Posts Tagged ‘ransomware’

Modern Threats Require Modern Defenses

Posted on: June 25th, 2019 by billp | No Comments

Small businesses increasingly face the same cybersecurity risks as larger businesses but with fewer resources to protect themselves. In fact, according to the 2018 State of Cybersecurity in Small & Medium Size Businesses study by the Ponemon Institute:

  • 67% of small and medium-sized businesses have been affected by a cyberattack
  • 82% of attacks were not caught by traditional antivirus software
  • 61% of SMBs have been attacked by ransomware
  • 70% paid the ransom at an average of $1,466 per incident

Worse yet, between 2017 and 2018:

  • Data breaches are up by 4%
  • Cyberattacks are up by 6%
  • Ransomware incidents are up by 9%

We can expect these numbers to increase when the 2019 figures are tallied. The fact is that the problem is only getting worse; it’s not a matter of “if” but “when.”

The traditional concept of “antivirus software,” which arose with the first products released in 1987, started to enter obsolescence sometime early this decade. Industry leaders first began noticing the decline around 2012 when the volume of malware samples began to outstrip the ability of antivirus vendors to write new signatures to block the malware. Both the volume and sophistication of malware has continued to increase exponentially; it’s estimated that there are now 350,000 new variations of malware per day.

To make matters worse, malware and ransomware are a valuable criminal enterprise, incentivizing the cybercriminals to try harder. Aside from ransomware payments made, ransomware damages are predicted to reach $11.5 billion in 2019. Ransomware costs include damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.

New threats require new solutions. Any product that attempts to protect the endpoint (desktop, laptop, etc.) in this era of vulnerability and risk can’t just target present threats – it must also be future-proof.

Enter Endpoint Detection and Response (EDR) solutions, which target malware behavior instead of identity. The number of malware behaviors is considerably smaller than the number of ways a malicious malware might look, making this approach suitable for prevention and detection.

Consider this analogy. Security professionals (e.g. soldiers, police, guards, etc.) might stop someone and ask for identification. If an ID is provided, is that it? Is any criminal with an ID guaranteed to bypass security? The answer is no. Thankfully, well-trained security professionals receive extensive training to help them spot suspicious behavior which may indicate that someone is not who they say they are.

EDR solutions are the well-trained security professional for your network, providing the following sophistication protections and many more:

  • Real-time protection for known and unknown threats
  • Protection from polymorphic and disguised threats
  • Watches processes as they run in case they “turn bad”
  • Allows quick rollback to a known good state when an attack does occur

Are you ready to have a well-trained security professional guarding your network 365x24x7? Contact the security professionals at Colden Company at 888-600-4560, email us, or visit us on Facebook or Twitter.

New Ransomware Threats and How to Defend Against It

Posted on: February 23rd, 2018 by jiml | No Comments

In what should not be a surprise to anyone reading this, 2017 surveys have shown that ransomware attacks against businesses like yours increased in 2017 over 2016. (4.3 times as many to be exact) The hackers behind these attacks have been so successful in monetizing their attacks that they have tremendous resources at their disposal to hone their craft. The end results are attacks that are more sophisticated and more destructive. If you are unsure what ransomware is, please see our video.

2017 saw attacks like WannaCry that did not use the traditional methods of infecting computers. Email attachments and links are still the most common method of contracting ransomware, but we are seeing different threat vectors targeting businesses. In the case of WannaCry, it attacked vulnerabilities in the Windows operating system. Users did not need to click on a bad attachment or go to a bad web site to be infected. They simply had to be targeted and not have installed the patches that Microsoft provided for the vulnerability.

2018 has seen a rise in ransomcloud viruses which attack cloud services like Microsoft Office 365, a popular email platform. Users would receive an email appearing to be from Microsoft and prompt the user for credentials. Once provided, all of the users’ email would be encrypted and unreadable without the decryption key, which the hackers held for ransom.

We, of course, encourage users to never, never, never (you get the point) pay the ransom. Paying the ransom perpetuates the cycle by giving the bad people more resources to put toward their scams. Once you have contracted a ransomware virus, restoring from backup is the best way to recover your data. Cleaning the infection out of your system should of course be the first step in remediation, followed by restore. For ransomcloud viruses affecting Office 365 it is important to note that businesses have options. There are reliable and cost-effective solutions for providing comprehensive backups to your Office 365 (or Google’s G Suite) data. Having this extra layer of protection can come in handy for other reasons in addition to malware as well. Want to recover an email from two months ago? How are you going to do that? With our solution, a simple phone call or email gets the process started. Too much business is conducted via email in today’s world to leave your email recovery to chance.

To hear more, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







Ransomware in the News Again

Posted on: May 29th, 2017 by jiml | No Comments

Ransomware is making the news again this month, with the WannaCry virus that affected hundreds of thousands of computers in many countries around the world (150 countries according to Wikipedia), including the United States. This virus would encrypt all of your files and demand ransom in turn for the decryption key. If your data was not properly backed up, your data would be at risk.

This particular strand of ransomware attacked a known vulnerability in Windows operating systems, called the EnternalBlue exploit. Microsoft had released a patch for it so if your computers were properly patched you were not at risk. If you are in the habit of delaying Windows updates, your system was at risk. While systems running Windows XP were most at risk due to the fact that there was no patch out for the vulnerability (Microsoft has since released a patch that XP users have to manually download), but the vast majority of infected computers were Windows 7 computers. This is due in part to the vast proliferation of Windows 7 as compared to Windows XP which has been phased out in many places as well as the change in policy with Windows 10 that makes it more difficult to delay and manage updates. Since Microsoft installs updates for you in most versions of Windows 10, most systems were patched.

While keeping your systems properly patched was the best defense in this case, most strands of ransomware attack through email or enticing users to click on ads or other click bait to infect computers. The vast majority of ransomware strands work in this manner. This is why it is critical to have defenses for these types of attacks. Quality spam filtering is important to filter out much of the email attacks. User education is key to recognizing those attacks that make it past the spam filter. Web filtering is key to preventing users from going to known bad sites and accidentally infecting their machines. Finally, as a last resort, having a reliable backup system in place is your last defense. Paying ransom should never be an option, as it only perpetuates the cycle. Security is best applied in layers.

As we have said in many previous blog posts, if you are running your business the same way you were three or four years ago, you are falling behind. This is especially true with security. The security threats have dramatically increased in that time and your security defenses need to keep pace.

Contact us today to review your data security at (888) 600-4560, email us, or visit us on Facebook or Twitter.







Security Mistakes Businesses Make

Posted on: September 27th, 2016 by jiml | No Comments

Many of our blog postings have something to do with data security in one form or another. The reason is because today’s world is different than the world was five years ago. If you have not changed the way you are securing your critical data and systems over that time, your measures are likely no longer sufficient. Threats like ransomware present significant risks to businesses today. Did you know your business could get fined by the FTC if your business becomes the victim of ransomware? Here are some of the top mistakes we see being made in regards to security:

  • Using the same passwords for different uses
    We are still seeing the repercussions from the LinkedIn hack a few years ago. If you were notified about the hack and just changed your LinkedIn password, you may not have done enough. The hackers had a list of emails and passwords from the hack and then tried those same credentials at different sites. “Let’s see if those credentials work on Facebook…..or Chase bank perhaps.” If you are using the same password for multiple applications you are at risk if one of those sites is compromised.
  •  Not keeping employees up-to-date on security threats
    As we mentioned in the introduction, the world is changing and new security threats are out there such as ransomware, scareware and social engineering scams. Are your employees or coworkers up to speed on the threats they might face? Do they know how to react if they encounter one? Awareness training is a key component to a comprehensive security plan.
  • Not using web browsing controls
    Web browsing controls, sometimes called content filtering, used to be considered an optional item for businesses. In today’s environment, we consider it a necessity. A good content filter will block known bad sites to prevent users from accidentally (or purposefully) going to site that can infect their business computer. There are many forms of malware that attack through web browsers. You should have the mindset that when you are using a web browser, you are in the danger zone. Web browsing involves connecting to other computers that your organization does not control and must trust.
  • Failing to review security policy and protective measures regularly
    This is how businesses fall behind the curve with security. Systems are put in place and the security of those systems are never regularly reviewed to see if they are keeping up with the evolving security threats they might face. Who is responsible for this in your organization?

These are just a few of the mistakes we see businesses making. The result is that your business is put at risk. Are you making any of these mistakes? Contact us at Colden Company and see how we can help remediate these issues for you and protect your critical data and systems. Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







Ransomware: What You Need to Know

Posted on: April 27th, 2016 by jiml | No Comments

Viruses are becoming not only increasingly sophisticated but increasingly destructive. It used to be that if you were infected with a virus or malware, you were at risk of having your files copied and perhaps accounts compromised. With the advent of ransomware, hackers have found a way to directly monetize hacking and can do much more damage than malware of the past. Here is how it works:

Ransomware is a class of malware that prevent users from accessing their data, usually by encrypting their files and holding the decryption key. The encryption is strong enough where if you have been infected, your options for getting your data back are 1) pay the ransom or 2) restore your files from backup. The malware will not only infect your computer but any connected network drives or external drives, making the malware quite devastating.

A study from BitDefender estimated that $325 million dollars in ransom has been paid over the last two years as a result of this type of malware. Paying the ransom emboldens and funds these hackers for future attacks and enhanced attacks. There are few security experts who believe the threat level will decrease in the coming years. Most believe it will continue to increase, largely funded by paid ransoms.

If you or your business does not have a solid and reliable backup system, you will be forced to consider paying the ransom as so many people and businesses before you have done. Don’t be part of the problem! Make sure you have adequate backups for your data so that you can fight back and not be a victim.

Who is at risk? Everyone who uses a computer. Even those with the latest security patches and updated anti-malware solutions can be infected. Mac user? KeRanger is a variant of ransomware specifically designed to attack your system. More recent versions of ransomware have infected users through their web browser using vulnerabilities in Adobe Flash. Early versions relied on the user to click an infected email attachment. Now a user can be on the Internet, even on reputable sites like nytimes.com, msn.com, bbc.com and many more, and become infected through compromised ads according to a recent publication from Malwarebytes.

There is a high stakes game of cat and mouse going on between the hackers and security firms. As the security firms find ways to block the malware, the hackers find ways to circumnavigate the changes. You, as the computer user, have a responsibility in this fight as well. Be aware of good security practices like “do not open email from unknown users” and “do not open attachments you are not expecting, even from known users.” It cannot be overstated that you need to ensure your data is backed up, so in the unfortunate event that you get infected, you can simply clean your system, restore your data and avoid becoming part of the problem.

Businesses should be aware that there are additional steps that can be taken to prevent these types of ransomware malware that go beyond traditional anti-malware solutions. This malware initiate the encryption from a protected area and they can be stopped with the proper precautions. We strongly recommend putting these measures into place to prevent ransomware from executing, thus saving your critical business data. There is an escalating battle going on today between hackers and security. We encourage you to proactively take part in the battle to protect your data or you may become a casualty of the battle when you least expect it.

To protect your critical business data, contact Colden Company at 888-600-4560, email us, or see us on Facebook or Twitter.