Global Cyber Attack – WannaCry Ransomware

 

Mid-May of 2017 saw one of the largest global cyber-attacks ever. Ransomware has become all too common and computer hackers took advantage of a vulnerability in Microsoft Windows in what is being called the WannaCry attack. The hackers managed to affect computers worldwide. Thus far, the impact has been felt on over 230,000 computers in over 150 countries. The ongoing cyber-attack of the WannaCry ransomware computer worm targets the Microsoft Windows operating systems and seems to originate from an anonymous source but first was seen in April, 2016 by the hacking group Shadow Brokers.

 

The damage of WannaCry seems to be fairly widespread and has hit companies that use Telefonica, a Spanish broadband and telecommunications provider with operations in Europe, Asia, and North, Central, and South America. The attack has come down especially hard on hospitals and medical facilities in the United Kingdom and throughout Europe. While anyone who hasn’t updated their Windows PC recently is vulnerable, the good news is that attempts to contain the attack’s spread have paid off. The number of infected computers did not increase the week following the attack as many had expected.

 

If you are looking for ways to avoid being a victim of this attack take the advice of your IT Department or IT Consulting company. According to security company Bitdefender, follow these five steps:

  1. Disable your computer’s Server Message Block service.
  2. Install Microsoft’s patch.
  3. Backup your data on an offline hard drive.
  4. Install all Windows updates.
  5. Use a reputable security software to prevent attacks in the future.

 

Stay tuned for more updates on this attack and follow our biweekly blog at M&H Consulting.

 

 

Cyber Attack Trends to Watch out for

With all new technology trends come new cyber attack trends. According to an article in TechRepublic.com, 90 million attacks will hit tech users in a year and 70 percent of them will go unnoticed! Because of this, we have searched for the patterns of cyber attacks to be on the look out for years to come. Here is what we found:

Ransomware will continue to rise:

There have been many cases of ransomware in the past and they are expected to rise as a security problem in taking advantage of vulnerable servers. A large part of the reason for its rise is because this is one of the easiest ways of getting confiscated data back; you just pay the ransom.

Rise in attacks on Industrial Control Systems:

Let’s face it; many of our Industrial Control Systems are past the outdated stage of technology. Because these outdated systems were not designed with cyber security in mind, they are expected to be a security issue for the future.

More Sophisticated Spear Phishing:

With more sophisticated spear phishing, it will be more difficult to tell which emails should be avoided from those that are legitimate. Spear phishing emails are no longer as simple as a scam link being sent and asking to be clicked on. They are disguised as important business/company emails.

Hacking on Internet of Things:

Because the Internet is being applied in every device, even those, which were not originally built to connect online, many every-day appliances are expected to be hit with cyberattacks. These devices can be anything from an app-controlled coffee maker to self-driven vehicles. With these devices, privacy is limited once they are hacked. Hackers can get access to your home and business through these technologies.

Simply being aware of these cyber attack trends is not enough. Security measures need to be taken in order to prevent such attacks. For information on how to get ahead of these attacks, contact M&H Consultants!

What’s New with Ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It is an access-denial type of attack that prevents legitimate users from accessing files[2] since it is intractable to decrypt the files without the decryption key. The use of ransomware scams has grown internationally. Security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013. This number has grown in recent years. In fact, every week seems to bring news of another case of ransomware.

 

In April 2016 The Unites States and Canadian governments released a rare joint cyber alert warning about the recent surge in ransomware attacks, in which data is encrypted and crooks demand payment for it to be unlocked. The US Federal Bureau of Investigation reports that ransomware attacks are not only proliferating, they’re becoming more sophisticated. So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas: 1) Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls; and

2) The creation of a solid business continuity plan in the event of a ransomware attack. (Source: FBI Cyber Report 4/2016)

 

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, and large businesses are all on the radar of cyber attacks of ransomware. The FBI and US government has given an official guide on what to do in the case of a ransomware attack on your business. Please read on for their suggestions.

 

Prevention Efforts

 

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and antimalware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need to read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

 

Business Continuity Efforts

  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

If you don’t know where to begin or need to beef up your security protocol call M&H for a security evaluation and implementation.

Challenges of Ransomware

You arrive at work, boot up your laptop and desktop. Instead of your usual screen, however, there is a hostile message. “This operating system has been locked for security reasons” or “You have browsed illicit material and must pay a fine.” Usually the group who has locked your computer demands money or they will destroy all of your business and/or personal data. Ransomware encrypts all or most of the files on an infected device or network, using mostly Advanced Encryption Standard.This is every business owner’s nightmare. This is the crux of ransomware.

 

How Common is Ransomware?

After first emerging in Russia and Eastern Europe in 2009, ransomware has spread to Western Europe, the US and many other countries, causing high infection rates and a great deal of frustration for consumers. In one monthly study by Symantec, 68,000 computers were infected: the equivalent of 5,700 every day! Of the computers infected about 2.9 percent of compromised users paid out. This may not seem like a large amount but it adds up quickly and fairly easily for the criminals. Techniques have become more and more sophisticated with code built into ransomware programs to tailor messages to the right language and local law enforcement logo, for example.

 

Tips for Dealing with the Challenges of Ransomware

Even if a company does pay the ransom, the cybercriminals often do not restore functionality to the system thus meaning the business has lost the money and the data in one-fell-swoop. The only reliable way to restore functionality is to remove the malware.

  • Have security software installed and, most importantly, up to date with a current subscription. Remember with the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad as having no protection.
  • Make sure all the software on your system is up to date. This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverages a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.
  • Make sure you are leveraging the full set of protection features delivered in your security product.
  • Do not pay the ransom! Paying the ransom may seem like a realistic response, but it is only encouraging and funding these attackers. Even if the ransom were paid, what guarantees do you have that you will actually regain access to your files?

Keeping You and Your Devices Safe

In today’s fast paced world we are becoming more and more dependent on our electronic
devices. We access our data and spreadsheets on our laptops and tablets. We call and email our clients on our smart phones. The devices we use are becoming more integrated with everyday life, and as such we use them for more than just business.

Many people will stream a video, or listen to music on their devices. Imagine, however, you click on a link to watch a video, and instead your device becomes locked, with a message stating that there is child pornography on your device and you will be reported to the FBI unless you pay to have it removed. This is exactly what happened to a young girl in Tennessee. She unknowingly installed malware that took over her phone and started to wreak havoc. This type of malware is called “Ransomware”. It is a form of malware that installs on your devices, and can be from
websites, emails, etc. Some of it will threaten to delete or encrypt your data unless you pay a fee. Some will delete the data and then demand a fee to restore it. Some, like above, will install illegal things and demand that you pay or if not that you will be reported to the FBI. What’s worse is that you could pay the ransom demanded, and you’re not even guaranteed to get your data back, or device freed.

poison-computer

This type of malware is big business, and has mostly been limited to computers (laptops or desktops.) With today’s technology of more mobile devices such as tablets and smart phones we can expect that this will become the newest trending market for being targeted by the writers of the Malware. Companies such as Avast have reported in increase of blocked attacks, and they see the trend rising.

All hope is not lost however. There are steps that you can take that can help you to
avoid this type of personal attack. First you should always be wary of links. Never
click on an unknown link, especially from emails. If an associate or friend has
emailed you something that contains a link make sure that you verify that it actually
came from them before clicking on it. Attackers have ways of making emails seem to come from people you know and wouldn’t suspect. Second, you should only use approved methods of downloading applications onto your smart phone or tablet. This includes Google Play and the Apple Store. This is not always a guarantee of safe programs, but they are less likely to be harmful if coming from them. Third, make sure that you have some sort of program to block these types of attacks. This means virus/
malware protection. Make sure that you use a reputable vendor, and purchase the protection. There are many free versions out there, but when it comes to your devices and data it is better to be safe than sorry. You know the adage, you get what you pay for.

If you do become the victim of one of these ransomware attacks make sure that you first contact your local authorities, especially if the ransomware has downloaded illegal items onto your device. After that you can contact us any time at 866-9MH-TECH or email us at support@mhconsults.com and we will be glad to assist you.