Solutions

Anti-malware is usually packaged into antivirus offerings, but solutions like Malwarebytes are strong compliments to AV software. Malwarebytes claims the following in their support forum:

Malwarebytes Anti-Malware is not meant to be a replacement for antivirus software. Malwarebytes Anti-Malware is a complementary but essential program which detects and removes zero-day malware and “Malware in the Wild”.

This includes malicious programs and files, such as virus droppers, worms, trojans, rootkits, dialers, spyware, and rogue applications that many antivirus programs do not detect or cannot fully remove. That being said, there are many infections that Malwarebytes Anti-Malware does not detect or remove which any antivirus software will, such as file infectors. 

Either way, look for a Managed IT company like Boost IT that integrates conflict-free with malware protection software providers such as these.

Want to get your network security and remediation automated and running smoothly?

Get your network security and remediation automated and running smoothly

Cybersecurity Tips for SMBs : Part III (Still Need Anti-Virus)

by

Cybersecurity Tips for SMBs (Anti-Virus Software)

Part III : Do I Still Need Anti-Virus Software?

This is the third post in a series of cyber security tips.  Here are the first 2.
Cybersecurity Tips for SMBs : Part I (Anti-Malware Software)
Cybersecurity Tips for SMB : Part II (Firewall Solutions)

There are a number of experts and amateurs that question whether you still need antivirus software any more?  In an article posted by PCMag, the expert that created anti-virus software said last year that it’s dead. Why not leave it out and let your anti-malware software like Malwarebytes do all the work? We believe that anti-virus software is still relevant. Here’s why…

 

viruszeroone

  1. AntiVirus software only detects 45% of virus infections, but that still means it’s an important part of a comprehensive security strategy.  Firewalls, anti-malware software, and security updates and patches should take care of the rest.
  2. Infections are more complex than they ever have been and will continue to grow in complexity.  Most infections use multiple layers of malware and viruses to infect your computer.  Each part of the infection serves a role in blocking your anti-virus software from protecting you and makes them harder to remove.
  3. Anti-Virus software is getting cheaper and faster.  Many security and IT companies include it for free with their professional version anti-malware software. Also, the right anti-virus software doesn’t slow your computers and servers down like it used to. The scanning engines are more efficient and updates are fast and incremental instead of having to download and load the entire virus signatures database again.

Security Strategy - Do I Still Need AntiVirus ?The CryptoLocker virus, which is in the ransomware category, did serious damage in the United States and here’s the summary of how it worked.  The end result was that you had to put in your credit card to pay the ransom to unlock your files.Do I still need Antivirus software?

What To Do

It’s easier than you think.

Get help from a experienced security professional and create a comprehensive security strategy and stick to it. Many businesses or IT departments put a security plan in place, get to the point that things are performing smoothly, and then make the mistake of deviating from the plan since “nothing is happening” or “some web sites are being blocked”. Security is not static. Adjustments need to be made.

Protections are happening behind the scenes and some web sites are blocked because that’s what the firewall is designed to do to protect you from yourself. Your security reports schedule should be in place and should be reviewed so you know you’re getting your money’s worth. Contact Us if you need help. Our managed anti-virus solution is part of our remote monitoring and management (RMM) component of our Managed IT platform and is very affordable, easy to implement on a small or large scale, and won’t interrupt people’s work.

There are 4 parts to a Great Security Strategy
  1. Anti-Malware Software
  2. Managed Firewall
  3. Anti-Virus Software
  4. Cybersecurity Tips for SMBs : Part IV (Security Patches & Updates)

Make sure you get a enterprise level anti-virus software, and have it managed (updated and auto-clean infections, and produce reports) by a professional if you don’t have the skills.  Viper Business Edition and McAfee Business Edition are two great anti-virus softwares we use, but we always use them in conjunction with a managed firewall, anti-malware software, and a patch management service, which is part of our Remote Monitoring and Management service.  RMM is the foundation of great Managed IT Support.

We will discuss the last part of a great security plan in the next couple weeks so stay tuned.

Cybersecurity Tips for SMBs : Part I (Anti-Malware)

by

Cybersecurity Tips Part I : Why is Anti-Malware Software so Important?

This is the first post in a 4-part series of cybersecurity tips. Links to other posts are below.

Malware and Its Impact

A Quick Anti-Malware Story

A client of ours brought a home computer into their office without our knowledge and connected it to their office network. The computer had been used by one of their children and had 67 different malware infected files, services, or registry items. This included rootkits. The computer was so infected that it was flooding the firewall and overloading it, which repeatedly and randomly shut down internet access for the whole office. The firewall logs gave us insight though, so we could track down the problem, but it was frustrating, time consuming and expensive for our client.

Moral of the story: Use Anti-Malware software, and keep your IT contact informed.

What is Malware?

Malware refers to a variety of forms of hostile or intrusive software. These include computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

Why do I need Anti-Malware software?

It’s important to protect EVERY computer from malware because it can:

  • Steal usernames & passwords, and then use them on other web sites
  • Send personal information to hackers without you knowing–it’s to their benefit to make sure you never notice anything has happened
  • Steal credit card information
  • Infect other computers on your network and on the internet
  • Encrypt all of the information on your computer – Read “How the cryptolocker virus forces you to pay to get your data back

What happens if I don’t use Anti-Malware software?

Hackers use malware to hijack your network or computer, using your computer to do a long list of things that can be found in our post, The Value of a Hacked PC. ClickOrlando published an interview with Malwarebytes CEO Marcin Kleczynski where he states, “The latest way hackers are gaining access to computers is by hiding malware on mainstream websites such as Yahoo and YouTube.”

How big is the problem?

Brian Krebs is a security blogger that just won a National Journalism Award and just posted a Who’s Attacking Who article showing a graphical view of where attacks originate from and what locations are targets. Most attacks are coming from China, Russia and Europe.

Click the image to view the ACTIVE cybersecurity map.

Active Cyber Threat Map
Norse’s Threat Map

If you are scanning for malware and malware is not turning up on your machine then someone, some software, and/or some security device is doing a good job of protecting you and it’s most likely a combination of all three.

What To Do

It’s easier than you think.

  • Install Anti-Malware software, keep it updated, and have it managed by a professional if you don’t have the skills. Malwarebytes.org is one of the best places to get a free version or paid version that will protect you well if updated and managed properly.
  • Get help from a experienced security professional if you’re in unfamiliar territory
  • Create a comprehensive security strategy and stick to it
  • Don’t deviate from the plan since “nothing is happening” or “some web sites are being blocked”
  • Keep in mind that security is not static. Adjustments need to be made.
  • Create and review automated security reports
  • Contact Us if you need help. Our managed anti-malware solution is part of our remote monitoring and management (RMM) component of our Managed IT platform and is very affordable, easy to implement on a small or large scale, won’t interrupt people’s work, and speeds up computers.
Other components of a great Cybersecurity Plan
  1. Anti-Malware Software
  2. Managed Firewall
  3. Ant-Virus Software
  4. Security Patches & Updates

We will discuss the other three aspects of a great cybersecurity plan over the next few weeks so stay tuned.

 

 

Top 3 Security Flaws with File Sharing Software

by

Top 3 Security Flaws with File Sharing Software

Can you imagine working in today’s business environment without the ability to easily share files across any platform at any time? The days of thumb drives and other physical data transportation means are almost gone. While the need for data sharing will always exist, as file syncing and sharing (FS&S) platforms continue to evolve, the way we share will need to change. You should know the top 3 security flaws with file sharing software before you start saving and sharing important data with colleagues, especially if you have compliance requirements.

While that introduction paints a rather rosy picture for the world of file sharing tools, like Dropbox, there are inherent issues with this way of sharing files with one another. In fact, this past Monday, news broke that nearly 7 million usernames and passwords connected to Dropbox were compromised. Although Dropbox denies it was hacked, the incident demonstrates the difficulty of striking the right balance of security, collaboration and ease of use in a solution. It’s important that businesses are informed of the common issues with today’s FS&S (file syncing and sharing) platforms so that they’re not putting data at risk and ultimately damaging a business’ bottom line and/or reputation.

Here are a few of the potential trouble spots for FS&S platforms that you should be aware of:

1. Cyber Security

Nothing online is ever 100% secure. We’ve seen this many times over with Target credit card breach, Heartbleed Open SSL vulnerability, Cryptolocker ransomware, as well as others just reported in the last year. However, there are proactive measures that can be taken to help minimize these risks.

That said, the very open nature of services like Dropbox carry security risks that should make most businesses a bit leery of using these services for company files, especially those companies who must be HIPAA compliant. Passwords in personal Dropbox accounts are not monitored like those on a corporate network and can be more susceptible to hackers.

It’s a serious risk that needs to be fully vetted. Under the harsh light of cyber reality, services like Dropbox may not make the grade.

2. Increased Endpoints

In the new age of BYOD (bring your own device), the number of access points to company data has increased exponentially. Employees can now access company files from their personal devices, which has many benefits and helps increase employee productivity.

The problem is that not all companies have proper tracking and management over these devices. What if an iPhone is lost or stolen? Who now has access to those confidential files? A good mobile device management software/platform can dramatically reduce risks.

With many FS&S platforms, all it takes is a link to view a shared folder. If an authorized person sees that link in an email, they have full access to that data.

In addition, an employee landing on a malicious site on their smartphone could again expose any passwords to the FS&S platform. And on top of that, it’s much easier to shoulder surf and steal a password just by watching on mobile devices because there is a preview of the hidden characters when typing on a touch keyboard.

There are a number of concerns that should be considered when accessing confidential data on mobile devices. Make sure you’ve considered these risks before setting up shared access on mobile devices, and at a minimum, make sure you consider a MDM (mobile device management) solution in case devices are lost or stolen.

3. User error

Is there any scenario in any IT environment where user error is not a risk? Once users are off the range (in this case your office network) the chances increase practically exponentially. Imagine the scenario of a corporate user sharing a link with the wrong contact. It’s very easy to have two contacts named “Mike” in your address book and select the wrong one when sending an email.

Many people in business have friendships with individuals at direct competitors. Something could innocently be shared with another who works for a competitor and suddenly that friendship is less important than the competitive advantage that has been gained.

Make sure that whatever system you’re using to collaborate has security measures in place that can lock down data so no unwanted eyes gain access.

Conclusion

When it comes to choosing a file syncing and file sharing software, get educated. It’s important to be aware of all the benefits and risks of the platforms you’re assessing. Striking the right balance of security and collaboration can be difficult, and many times, businesses aren’t aware of the major security flaws in the platform that they end up choosing.

Be sure you’re doing your due diligence in selecting a collaboration platform and that you know what to look for. If you get to know the top 3 security flaws with file sharing software before you start saving and sharing important data with colleagues, you will be much more aware of risks to your business data.