Ransomware FAQs; What’s Going on Here?

A 19-year-old UK teenager from Hertfordshire has pleaded guilty to creating and running the Titanium Stresser booter service, with which he launched 594 denial of service (DDoS) attacks.

According to a statement put out by the Bedfordshire Police, Adam Mudd developed the tool when he was just 15 years old.

He didn’t just use it to launch his own DDoS attacks. He also sold it online and ran it as a service, distributing it to cyber crooks.

Investigators are still working out the total amount Mudd made from the attacks, but their preliminary estimate is around $385,000.

Investigators determined that Mudd’s stressor – which is a tool used to flood networks with data, bogging them down until they’re dead in the water, non-functioning and vulnerable to compromise – was used in more than 1.7 million DDoS attacks worldwide.

Those attacks were launched against 181 IP addresses between December 2013 and March 2015, the month that Mudd was arrested and the service was shut down.

According to Silicon Angle, Mudd kept detailed logs of all the attacks that relied on Titanium Stressor.

In fact, it was, for a time, the most popular DDoS-for-hire service available online.

One of Mudd’s satisfied customers must have been the hacking group Lizard Squad. According to The Register, Mudd’s creation was the basis for Lizard Stresser, a DDoS tool marketed by the hacking group.

Remember Lizard Squad? They ruined Christmas 2014 with a DDoS directed at PlayStation and Xbox servers, timed to make sure nobody could play games during the holiday.

A spot of poetic justice was had when the Lizard Stresser service itself got hacked, spilling customer details on to the internet.

Interestingly, the very same thing happened recently to vDOS, one of the most disruptive attack-for-hire services on the internet.

vDOS was taken down in September, and its alleged co-owners were arrested following a “massive hack” on the site. Tens of thousands of customers’ details were spilled, along with the identities of its teenage owners.

Technically speaking, those who launch these DDoS attacks aren’t hackers, given how little technical skill is required.

All they have to do is harness the horsepower provided by botnets, as Sophos’s Mark Stockley noted at the time of the vDOS takedown. Those botnets contain tens of thousands of computers compromised by malware.

Perhaps not coincidentally, both security journalist Brian Krebs and DNS service provider DYN – both involved in the vDOS sting – were hit by massive DDoS attacks from the Mirai botnet.

As Brian Krebs has reported, Lizard Stresser relies on thousands of hacked home routers to launch DDoS attacks.

That’s not dissimilar to Mirai, which also uses poorly secured devices that aren’t laptops, desktops or servers.

As we noted at the time of the attack on Krebs, Mirai originated not from malicious bot or zombie software on regular computers, as might have been the case a few years ago, but from so-called Internet of Things (IoT) devices such as routers, web cameras and perhaps even printers.

You might not think of such humble devices as having enough brawn to do the damage that DDoSes have wrought, but string them all together, and they can be used to cause a world of hurt.

Mirai wasn’t well-coded. But it didn’t have to be scrupulously developed in order to be destructive.

To make it all that much worse, in the aftermath of the assault on Krebs, the source code of the malware used in the attack was open-sourced.

But back to Mudd: he pleaded guilty to two offenses under the Computer Misuse Act and another of money laundering under the Proceeds of Crime Act. He’s due to be sentenced in December.

We don’t yet know how much prison time Mudd may be facing, but Silicon Angle reports that the judge who accepted his guilty plea noted that “a spell in a youth offenders institution will be considered”.

[contentblock id=92 img=gcb.png]

 

[contentblock id=72 img=gcb.png]

yahboohoo-580x314.png

In the September/ October timeframe this year it became clear that Yahoo had lost more than 500 million records which was the biggest hack of the year. Who knew that they would top themselves just a few months later!

Yahoo just stated today that a separate incident has exposed at least a billion more user accounts. They also warned that attackers figured out a way  to log into targeted Yahoo accounts with forged authentication cookies without having to supply the victim’s password.

How can this get any worse….   It’s a Massive Epic Fail. Here is the updated graph from the Wall Street Journal on the size of this monstrous hack.

Yahoo1billion.jpg

“Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts,” Yahoo’s chief information security officer Bob Lord said in a statement the company published Wednesday afternoon. “We have not been able to identify the intrusion associated with this theft.”

Yahoo said they were  in the process of notifying the affected account holders, and that they have invalidated the forged cookies.  “We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016,” Lord said.

Blaming it on the Russian Government in this case is a cop-out. These are high level criminal hackers that simply get air cover from Putin but are not on his payroll.

At this point, Yahoo has fallen down on security in so many ways that I have to recommend that if you have an active Yahoo email account, either direct with Yahoo or via a partner like AT&T, get rid of it. But clean it out first, get rid of all the folders, delete the account and open a gmail account instead. Check if you have used your Yahoo password in other sites, and change the password and security questions for those accounts. And remember, never reuse your email password (or any other password tied to an account that holds sensitive data about you) at any other site.

If you used a mobile phone number in association with your Yahoo! account, and you still use that mobile phone number, then SMS phishing (a.k.a. Smishing) is now a distinct possibility, so be be very wary of Smishes.

Thanks Verizon, for your interest in Yahoo and the due diligence that followed. I would recommend to not pursue this course of action though.

Lynda_hacked.jpg

 

Lynda.com, the online learning unit of LinkedIn, has reset passwords for some of its users after it discovered recently that an unauthorized external party had accessed a database containing user data.

The passwords of close to 55,000 affected users were reset as a precautionary measure and they have been notified of the issue, LinkedIn said in a statement over the weekend.

The professional network is also notifying about 9.5 million Lynda.com users who “had learner data, but no protected password information,” in the breached database. “We have no evidence that any of this data has been made publicly available and we have taken additional steps to secure Lynda.com accounts,” according to the statement. Here is the email that was sent:

“We recently became aware that an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.

Please know that we have no evidence that this data included your password. And while we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure.

If you have questions, we encourage you to contact us through our Support Center.

The Lynda.com team

Lynda.com was acquired a little while ago by LinkedIn for US$1.5 billion in a cash and stock deal. And then LinkedIn was in turn acquired by Microsoft this month for the all-cash transaction worth US$26.2 billion.

The breach at Lynda.com comes a little after Yahoo said last week that data relating to over a whopping 1 billion user accounts had been stolen in 2013. This is the second big breach reported by Yahoo, with the other affecting at least 500 million users.

Graham Cluley, who is more or less the Indiana Jones of insecurity reporting, wondered whether this is a hack in the traditional sense, whatever that means anymore, or whether it is based on the findings of a security researcher who uncovered a vulnerability and harvested it.

He’s also a bit miffed that the Lynda website isn’t making a big deal about the problem. This kind of obvious ignoring of hacks is a bugbear of his, which perhaps explains the big dig he gives LinkedIn at the end.

“The wording of the email is a little odd, and makes me wonder whether this was a traditional hack’ or more a case of a security researcher stumbling across a user database on a server that shouldn’t have been publicly accessible, or found a vulnerability that allowed them to access user information,” he said.

“Disappointingly, I was unable to find any reference to the data breach on the Lynda.com website. I always think breached sites should post an online notice so users can confirm the incident, rather than blindly trust an email received in their inbox. Regular readers will recall that LinkedIn is no stranger to database breaches”.

Phishing attacks have long been associated with malicious emails that spoof well-known institutions in order to trick users into coughing up credentials to banks accounts, email accounts, or accounts for major online services. Phishes that exploit the good name of trusted brands familiar to users have also been known to deliver ransomware, backdoors, and other malicious software designed to compromise the companies and organizations those users work for.

Spoofing well known institutions and brand names is old hat, though, and users have become increasingly wary of emails claiming to hail from familiar companies and organizations. In response, the bad guys have been refining their use of social engineering, the key to any successful phishing campaign.

This week we saw the latest evolution in the use of social engineering hooks designed to lure unsuspecting employees into downloading and executing highly malicious software inside corporate networks.
Making the Extraordinary Seem Everyday

Over the past two years malicious actors have increasingly resorted to simpler, less flashy social engineering schemes designed not to raise eyebrows to but to capitalize on users’ ingrained habit to click through attachments or links that give every appearance of being just more of the same dreary, business-related email content that fills their inboxes on a daily basis.

Thus, most of the major email-driven ransomware campaigns that we’ve seen over the past 6-9 months have been landing in users’ inboxes under the pretense of dealing with invoices, P.O.s, IT-related messaging, and other ordinary business documents and topics, some of them very industry-specific. The social engineering hooks in such phishes are noteworthy only for just how unspectacular they initially appear. A few recent examples:

  • Attached is the initial CD for my client (based on preliminary fees that you sent over). Can you please advise on revised/added fees (tax prorations, HOA dues, etc)?
  • You are going to be billed USD 3,881.74 on your Mastercard balance soon. Take a look at the attachment for information.
  • Your car loan is approved.
  • Charge attached.
  • Your order was completed in accordance with the agreement. Please see attached detailed estimates for each agreement article.
  • We need your signature on this before we can settle.
  • Please find attached the fully executed contract.
  • Our HR Department told us they haven’t received the receipt you’d promised to send them. Fines may apply from the third party. We are sending you the details in the attachment.

Such social engineering hooks are intended to provoke unthinking, habitual clicks from users inured to the avalanche of email that hits their inboxes day in and day out. Most are short — some less than five words — just like the majority of legitimate daily business email communication.

But even these cleverly designed phishes share a common problem: they are cold contacts, forcing users to refocus their attention on a new problem, a process that could raise their levels of awareness and alert them to something amiss. And, indeed, phishing emails are all by their very nature cold contacts.

But what if the bad guys could create the illusion of an on-going email discussion thread among office colleagues — the kind of cozy, familiar situation in which few users would ever expect to be phished? In fact, that’s just what we saw this week.

Starting from the Middle of Things

Over the past two days a number of our customers have reported receiving large numbers of a rather interesting phishing email.

phish-with-link1-2.png
There are a couple of things to note about this email.

First, the email appears to be a conversation between two different employees — one using a generic accounting email address within the company (whose name we’ve redacted) and a second being an individual employee named Sam. In fact, this entire email originated from outside the company being targeted. It is, in reality, a spoofed email thread.

Second, this is a targeted attack. The one named employee is real and the email address contained in the hyperlinked version of his name (only partially visible in the screenshot above) is that employee’s actual email. Moreover, the visible link points to the company’s own domain (while the actual underlying link, revealed by hovering the mouse, points to a Vietnamese domain). The bad guys obviously researched their targets before phishing them in order to create a credible, spoofed email thread purportedly involving real employees likely familiar to other users within the company.

Third, the social engineering hook involves an apparently innocuous request from a fellow employee. Who in a modern office environment hasn’t encountered printer problems? Moreover, the link being dangled in front of users appears to offer access to personally sensitive information — something that could prove irresistible to some people.

In short, this phish is a cleverly manufactured ruse designed to give users the impression that they have been mysteriously dropped into the middle of an ongoing discussion involving a document with personally sensitive information about another colleague working in the same office.

Just like any other phish, it’s a cold contact. But it doesn’t feel like one.

Things Get Real

Employees who click the link will find themselves downloading a malicious Word document that opens to a slickly designed macro warning screen offering the kind of “helpful” instructions that are now a staple among phishing campaigns pushing malicious Office macros:

macro-warning-screen1.png
Users curious enough to follow the directions in that initial screen and enable macros will be kicking off a trojan downloader that pulls down a malicious .EXE from a domain registered just three days ago. That .EXE is then dropped in two locations: the ProgramData and UsersAll Users folders.

After a reboot seven more files (all without file extensions) are added to those locations and a dodgy .DLL (probably extracted from one of those extension-less files) is automatically loaded by an instance of rundll32.exe.

The .DLL in question is, reportedly, a variant of Fareit — a sophisticated password-stealing tool that scowers compromised PCs for all manner of exploitable data and exfiltrates that data to malicious actors. On our test PC Sysinternals’ TCPView revealed that the .DLL in question had established a connection with a site in Russia — almost never a good sign — on a port often left wide-open in corporate firewalls:

tcpview-connections1.png

This phishing attack was undoubtedly the initial phase of a more extensive campaign to compromise the networks of targeted companies and exploit the resulting holes for monetary gain.

Helping Users Get Real

As noted earlier, we saw a large number of these malicious emails get reported to us by the employees of customers who have the Phish Alert Button (PAB) installed. Even though this attack used a rather unique social engineering hook, users who had been through KnowBe4’s new school security awareness training nonetheless smelled a rat and clicked the appropriate button in Outlook, effectively notifying their own IT departments as well as KnowBe4.

This is exactly the kind of response you need from users when something as dangerous as Fareit sails right past all the rest of your security solutions and ends up lurking in your users’ inboxes, tempting them to make one bad click and, in so doing, potentially bring the company down around their ears.

Too many users are taking the bait and clicking all the way through these ransomware traps. It’s time to educate your users with new-school security awareness training and stop the madness.

 

By Eric Howes, KnowBe4 Principal Lab Researcher.

 

[contentblock id=72 img=gcb.png]

 

reply_to_graphic.jpg

Two of the big cybersecurity attacks are the CEO Fraud (aka Business Email Compromise) which has caused $3.4 billion in damages as well as the W-2 Scams which social engineer Accounting/HR to send tax forms. Both attacks have your employees engaging and replying with the bad guys. To help inoculate employees against this type of attack we are launching a new feature: Phishing Reply Tracking (*).

KnowBe4’s new Phishing Reply Tracking allows you to track if a user replies to a simulated phishing email and can also capture the information in the reply for review within your KnowBe4 admin console. Knowing if users are replying to phishing emails and what they are replying with is an excellent way to make sure users are following the best practices for dealing with phishing emails.

We have created a new category of system phishing templates called “Reply-To Online” which are specifically designed to test whether users will interact with “the bad guys” on the other end. However, the Phishing Reply Tracking also works with any of our existing 500+ phishing templates.

Additional options for this feature include:

  • Store the reply-to content.
  • Customizable reply-to address sub-domain, making the reply-to address look similar to your actual domain.
  • Track out of office replies to find out if your users are including company directories and other information with their OOF messages.

© KnowBe4, Inc. All rights reserved. | Privacy Policy & Terms Of Service | Security

 

[contentblock id=72 img=gcb.png]

Larry Abrams just reported: “Yesterday a new in-development ransomware was discovered by MalwareHunterTeam called Popcorn Time that intends to give victim’s a very unusual, and criminal, way of getting a free decryption key for their files.  With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key.

Whether you’re a business or an average user, cyber security is always a matter of concern for you. Even big corporations and governmental agencies are not immune to such vulnerabilities. Cyber-crimes can have a far more devastating impact on any organization or person than a conventional attack since you’re not even aware of the location of the attacker or even the files and info that such attackers have gained access to.

The ramifications of such attacks are enormous, as the entire economy of a country may be put to risk if attackers target governmental agencies like banks or other financial institutions.

Thus, it is important to know about the vulnerabilities prevailing in cyber-world so that you could take preventive measure to avert such an attack. So, keep reading to find out five cyber-security vulnerabilities present in the contemporary online world.

1. Buffer Overflows

Buffers are sequential section of memory. Such sections store different character strings or even a set of integers. Buffer overflows happen when there is an overflow of data in a particular buffer of a defined length. The buffers are unable to handle such huge amounts, and hence, Buffer Overflows happen.

These attacks occur when the attacker is aware of the target’s space allocation system and buffer management. He can send a code with malicious data to the target system. Since the application will not be able to handle so much of data, hence it will use more buffer than allocated to it. This info is sent back to the hacker, and he can exploit this vulnerability in his favor.

2. Injection Vulnerabilities

This is a very common flaw and is quite effective for the hackers. In such a vulnerability, an application sends untrusted data to an interpreter. SQL, XPath, XML parsers, LDAP are some of the applications that are affected by it. Though, such flaws are very easy to discover through proper analysis of the code. But they are quite difficult to find when they are in “Testing situations”. Such attacks cause data loss which ultimately leads to loss of sensitive data. Even the entire control over the target computer can be accessed.

3. Sensitive Data Exposure

This situation occurs when some unauthorized person gains access to the sensitive data of the users. Sensitive data exposure, generally, happens when an ‘unprotected’ set of data is transmitted between different cyber-entities. Although, it can even happen when the data is at rest. The attacker could hack the data, or intercept such data. The primary reason for such attacks is the lack of encryption. If your organization’s data is not properly encrypted, then you may face the dangers of exposure of such data to the entire world.

4. DDoS attacks

DDoS (Denial of Service) Attacks are one of the most annoying things on this list. Such attacks are used to flood the target’s server with so much traffic that their servers crash. DDoS attacks can also be used as a smoke screen to divert the attention of the concerned IT team and carry out something even more dreadful. The attacks are getting advanced each day, and if proper actions are not taken then, it may even lead to many companies losing their data or even their customers.

5. Social Media Attacks

Social Media attacks are rampant today. Social media contents are used by the attackers to distribute malware or steal sensitive data. The attack is dreadful in the sense that it is very easy for the attackers to spread its effect to a large section in almost no time. Such attackers are in the constant hunt to device new technique to exploit social network vulnerabilities.

Endnote

The attacks listed above are some of the most cyber-threats existing in the cyber-world today. Although, the list is neither conclusive nor comprehensive. There are other susceptibilities too like Broken Authentication, Session Management, and Security Misconfiguration, but here we have included only the most common threats.

 

[contentblock id=74 img=gcb.png]

It’s October, and that means it’s Cybersecurity Awareness Month (CSAM).

In the USA, it’s not merely CSAM, it’s officially National Cybersecurity Awareness Month, an awareness project aimed at ensuring that everyone has “the resources they need to stay safer and more secure online.”

In 2016, as in previous years, the overall message of NCSAM is a simple one to remember:

STOP. THINK. CONNECT.

That’s actually excellent advice for any online activity, whether that’s uploading snapshots, signing up for a new service, clicking through to a website, or downloading the latest app.

Many cybercrooks have learned to squeeze just hard enough to get us to take needless risks online, without pressing so hard that we get suspicious and turn away.

For example, ransomware often arrives in emails that claims to be invoices or requests for quotation, giving you just enough reason to open the attached document, because it’s similar to the sort of material you receive regularly at work, but not enough to realise that it doesn’t quite add up.

Or the crooks send you booby-trapped content that pretends to cover a topic that you are interested in, such as a research paper or a news report. (Your personal interests can probably be found on Facebook; your work interests on LinkedIn.)

Likewise, a recent strain of Mac malware called Eleanor, which tried to hook your webcam up to the Dark Web, posed as a free document conversion utility.

Instead of using fear, or high-pressure techniques, the crooks relied on offering a handy utility that claimed to solve a common hassle for Mac users, knowing that anyone who tried it and deleted it later, without any obviously bad side-effects…

…would be stuck with the malware it delivered, which left behind handy intrusion and hacking tools that the crooks could come back to later.

Sometimes, just a few minutes, or even a few seconds, spent asking yourself, “Is this really a good idea?” is enough throw a spanner in the infection process.

In real life, it’s perfectly common to look before you leap, because leaping involves real physics, and real forces such as gravity.

Online, it’s easy to get into the habit of relying on some equivalent of [Undo] to try to “unleap” later on if things go wrong.

If you’re really unsure, ask someone round you for advice – but make it a genuine, real-world friend: someone you already know, and like, and trust. Don’t contact the person who sent you the email to ask them to vouch for themselves; don’t rely on calling back the phone number they gave you; and don’t use web links that they provided, either.

Of course, STOP | THINK | CONNECT. doesn’t apply only to those of us who consume online services.

It applies just as strongly to organisations that provide online services and hope that we’ll connect to them.

2016, for example, is shaping up to be the Year of The Last Year’s Data Breach, or even worse, as we hear news story after news story of massive data breaches that happened years ago.

Let’s make sure that 2020 isn’t the year that is remembered as the Year We Found Out About The Breaches of 2016 by acting now to deal with all those security improvements we haven’t quite got around to yet.

If we are more diligent about STOP | THINK | CONNECT before we put precious data where crooks can get at it, we can help everyone, including ourselves, to stay safe online.

[contentblock id=92 img=gcb.png]

[contentblock id=73 img=gcb.png]

 

The Washington Post recently published a list of 98 specific user details that it says Facebook keeps tabs on.

The theory is that this helps the Zuckernaut to know enough about your behaviours and interests not only to offer better value to its advertisers, but also to make you happier by showing you ads for stuff you might actually like.

(That’s called targeted advertising, where you’re the target.)

The thing is, the list contains some unusual entries that have understandably put the world into a bit of a spin, such as:

14. Square footage of home 29. Mothers, divided by “type” (soccer, trendy, etc.) 45. How much money user is likely to spend on next car 62. Expats (divided by what country they are from originally) 79. Users who are “heavy” buyers of beer, wine or spirits

Number 92 on the Washington Post’s list is probably the most perplexingly eclectic combination:

92. Users who are interested in the Olympics, fall football, cricket or Ramadan

Of course, for many users, lots of this information, such as:

2. Age 4. Gender 8. School

…doesn’t need any research or deduction by Facebook, because many people provide this willingly when they create their Facebook profile.

Similarly, information such as:

51. Operating system 59. Internet browser

…is readily gleaned from almost every web request you to make to every site, as it’s tucked into the HTTP headers.

The bad news is that this all sounds very creepy, and perhaps it is.

The good news is that Facebook has a way to review what it thinks you like, although as far as I can see, it’s not as straightforward as simply pulling up a 98-point list and editing or deleting each entry.

I logged in, went to Settings | Ads and then clicked on the Ads based on my preferences option:

There you will find a [Visit Ad Preferences] button that takes you to a page that shows what Facebook thinks you’re into.

On the Business and industry tab, I found out what Facebook thought I might like: apparently I am interested in golf and Sophos:

It would be surprising if Facebook hadn’t inferred that I’m interested in Sophos, but where my supposed interest in the Professional Golfers’ Association of America comes from I just can’t imagine.

I’m sure golf is a wonderful and companionable game, and I’m delighted that Britain won the Olympic gold medal at Rio 2016, but it’s not for me – I’d just tip 13 balls into the lake up front and free up hours of time to do something enjoyable instead.

Clearly, Facebook does figure out a lot about you as you use the service and interact with other people, many of whose interests you may share, but it’s far from precise if it thinks that golf is a key interest of mine.

Fortunately, you can use the Ad Preferences page to delete any or all of the data points that Facebook keeps on you, by clicking on an “interest” icon to bring up a delete option, although that won’t spare you from ads:

If you remove all your preferences you’ll still see ads, but they may be less relevant to you.

What I couldn’t find, but would like to have accessed to from Ad Preferences, was a one-stop page containing all the categories, as listed by the Washington Post, but it seems that until Facebook decides you are interested in X, it won’t tell you that X as a category that’s one of the 98 it keeps track of.

We’re guessing that the Washington Post figured out its 98-point list by creating an new ad, or pretending to, and browsing through all the categories that advertisers can choose from when configuring the targeting of that ad.

Have your say!

What do you think?

Is a list of categories like this (whether it really is 98, or 57, or 242) a step too far?

Or are targeted ads mostly harmless?

After all, you’re going to be getting ads anyway – so what’s the harm in making them at least vaguely relevant, based on information you’ve already revealed to Facebook?

Follow @NakedSecurity

Follow @duckblog

 

[contentblock id=73 img=gcb.png]

Manager is pushing RANSOMWARE on a touch screen. Three opened lock icons light up in a hexagonal code structure signifying an infected computer system or application. Security technology concept.

 

Ransomware is getting big notice in the press. Frankly, it makes a pretty readable story; organization gets hit by a virus, data is locked up and they pay a ransom to get their data back. Like the plot of a movie, perhaps. Except this is real, happens to people just like you and it’s unlikely to stop anytime soon.

To control something like this, it’s important to fully understand the issue first. Here are a few FAQs on Ransomware to get started on that understanding.

Who is deploying ransomware?

Criminals. In some cases there are large criminal networks in other cases it is a smaller operation. But the source of nearly all Malware is criminal profit.

Who are they targeting?

In some cases the target is very broad, and in some cases it is quite narrow. For example, if the purpose of the Malware is to build a botnet, or to deploy cryptographic ransomware then the target will be as broad as everyone running a particular OS. In other cases the target may be valuable information at a specific company and that target will be specific users within that organization.

What your chances are of suffering this type of attack?

Extremely high. In a given week every single system is probably subject to an attempted Malware installation of some sort. In many cases the Malware may target another OS, or is looking for a vulnerability that has already been patched on that system. But between email and the web, users are constantly being bombarded.

What can be done to prevent ransomware?

Cover the three most common attack vectors, Web, Email and Endpoint using cloud based security. Train your users regularly on how to avoid being infected by falling for phishing or other scams. Keep all operating systems and software packages up to date.

What should be done once your organization has been hit?

First quarantine the network or systems that are potentially infected do not let the system on the network or Internet, all file transfers should come from hard media, next scan the systems and remove the threat, third reboot the system and scan again to make sure the threat has been removed. Fourth install endpoint protection if it was not already installed. Fifth, change system passwords. Sixth, install all security updates from OS and software manufacturers. Sixth reconnect to the network. Seventh, change all online passwords, assume every single one of them was compromised by a key logger. Lastly, continue to monitor the system of unusual activity.

 

[contentblock id=74 img=gcb.png]

Is Your COMPANY's Data on the Dark Web, Find out TODAY!!!

GET YOUR FREE DARK WEB SCAN TODAY!!!

Copyright © 2015 - 2018 Sentree Systems, Corp.. All rights reserved.

Sentree Systems, Corp. | 6137 Crawfordsville Rd Ste F #177 Indianapolis, IN 46224 | 317-939-3282