Ransomware

Ransomware as a Service? Is your business data safe?

Here's an interesting article from Forbes.  Hackers are following current business trends and turning ransomware into a service offering.  One hacker develops the tools to manage a ransomware attack, and then resells it as a service to other hackers for a piece of the bounty.

If you're not familiar with what ransomware is.  These attacks typically come in on carefully targeted emails.  They look and sound authentic.  Not like your typical Nigerian prince scams of the past.  If they know your industry gets signed documents from customers, they will mimic your customer sending you paperwork with a malware riddled attachment or a web link to one.  Even more common are emails masquerading as UPS, FedEx, or Amazon giving you a shipment notification.  

Once the payload has been executed, it connects to hacker controlled servers and scans your computer/network for commonly used data files (Word, Spreadsheets, PDFs, etc).  For every file it finds it encrypts the file with a key it obtained from the server.  Once encrypted that file cannot be unlocked unless you have that key, and the only way to obtain that key is to pay the hacker with untraceable currency.

These hackers know who they've attacked, and they can see what kind of data they've gotten control of.  They analyze how big your business is, how sensitive the data is, and determine a price point they think you'll pay.  Remember this is a business to them, so they want you to pay.  If you're not prepared this can be a huge financial hit to your business, and in some cases there are legal ramifications if customer personal information was exposed.  Ransomware has really changed the threatscape we face. 

As these attacks become more sophisticated & costly, we need to do more to mitigate the risk of infection.  What CAN we do? 

From a social engineering perspective:

  • If there's an email link to a website, mouseover the link and look towards the bottom of your browser. It will tell you where the link leads. Look for mis-spelled company names, because the text of the link in the email isn't necessarily where the link leads. Even better go to google and search for the content directly.

  • If there's an attachment DON'T click it, unless it's a file you specifically solicited from the sender. In some cases just a single click to preview the document is enough to start the virus infection.

  • End-user training to spot fraudulent emails can be a good way to keep your company safe. There are companies available to help facilitate this. Even going so far as to test employees with emails to raise awareness of how costly one inadvertent click can be.

  • Your passwords are an important & cumbersome part of life in 2017. Numerous high profile sites have been hacked, and the resulting data from those hacks were used to gain access to even more sensitive information on other sites (email, finances, etc). Ensure that you're not using the same password for every site, and as much as it inconveniences us, change those passwords periodically. Luckily there are some great tools out there called Password Managers from companies like Keeper or Lastpass to help facilitate this.

And of course on the technology side.  Anti-virus alone isn't enough to mitigate the risk of malware infection.  Ensure you're protected at multiple layers.  Consider some of these options:

  • If your business processes have data coming in or going out via email as attachments, consider automating your processes with a web-based tool.

  • Are your Operating Systems & applications up-to-date? Exploiting known software flaws are a prime target of malware.

  • Look into content filtering services. Blocking access to risky sites all-together is a great form of mitigation. We like Cisco's Umbrella Service as it blocks at the DNS level, so you can protect your entire network. They even have a roaming client for users that take their laptops to other sites.

  • Ensure you have a quality business-grade firewall. If you've exposed any of your internal machines to the Internet (ie RDP, SSH, Remote Access), in most cases it's better to close down those ports and seek alternative means to accomplish those tasks (VPNs, Cloud-based offerings, etc). If you must have ports open then take extra precautions to make sure those devices are quarantined and sufficiently locked down.

  • Internet-of-Things (Wireless Access Points, Lighting Hubs, Video Cameras, etc) devices are a new attack vector for malware. These tend to not get updated frequently enough or have default passwords set. Keep them up-to-date, change the passwords, and segregate them from other devices on your network.

  • BACKUPS! Even if you've taken the above steps to reduce your risks, you should have a backup system in place. It needs to be version controlled, historical, and have an offsite component.

  • Audit your systems regularly. Check who has access to your systems or accounts, and verify times and locations they've been accessed.

  • Where possible enable multi-factor authentication. Especially for your email accounts. These features force additional authentication via application generated time-codes when an account is accessed. Meaning a hacker would have to know your username, password, and have access to your mobile phone.

Technology Porter, LLC is an Everett, WA based IT support and consulting provider.  See our Services page or Contact-Us directly for more information.