Monthly Archives: June 2017

NotPetya: Yet Another Ransomware Outbreak

The WannaCry ransomware virus has become a distant memory for many. For some WannaCry and its variants came and went without doing damage. Others weren’t so lucky. What we are learning (once again) is how critical it is to be prepared against a ransomware outbreak. The fact that the ransomware threat is ongoing and not leaving the scene of the cybercrime anytime soon is underscored by the latest malware to hit the unprotected computer environment and make headlines: NotPetya.

The NotPetya ransomware breakout appears to have started in Eastern Europe and is spreading west. From what we know at this time, a Ukrainian accounting software application is the suspected source; NotPetya was apparently hidden in a software update. As you might expect, NotPetya was named after the Petya ransomware because it masquerades as that ransomware.

What about that ransom?

The NotPetya ransom payment mechanism has been disabled; that is, the email ID associated with cybercriminal’s Bitcoin account was blocked by the email ID’s provider, according to a source. In other words, there is no way to pay even if you want to. At this point of the outbreak, the purpose of this malicious virus is to attack systems quickly and cause as much damage as possible.

NotPetya is considered more dangerous than the WannaCry virus, which was so devastating because it paralyzed infected computers and then caused application failures for systems that had a dependency on Windows operating systems. Hundreds of victims paid various amounts of ransom in Bitcoin in exchange for a decryption key. If there was anything good about WannaCry, it was that it warned IT admins and others to keep their Windows operating systems up to date with the latest patches.

So, what’s the point?

It’s important to remember that cybercriminals who seek to infect systems with ransomware or spread any other form of malware are criminals; cybercriminals to be sure, but criminals just the same who might have no other purpose than to simply cause damage. In the case of NotPetya, this ransomware spreads more effectively than WannaCry and not only encrypts data but also extracts credentials to other machines and systems.

Similar to the WannaCry virus, the purpose of NotPetya is to infect Windows 10 computers. Fortunately, the Windows 10 Credential Guard spots NotPetya’s password extraction from memory. Ransomware running in the Windows 10 operating system with administrative privileges cannot extract credentials. Read more about Windows 10 Credential Guard.

Mozy can help you defend against ransomware

Mozy by Dell can help you protect your environment from the NotPetya ransomware. Here’s how:

   •     Immutable copy: Mozy uses a proprietary encryption and encoding mechanisms to store backups which prevents any          execution of code within files that have been backed up. Mozy backups are entirely separate from your computer.
   •     Point-in-time backup and restore: Mozy uses file versioning, allowing the end user or administrator to restore the entire          backed up data set or individual files and folders from any point in time; up to seven years for MozyPro and          MozyEnterprise, and 90 days for MozyHome. This allows you to easily go back to a healthy version of your files.
   •     Automatic backups: Mozy provides automatic backup as frequent as every two hours, providing highly granular point in          time backup to recover from.
   •     Self-service restore: Mozy provides the ability to the end user to perform their own restore from the Mozy agent or the          Web Access interface.

Avoid a ransomware disaster

To learn how you can use Mozy as a second line of defense for your data and to prevent a ransomware disaster, visit Mozy by Dell.

Other Mozy blogs about ransomware

For more information about ransomware and what you can do to increase your defenses:

   •     Educate your users and yourself
   •     Take a multi-layered approach to protection
   •     WannaCry? You will if you don’t back up

I Remember the Time I Lost My Data (Part 1)

I document everything. From photographing my daily commute to scanning and saving every receipt I acquire, it’s important to me that everything I’ve done or seen is somehow on file. I’m a private eye, and I believe in impeccable organization, and keeping records of everything I see and do. As I learned in detective school, anything can lead to a clue.

Every day, I create a new file on my enormous hard drive titled with the date. There are over 4,000 files. Over the last 11 years, I have diligently documented everything. I can pull up information on any hour of any day and remember exactly what I was doing then. I have traced that data back to robberies and kidnappings and used it to solve mysteries. For example, by snapping photos of the muddy animal tracks on the sidewalk, I helped the bakery discover that it was a fox who was breaking in and stealing cookies. That’s just one example of out of a thousand where my record keeping came in extremely handy.

It was under unfortunate circumstances when I realized how important it is to back up my data. It started out like any other Thursday morning. I was reviewing my data collection from yesterday, including a few photos of the groceries I purchased, a pigeon hopping on a giant scarecrow, an abstract figurine my nephew constructed out of Silly Putty, a recorded conversation with my accountant, and the list of songs I had listened to that day. Yes, minutia to most folks, but details that I consider important.

It was a beautiful, sunny morning. I opened the windows to let the warm breeze in. The birds were chirping, and a family of blue jays seemed to be in perfect harmony. I poured my cereal and was brewing some coffee when I heard a crash. I looked over to my laptop and saw that my new puppy had gotten tangled in the power cord and had innocently pulled the computer to the floor. The external damage to my laptop was obvious. What wasn’t so obvious was the internal damage.

After successfully getting my laptop to turn on again, I immediately heard clicking noises. I would eventually figure out that my hard drive was the culprit. It became obvious that my hard drive was experiencing mechanical failure. Eventually, it would also become obvious that all of the data I had accumulated over the past few years was gone. Unfortunately, nothing was backed up. It was a lesson learned the hard way. Now I’m an advocate for people to back up all of their files to the cloud. It’s what I call a data-saving solution. You don’t have to be a detective to figure that out!

Back up and protect your important files with Mozy by Dell. Case closed!

Check out how another Mozy customer combined his detective work with the reliability of Mozy cloud backup to track down the thieves who stole his laptop. Watch video.

Rumor has it that the ransom is going up

Ransomware is a vicious form of malware that locks users out of their devices or blocks access to files, until a ransom is paid. There are numerous variants, with some ransomware designed to attack Windows devices, and others geared towards Macs or mobile devices. The WannaCry outbreak is a recent example of this form of malware that’s infecting Windows computers.

Evolution of ransomware

While ransomware has been around since the late 1980s, it went “pro” in September 2013 when CryptoLocker was released. It was the first cryptographic malware, and spread quickly via downloads from a compromised website and/or emails made to look like customer complaints. It was estimated that more than $27 million was paid in ransom.

That may seem like a hefty amount to pay out, but there’s only been an exponential increase in ransom payments, with CNN reporting that cybercriminals collected more than $209 million in the first quarter of 2016!

Over the course of time, encrypted browser software such as TOR, anonymous currencies like bitcoin, and increasingly intelligent cybercriminals have evolved ransomware to where it is the #1 security concern of organizations.

Protecting your business

Cybercriminals do not particularly care who their victims are, as long as they can pay a ransom. With a scatter gun approach to propagating ransomware, cybercriminals just want to cast the net as wide as possible so as to maximize the returns.

Here is how you can protect your business:

Educate your users

Most people can’t tell a phishing email from a safe email. Teach your employees to recognize a phishing email. Train them to only open emails from people they know and that pertain to topics they would be expected to talk to them about, and avoid navigating to URLs sent in emails.

“Humans need to be trained; they are the weakest link,” says Paul Kubler, a cybersecurity and digital forensics examiner at LIFARS LLC. “Companies should employ at minimum a bi-annual training geared towards each user group so that everyone is aware of the latest attacks.”

Use a layered defense and update your software regularly

Ransomware attacks involve many different elements. They can start off as a spam email with a link to a malicious website that exploits vulnerabilities in your system to download the virus. A layered approach to cybersecurity, such as email security as well as network protection, can defend you at each of these points. Each layer creates an extra obstacle for the malware, making it more difficult for the attack to be successful.

Keep your operating system, third-party applications, and antivirus programs updated at all times. These are layers of defense for your data, and while they are not bulletproof, they can go a long way in protecting you.

Back up your data often

Business devices often contain sensitive information, as well as operation-critical information such as customer data and business plans. Losing this data to a ransomware attack could severely cripple your business processes. Ensure regular backups are made of all important data, and that these backups are also routinely tested to make sure they work.

According to Steven J.J. Weisman, author of Scamicide, “The best defense against ransomware is to back up all of your data each day. In fact, my rule is to have three backup copies using two different formats with one off site.”

Ransomware isn’t going anywhere, and it is up to each business to protect itself from being the next victim of this type of cybercrime. Mozy by Dell can help. You can avoid a ransomware disaster!

Read about how these two businesses protect their data from ransomware:
   •     Technology consultant battles ransomware with Mozy backup
   •     IT provider chooses Mozy. ‘Nuff said!