Category Archives: Ransomware

What’s the best way to defend against ransomware?

Ransomware outbreaks are at an all-time high (check out our blog from last week for some real-life examples).

How can you protect your mission-critical data from ransomware? After all, not only is your data in jeopardy, so is your hard-earned money. The average ransomware demand is now more than $1,000, according to the latest Internet Security Threat Report. That’s a significant jump from the average $294 ransomware demand from the previous year.

To put that increase in perspective, consider that ransomware spiked a whopping 6,000% last year, according to a recent survey. And more than 70% who have experienced ransomware have paid to get their data back. How much have they paid? Check out the figures:

   •     11% paid at least $10,000 and as much as $20,000
   •     25% paid at least $20,000 and as much as $40,000
   •     20% paid more than $40,00011% paid at least $10,000 and as          much as $20,000

What can you do to combat ransomware?

Here are four actions you can take to help avoid a ransomware disaster:

        1. When it comes to email, always be on alert. Don’t open a suspicious-looking email. And just as important, don’t open a             suspicious-looking email attachment!
        2. Take advantage of antivirus software.
        3. Operating system updates and patches must be kept up to date.

Be aware that you can do everything above and still be exposed to a ransomware outbreak. For example, someone might inadvertently open an attachment that contains a ransomware virus. That’s where the fourth action comes into play:

        4. Mozy cloud backup and restore.

Why use Mozy cloud backup?

If any of the three actions above fail for whatever reason, Mozy can help you avoid losing your data. But you have to have Mozy installed on your computer before ransomware has infected your files!

Mozy provides you and your business with a second line of defense against ransomware attacks. What do we mean by a second line of defense? When the Mozy software is installed on your endpoints, Mozy begins to keep file versions of your important data. So if you do get hit by ransomware, say for example, because you or an employee opens an infected attachment, Mozy lets your restore your data from a particular backup prior to the ransomware infection. First-line defensive actions such as antivirus software are important, but they offer no guarantee that you won’t be exposed to ransomware.

Ransomware threat is off the scale

Advanced Computer Systems (ACS) relies on Mozy cloud backup to protect the data that resides on their clients’ endpoints. “The best way to prepare for a ransomware disaster is to have a backed up copy of the data,” says Mark Sticht, president and owner of ACS. “Mozy gives us the option to roll back to a specific point in time prior to the attack.”

Sticht deals with ransomware frequently and emphasizes that these days the danger from this form of malware is off the scale. Read Advanced Computer Systems’ testimonial about Mozy.

Ransomware: Frequently asked questions

For more information about protecting your data from ransomware with Mozy by Dell, download our free FAQ about ransomware.

Ransomware Causes Major Financial Damage

It’s National Cyber Security Awareness Month (NCSAM)

Note: The purpose of NCSAM is to raise awareness about the ongoing threat of cybercrime and preventing it with cybersecurity tools. NCSAM is just one more way to stay focused on protecting data. Today’s blog highlights recent ransomware activity and how you can avoid a ransomware disaster.

Ransomware predictions become reality

Some predictions do come true. For example, a year ago Forrester declared that “Targeted espionage, ransomware, denial of service, privacy breaches, and more will escalate in 2017.” In its 2017 Predictions: Dynamics That Will Shape The Future In The Age Of The Consumer report, Forrester predicted that a “Fortune 1000 company will fail because of a cyberbreach.”

Consider the following related bad news regarding the recent NotPetya ransomware outbreak:

   •     A multinational courier delivery services company has attributed $300 million in lost earnings to the NotPetya attack on its          subsidiary in Europe.

   •     A container shipping company released a statement revealing that the NotPetya cyberattack led to a predominant loss of          business earlier in the year—as much as $200 million to $300 million in lost revenue.

   •     A multinational confectionery, food, and beverage company estimated that the NotPetya malware outbreak will cost it          more than $150 million in lost sales.

Simple backup is not enough

Ransomware and other forms of malware outbreaks will continue to harm businesses, regardless of their size. Mozy by Dell provides you and your business a second line of defense against ransomware attacks. Mozy cloud backup ensures that your important endpoint files and server data cannot be compromised by ransomware. Due to its unique backend technology, Mozy prevents any execution of code within the files that have been backed up. But simple backup in and of itself is not enough to ensure that your files are protected from ransomware.

Backup from a specific point in time

When a malware infection is involved, restoration of an endpoint or server from a backup works best when you can easily select a moment in time from where to restore. By default, Mozy keeps up to one year of file versions. If you have identified the point of infection (user and file) and the time the malware was introduced to the machine, Mozy can restore all of the files for the given user from the point in time just before the malware was introduced. For example, if the malware was introduced on October 2, you can restore files from the October 1 backup.

By keeping up to one year of file versions, Mozy allows you to restore files from any point in time prior to the attack, meaning your files are accessible when you need them most.

Healthcare data, HIPAA, and ransomware

The Forrester report also predicted that “Healthcare breaches will be as common as retail breaches.” Mozy by Dell protects your electronic protected health information (ePHI) from cyberattacks and helps businesses comply with HIPAA security and privacy rules. In fact, the Mozy service successfully completed an independent HIPAA-HITECH SSAE 16 Type 1 audit, which resulted in a SSAE 16 Type 1 report. To learn more, visit Mozy and HIPAA Security.

Avoiding a ransomware data loss disaster

To learn more about protecting your business-critical data and to access the FAQ, Ransomware and Mozy, and the white paper, Preventing a Rasomware Disaster, visit Mozy by Dell.

Mozy Reseller Bites Ransomware with Mozy Backup and Restore

This is a story about a pet store in Portland, Oregon, and how Mickler & Associates, Inc.—a Mozy Reseller—saved the day using Mozy by Dell backup and restore.

The pet store runs a Windows 2008 R2 server to host their point of sale and remote management site database. This is a Windows Domain configuration, which means the store’s end users have limited access to the server but full access to their computers. In other words, all employees who are using a PC at the pet store have elevated administrator access to their computers. Although that’s probably best practice, it’s required for the store’s database.

Don’t click on that suspicious-looking attachment!

Recently, a store employee received numerous emails from one of their vendors. That’s not unusual. Unfortunately, this particular vendor’s system had been infected by the Wannacry ransomware outbreak a few months ago. One of the emails the employee received was suspicious-looking; however, because the email looked similar to other emails from the vendor, the employee clicked on the questionable email and soon afterward opened the infected attachment.

Too late!

Once the employee had clicked on the attachment, the file executed. Because the employee has full rights to her computer, the files on her computer quickly became encrypted. The ransomware virus attempted to access the server; when it did, it encrypted the files that the employee’s user account could see. Although the virus wasn’t able to infect the entire server, it did infect the end-user shares that were vulnerable to the role of Buyer. All of those files were encrypted.

What now?

It is 2 p.m. on a Thursday. The pet store’s computer system is now down and out of commission. That’s bad news, especially with the approach of a busy weekend. What now? Mozy Reseller Mickler & Associates comes to the rescue! In fact, Russell Mickler is on site within the hour. Mickler quickly isolates the Windows computer and subsequently takes it offline. Next, Mickler begins a Mozy restore on the server to bring back the affected shares. Within one hour, Mickler restored all of the pet store’s encrypted files from the night prior back on the server.

Meanwhile, Mickler had to wipe the employee’s computer and rebuild it. Because the employee’s local profile is cached to the server and Mickler restored the files using Mozy’s restore feature, the employee’s desktop and files were back up and running immediately after the rebuild.

Mickler and Mozy are fast at restoring files!

Within 2.5 hours, Mickler had 80 percent of the pet store’s server restored and the infected PC rebuilt. The employee’s desktop and restored files were as good as new, just as they had been before the ransomware infection. All thanks to Mozy and a Mozy Reseller! Hey, did that doggy in the pet store window just smile?

Don’t let ransomware wreak havoc on your system. No business can afford downtime! Back up with Mozy by Dell and rest easy knowing you can restore your data back to its original state should your business-critical files become infected with ransomware.

Viruses, Ransomware Can Wipe Out Precious Memories

You store your precious photos on your computer, but what happens if a virus—or a hacker—wipes out your family photos or even holds them for ransom? It sounds like the start to a bad movie, but it happens more often than you think.

Sixteen million homes had a serious problem with a virus in the last couple of years. The conflicker virus infected nearly nine million computers. Even auto tech systems have been hacked.

Then, there’s ransomware. Hackers gain access to your computer and lock it up until you pay them a ransom. Just days before the U.S. Presidential inauguration, more than 130 of Washington D.C.’s police cameras got hit with ransomware—when security was at its highest. Hackers hit the Presbyterian Medical Center and demanded $17,000 to let the hospital gain access back to its own medical records. The library system in St. Louis had a ransomware attack on its 700 computers.

In May, some 200,000 computers spread more than 150 programs were hit with the WannaCry ransom outbreak, including the British healthcare system. The Petya virus took control of banks, power plant, and public transportation systems in the Ukraine.

One million new threats every day

How big is the threat? CNN reports that more than one million new malware threats are released every day. In the past two years, ransomware has increased by a factor of 15! Experts predict costs to deal with ransomware will exceed $5 billion this year.

Hackers hit both business and home computers. Anti-virus programs can help, but with so many new viruses being developed every day, they can’t protect against everything.

Paying the ransom may not work

Even if the ransom is paid, it doesn’t guarantee you’ll get your data back. “Paying a ransom doesn’t guarantee an organization that it will get its data back,” said FBI Cyber Division Assistant Director James Trainor. “We’ve seen cases where organizations never got a decryption key after having paid the ransom.”

In fact, the FBI recommends you don’t pay the ransom. Doing so encourages the crooks to keep going and the money paid is sometimes used for other illicit activities, including terrorism.

FBI recommends two steps to protect your data

The FBI suggests two steps to best secure your data and keep it safe from hackers and ransomware:
   •     Back up your data regularly
   •     Secure your backups by making sure it isn’t connected to a physical device the hackers can access.

It’s not as simple just syncing your computer to a hard drive or an online service. Syncing can move the virus or ransomware onto your backup.

The best way to protect your data is with isolated, offsite data storage for secure backup. Mozy by Dell is the world’s most trusted cloud backup service. More than 6 million people and 100,000 businesses use it worldwide.

See how Mozy by Dell can protect your important files from ransomware. Mozy provides services for home users, SMBs, and enterprises.

It’s the downtime in ransomware that might do the most damage


Ransomware continues to make headlines. Unfortunately, notwithstanding all the news, there are businesses that are still not adequately protecting their data and, as a result, fall victim to ransomware. But even if a business does regain access to its data after paying that Bitcoin ransom, it has no doubt suffered downtime. Perhaps not surprisingly, downtime from ransomware can be more damaging to small businesses than the ransom itself, as reported by in a recent online article.

50 percent of organizations have been hit by ransomware

One of the misleading aspects of ransomware is the small amount of ransom that’s demanded by cybercriminals. The average ransom demand is less than $700. Yes, we read about how cybercriminals collected $1 billion last year via ransomware exploits, but that’s the result of many thousands of successful ransomware outbreaks. When you consider that 50 percent of organizations have been hit by ransomware, it’s easy to understand how thousands and thousands of collected ransoms add up for cybercriminals.

Much of that is the result of spam, in particular through malicious attachments in email that are opened by the unwary. In these cases, a user is directed to open an email attachment or visit a website where the ransomware is presented, masquerading as a legitimate attachment or download. From there the virus spreads, ultimately gaining control of systems—and valuable files.

Ransomware doesn’t have to be perfect

Who knows whether ransomware will ever be perfected? Probably not. But it doesn’t have to be. The goal of the cybercrimninal is a blanket approach: target as many would-be victims as possible and hope that even a small percentage open that malicious attachment.

As we’ve already learned, thousands of small successes can quickly add up to $1 billion.

The ransom isn’t necessarily the most damaging

“Ransomware wasn’t necessarily the most expensive aspect of a ransomware attack: downtime, revenue loss, and fallout were more expensive and far more damaging, especially when you’re talking about small businesses,” says Adam Kujawa, head of malware intelligence at Malwarebytes, as reported by Kelly Jackson Higgins in Dark Reading.

One report found that downtime costs small businesses $55,000 in income every year; that doesn’t even account for the cost of paying employees who can’t work without access to systems or paying them overtime to catch up when systems come back online.

Here’s what you can do

Today, ransomware is one of the primary concerns for organizations—small, medium, or large.

So, what can you do? There are number of things you can do, like don’t open suspicious-looking emails or suspicious-looking attachments. And be sure your data is properly protected. Do not take data protection for granted!

Check out how Mozy by Dell can help you avoid a ransomware disaster.

NotPetya: Yet Another Ransomware Outbreak

The WannaCry ransomware virus has become a distant memory for many. For some WannaCry and its variants came and went without doing damage. Others weren’t so lucky. What we are learning (once again) is how critical it is to be prepared against a ransomware outbreak. The fact that the ransomware threat is ongoing and not leaving the scene of the cybercrime anytime soon is underscored by the latest malware to hit the unprotected computer environment and make headlines: NotPetya.

The NotPetya ransomware breakout appears to have started in Eastern Europe and is spreading west. From what we know at this time, a Ukrainian accounting software application is the suspected source; NotPetya was apparently hidden in a software update. As you might expect, NotPetya was named after the Petya ransomware because it masquerades as that ransomware.

What about that ransom?

The NotPetya ransom payment mechanism has been disabled; that is, the email ID associated with cybercriminal’s Bitcoin account was blocked by the email ID’s provider, according to a source. In other words, there is no way to pay even if you want to. At this point of the outbreak, the purpose of this malicious virus is to attack systems quickly and cause as much damage as possible.

NotPetya is considered more dangerous than the WannaCry virus, which was so devastating because it paralyzed infected computers and then caused application failures for systems that had a dependency on Windows operating systems. Hundreds of victims paid various amounts of ransom in Bitcoin in exchange for a decryption key. If there was anything good about WannaCry, it was that it warned IT admins and others to keep their Windows operating systems up to date with the latest patches.

So, what’s the point?

It’s important to remember that cybercriminals who seek to infect systems with ransomware or spread any other form of malware are criminals; cybercriminals to be sure, but criminals just the same who might have no other purpose than to simply cause damage. In the case of NotPetya, this ransomware spreads more effectively than WannaCry and not only encrypts data but also extracts credentials to other machines and systems.

Similar to the WannaCry virus, the purpose of NotPetya is to infect Windows 10 computers. Fortunately, the Windows 10 Credential Guard spots NotPetya’s password extraction from memory. Ransomware running in the Windows 10 operating system with administrative privileges cannot extract credentials. Read more about Windows 10 Credential Guard.

Mozy can help you defend against ransomware

Mozy by Dell can help you protect your environment from the NotPetya ransomware. Here’s how:

   •     Immutable copy: Mozy uses a proprietary encryption and encoding mechanisms to store backups which prevents any          execution of code within files that have been backed up. Mozy backups are entirely separate from your computer.
   •     Point-in-time backup and restore: Mozy uses file versioning, allowing the end user or administrator to restore the entire          backed up data set or individual files and folders from any point in time; up to seven years for MozyPro and          MozyEnterprise, and 90 days for MozyHome. This allows you to easily go back to a healthy version of your files.
   •     Automatic backups: Mozy provides automatic backup as frequent as every two hours, providing highly granular point in          time backup to recover from.
   •     Self-service restore: Mozy provides the ability to the end user to perform their own restore from the Mozy agent or the          Web Access interface.

Avoid a ransomware disaster

To learn how you can use Mozy as a second line of defense for your data and to prevent a ransomware disaster, visit Mozy by Dell.

Other Mozy blogs about ransomware

For more information about ransomware and what you can do to increase your defenses:

   •     Educate your users and yourself
   •     Take a multi-layered approach to protection
   •     WannaCry? You will if you don’t back up

Rumor has it that the ransom is going up

Ransomware is a vicious form of malware that locks users out of their devices or blocks access to files, until a ransom is paid. There are numerous variants, with some ransomware designed to attack Windows devices, and others geared towards Macs or mobile devices. The WannaCry outbreak is a recent example of this form of malware that’s infecting Windows computers.

Evolution of ransomware

While ransomware has been around since the late 1980s, it went “pro” in September 2013 when CryptoLocker was released. It was the first cryptographic malware, and spread quickly via downloads from a compromised website and/or emails made to look like customer complaints. It was estimated that more than $27 million was paid in ransom.

That may seem like a hefty amount to pay out, but there’s only been an exponential increase in ransom payments, with CNN reporting that cybercriminals collected more than $209 million in the first quarter of 2016!

Over the course of time, encrypted browser software such as TOR, anonymous currencies like bitcoin, and increasingly intelligent cybercriminals have evolved ransomware to where it is the #1 security concern of organizations.

Protecting your business

Cybercriminals do not particularly care who their victims are, as long as they can pay a ransom. With a scatter gun approach to propagating ransomware, cybercriminals just want to cast the net as wide as possible so as to maximize the returns.

Here is how you can protect your business:

Educate your users

Most people can’t tell a phishing email from a safe email. Teach your employees to recognize a phishing email. Train them to only open emails from people they know and that pertain to topics they would be expected to talk to them about, and avoid navigating to URLs sent in emails.

“Humans need to be trained; they are the weakest link,” says Paul Kubler, a cybersecurity and digital forensics examiner at LIFARS LLC. “Companies should employ at minimum a bi-annual training geared towards each user group so that everyone is aware of the latest attacks.”

Use a layered defense and update your software regularly

Ransomware attacks involve many different elements. They can start off as a spam email with a link to a malicious website that exploits vulnerabilities in your system to download the virus. A layered approach to cybersecurity, such as email security as well as network protection, can defend you at each of these points. Each layer creates an extra obstacle for the malware, making it more difficult for the attack to be successful.

Keep your operating system, third-party applications, and antivirus programs updated at all times. These are layers of defense for your data, and while they are not bulletproof, they can go a long way in protecting you.

Back up your data often

Business devices often contain sensitive information, as well as operation-critical information such as customer data and business plans. Losing this data to a ransomware attack could severely cripple your business processes. Ensure regular backups are made of all important data, and that these backups are also routinely tested to make sure they work.

According to Steven J.J. Weisman, author of Scamicide, “The best defense against ransomware is to back up all of your data each day. In fact, my rule is to have three backup copies using two different formats with one off site.”

Ransomware isn’t going anywhere, and it is up to each business to protect itself from being the next victim of this type of cybercrime. Mozy by Dell can help. You can avoid a ransomware disaster!

Read about how these two businesses protect their data from ransomware:
   •     Technology consultant battles ransomware with Mozy backup
   •     IT provider chooses Mozy. ‘Nuff said!

Lose my data? LOL. Not a chance!

Data is everywhere. And for many users, their data is everything. Documents, photos, videos, and other files cover years of life lived, experiences shared, and work completed. But recent research shows that the cost of lost or stolen data is on the rise. For businesses, the average cost per record rose $158 last year. For personal users, meanwhile, it’s easy to make the case that real “data loss” only happens to large companies and enterprises. After all, you’re careful with your data—always super cautious about saving information and even duplicating on to a USB stick or external hard drive. There’s no chance you could ever lose your data, right?

Right?

Data dangers

Let’s suppose you’re really careful. Like really careful with your data; you never shut down your laptop or desktop without making sure that files are properly saved, stored in the right directory, and time-stamped within the last few minutes. Plus, you’re regularly backing up everything to a USB stick or hard drive. What’s the worst that could happen? For starters:

Lost or stolen: You get distracted at the coffee shop and someone runs off with your laptop, or it gets lost in the shuffle when you move to a new apartment. Sure, you’ve got that memory stick, but when was the last time you backed it up?

Hard drive failure: Hard drives aren’t perfect, and a recent study found that some have failure rates pushing 10 percent. If your hard drive stops spinning, your data goes kaput.

Ransomware: Maybe you opened that email attachment marked “URGENT” or visited a shady website. And maybe your PC is infected with ransomware, locking you out of your files. Every. Single. File.

It’s funny, right?

And those are just the “ordinary” ways to lose all your data. We’ve all had days where Murphy’s Law seems out to get us. What about:

Pool party: Don’t laugh. It happens. You’re on vacation, bring the laptop for work or play and after a day of too much sun and fun someone bumps your device and…splash!

Scary spills: You’re up late or starting early, barely hanging on. Your cup of coffee somehow misses the mark or your kids burst in and…hisssssss. Computers and caffeine don’t mix.

E-rage: We’ve all thought about it: Tossing that laptop off a balcony or breaking it in two when it won’t cooperate. If you’re tired enough, stressed enough, or had the worst day, your device may not make it through the night.

Of course, none of these scenarios could happen to you. Right? But just to be on the safe side, it’s worth considering another line of defense: Cloud-based storage from Mozy that automatically replicates your data and can restore lost or stolen files if laptops go missing or physical drives bite the dust. Plus, it’s one less thing for you to worry about. Use your device, live your life, and let Mozy take care of the rest.

2017 Ransomware Update

Ransomware, a specific form of malicious software that encrypts files on your computer until a ransom is paid, like other online scams ebbs and flows in fads. In 2017 the ransomware landscape has seen the return of some old tricks as well as the evolution of an old threat. Here’s a look at the current state of ransomware and what you can do to prevent it.

Open-source software

Most people know open-source software for helpful alternatives to Microsoft Office or a music player that reads a plethora of file types unlike iTunes. However, open-source ransomware has become a much more prominent issue in recent months. While most demand a monetary ransom be paid, the open-source nature of the code has given rise to stranger demands. For example, one iteration demands that you achieve a certain level on an online video game before your files are restored. Another recent version simply makes the victim watch a video educating the victim about what ransomware is.

Expanded distribution

Ransomware, like the ones mentioned above, is typically distributed through email with an attachment. The sender may be a cunningly disguised email address that looks like a friend, family, or colleagues address. Often the software is attached and disguised as a document. However, in April 2017, distribution changed shape. Companies in Europe received emails with an included hyperlink that took users to a Dropbox link with a file disguised as an invoice.

Locky returns and Cerber evolved

Locky was discovered in 2016 embedded in a Microsoft Word document. After its discovery users caught on quickly and the threat seemed to be mitigated by most moderately aware users. However, in May 2017, Locky got a makeover and was found embedded in a PDF that has a link that leads to a .docm. Once the .docm file is opened it sends an invisible connection to another server from which it downloads the ransomware.

In the same month Locky was reborn, Cerber evolved. Like its previous versions, however, it is disseminated via spam emails with an attachment. So what has changed? Once the file is open, Cerber 6 is able to download and run another virus that utilizes Windows Firewall’s technology and blocks any attempt at detection while the ransomware is downloaded. As firewalls have been equipped with machine learning, hackers have created new ways of circumnavigating cybersecurity.

Prevention and solutions

No matter the new form of ransomware, there is always one hurdle it must leap before your computer and files are infected, and that’s tricking you into clicking a malicious link or downloading a malicious file. Educate family, friends, and colleagues what scam email addresses look like. Usually, users whose computers became infected with ransomware did not invest any time or effort to verify the origin of suspicious emails or attachments. Furthermore, victims of ransomware also open macros or click on suspicious links. Refrain from opening files or links within unverified emails. If you’re a victim of ransomware, there are decryption tools that can decrypt some strands of ransomware or prevent screen locks altogether. However, prevention should be paramount.

Mozy by Dell knows how to beat ransomware

Data stored in the Mozy cloud is protected from ransomware. Learn why programs, including viruses, cannot execute or run in the Mozy cloud and cannot infect files stored there: Ransomware: Frequently Asked Questions.

You can prevent a ransomware disaster. Check out our white paper.