Posts Tagged ‘malware’

Modern Threats Require Modern Defenses

Posted on: June 25th, 2019 by billp | No Comments

Small businesses increasingly face the same cybersecurity risks as larger businesses but with fewer resources to protect themselves. In fact, according to the 2018 State of Cybersecurity in Small & Medium Size Businesses study by the Ponemon Institute:

  • 67% of small and medium-sized businesses have been affected by a cyberattack
  • 82% of attacks were not caught by traditional antivirus software
  • 61% of SMBs have been attacked by ransomware
  • 70% paid the ransom at an average of $1,466 per incident

Worse yet, between 2017 and 2018:

  • Data breaches are up by 4%
  • Cyberattacks are up by 6%
  • Ransomware incidents are up by 9%

We can expect these numbers to increase when the 2019 figures are tallied. The fact is that the problem is only getting worse; it’s not a matter of “if” but “when.”

The traditional concept of “antivirus software,” which arose with the first products released in 1987, started to enter obsolescence sometime early this decade. Industry leaders first began noticing the decline around 2012 when the volume of malware samples began to outstrip the ability of antivirus vendors to write new signatures to block the malware. Both the volume and sophistication of malware has continued to increase exponentially; it’s estimated that there are now 350,000 new variations of malware per day.

To make matters worse, malware and ransomware are a valuable criminal enterprise, incentivizing the cybercriminals to try harder. Aside from ransomware payments made, ransomware damages are predicted to reach $11.5 billion in 2019. Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.

New threats require new solutions. Any product that attempts to protect the endpoint (desktop, laptop, etc.) in this era of vulnerability and risk can’t just target present threats – it must also be future-proof.

Enter Endpoint Detection and Response (EDR) solutions, which target malware behavior instead of identity. The number of malware behaviors is considerably smaller than the number of ways a malicious malware might look, making this approach suitable for prevention and detection.

Consider this analogy. Security professionals (e.g. soldiers, police, guards, etc.) might stop someone and ask for identification. If an ID is provided, is that it? Is any criminal with an ID guaranteed to bypass security? The answer is no. Thankfully, well-trained security professionals receive extensive training to help them spot suspicious behavior which may indicate that someone is not who they say they are.

EDR solutions are the well-trained security professional for your network, providing the following sophistication protections and many more:

  • Real-time protection for known and unknown threats
  • Protection from polymorphic and disguised threats
  • Watches processes as they run in case they “turn bad”
  • Allows quick rollback to a known good state when an attack does occur

Are you ready to have a well-trained security professional guarding your network 365x24x7? Contact the security professionals at Colden Company at 888-600-4560, email us, or visit us on Facebook or Twitter.

Ransomware: What You Need to Know

Posted on: April 27th, 2016 by jiml | No Comments

Viruses are becoming not only increasingly sophisticated but increasingly destructive. It used to be that if you were infected with a virus or malware, you were at risk of having your files copied and perhaps accounts compromised. With the advent of ransomware, hackers have found a way to directly monetize hacking and can do much more damage than malware of the past. Here is how it works:

Ransomware is a class of malware that prevent users from accessing their data, usually by encrypting their files and holding the decryption key. The encryption is strong enough where if you have been infected, your options for getting your data back are 1) pay the ransom or 2) restore your files from backup. The malware will not only infect your computer but any connected network drives or external drives, making the malware quite devastating.

A study from BitDefender estimated that $325 million dollars in ransom has been paid over the last two years as a result of this type of malware. Paying the ransom emboldens and funds these hackers for future attacks and enhanced attacks. There are few security experts who believe the threat level will decrease in the coming years. Most believe it will continue to increase, largely funded by paid ransoms.

If you or your business does not have a solid and reliable backup system, you will be forced to consider paying the ransom as so many people and businesses before you have done. Don’t be part of the problem! Make sure you have adequate backups for your data so that you can fight back and not be a victim.

Who is at risk? Everyone who uses a computer. Even those with the latest security patches and updated anti-malware solutions can be infected. Mac user? KeRanger is a variant of ransomware specifically designed to attack your system. More recent versions of ransomware have infected users through their web browser using vulnerabilities in Adobe Flash. Early versions relied on the user to click an infected email attachment. Now a user can be on the Internet, even on reputable sites like nytimes.com, msn.com, bbc.com and many more, and become infected through compromised ads according to a recent publication from Malwarebytes.

There is a high stakes game of cat and mouse going on between the hackers and security firms. As the security firms find ways to block the malware, the hackers find ways to circumnavigate the changes. You, as the computer user, have a responsibility in this fight as well. Be aware of good security practices like “do not open email from unknown users” and “do not open attachments you are not expecting, even from known users.” It cannot be overstated that you need to ensure your data is backed up, so in the unfortunate event that you get infected, you can simply clean your system, restore your data and avoid becoming part of the problem.

Businesses should be aware that there are additional steps that can be taken to prevent these types of ransomware malware that go beyond traditional anti-malware solutions. This malware initiate the encryption from a protected area and they can be stopped with the proper precautions. We strongly recommend putting these measures into place to prevent ransomware from executing, thus saving your critical business data. There is an escalating battle going on today between hackers and security. We encourage you to proactively take part in the battle to protect your data or you may become a casualty of the battle when you least expect it.

To protect your critical business data, contact Colden Company at 888-600-4560, email us, or see us on Facebook or Twitter.







Beware of Cryptolocker: What is it, how to avoid getting infected, and what to do if you are

Posted on: October 31st, 2013 by billp | No Comments

A new and frightening escalation in the virus world is circulating the Internet.  A virus called Cryptolocker has been infecting PCs through an email attachment. The virus runs and encrypts data on your PC as well as on shared drives that may reside on servers or network attached storage (NAS) devices. The effects are devastating.  

If your system is infected, your local and server-based files will be encrypted. A message will be displayed informing you that your personal files have been encrypted and you need to pay up to 300 USD (the amount seems to change), or a similar amount in another currency.

th-paypage-4801

You will also see a countdown timer. If the timer reaches zero, your encrypted data will be deleted. The virus uses very high-level encryption so brute force decryption would take years – perhaps hundreds of years – which obviously is not an option.

Security software might not detect Cryptolocker or detect it only after encryption is underway or complete. Although Cryptolocker itself can be trivially removed, this does not decrypt files, and may make it impossible to recover them by paying the ransom (which we don’t recommend doing regardless).

What can you do?

  1. Educate yourself and your employees about this malware and introduce or reinforce a policy of not allowing employees to install software on business PCs.

  2. Be particularly cautious of unexpected email coming from known or unknown senders. Attackers may use slight variations in spelling in the sender (i.e. sender@fdex.com instead of sender@fedex.com) to make you believe the email is legitimate.

  3. Email attacks are fairly easy to avoid if you never open attachments you weren’t expecting or from people you don’t know well.

  4. Back up your files. If you have a server, store your files on the server and back up the server every night, preferably with a reliable and monitored solution such as a Backup and Disaster Recovery (BDR) appliance. If you don’t have a server, use a product like Colden Company’s Backup-as-a-Service (BaaS) to back up your local file data securely and off-site.

  5. Run anti-malware software and make sure it it regularly updated. For extra protection, use Colden Company’s Managed Anti-Virus, based on proven malware-fighting technology and constantly monitored by Colden Company.

  6. If you get infected, remove your PC from the network by unplugging your network cable and then call us immediately. This will minimize the risk of spreading the malware to other systems and allow us to determine the best way to help you.

If you have any questions or need help protecting your systems or recovering after an infection, call us at (888) 600-4560, email us at info@coldencompany.com, see us on Facebook, or follow us on Twitter.

Flashback trojan shows Macs do get viruses

Posted on: April 13th, 2012 by billp | No Comments

Apple’s Mac OS X platform has long been promoted as a safe alternative to Windows. Many Mac users have even been convinced that they are invulnerable to viruses and other forms of malware. But as the Mac’s market share has grown, it has become a bigger target.

Earlier this month, Russian antivirus company Dr. Web reported that an estimated 600,000 Macs were infected with the Flashback Trojan, malware designed to steal personal information by disguising itself as a legitimate browser plug-in.

Flashback trojan shows Macs do get viruses (The Washington Post; April 9, 2012)

Respected security software developer F-Secure created a free tool that automates the detection and removal of Flashback. You can download the tool using the link below.

Flashback Removal Tool

If you’re not sure if your Mac is infected or you need help cleaning a Flashback infection from your Mac, contact us for help at (888) 600-4560, info@coldencompany.com, on Facebook, or on Twitter @coldenco.