Category: Guidance

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

UK Government Cyber Essentials 10 Step Plan

 

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1.     Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2.     Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3.     Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4.     Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5.     User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6.     Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7.     Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8.     Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9.     Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10.Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Why You Need Double Opt-In Marketing

With single opt-in, you let people sign up to your newsletter, subscription or whatever by simply clicking once on a link or filling in a contact form etc.

But double opt-in takes this a stage further and you have to get the person to either return an email confirming their registration or  click on another link in an email to confirm.

Hence it is a two-step process to register.  This extra step will mean you lose some people, who would have otherwise registered with just the single opt-in, but there are advantages to double opt-in and it becomes law in May 2018 with the European Directive General Data Protection Regulation (GDPR).

From May 2018, consent for processing personal data and any Marketing communications must be freely given and unambiguous i.e.no pre-ticked boxes, generic descriptions or over complicated terms and conditions.

GDPR also states that companies must keep a record of how and when the customer gave such consent. The double opt-in method is considered the easiest way to comply.

If you’re offering incentive to get people to sign up to your subscription or newsletter etc. then there are likely to be many people who sign up but with fake email addresses and spambots that try to sign up.  This means that many of the email addresses on your list will be bogus and hence you will be wasting your time sending out emails to them.

Double opt-in takes care of this as only people who give correct email addresses will sign up and if the second stage of confirmation has not put them off then you have a better quality email list.

So, double-opt-in as well as becoming a legal requirement may actually help you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Identify Ransomware

If you are hit by Ransomware, you need to block off the attack by removing Internet access from your PCs and  servers,  stop any encryption processes in progress and any other processes running that shouldn’t be running.

Then the first stage of investigation is to identify what you’re facing and the website https://id-ransomware.malwarehunterteam.com/ is a good starting point.

You upload one encrypted file or the file that is the ransom message to this website and it will try to identify the variant of ransomware. Currently it can identify more than 500  different variants.

For each there is extra information which can tell you if there are decryption keys available on the Internet.

Some anti-hackers try to find the decryption keys and post them freely, but the blackmailers do know this and try to stay of ahead of them by using new variants for which there are no keys available except for the one held by the blackmailer.

The website is run purely as a free service to the public and does not decrypt files for you – you need an IT  professional for that (assuming it’s possible as many cannot be decrypted without a key from the blackmailer)

If you have a suspected virus rather than ransomware then there is a website that may help to identify it  at https://www.virustotal.com

As always, the advice is that it’s best to avoid being held to ransom – ensure you have adequate systems protection in place, staff that have been educated on the danger of cyber attacks, regular backups (including off-site) and have a plan in place to deal with a ransomware attack.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

The Danger of Internet Connected Gadgets in Your Home

Some homes are now filled with dozens of appliances, devices and children’s toys which can be connected to Wi-Fi and some are useful while others are just for fun, but if they are not fully secure the consequences can be unpleasant .

Often set with a default password or no password, these devices can  provide an easy route for cyber attackers to get into your systems and look for confidential information.

The Internet of Things

The “Internet of Things” is a name for the adoption of Internet enabled devices in the home. The idea being that more and more household objects will communicate over the Internet. Common such items now include thermostats controlled by an APP, smoke alarms that phone you, toys that access Internet stories and music, the Alexa and Google Home devices that you can say instructions to and they use WI-FI to control other devices or find information or translate something. This also includes Internet-connected “wearable” devices, such as fitness bands which upload your GPS co-ordinates and telemetry to the Internet so you can access the data on your PC.

Many companies are working on more of these Internet of things devices.

These devices can give out information to interlopers that you may not consider e.g. the recent case of American Special Forces soldier wearing fitness bands and their location being broadcast on Google.  OOPS.

How to Make Your Connected Home More Secure

  • Secure the wireless network. Use the WPA2 protocol if your broadband router allows that option.
  • Give your Wi-Fi network an unusual name that doesn’t identify your address e.g. General Electric.
  • If guest access is enabled on the network – disable it.
  • If your router is capable of creating two separate WI-FI networks then use one for computer devices and a separate one for household gadgets.
  • Always use strong passwords that cannot possibly be guessed by anyone e.g. a string of random words.
  • Login name is often admin or administrator by default – If you are able to change the login name then change it to something that cannot be guessed.
  • Disable any remote access for gadgets. If you ever need it for allowing the supplier to fix a fault then you can re-enable it temporarily.

Some of these gadgets have appropriate Internet security and insist on strong passwords etc.  but others have little or no thought of security, so you must take care to plug any holes in security.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

What If Your Business Has a Data Breach

If your business suffers a data breach i.e. hackers access your system and steal confidential information then you have a lot to do to deal with the breach, communicate with all affected parties and put in place better security to prevent another breach.

How well you deal with the breach often affects the total cost and the level of damage to your business reputation.

These four steps can help:-

1. Investigate the Breach

  1. How did it happen?
  2. What was stolen?
  3. Can the hackers regain entry to your systems?

You’ll need to know exactly what information was lost in the data breach.

Less sensitive information includes  name, address. phone number etc. This can be used by scammers and cold callers but that information is readily available for most people through the phone directory, social media and  the Electoral register.

More sensitive information includes date of birth, name, financial details, payment card details.  Combined with the less sensitive information this can be used for identity fraud.

If the stolen data includes names with login and passwords then you need to act fast to warn people to change their passwords.

2. Determine the Possible Damage

Once you know what data has been stolen, you need to understand how this can affect people i.e how this data can be used by criminals. Will they likely sell the information to a competitor or to other scammers or ransom it back to you?

3. Communicate with All Interested Parties

You need to inform all affected parties ASAP.  This may be customers, partners, staff, suppliers etc. If the breach is serious then you should inform the Information Commissioners Office.  If relevant inform the Police.

4. Increase Your Security

Unless you have security experts, you may need to hire experts to assess your systems and see how security can be improved. Start enacting those improvements straightaway and of course close off whatever method the hackers used to get into your systems.

A data breach can be very serious and must be dealt with quickly and efficiently to minimise damage to your reputation.

 Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature