Your Step by Step Guide to Mitigating and Preventing a Ransomware Virus in your Small/Medium Business

With the recent epidemic of ransomware viruses (up over 600% in 2016 and with the newest batch of exploits wreaking havoc internationally), I thought it would be a good idea to go through the basic guidelines for mitigating and containing ransomware for your small to mid sized business. There are plenty of additional pieces to putting this together completely so please reach out to me if you would like some assistance. Some of these are simple recommendations and this is by no means a complete list. But, then again, eat healthy, exercise regularly and don’t smoke are simple recommendations – and if you don’t follow them, you know what to expect.

  1. Use a reputable multi vector end point security – Use anti virus programs like Webroot/Kaspersky/McAfee/Avast. Don’t be penny wise and pound foolish. Buy a proper license for each machine. Keep it updated for all new definitions. Keep it current and get one that is constantly being updated. No one program is going to be 100% effective. Also, make sure that you have a program that detects malware. Malwarebytes Premium is my favorite. Again – go for the full paid version and don’t try to cut corners on freemium or freeware versions. An ounce of prevention is worth a pound of cure.  You need protection that is going to detect phishing from spam, detect unsafe websites and web browser protection.
  2. Put strong back up procedures in place– you should have back ups in place with a return point objective that you can live with. That means that you should have back ups both onsite on a device and in the cloud. Both of the back ups should be constantly tested for verification and the process should be monitored. When this is successfully in place, in case of an outbreak, you can restore to the last back up that was unaffected. Please note: tape drives, USB sticks, and removable hard drives are not adequate for business applications. You need a proper belt and suspenders- a properly sized on premise device that is backed up to the cloud.
  3. Make sure that you are updating your operating system and plug ins regularly – the current round of ransomware is exploiting unpatched and un-updated Windows vulnerabilities. We update our clients with whitelisted patches and updates from Microsoft. Make sure that you are constantly updating your operating system. Make sure that you are scheduling your updates properly- for all of your computers and all of your devices. Make sure you update all of your computers- even those that you may use less frequently. For example, we use micro pc’s in our conference room- for use with our large screen monitors. All of those units must be updated regularly.
  4. Make sure that your firewall is regularly updated and maintained– your firewall should be under contract and updated with the very latest definitions. Your firewall is all that stands between you and the virus filled Internet. We recommend Watchguard because it is constantly being updated and maintained – and it includes best of breed components that would be too expensive to buy separately bundled in.
  5. Disable autorun- make sure that you disable autorun for everyone!!Yes, autorun is useful. Yes, it is also used by viruses and malware to propagate itself throughout a network. In these dangerous times, disable it.
  6. Stop making everyone an Admin!! – administrators should be admins. However, if you give everyone admin rights, you open yourself up to more damage. User should be users and admins should be admins. Period.
  7. Enforce secure passwords– believe it or not, people use stupid passwords. Enough with stupid. If you want to get infected, use a simple password. If you don’t use a secure password (strong with characters, alphanumeric and symbols). Better yet, have your users get a password manager app.
  8. When relevant, encourage the use of two factor authorization– if you have compliance requirements (HIPAA or PCI) definitely use two factor authorization.
  9. Disable RDP– remote desktop protocol is used by all sorts of viruses and malware to gain access. If you don’t need it or don’t know what it is, disable it.
  10. Educate EVERYBODY– even if your office is a handful of people- but especially if you have less sophisticated users- education of the threat is important. Your staff should know what phishing, spear phishing and how to recognize and avoid suspicious emails. Incorporate this into your onboarding of new employees or have a meeting about this. If you would like a recommendation for videos, send me an email and I will send you a recommended list. Along with that, add pertinent sections to your employee manual about bringing your own device onto the network, using “free”USB drives, and clicking on links in emails.

Like I said, this is by no means a comprehensive list. I have learned Mark Twain may have had the last word. “It’s not what you know that gets you in trouble, it’s what you know for sure that just ain’t so”. The world of viruses and malware is changing. Yesterday’s method may be overcome in an instant and you have to keep on top of it. If you need help- just let me know!

 

Prime Telecommunications Educates Customers on Password Protection Policies to Keep Their Businesses Safe

PasPassword Managementsword management has become increasingly important with daily attacks from hackers specifically targeting SMBs (Small and Medium sized businesses) . For example, 6 million LinkedIn account passwords were compromised just a couple of years ago and the list of breach has grown dramatically since. Anyone who has been using major social media sites, like LinkedIn, may have received a notification in the past couple months forcing them to reset their passwords. This is the result of the colossal breach in Internet security and Prime Telecommunications has taken the initiative to advise businesses on how to protect themselves.

As the Internet continues to expand in complexity, so do its vulnerabilities. In order for business owners to protect their organizations, they need to utilize best practices in password security. Here are some steps that business owners can take immediately.

Never Use the Same Password Twice: One of the most effective ways to prevent breaches is also the simplest; never use the same password for multiple accounts. Strong, unique passwords, with symbols, numbers and capital letters are usually far more effective than anything else.

Enable Two-Step Authentication/Verification: This is one of the other simple ways that a business can instantly upgrade the security of their entire network, by simply passing a company policy. Two-step password authentication essentially means that when a user logs into their account, they’ll be required to confirm that log-in attempt by replying to a text message or phone call. This best practice makes it much harder for hackers to impersonate the true account owner because it requires them to have access to multiple accounts before their hacking attempts can be effective.

Stay Vigilant Against Phishing: Hackers have long relied on phishing, a common strategy in which a hacker attempts to defraud an online account holder of financial information by posing as a legitimate company. For example, a hacker will gain access to your account information by purchasing your email and password on the black market and then they will log into your email and send a desperate email to one of your contacts, posing as you. “John! My transmission just blew and I’m stranded out here. My phone is about to die. Can you send me $2,000 to this account? I’ll pay you back as soon as I get into town.” Users need to constantly remain vigilant against attacks like this because they are prevalent and have proven effective over the years.

“While these are a few proactive steps a company can take in the right direction, they are only a mere shadow of what is possible if they work with a true managed IT services provider, like Prime Telecommunications, who is regularly monitoring, maintaining and optimizing the security of every device on a business’s network,” stated Vic Levinson, President of Prime Telecommunications. Prime Telecommunications partners with SMBs that need to secure a competitive advantage with advanced technology and want to remain focused on growing their business, instead of keeping up on the latest in online security. “That’s our job,” said Mr. Levinson.

 

Eight Reasons Why Small and Mid-Sized Businesses Need Managed IT Services

Managed Networks Chicago

Managed IT services is rapidly becoming one of the hottest solutions in business today because it dramatically improves an organization’s profitability, frees up internal resources, and offers a unique competitive advantage.   Simply put, managed IT services are designed to assist companies in maintaining and supporting their network and IT infrastructure with the assistance of an outsourced managed services provider (MSP).  Types of services may include remote network monitoring, programming and reporting (24/7), firewall monitoring, intrusion detection, preventative tasks, disaster recovery, data backup and help desk support.  There are eight critical reasons why small to midsized businesses (SMBs) need managed IT services now and throughout the life cycle of their business.

Dependence On IT

Almost all businesses have become more dependent on computer technologies in the past few years.  And, it’s a rapidly changing environment.  Every business has become dependent on its IT infrastructure to perform at a high level, while effectively delivering its products or services.  As a result, it has become more difficult to maintain the expertise to properly deploy, manage, and monitor this new technology, especially as a business evolves.

Complexity

The fact that this new technology is new makes it more difficult for the average employee to understand and use effectively.  The level of demand and sophistication from today’s businesses are driving up complexity.  Distinct disciplines or specialties are emerging in a variety of technology related areas such as telephony, desktop, network, application and database support.  The breadth and depth of technology an organization requires immediately places the resources at a small to mid-sized businesses (SMBs) at a distinct disadvantage.

Insufficient Solutions

Traditional support options such as a one man IT consultant, or a one or two person in-house IT department cannot effectively handle the occasional network breakdowns that are bound to occur. This is especially true when compared to a team of external resources that  proactively monitor the SMB’s installed technology at all times.

Lack of Process

An IDC study reinforces the notion of lack of process, showing that 78% of all IT downtime is caused by change.  If you could simply eliminate change from the computing environment, you would substantially decrease the risk. Unfortunately, most SMBs lack the procedures, documentation standards, and scope of work, which often results in major disruption and downtime.

Increased Use of Technology

Increasing use of computers, new software and procedures, often leads to increased complaints and loss of productivity. Typically, when network or desktop problems arise and escalate inside a company, the response time of the one man shop or internal staff is quite slow. This dramatically increases employee complaints and lowers productivity.  In many situations employees have to wait in line to receive help.  As a result the downtime and morale will impact the organization’s bottom line as well as their ability to meet their customers’ needs.  By implementing a managed IT services program, the demand on internal IT resources are lessened, and they can now be utilized for other purposes such as directly supporting strategic business objectives rather than becoming bogged down in frequent break/fix issues.

Controlling Costs

During these challenging times, the IT budget is frequently reduced.  In a recent survey of nearly 950 IT managers at companies in North America and Europe; nearly half of the U.S. respondents said they have already cut their IT spending budgets.  Unfortunately, a cut in IT spending doesn’t mean there is a cut in demand for services.  This adds tremendous stress and pressure on internal departments to support the same amount of work with fewer resources.

Technology Erosion

Computer systems must be maintained just like any other systems used within the business. Vehicle fleets, manufacturing equipment, and the physical plant, have all moved to a preventative approach. If a company does not implement this preventative maintenance strategy for its technology components, disaster might be the unpleasant and unprofitable result.

Compliance

Finally, the technology utilized within an organization in most cases must meet specific compliance standards.  For example, a company’s business processes supported by technology may need to comply with Sarbanes-Oxely, Health Insurance Portability and Accountability Act (HIPPA), Gramm-Leach-Bliley Act (GLBA) and other requirements. Most companies don’t have the resources to fully understand and comply with all the detailed requirements of these regulations.

All of the above issues are driving the popularity of partnering with a managed IT services firm.  Companies that have made the transition already answered this question.  If deploying, managing and monitoring my IT infrastructure has absolutely nothing to do with the core competency of my business, why wouldn’t I outsource it to an expert?  This is a fairly easy question to answer and these organizations have reaped the rewards of increased profitability and a competitive advantage.

Want a honest assessment of your network? Give us a call at 847 329 8600!

4 Top IT Decisions that Business Owners/CEOs Will Have to Make in 2015

In today’s business environment, owners need to assess the advancement in all technological areas, but paying special attention to these four areas will yield exponential benefits in the next calendar year. Here are the four decisions that need to be made:

Is It Time for Me to Downsize My In-House IT Department? IT departments have long served as a vital support structure for ensuring that all business operations run smoothly. However, as more software and hardware applications migrate to “the cloud” and the number of managed services providers grows, businesses need to start taking a hard look at whether or not it is fiscally responsible for them to pay for full-time IT staff. Advancements have made it possible for remote technicians to fix computer problems off-site and run constant monitoring, management and data optimization software to improve the efficiencies of a company’s network. In many cases, entire teams are used to ensure optimum network performance, something that a single employee cannot hope to deliver consistently. As the playing field has leveled, more sophisticated tools have been developed, making this job even more competitive. In fact, many large organizations are beginning to outsource key areas of their IT operations entirely, and it is not long before outsourced IT departments are commonplace.

Downnsize IT Department

How Can I Secure My Network From Threats? With cybercrimes on the rise, more and more businesses are beginning to take proper precautions to prevent company downtime or data loss. Spyware, malware, data backup and anti-virus protection are all vital to the economic well-being of any stable business. In emergency or negligence situations, critical data loss can set teams back for weeks and put a giant damper on productivity. Many businesses are reexamining their Acceptable Internet Usage Policies (AUPs), to make sure that employees are only visiting work-related sites when at the office. These types of threats are usually found on dangerous websites, which can be eliminated entirely with simple site filtering tools that restrict access to unnecessarily volatile sites. Many companies see this need, especially in the case where businesses derive funding from institutional and private investors. These organizations are often required to spend a significant portion of their yearly budget on security enhancing technologies to make sure that all sensitive information remains perpetually protected.

Network Security

Big Capital Expenditures or Small Cloud Transition Costs? With servers and telephony shifting from the standard on-premise solution of old, to more software-centric and remote operation, many businesses are choosing to invest heavily in the transition to the cloud. The biggest driving factor behind this decision is that from a financial standpoint, most businesses want to upgrade their technology, but don’t want to create a large amount of capital expenditures, which constrain financial resources. Technologies with rental programs, or lowered total cost structures are increasingly popular because of their minimal impact on a budget. With plenty of equipment nearly obsolete, many businesses are investigating technologies which leverage a fixed-cost of ownership in their cost structure. This helps businesses avoid big capital expenditures, keeping them lean and mean for the next year.

Cloud Hosting Icon

What’s Our Policy Regarding Bring-Your-Own-Device (BYOD)? Networks are the backbone of any business. However, when employees bring their own devices onto the network, they can often disrupt the infrastructure and slow the overall speed of the network drastically. Furthermore, these devices can pose as security threats when they are not properly configured to run in concert with all of the other technology endpoints on the existing network. It’s a complex web and network design is an intricate process, which is absolutely essential to get right. Some businesses refuse to let people bring their own devices onto the network, yet the vast majority of businesses allow employees to bring their own mobile devices onto the network, as long as they are properly configured by a leading technology specialist. That way, employees can utilize the tools they feel most comfortable with, without derailing anyone else’s performance on the network.

Bring your Own Device

 

Want to know more? Need help in talking out your decisions? Give us a call at 847 329 8600 and let’s begin the discussion.

Take Advantage Of Network Security – An Ounce Of Prevention Is Worth A Pound Of Cure

In the minutes, hours and days that follow a widespread, widely publicized data breach, most companies scramble, amping up their security measures in an effort to overcompensate for their lack of proactive preparation. A Forrester Research study revealed that more than 45 percent of businesses opt to increase security and audit requirements after an attack occurs. But as our grandmothers always say, an ounce of prevention is worth a pound of cure. Basically, Grandma was trying to say that a proactive approach to security—versus a reactive one—helps to ensure that your business is protected without having to learn the hard way.

While a lax data security plan may be the most detrimental of business strategies, a close second is taking a “one and done” approach. In reality, true data and network protection requires constant effort —it’s not a checklist to be completed, filed away and forgotten. System security, as a whole, is a moving target with new threats and vulnerabilities popping every day and from all angles. Which means one security solution may become outdated just as quickly as it was implemented. Without dedicated resources and the training required to implement and monitor advanced security solutions, organizations are basically sitting ducks, putting their corporate assets at greater risk.

Network Security

So where do you start? System protection begins with a thorough risk vulnerability assessment—and trust me, there are plenty of vulnerabilities to look for. For example, consider the impact of Bring-Your-Own Device (BYOD), with its myriad of points at which employees may unknowingly compromise corporate network security. Or take into account the rising threat and increased variety of Distributed Denial of Service (DDoS) attacks. From organized crime rings to hacktivists to foreign government hacking attempts, the complexities and motives are changing by the day.

By identifying the most vulnerable points within your current system and workflow, you can then start to draft a strategy and analyze potential solutions. Creating a customized security plan, one that’s tailored to addressing those vulnerabilities head-on, is foundational to a solid strategy. Your plan may include simple items, such as creating and implementing a formal BYOD policy. Or you may need more comprehensive protection, enhancing your network and cloud security through a Managed Service Provider (MSP) or bringing in a variety of tactical solutions, such as firewalls, antivirus, OS hardening, intrusion detection and web filtering as applicable. A complete security solution should protect your data and applications from all angles — network, cloud and employee communication—to mitigate any threat to your data.

Part of a successful security plan, however, is allocating enough staff and resources to support that plan. The best-protected systems are those that are constantly managed by a dedicated IT team. If, in your risk assessment efforts, you find that you’re lacking resources to provide ongoing support and monitoring, a Managed Network Security Solution may be the answer.

Our Managed Network Security Solutions provide not only security, but also the team that can support your security mission. We offer 24 x 7 x 365 management and monitoring, going beyond protecting PC desktops with custom, comprehensive real-time protection against attacks, defending and protecting your entire office-computing environment against the latest generation of Internet threats.

Take the first step toward achieving system security and contact a Prime representative today. Remember that ounce of protection? When we’re talking about data security, it’s worth WAY more than a pound of cure.

10 Key Considerations When Picking a Managed Security Services Provider

Once, managed security providers were small companies who offered select few larger companies the option to store their data remotely. Now, that market has grown into a widely utilized industry, where providers navigate security issues, compliance regulations, and the importance of data protection for you.

But with this burgeoning enterprise comes the difficulty of deciding between the many competent players. When choosing the company that will defend the security of your data and manage your ability to access it, it’s important to look closely at several aspects of each provider

Track Record. The ideal MSSP to handle your company’s sensitive data will be able to show a strong history of quality information management over a significant period of time.

  1. Response Time and Analysis. An MSSP must be able to easily determine security threats from false alarms. Your provider should be able to respond immediately after analyzing and interpreting large amounts of network security.
  2. Operation Centers. The best MSSP will have state-of-the-art security operations centers at multiple locations, allowing for cross-monitoring and double-checking compliance with security standards.
  3. Global Awareness. To really be prepared, security experts must be able to monitor threats to data not just domestically, but from around the world. International eyes and ears allow for proactive handling of threats and real-time alerts.
  4. High Level Management. Management personnel in the best MSSPs will often have backgrounds working in military, security, or government: an indicator of success.
  5. Range of Services. Particularly for larger businesses, MSSPs must be able to provide a variety of services, including real-time monitoring, firewall management, intrusion detection systems, virtual private networks, and more.
  6. Security Procedures. Ask for documented standards and policies that are in place, from handling of unusual operations to common threats. Look for an MSSP that offers a variety of notification options for optimal staff awareness.
  7. Third-Party Validation. Whatever these policies and procedures are, make sure that the MSSP has had them validated and certified by a third-party auditor.
  8. Range. For best brand-specific protection, find an MSSP that employs specialists who have certified experience working with a variety of security providers and in a wide range of products.
  9. Reporting. Detailed reporting is essential for a company to truly trust the MSSP. Be sure that the reports are based on information drawn from various platforms, include recommendations, are open about latest threats, and are clear about any security changes that have been made.

Your data is only as secure as the company trusted to protect it. Take your time and consider all aspects of the business and relevant details of your own company before deciding.

 

Network Security

6 Huge Benefits of Managed IT Service

As the shape of global business continues to shift, companies big and small are determining how to incorporate new technologies. But while growth and operational decentralization have obvious benefits for long-term goals, they also present a new series of ground-level issues that can no longer be solved by local teams.

Enter Managed Services.

Developed to be scalable as a small business grows into a large, mobile one, this type of service combines the latest network technology with network monitoring, allowing a hands-off approach to managing networks and software. Agents can troubleshoot and fix most issues that occur from a remote location, further ensuring consistent access and functionality throughout the entire communications experience.

There are many reasons why managed services are making waves in all industries, but here are six that will blow your mind:

1. Quick recovery: With complex processes available to managed services providers, businesses can track and respond almost immediately to any events that may occur across their communications platforms. Gone are the days of scrambling from one problem to the next in an effort to simply keep projects and operations on track. With managed services, quick efficient fixes help businesses focus on growth.

2.  Before It Even Happens: Thanks to helpful remote tracking, complex remote service systems can predict where problems may arise, preventing them before they even happen. Businesses can operate with confidence knowing that issues can get tackled before they even occur, thus lowering the risks involved in important projects and operations.

3. Proper Planning: By further monitoring the ways in which a client utilizes their network systems, managed services providers can alleviate redundant operations, free-up file space, and further streamline formal processes. This allows clients to accurately predict their future performance needs and make informed decisions regarding infrastructure and database.Flat Rate ITFlat Rate IT

4. Built-in HUD: Through client portals created by managed services providers, clients can access network and performance data in real time and respond immediately. Service tickets can be logged and saved, and critical processes are monitored constantly by management. These client dashboards can even be customized specifically to a business’ needs. Whether a client wants to view real-time operational data at a high level, or an ultra-specific one, a managed services dashboard allows business owners to keep an eye on the prize from the helm of the ship.

5. Lightning Fast Updates: Managed services allow IT staff and developers to step back from the seemingly endless troubleshooting and problem solving of old systems and focus on future development and patching. Managed services providers can manage patches continuously; with this in place, downtime becomes few and far between

6. Big Picture Infrastructure: The in-depth, real-time monitoring provided by managed services gives companies a full understanding of the ins-and-outs of their infrastructure. Timely reviews prior to large projects, updates, and rollouts give business owners a full understanding of the ramifications of each decision they make, so that they can remain informed as they make crucial changes to the way they do business. Managed services highlight the weak points and problem areas so that companies can prioritize resources.

With all of these benefits in mind, it’s easy to see…Managed Services is the next step in technological business development, and a crucial linchpin in the scaling of a rising company.

Learn more: http://www.primetelecommunications.com/flat-rate-it-support/

Microsoft Ending Support for Windows Server 2003 Operating System

NCCIC / US-CERT

National Cyber Awareness System:

11/10/2014 07:19 AM EST
Original release date: November 10, 2014

Systems Affected

Microsoft Windows Server 2003 operating system

Overview

Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.[1] After this date, this product will no longer receive:

  • Security patches that help protect PCs from harmful viruses, spyware, and other malicious software
  • Assisted technical support from Microsoft
  • Software and content updates

Description

All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2] As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.[3]

Impact

Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.

Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.

Solution

Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.

The Microsoft “Microsoft Support Lifecycle Policy FAQ” page offers additional details.[2]

Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.[4,5] US-CERT does not endorse or support any particular product or vendor.

References

Revision History

  • November 10, 2014: Initial Release

 

Our partnership with Rapidscale allows you to never have to worry about these types of announcements ever again.

CloudApps is the next generation application purchasing and licensing management platform for business. CloudApps connects businesses with the applications they want while eliminating licensing management and application upgrades. With CloudApps, the application purchasing process is automated from per user or per business purchasing to application approval workflow delivered on one bill.

Check out more at http://www.primetelecommunications.com/infrastructure-service/.

Ransomware Virus Alert

Another report just out from United States Computer Emergency Readiness Team (US- CERT) regarding crypto ransomware malware that affects all Windows PC’s.

 

NCCIC / US-CERT

National Cyber Awareness System:

10/22/2014 05:28 PM EDT
Original release date: October 22, 2014

Systems Affected

Microsoft Windows

Overview

Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. This Alert is the result of Canadian Cyber Incident Response Centre (CCIRC) analysis in coordination with the United States Department of Homeland Security (DHS) to provide further information about crypto ransomware, specifically to:

  • Present its main characteristics, explain the prevalence of ransomware, and the proliferation of crypto ransomware variants; and
  • Provide prevention and mitigation information.

Description

WHAT IS RANSOMWARE?

Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin.

Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically spread through similar methods, and has been spread through Web-based instant messaging applications.

WHY IS IT SO EFFECTIVE?

The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and inevitably become infected with additional malware, including messages similar to those below:

  • “Your computer has been infected with a virus. Click here to resolve the issue.”
  • “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
  • “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

PROLIFERATION OF VARIANTS

In 2012, Symantec, using data from a command and control (C2) server of 5,700 computers compromised in one day, estimated that approximately 2.9 percent of those compromised users paid the ransom. With an average ransom of $200, this meant malicious actors profited $33,600 per day, or $394,400 per month, from a single C2 server. These rough estimates demonstrate how profitable ransomware can be for malicious actors.

This financial success has likely led to a proliferation of ransomware variants. In 2013, more destructive and lucrative ransomware variants were introduced including Xorist, CryptorBit, and CryptoLocker. Some variants encrypt not just the files on the infected device but also the contents of shared or networked drives. These variants are considered destructive because they encrypt user’s and organization’s files, and render them useless until criminals receive a ransom.

Additional variants observed in 2014 included CryptoDefense and Cryptowall, which are also considered destructive. Reports indicate that CryptoDefense and Cryptowall share the same code, and that only the name of malware itself is different. Similar to CryptoLocker, these variants also encrypt files on the local computer, shared network files, and removable media.

LINKS TO OTHER TYPES OF MALWARE

Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically becomes infected by opening a malicious attachment from an email. This malicious attachment contains Upatre, a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variant of the Zeus Trojan that steals banking information and is also used to steal other types of data. Once a system is infected with GameOver Zeus, Upatre will also download CryptoLocker. Finally, CryptoLocker encrypts files on the infected system, and requests that a ransom be paid.

The close ties between ransomware and other types of malware were demonstrated through the recent botnet disruption operation against GameOver Zeus, which also proved effective against CryptoLocker. In June 2014, an international law enforcement operation successfully weakened the infrastructure of both GameOver Zeus and CryptoLocker.

Impact

Ransomware doesn’t only target home users; businesses can also become infected with ransomware, which can have negative consequences, including:

  • Temporary or permanent loss of sensitive or proprietary information;
  • Disruption to regular operations;
  • Financial losses incurred to restore systems and files; and
  • Potential harm to an organization’s reputation.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Solution

Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.

US-CERT and CCIRC recommend users and administrators take the following preventive measures to protect their computer networks from ransomware infection:

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Maintain up-to-date anti-virus software.
  • Keep your operating system and software up-to-date with the latest patches.
  • Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Use caution when opening email attachments. For information on safely handling email attachments, seeRecognizing and Avoiding Email Scams.
  • Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.

Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center or contact the CCIRC .

References

Revision History

  • Initial Publication, October 22, 2014

 

Increased Security in the Cloud: What it Means for Business

Over the last several years, cloud services have become a viable solution for businesses wanting to innovate and transform operations. The much-discussed benefits of continuous availability, low maintenance, and increased scalability have caused the cloud to grow almost 300% over the past 6 years. However, as the cloud continues to expand, hesitations revolving around the issue of security linger—security is still cited as a leading inhibitor to cloud adoption.

We find that few disagree that cloud computing is a way of the future. However, we do sympathize with those who are still hesitant to making the switch—after all, making the transition to cloud storage can be a big decision for many businesses, especially when safety is a primary concern. In order to clear the name of cloud computing security, we have listed four concepts that prove cloud security is safer than ever.Cloud Computing Security Tips

1) Cloud providers have security expertise. 

Not to sing our own praises, but cloud storage is our passion—and something we take very seriously. In general, cloud providers offer a wide range of managed security services that utilize the latest technology. Our industry’s success is based on our ability to keep customers’ data secure. And keeping your stuff safe is our guarantee.

2) High security standards must be followed. 

Because of strict standards established by the Higher International Organization for Standardization (ISO), cloud security is extremely high. As aforementioned, cloud computing is a multibillion-dollar business, and business is based on keeping customers’ data secure. ISO standards are designed to ensure just that.

3) Human error is reduced.

It’s no secret that people make mistakes. Even the most meticulous workers forget, misplace, and overlook hardware and data. However, computers don’t make mistakes—nor do they have bad days. This overlooked concept translates to superior security in the cloud. In the past, if a worker misplaced or even lost a computer or thumb drive, a company was at risk of losing vital data. With cloud storage, your data can be safely accessed anywhere, even if that same forgetful worker misplaces his or her laptop.

4) More is, indeed, better.

Building off the idea of limited hardware, if you only have one something (be it a laptop, a desktop, or a smartphone), that one piece of equipment is at risk of getting lost or broken. This translates to data: if you only have one way to back up your data, what happens if that method falters? Cloud computing protects your data by utilizing many methods of storage.

While we aren’t here to say that cloud computing is entirely free of security risks, we do guarantee that with the right team and expertise to back your operations, your data is safer than before. If you’re resisting the transition to cloud computing because of security reasons, you should reevaluate the benefits and contact us.