How to Prepare for a Ransomware Attack

By now you’ve surely heard of ransomware, a type of cyber attack when “cyber kidnappers” take your computer or network hostage and infect a computer or computer system with a virus that locks all the files and programs. The only way to unlock the files and read them again is to use a key or code, which is given upon receipt of the ransom payment.

So how do you prepare for a ransomware attack?

Planning, planning, planning. You must have a plan and assume the worst can and will happen. According to the Herjavec Group, the amount paid out by victims of ransomware in just the first three months of 2016 came to a total of $209 million. The report suggests that at that rate, the total cost of ransomware is set to reach $1 billion for all of 2016.

Here are some quick tips:

  • Build a comprehensive backup solution, backup often, and test the solution. Backup your computer and file systems, drives, etc. in the cloud – one that will not be infected or linked to your current computer system. You may even create a full backup to a removable drive of some kind. The bottom line is if your files get encrypted, you don’t have to pay the ransom – you just restore the files. Most businesses back up, but some have not tested whether or not these backups work in an emergency.
  • Have a disaster recovery plan. If creating the backups is the beginning of the plan, have steps to continue implementation. Who will be responsible for removing the virus and reestablishing the file system? Is it someone in your IT department? Is it a contractor or third party? Always know what which steps to take – this will keep things running smoothly, and most importantly avoids a sense of panic in a tough situation.
  • Use a layered security approach, with all endpoints protected, as well as protection at the mail server and gateway. If you can stop these things from ever showing up in an end user’s mailbox, you’re ahead of the game.
  • Educate your employees. One of the most popular vehicles for ransomware is a phishing email telling the user they have an invoice that requires payment. If employees recognize such emails, they will know not to open or respond to them, but instead report them to their information security team.
  • Run risk analyses, and patch vulnerabilities, especially on browsers, browser plugins, and operating systems. Information security teams should be savvy enough to continuously run penetration tests to hunt for vulnerabilities.

Planning and taking quick action are the best ways to avoid a serious problem from ransomware. If your organization is not sure where to start, a cyber security provider like Neovera can easily help you create a cyber security strategy that will increase your cyber security posture and protect your business from the consequential costs and reputation damage caused by ransomware and other cyber attacks. So plan accordingly and take action now to make sure you’re in the clear when disaster tries to strike.

Attack Your Friends to Save Your Data

Ransomware is a great tool for hackers who want to generate quick cash – by creating an infected link, file, or website, an attacker can hold a user’s computer hostage until a ransom is paid. Obviously this tactic fails if your data is properly backed up, but many don’t utilize this option due to a lack of understanding or just general disinterest. Now, a new scheme called Popcorn Time has come into play – involving not just the user, but any of their close contacts.

The new kid on the ransomware block is called Popcorn Time – side note, this is the same name used by an online service to stream movies and TV shows. While the two aren’t related in any way, it has already caused initial confusion for many researching the attacks, or who have found themselves to be victims of the ransomware. But the way Popcorn Time sets itself apart even more from existing ransomware options is that beside the option to pay for the decryption of your files, you can forgo payment in exchange for infecting others. And, considering the ransom for Popcorn Time to release the data is the $775, or 1 Bitcoin, the temptation may be too good to pass up for some caught in its web.

It will be interesting to see how many people opt for this new “payment option”, but in the meantime the obvious suggestions for dealing with the possibility of a ransomware attack still apply:

  • Don’t click on links from users you don’t know, or that look suspicious in any way.
  • Constantly educate yourself on the latest cyber security issues working their way through the online world.
  • Reconsider the security protocols you have in place and make sure that they are up-to-date.

Despite the fact that this is yet another ransomware attack that has already claimed numerous victims, one cannot dismiss the simple genius behind it. By addressing a pain point many have come to associate with ransomware attacks – paying the ransom – and giving an alternative, non-monetary option, these Popcorn Time developers are lightening their workload considerably while simultaneously catching victims “between a rock and a hard place”. As new cyber attacks crop up on an almost daily basis, cyber security firms such as Neovera continue to provide the latest protection options to both manage and monitor your protected data, whether in the cloud or onsite.

Beware of Zepto Ransomware

Ransomware-Locky may experience a slight decline, but it’s not because someone has finally found a way to banish it once and for all. A new type of ransomware, “Zepto”, is hitting the cyber world in a big way and locking all of the files in its path. Both malicious attacks are similar to one another and ultimately have the same end result, but Zepto is taking the ransomware world to the next level. Individuals and businesses are going to have to learn everything about this attack, and fast, lest they get caught in its trap.

Here’s how it works: just like most other ransomware attacks, an email is able to get into your inbox that has either a .zip or .docm attachment. Now this is where the file options differ – if you open the .zip, you will be prompted to open at .js file which then downloads and runs Zepto. With the .docm attachment, the document will open in Microsoft Word. From there, it prompts you to update your security options but it’s a disguise so that the attack can gain permission to begin locking files.

At this point, your files are in the process of being locked. Congratulations! Now what can you do? Well, if there were a time machine, it would make sense to go back and do the following: cyber security education and proper protection protocols on your network from an MSSP (Managed Security Service Provider) to ensure that emails containing infected attachments don’t end up in anyone’s inbox. To the first point – the minute an employee opens a questionable file, your entire network could be at stake. Vigilance is key when opening any online correspondence and attached collateral, even if it’s from a contact you believe to be legitimate.

But sometimes people make mistakes – we all do. That’s why having an MSSP in your corner saves you and your company time and future headaches when dealing with cyber security decisions. Neovera provides 24x7x365 cyber security monitoring and management services to organizations large and small who all have the same goal – growing their business and ensuring their data is protected. Leave your cyber security concerns with Neovera –  we’ve got your back.

Disaster Recovery: When Ransomware Strikes

Ransomware attacks are skyrocketing in popularity – approximately $1 Billion spent in 2016 alone to free networks and data from hackers’ grasps. Ransomware attacks occur when a hacker infiltrates your network, locks up everything and demands payment in return for the digital key. If that demand isn’t met, everything you’ve worked on goes out the window. And, while backing up data prior to an attack occurring is a great way to take some of the power away from cyber attackers, it shouldn’t be the only weapon in your disaster recovery arsenal.

There’s a lot to take into account when it comes to creating a disaster recovery plan. Not only do you need to identify and locate critical systems, but a review process should be in place to make sure nothing is in immediate danger from threats, natural or manmade. When a disastrous event occurs – anything from an “act of God” to a debilitating ransomware attack – short and long-term plans need to be mobilized immediately so that your business can continue uninterrupted. As a full-service monitoring and management IT solutions firm, Neovera is able to provide its clients with round-the-clock service if they find themselves dealing with an unruly ransomware attack:

  • BUSINESS CONTINUITY – Ensure business critical data and processes are secured with minimal downtime.
  • CUSTOMIZED FLEXIBILITY – Neovera supports multiple DSR options for cloud and physical environments ranging from customer-provided to full turnkey solutions.
  • EXCEED EXPECTATIONS – Multiple recovery options enable rapid and efficient recovery of resources.
  • SECURE REPLICATION – Numerous levels of data protection for virtual and physical infrastructure ranging from tape backups to real-time replication.
  • UNMATCHED EXPERTISE – We have the technical expertise and resources to develop cost-effective solutions that deliver 24x7x365 failover protection.
  • SITUATIONAL AWARENESS – Our engineers will perform a complete business impact analysis to develop the optimal solution to protect your critical information and prevent unforeseen events.

Ransomware attacks rose by nearly 26% from 2015, according to the FBI – and with the odds of an attack becoming that much more possible, the time is now to create a disaster recovery plan that supports both short and long term business solutions for your organization’s specific wants and needs. Neovera has over 15 years of experience providing 24x7x365 monitoring and management support to businesses of all types while staying one step ahead of the latest cyber threats.

TeslaCrypt Decryption Key Handed Over

In a rare turn of events, the creators of the ransomware TeslaCrypt actually turned over the very key that unlocks their malicious program. An analyst at ESET happened to notice that TeslaCrypt was slowly shutting down over the past few weeks. On a whim, he requested that the TeslaCrypt decryption key be released and, surprisingly, it was!

Obviously this doesn’t happen with most – or, potentially any – ransomware creators. Either they keep the decryption key hidden completely until the ransom is paid, or a user happens to get lucky by finding the key online and posting it for victims to use at their leisure. We’ve written about this regarding Petya, but it’s rare enough and the former normally takes place.

Now, should everyone start poking a sleeping bear, or in this case a ransomware creator, and ask them for the key to their livelihood? Probably not. At the same time, you shouldn’t have to pay the ransom either if you’ve taken care of your protected files, network, servers, and anything else that could potentially be locked down and controlled by a malicious attack. Something as simple as backing up protected data to a separate, offline storage area is all it takes to make sure your environment isn’t bogged down by something as preventable as a ransomware attack.

Covering ransomware ad nauseam across the media happens because it is one of the more pervasive attacks out there: last year alone, the Federal Bureau of Investigation registered 2,453 complaints about ransomware incidents that cost users a total of more than $1.6 million. The instance with ESET and TeslaCrypt is promising, but trusting hackers to give over anything without a price tag attached is naive. Time will tell with the TeslaCrypt outcome, but until users continuously monitor their data and perform backups as needed, ransomware will continue to be the go-to cyber attack for hackers across the Internet.

Ransomware Attacks Hit House of Representatives

An increasing number of ransomware attacks is an unfortunate trend as we move into the second half of 2016, and they have needled everyone in the public and private sectors. Most recently, the House of Representatives has issued warnings to its employees regarding third party website interaction on its computers and associated technology. What does this mean for the government at large as it slowly meanders into the cyber age, and how have other companies already begun to accept the changes that need to be made in order to stop these treacherous ransomware attacks before they start?

Here are the facts: recently the House of Representatives sent out notices from its technology services desk regarding employee use of third party websites when it is through government computers or other machines. Sites as popular as Gmail or YahooMail are going to be blocked in order to curtail the occurrence of any ransomware attacks. Though the House Chief Administration Officer declined to divulge details regarding a ransomware attack, it seems that one did occur in late April due to a House of Representatives employee clicking on an infected link. Unfortunately that’s all it takes for a ransomware attack to take hold of your network and lock its contents until the “ransom” is paid via bitcoin.

Some see these measures as extreme – one app founder, Ted Henderson, stated that it was “irresponsible” for the House of Representatives to take a stance that essentially blocks an avenue of free speech. However, that isn’t the argument within this particular piece: in actuality, focus should be placed on the points before the ransomware attack occurs and not after. What cyber security education is in place throughout the government? Are their networks and servers really that secure, or do we blindly assume that the government has the best cyber security plan? Obviously these are hard questions to answer but judging from President Obama’s most recent cyber security pledge, it seems that not only is the government keen on creating a better technological realm for itself and its employees, but that it wants to set an example for the rest of the country.

Overall, ransomware attacks can happen anywhere, to anyone and at any time – cyber security education is paramount for everyone, employees and private citizens alike, in order to quash these malicious attacks before they are able to take control of sensitive and protected data.

File Retrieval Solution for Petya Ransomware Victims

If readers have heard about Petya, the newest in a slew of recent ransomware attacks, hopefully it’s been through a blog like this. The newest “IT” malware attack to hit the scene, Petya is hidden within documents attached to emails that purportedly come from someone interested in obtaining work. Until recently, it seemed that those affected would have to deal with the attack outcome by paying the ransom (the equivalent of $375 US) or recreating their networks and data from scratch. However, new discoveries were made by a white knight that solved the puzzle of this particular attack for the time being.

This user, known only as Leostone, cracked the code delivering the encryption key to Petya without having to pay the ransom, but also released a web-based tool for others to free their data from its grasp. In regards to Petya, this attack was particularly annoying because it would encrypt files and scramble the master boot record (the sector of an inserted disc that identifies where the operating system is located so the program in question can be loaded into the computer’s main storage) on the infected drives. There is a second step with the aptly-named Petya Sector Extractor: basically it does what the name implies and manages to extract some of the infected data so that you can plug it back into a clean computer and input the code found through Leostone’s solution.

All of this, for those that aren’t as well-versed in ransomware attack survival techniques, can be rather daunting and almost impossible. However, it just speaks to the bigger issue at hand, and it’s a mantra repeated time and time again at Neovera and other firms across the country: back up data. Small businesses, large enterprises, everyone in between – if data is backed up in a timely and succinct fashion, ransomware attacks become obsolete and worthless to hackers because they won’t have anything to bargain with. Now, though the steps outlined above may be off-putting, a cyber security consultation is a great first step to providing the small amount of coverage needed to save your organization a lot of pain in the long run.