How to Protect Your Business from Ransomware Attacks
During the holiday season many employees were likely “multi-tasking” – i.e. doing a little bit of online shopping when at work. Which in the scheme of things is no big deal.
Unless you inadvertently click on a link which brings your company to a grinding halt.
Last year at this time, we got a call from a DC-based association who walked in one morning to find their online systems inaccessible.
One of their employees had clicked on an attractive-looking ad while on a familiar shopping website.
The employee was completely unaware that the ad had infected their PC with ransomware, a type of malicious software designed to block access to company data until a ransom is paid.
The employee never noticed the ransom message, and at the end of the day shut down their PC and went home.
It wasn't until the next morning when employees started drifting into work, that they realized that no one could access their Association Management System (AMS.) Multiple employees started to report seeing ransom warnings, that would have looked similar to the one below.
And it wasn’t too long after that when the calls from the association's members came pouring in. Was the website down? What was going on?
They couldn’t access their data. Unfortunately, by the time they called SynerTech they had already paid the ransom to the cybercriminals who – surprise! – did not release their data, even after they had followed instructions for a Bitcoin payment.
The High Cost of IT Downtime
It took almost a week to retrieve the data, a very expensive venture with techs working 24 hours a day, not to mention the cost of downtime to the organization. Most employees were unable to do any work at all.
When the restoration was complete – and not all of the data could be retrieved due to the nature of their backup and recovery solution – the painful process of notifying their legal counsel, their insurance broker and all of their association members began.
Loss of trust is a very difficult state to recover from.
It was no surprise that membership dropped off in the following year, although the organization has since worked hard at regaining credibility by creating what we call a cyber-ready position.
Hackers Getting More Sophisticated
Ransomware remains a huge problem for organizations who don’t have a good understanding of the risks, let alone what they should do about it.
Hackers have become much more pervasive and sophisticated, and ransomware is now considered the most common type of malware-related data breach.
In this particular case, the very legitimate looking ad had a small piece of code deep within it, which when clicked connected the user to the criminal servers that infected the association’s computer and systems.
However, most of the time ransomware is spread by phishing, an email that appears to be legitimate and which entices you to click a link or download an attachment. Sometimes they’re so well crafted, they can bypass an organization’s email security,
DNS blocking services and even anti-virus software. At this point, you may be asking what on earth you can do about protecting your business if it’s so hard to detect these cyber-attacks. While there is no magic solution, there are definitely steps you can take to mitigate the risk.
How to Identify a Phishing Scam
Phishing—It’s not just about investment opportunities in Nigeria anymore! It wasn’t that long ago that the most sophisticated scam email we would see in our Inboxes was a note from some supposed businessman looking for assistance with a cash transaction. The threat landscape has changed dramatically in the past year, with phishing emails becoming more advanced and almost indistinguishable from a legitimate email. All is not lost, however, and this guide will provide some tips for identifying the wolves among your flock of otherwise peaceful email.
What is phishing?
At the simplest level, it’s a fraudulent piece of email engineered to get you to complete a task you otherwise would not perform. Those tasks might be transferring money to an account in the Caymans, providing a stranger with your login credentials, or installing a virus on your computer. Phishing attacks succeed because they fool you into thinking they are messages from something or someone that you trust, and attackers are getting better and better at pretending to be trustworthy. You’ll receive phishing emails that seem to be from people you know, maybe even your boss.
How do I tell a phishing email from a legitimate one?
How do you know that your boss really isn’t telling you to transfer $10,000 to a numbered offshore bank account? You need to pay attention to the details in a message. Most phishing scams look similar to something that you’d receive from a legitimate source, but rarely are they identical to legitimate messages.
For example, you may receive a message from your Bank telling you to log into your account providing a link to check on a transaction. You know, however, that your bank has told you that it never sends you emails with login links. That discrepancy is your clue.
Links in the suspicious email are your best identifier that something is phishy.
When you placed the cursor over the link WITHOUT CLICKING, it showed the link’s URL.
This link clearly wasn’t going to your Bank. You’ll notice as well that the Bank address isn’t even correct.
Many phishing emails are closer to the real thing than this is, but the same techniques apply. If you receive an email for an Office 365 document link, for example, all you need to do is drift your cursor over that link. You’ll notice that the link does not go to office.com or Microsoft.com, but some random website that the phisher hijacked.
Ha! I’ve spotted a phishing email. Now what? Please forward it to your IT help desk so they can analyze the message and configure the spam filter to have a better chance of stopping the phishing message in the future.
Where can I learn more about phishing? https://www.us-cert.gov/ncas/tips/ST04-014 Offers some basic tips.
https://www.it.cornell.edu/security/phishbowl.cfm Is Cornell’s database of current phishing scams they’re seeing on campus. It’s a great way to familiarize yourself with the types of messages out in the wild.
http://www.consumerreports.org/money/how-to-protect-yourself-from-phishing/ The folks at Consumer Reports also have a clear guide with some useful links.
Get a Ransomware Protection
At the cost of sacrificing protection and control. SynerTech protects businesses and ensures control and ownership remain undisputed in cases of user error, malicious attacks, compliance issues, and user management.
What is Ransomware?
Malicious software that locks your files and demands payment to access them.
Ransomware is defined as a term for the many variations of malware that infect computer systems, typically by social engineering schemes.
A cryptovirology attack encrypts critical files and systems and renders them inaccessible to the owner.
Ransomware sometimes marks the files for permanent deletion or publication on the internet. The perpetrators then demand a payment (usually in untraceable cryptocurrency like Bitcoin) for the private key required to decrypt and access the files. Infamous ransomware examples include CryptoLocker, CryptoWall, Locky, Cerber, KeyRanger, SamSam, TeslaCrypt, TorrentLocker, and Reveton.
Who are Ransomware Perpetrators?
Cybercriminals who profit greatly by violating businesses that rely on data as a lifeblood.
Ransomware cybercriminals are organized and profitable. It is estimated that this type of attack earns criminals $10 million to $50 million per month.
There are entire ransomware outfits working out of office buildings, making the stealthy and disruptive pieces of malicious software, and designing deceptively simple schemes to infiltrate small to medium sized businesses.
The criminals are business-minded innovators. Recently, a Ransomware-as-a-Service organized cybercrime ring was discovered, which infected around 150,000 victims in 201 countries in July 2016; splitting profits 40% to malware authors and 60% to those who discover new targets.
The overhead is low, the profits are high, the Bitcoin is anonymous, the list of targets is endless, the technology is not overly complicated, and the odds of getting caught are low. Ransomware perpetrators are sophisticated, profit-hungry, cybercriminals on the lookout for unsuspecting SMBs to violate.
Could my business be a Ransomware victim? In a word: Yes.
Ransomware perpetrators cast a wide net. They target small to medium sized businesses with IT security loopholes, valuable data, and a modest budget to pay the ransom.
If data is important to your business, you are a target.
To get in to your systems, they may send a phishing email to your staff. Because 94% of people can’t distinguish between a real email and a phishing email 100% of the time, they get in. And if they don’t, they try again until someone somewhere clicks the link.
Key Steps You Can Take to Protect Your Reputation
The short list begins with having the proper IT infrastructure in place, which also means making sure your software is updated regularly and your network is being monitored 24/7. Regular and consistent employee training on cybersecurity is the next critical step.
It’s not just one and done! And perhaps the most important item of all is having the right business continuity and disaster recovery solution (BDR) in place.
Unfortunately, we’ve gotten to the point where it’s not “if” but “when” you get hit with a similar situation. Of course, there’s a lot more that can be layered on to enhance your security. If you’re unsure of what protection you have in place, or if you haven’t had a security check-up in a long time, consider reaching out to us for a look under the hood!
Your reputation depends on it.
What's Next ?
BY ANDRES HURTADO RANGEL
CyberSecurity, Cloud Infrastructure & Business Continuity Expert, Certified Data Protection Specialist CDPS