Tag: ransomware

Radio Station Defeats Ransomware Attack

 

 

The radio station was hit by ransomware, some PCs ruined, a lot of music tracks gone and a lot to recover, but if you take precautions then the problems can be dealt with.

 

One computer displayed this message:-

Your information has been ransomed.

Your data has been encrypted and you cannot recover it unless you pay a ransom.

You will pay the ransom in Bitcoins and the longer you leave it before calling the higher the cost will be.

Checking PCs showed it wasn’t a hoax, there had been such an attack.

It’s a simple choice – do you pay and possibly get the decryption key or do you ignore the criminals and work to restore your systems? The chairman decided not to pay, on principle and he called the Police to report the crime.

The IT experts determined that while some encryption had taken place and hence those files were unusable, almost everything was intact despite the attackers warning. Only a few PCs had been attacked and the rest were untouched.

The Method of Attack

The means of attack was identified and the security loophole blocked at the firewall.

The criminals had used a flaw in Microsoft remote control desktop to access the systems without needing a password.  The software was then deleted off all computers.

The Recovery Process

Now the bad guys could no longer access the systems, it was safe to start purging the encrypted data and restore from backup.  Without appropriate backups things would have been much worse.

Key Lessons

  1. Comprehensive regular backups are absolutely essential, including off site backups
  2. Any connections to the Internet must be well protected
  3. Only run systems and services through an external firewall if essential and ensure these are well protected
  4. Ensure all security patches are installed ASAP
  5. Take regular security audits
  6. Be prepared for such an attack and plan for how to deal with the aftermath

For the more detailed version of this story go to http://www.fightbackonline.org/index.php?id=112:radio-station-fights-off-ransomware-attack

For an introduction to ransomware, look at https://fightback.ninja/ransomware-what-is-it-2/

Or at https://www.fightbackonline.org/index.php/guidance/12-explanations/19-ransomware-what-is-it-and-how-do-i-protect-against-it

Do Share this post on social media

Fightback Ninja Signature

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Cyber Attack Costs Reckitt Benckiser £100 Million

Reckitt Benckiser is not a household name but it is a huge international company that makes Dettol and Durex amongst other things.

The Petya ransomware attack in June 2017 affected many companies and governments  but Reckitt Benckiser had 15,000 laptops, 2000 servers and 500 computer systems rendered unusable within an hour.

This ransomware is very similar to the Wannacry ransomware attack in May 2017 that caused havoc at the NHS.

Petya gets into a system through email – someone opens an email that they shouldn’t and then the ransomware can spread from computer to computer using a technique that Microsoft issued a security patch for a long time ago.  So it appears that Reckitt Benckiser did not keep their system up to date for security.

Once in the systems and spreading it is very hard to contain without simply turning all of the computers off and cleaning them of the problem one at a time.

Reckitt and Benckiser were particularly badly hit because the virus got into their manufacturing systems and halted production at numerous factories around the world.

“Consequently, we were unable to ship and invoice some orders to customers prior to the close of the quarter,” a Reckitt Benckiser spokesperson said in a statement.

The cost of £100 million is mostly the drop in the share price rather than day to day costs.

Businesses have to become much more aware of the dangers in the cyber world and their responsibility to secure their customers information and their systems.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Ransomware: What Is It?

Imagine you’ve been working hard to create a new presentation for work or an official document or a personal photograph album. When you finally finish the work, a message appears on screen that says

“All of the files on this computer have been encrypted. You have 24 hours to submit payment to receive the encryption key, otherwise your files will be permanently destroyed.”

You’ve been hit with Ransomware.

This could be lies – it could just be an empty threat, but it could also be very real and if you don’t pay then your files may be lost permanently.

What do you do?

Step 1: disconnect from the Internet immediately.

Step 2 : Make a choice on whether to pay

If you pay, then maybe you get your files back and maybe not.

If you choose not to pay then switch the computer off and get it to an expert ASAP.

Across the globe in 2014, there were 8.8 million ransomware attacks reported and this crime is rising rapidly.

For further information refer to article

www.fightbackonline.org/index.php/guidance/12-explanations/19-ransomware-what-is-it-and-how-do-i-protect-against-it

Can Someone Ransom Your Computer Files?

Ransom NoteYes they can. A malicious piece of software called ransomware can be unintentionally installed on your computer and hold you to ransom for access to your own files.

You may have clicked on a seemingly innocent email or website and the ransomware has downloaded to your computer. Then a screen appears with a message such as

“All of the files on this computer have been encrypted. You have 24 hours to submit payment to receive the encryption key, otherwise your files will be permanently destroyed.”

You can choose to pay, in the hope of getting access to your files but there is no guarantee. You can choose to ignore the threat or you can go to an IT expert for assessment.  Sometimes the message on screen is more threatening, such as

It may display what looks like an FBI page warning that you have committed an illegal act and must pay a fine or it may appear to a UK Police Force or some other authority. It is all fake of course as the FBI and other authorities do not practice blackmail.

To protect your computers against ransomware, make sure you have up to date anti-virus installed, take regular backups of all important documents and consider installing anti malware software.

Across the globe in 2014, there were 8.8 million ransomware attacks reported and this crime is rising rapidly.

For more information go to Ransomware: What is it?

Ransomware: What is It?

Ransom Note

Imagine you’ve been working hard to create a new presentation for work or an official document or a personal photograph album. When you finally finish the work, a message appears on screen that says

“All of the files on this computer have been encrypted. You have 24 hours to submit payment to receive the encryption key, otherwise your files will be permanently destroyed.”

You’ve been hit with Ransomware.

This could be lies – it could just be an empty threat, but it could also be very real and if you don’t pay then your files may be lost permanently.

What do you do?

Step 1: disconnect from the Internet immediately.

Step 2 : Make a choice on whether to pay

If you pay, then maybe you get your files back and maybe not.

If you choose not to pay then switch the computer off and get it to an expert ASAP.

Across the globe in 2014, there were 8.8 million ransomware attacks reported and this crime is rising rapidly.

For further information refer to article  Fightback Online Ransomware