Blog Archives

2017 Ransomware Update

Ransomware, a specific form of malicious software that encrypts files on your computer until a ransom is paid, like other online scams ebbs and flows in fads. In 2017 the ransomware landscape has seen the return of some old tricks as well as the evolution of an old threat. Here’s a look at the current state of ransomware and what you can do to prevent it.

Open-source software

Most people know open-source software for helpful alternatives to Microsoft Office or a music player that reads a plethora of file types unlike iTunes. However, open-source ransomware has become a much more prominent issue in recent months. While most demand a monetary ransom be paid, the open-source nature of the code has given rise to stranger demands. For example, one iteration demands that you achieve a certain level on an online video game before your files are restored. Another recent version simply makes the victim watch a video educating the victim about what ransomware is.

Expanded distribution

Ransomware, like the ones mentioned above, is typically distributed through email with an attachment. The sender may be a cunningly disguised email address that looks like a friend, family, or colleagues address. Often the software is attached and disguised as a document. However, in April 2017, distribution changed shape. Companies in Europe received emails with an included hyperlink that took users to a Dropbox link with a file disguised as an invoice.

Locky returns and Cerber evolved

Locky was discovered in 2016 embedded in a Microsoft Word document. After its discovery users caught on quickly and the threat seemed to be mitigated by most moderately aware users. However, in May 2017, Locky got a makeover and was found embedded in a PDF that has a link that leads to a .docm. Once the .docm file is opened it sends an invisible connection to another server from which it downloads the ransomware.

In the same month Locky was reborn, Cerber evolved. Like its previous versions, however, it is disseminated via spam emails with an attachment. So what has changed? Once the file is open, Cerber 6 is able to download and run another virus that utilizes Windows Firewall’s technology and blocks any attempt at detection while the ransomware is downloaded. As firewalls have been equipped with machine learning, hackers have created new ways of circumnavigating cybersecurity.

Prevention and solutions

No matter the new form of ransomware, there is always one hurdle it must leap before your computer and files are infected, and that’s tricking you into clicking a malicious link or downloading a malicious file. Educate family, friends, and colleagues what scam email addresses look like. Usually, users whose computers became infected with ransomware did not invest any time or effort to verify the origin of suspicious emails or attachments. Furthermore, victims of ransomware also open macros or click on suspicious links. Refrain from opening files or links within unverified emails. If you’re a victim of ransomware, there are decryption tools that can decrypt some strands of ransomware or prevent screen locks altogether. However, prevention should be paramount.

Mozy by Dell knows how to beat ransomware

Data stored in the Mozy cloud is protected from ransomware. Learn why programs, including viruses, cannot execute or run in the Mozy cloud and cannot infect files stored there: Ransomware: Frequently Asked Questions.

You can prevent a ransomware disaster. Check out our white paper.

Take a Multi-layered Approach to Ransomware Protection

Note: This is blog 4 of 4 in our ransomware series.

You already know your business should take steps to minimize the risk of a ransomware attack. But do you know how to implement multi-layered protection effectively? In January 2017, cybersecurity experts discovered a new type of ransomware called Spora. Now more than ever, it’s imperative business owners know their protection options.

Ransomware protection options

Decreasing your vulnerability is your most reliable option for ransomware protection. Here are a few ways to do that:

   •     Educate employees
   •     Implement employee monitoring          software
   •     Protect with endpoint technology
   •     Back up with the cloud

How these tools work

Spora, the latest ransomware rendition, is distributed as an email attachment disguised as an invoice. Once it is opened it must be unzipped. It then attacks the computer and sends a fake “unreadable file” error message to the user. So, what can be done? Consider the following four areas of action:

Employee accountability plays a major role, because visiting unauthorized sites and suspicious emails is detrimental. Implement a training program where employees will learn how to identify phishing emails and links.

Employee monitoring software connects all company devices on a single interface. Teramind, for instance, is software that lets employers monitor employee computer use and even implement rules and restrictions in real time. You can prevent employees from checking personal emails and visiting unsecured sites.

Endpoint cybersecurity is network protection for corporate-level businesses and servers. An endpoint program can block access between workstations across your network. New features, such as full-disc encryption and data leak prevention are added frequently. When many devices connect on one network, one infected device can put all the others at risk. Endpoint security decreases the chances of ransomware infecting other devices on the network.

Cloud backup is simple, affordable, and can be highly effective against ransomware; any files your company backs up on the cloud are copied over to a remote, independent server with a whole arsenal of cybersecurity protocols. 

If ransomware infects your device

If a computer is infected with ransomware, you have options. If you have a cloud backup, wipe and reinstall your OS on that computer. Afterward, you can recover all your files from your cloud service.

If you don’t have a cloud backup in place, a collection of companies exist to help you remove the ransomware for a fee. If you have an IT team or are tech savvy, you may attempt a recovery and removal yourself, though the process differs depending on your OS. Keep in mind, Windows machines are targeted more often than Mac or Linux operating systems.

Don’t ignore the very real, very risky dangers of ransomware. A multi-layered security approach trains employees, monitors them, scans files and emails using deep learning and endpoint network security and backs up data. Of course, the hope is you’ll never need to use your cloud backup, but it’s more crucial to have backups now than in any other time in history.

If you don’t have your backup set on a weekly schedule, now’s the time to change that.

Say no to ransomware disasters

Don’t fall victim to ransomware! Make sure your cybersecurity is truly multi-layered. Check out how Mozy by Dell can help your business confidently say no to ransomware disasters.

In addition, the following documents discuss how to protect your important data from ransomware:

   •     Ransomware: Frequently Asked Questions

   •     Preventing a Ransomware Disaster

Ransomware Prevention for Small Business Owners

Note: This is blog 3 of 4 in our ransomware series.

Cyberattacks pose a serious concern. Just as technology is in flux, so too is the way hackers gain access and scam unprotected businesses and private citizens. Ransom payouts make ransomware a popular alternative to hackers trying to drain a business account before it’s closed out. Small businesses can prevent a ransomware disaster.

Identify ransomware

To prevent ransomware, first know how to identify it. The three most common types of ransomware are scareware, screen lockers and encryption ransomware.

Scareware floods a computer or network system with pop-up windows that inform users the system has been infected with malware and the only way these malware programs can be removed is by paying a fee. This is a scare tactic—hence the name—and a simple scan from your antivirus should collect this scareware and quarantine it for deletion.

Screen lockers lock out users from the computer or network. When you boot up a computer with a screen lock on it, what seems like an official message from the FBI or Department of Justice will appear and demand payment for illegal activities detected on your network. Neither of the actual departments will ever ask for payment. The network and computers infected with this screen lock need to be completely reset, which means all data will be lost if it’s not backed up.

Encryption ransomware is when a hacker gains access to a network or computer and steals and encrypts these files. The hacker demands a ransom in exchange for the decryption key.

Educate employees to keep phishers out

Phishers typically gain access through email. Though it seems like this would be easily preventable, victims abound, including large companies. In 2016 hackers conned technology powerhouse Seagate and social media pillar Snapchat. A hacker posed as the CEO and asked for employee payroll data.

Humans are always the weakest link in phisher scams, so companies must teach employees what phisher emails look like, how they reproduce the look of official emails, and why no employee should ever click an email link when asked to update information on an official site.

While education can lower the risk, it doesn’t make companies immune to a hack. Mickler & Associates, Inc. uses Mozy’s backup services to restore and protect company data. Mickler used Mozy to recover a fully compromised system in a matter of hours. While preventive measures for ransomware decrease risk, they can never completely eliminate the threat.

Take preventive measures

Preventive measures for ransomware include employee education, antivirus programs and firewalls. Retroactive tools are available too, though are less effective than preventing in the first place.

Since email is the most common way ransomware infects a device, sender identification technology like Sender Policy Framework lets the recipient of emails easily approve and authorize specific domains and emails. An email will be flagged when an unauthorized email is delivered.

People are also scammed with ransomware via pop-up windows. Hackers ask for personal information in ways disguised as ads and error notices. Cut out this danger with a reliable pop-up blocker. Back up your files every day with a cloud backup service.

Develop a proactive plan for when you’re faced with having to take retroactive action in the case of a breach. Your plan should spell out how you’ll purge all the infected devices and restore your data from your cloud storage. While it’s a hassle, as long as you have a regular backup schedule, no important files will be lost.

Part 4 in our series, Take a Multi-layered Approach to Ransomware, will be published next Thursday.

For more information about protecting your data, read the white paper, Preventing a Ransomware Disaster.

The Nuances of Cloud Computing

The cloud has already changed the way data is stored, and while cloud storage is the most common feature of cloud computing, it is by no means the only, or the most innovative aspect of this digital resource. Here’s a look at cloud computing and what it can do.

Storage and Computation
The cloud does a lot more than you might think. For instance, cloud computing is used for gaming, especially by Microsoft in regards to the Xbox One console. While the cloud is great for data storage, it can also be used for computing tasks via the Internet. The Xbox One may boast some pearly specs, but what makes it truly powerful is that it can outsource some of the computations to the cloud which in turn allows the console to deliver better graphics, a higher frame rate, and increased bandwidth.

Another benefit of the cloud is that it’s cost effective. If you use it primarily for storage, the amount of storage you get for the cost is the best deal on the market. If you were to buy external hardware for data storage, for instance, it would be a far larger investment.

The flexibility the cloud provides is its biggest benefit. Access extra computing power or any data anywhere you are. Whether your work requires travel, or you find yourself most productive out of the office, the cloud works for you.

Storage Encryption
When data is stored in the cloud it is encrypted at the point of travel and while at rest within the cloud’s physical data center. When the data arrives at its destination an integrity check is applied that compares the data sent to the data received. This weeds out any anomalies or potential tampering that may have occurred in transit. However, the true security is the cyber perimeter, hosts, and applications. While in-transit data is a concern, data centers are big targets for potential cyber threats. Sophisticated data center operations help ensure that your data is secure regardless of the type of threat its exposed to.

The Cloud and Businesses
The cloud has changed businesses forever. Boiled down, the cloud is a cost-saving technology. It is an easy way for businesses to share information, projects, and resources with employees, clients, and customers.

Not only has the cloud made the cost of operations lower, it has also made it easier to start a business. This has led to a influx of startups and entrepreneurship around the world. Small companies can share collective infrastructure costs in the form of  subscription-based cloud services, such as Mozy by EMC. Small businesses are no longer tasked with a grand initial investment in terms of computing infrastructure, which promotes creativity in terms of new startups.

Mobile workforces have become common. A central office is no longer needed for businesses, especially small ones, which cuts costs even further because the cloud can be accessed by employees anywhere. Quite simply, cloud computing has changed where and how people work in profound ways.