7 Things You Need to Know About Ransomware

7 Things You Need to Know About Ransomware7 Things You Need to Know About Ransomware

Ransomware is a well-named type of cyber-attack. Cyber-criminals taking this approach kidnap your data. After accessing your network, they encrypt files and demand payment for the passcode. Here are the top seven things you need to know about this business threat.

#1 It Can Happen to You

Cyber-criminals rely on your false confidence. Don’t think “it won’t happen to me.” Attacks on government, education, healthcare, or financial institutions get publicity. Yet organizations of all types and sizes are targeted.

#2 Ransomware Spreads Fast

Ransomware is malware, malicious software that can reach throughout a network. So, if Jane from accounting opens a ransomware file, every single computer on your business network could be infected. The virus can spread between businesses, too. Consider the debilitating WannaCry ransomware attack of 2017. Within four days of its first detection in Europe, the strain had spread to 116 countries.

#3 Ransomware Targets People

A common method is to send out phishing emails in the hope of having people enter their access credentials. Targeted business communication emails work, too. The attacker gets to know your business first. Then they send an email impersonating a colleague, supplier, or customer asking you to take action or update contact details by clicking on the link or downloading a file.

#4 Ransomware is Costly

Once the ransomware is installed on your system, it locks down your files. To regain access to the files, you need the password or decryption key the attacker supplies when you pay up; that’s if they keep their end of the bargain once you pay the ransom. These are crooks you’re dealing with after all!

In Coveware’s analysis of Q3 2019, the average ransom payment increased by 13% to $41,198 as compared to $36,295 in Q2 of 2019. And that’s just the cost of the ransom. Indirect costs include the cost of downtime, lost revenue, and long-term brand damage. There’s also the expense of removing the ransomware, forensic analysis, and rebuilding systems.

The average ransomware attack in Q3 2019 resulted in 12.1 days of downtime. – Coveware

#5 Ransom Requires Cryptocurrency

Ransom payment is usually made by bitcoin or another cryptocurrency. Your business needs to buy cryptocurrency with actual cash, then transmit the ransom. They choose cryptocurrency because it’s very difficult to trace. It doesn’t help you that bitcoin is not something you can charge back like a credit card.

#6 A Recovery Plan Helps

Planning in advance can help you respond more reasonably. Document plans to disconnect infected computers from the network as soon as possible. Also, power down any machines that could be vulnerable to avoid spreading contagion.

You should also discuss in advance whether or not your business will pay a ransom. Weighing the costs and benefits without a deadline on the decision can help you react more strategically.

#7 You Can Take Action

You don’t have to sit around worrying and waiting for a ransomware attack. There are many things you can do to help prevent this type of attack:

  • Filter traffic, preventing it from coming into your network in the first place.
  • Scan inbound emails for known threats, and block certain attachment types.
  • Use antivirus and anti-spam solutions and regularly upgrade and patch vulnerable software.
  • Educate all users about social engineering.
  • Allow remote access to your network only from secure virtual private networks.
  • Back up your data to more than one location so that you can restore any impacted files from a known source.

Ransomware is a lucrative, relatively easy mode of attack for cyber-criminals. Contact us today for help implementing the best protection practices to keep your data safe. Call us at 319-227-7000.

2019-12-01T18:11:37-06:00December 10th, 2019|Ransomware, Security|0 Comments

What is a Firewall, and Why Does It Matter?

What is a Firewall, and Why Does It Matter?Firewall Cedar Rapids, IA

Hearing “firewall” in the context of computing can be confusing. How does a tall, blazing fire separating rescue teams from people trapped apply to computers?

Well, imagine the rescue team using heavy blasts of water to save the day. A hacker is as motivated to get at your data. They will try everything to bypass your security. They want to get inside your network perimeter. In a business office, computers and printers are often networked together. This lets Jane in accounting and Kevin in graphic design access the same business tools.

In computing, a firewall sits between that internal network and the internet outside. It’s kind of like a nightclub bouncer. You definitely want it to be as burly and intimidating as possible to keep the riff-raff out. The firewall helps reduce or prevent unwanted traffic from getting through.

The Packet Filtering Firewall Approach

Your firewall can be hardware, software, or both. A packet-filter firewall monitors and controls network traffic. It filters data entering the network according to predetermined rules. IT experts set up a firewall to examine small amounts of data (called “packets”) to see if they contain threats. It checks packet data against criteria such as allowed IP addresses and packet type. If the data is suspect, the firewall stops those packets. If not, the data will continue on to its destination.

Firewalls stop certain software from sending and receiving data to and from the internet. This reduces the number of entry points for viruses or illegitimate traffic. After all, a club wouldn’t want to hire the bouncers to cover seven different doors.

A firewall also monitors outgoing traffic. Why’s that? Because an infected computer in your network could be sending out malicious information. If your company has fallen victim to a malware attack that turns a computer into a bot, it might be “phoning home.”

Unlike E.T. trying to get back to the safety of his home planet, the malware is checking in with its Zombie master. It’s helping to strengthen the bad guy’s ability to attack victims.

Firewalls can help prevent denial-of-service (DoS) attacks. In a DoS incident, thousands of computers are used to send an overwhelming amount of traffic to a network. It’s like putting 10,000 people in an elevator with an occupancy limit of 20 – expect a crash.

One famous 2016 attack seriously disrupted Amazon, Visa, PayPal, Netflix, AirBnB, and more.

Other Types of Firewalls

Packet-filtering firewalls aren’t your only option. Stateful inspection is helping to make firewalls even smarter. These check where the packet came from, where it is going, and what application requested it. This end-to-end examination is more rigorous. All the parameters must match trusted information for the packet to pass through. This approach offers a smart, fast way to inspect for unauthorized traffic.

When setting up any firewall, it is important to avoid any unintentional openings. A hole in a chain-link fence renders perimeter security useless. A hole in a firewall leaves your network vulnerable.

Need help deciding on the right type of firewall for your business? Want to be sure your firewalls are going to withstand attack?

Our experts can help set up and test your firewalls. Contact us today at 319-227-7000!

2019-10-25T15:19:54-05:00November 19th, 2019|Compliance, Networking, Ransomware, Security|0 Comments

Should You Pay for a Ransomware Attack?

Should You Pay for a Ransomware Attack?Ransomware

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone. Here’s what you should consider if you’re ever in this situation.

Do you trust them?

Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?

Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network.

How much do they want?

Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?

Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?

More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place

Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, we can help! Call us at 319-227-7000

2018-10-07T10:21:39-05:00June 5th, 2018|Ransomware|0 Comments

How to Tell if Your Computer Has a Virus?

How to Tell if Your Computer Has a Virus?Virus

Sometimes computers do wacky things that ring alarm bells and make us dive for cover. Next thing you know, you’re running scans on repeat and demanding everyone come clean about their browsing habits. Fortunately, not all weird occurrences are caused by viruses – sometimes your computer is simply overloaded, overheating or in desperate need of a reboot. Here are the tell-tale signs of a malware attack:

Bizarre error messages

Look for messages popping up from nowhere that make no sense, are poorly worded or plain gibberish – especially if they’re about a program you don’t even have. Take note of anti-virus warnings too, check the warning is from YOUR anti-virus software and looks like it should. If a message pops up that isn’t quite right, don’t click. Not even to clear or cancel the message. Close the browser or shut down the computer instead, then run a full scan.

Suddenly deactivated anti-virus/malware protection

You know the best way to get past the guard? Send him for a coffee break! Certain viruses are programmed to take out the security systems first, leaving you open to infection. If you reboot and your protections aren’t back on the job, you are more than likely under attack. Attempt to start the anti-virus manually and you’ll know for sure.

Social media messages you didn’t send

Are your friends replying to messages you never wrote? Your login details might have been hacked and your friends are now being tricked into giving up personal information or money. Change your password immediately, and advise your friends of the hack.

Web browser acting up

Perhaps you’ve noticed your homepage has changed, it’s using an odd search engine or opening/redirecting unwanted sites. If your browser has gone rogue, it’s definitely a virus, usually one intended to steal your personal or financial details. Skip the online banking and email until your scans come up clear and everything is working normally again.

Sluggish performance

If your computer speed has dropped, boot up takes an eternity and even moving the mouse has become a chore, it’s a sign that something is wrong. But not necessarily a virus. Run your anti-virus scan and if that resolves it, great. If not, your computer likely needs a tune-up or quickie repair.

Constant computer activity

You’re off the computer but the hard drive is going nuts, the fans are whirring, and the network lights are flashing like a disco? It’s almost like someone IS using the computer! Viruses and malware attacks use your computer resources, sometimes even more than you do. Take note of what’s normal, and what’s not.

Got a virus? Give us a call at 319-227-7000

2017-09-25T11:55:24-05:00October 10th, 2017|Ransomware, Security|0 Comments

Petya Ransomware is Spreading Across the World

Petya Ransomware is Spreading Across the WorldPetya Ransomware

There is a new strain of ransomware in the wild. It has multiple names such as Petya, Petrwrap, or NotPetya. This ransomware is being spread via an SMB vulnerability called EternalBlue. This is the same vulnerability that was used to spread WannaCry. A big difference with Petya is that it also encrypts the master boot record of the hard drive after encrypting your data, which makes accessing the drive almost impossible unless you pay the ransom. However even if you pay the ransom there is no guarantee that you will get your data back. Your best bet is to restore from backup. You do have a good backup in place with multiple copies of your data right?

Our network security service stops ransomware in it’s tracks by providing layered security. We include a managed firewall, managed backup, managed anti-virus, and patch management.

2017-06-27T16:33:09-05:00June 27th, 2017|Ransomware|0 Comments

MRCR Ransomware Decrypter

MRCR Ransomware Decrypter

If your computer has been infected by the MRCR Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

MRCR Decrypter (Emsisoft)
MRCR or Merry X-Mas is a ransomware family that first appeared in December last year. It is written in Delphi and uses a custom encryption algorithm. Encrypted files will have either “.PEGS1”, “.MRCR1”, “.RARE1”, “.MERRY”, or “.RMCM1” as an extension. The ransom note is named “YOUR_FILES_ARE_DEAD.HTA” and asks victims to contact either “[email protected]” or “comodosecurity” via the secure mobile messenger Telegram.

Contact us Now 319-227-7000

2017-02-02T13:10:58-06:00February 2nd, 2017|Ransomware|0 Comments

Marlboro Ransomware Decrypter

Marlboro Ransomware Decrypter

If your computer has been infected by the Marlboro Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

Marlboro Decrypter (Emsisoft)
The Marlboro ransomware was first seen on January 11th, 2017. It is written in C++ and uses a simple XOR based encryption algorithm. Encrypted files are renamed to “.oops”. The ransom note is stored inside a file named “_HELP_Recover_Files_.html” and includes no further point of contact. Due to a bug in the malware’s code, the malware will truncate up to the last 7 bytes from files it encrypts. It is, unfortunately, impossible for the decrypter to reconstruct these bytes.

Contact us Now 319-227-7000

2017-02-02T12:43:11-06:00February 2nd, 2017|Ransomware|0 Comments

Globe3 Ransomware Decrypter

Globe3 Ransomware Decrypter

If your computer has been infected by the Globe3 Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

Globe3 Decrypter (Emsisoft)
Globe3 is a ransomware kit that we first discovered at the beginning of 2017. Globe3 encrypts files and optionally filenames using AES-256. Since the extension of encrypted files is configurable, several different file extensions are possible. The most commonly used extensions are .decrypt2017 and .hnumkhotep. To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version. Select both the encrypted and unencrypted file and drag and drop both of them onto the decrypter file in your download directory. If file names are encrypted, please use the file size to determine the correct file. The encrypted and the original file will have the same size for files greater than 64 kb.

Contact us Now 319-227-7000

2017-02-02T12:39:59-06:00February 2nd, 2017|Ransomware|0 Comments

OpenToYou Ransomware Decrypter

OpenToYou Ransomware Decrypter

If your computer has been infected by the OpenToYou Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

OpenToYou Decrypter (Emsisoft)
OpenToDecrypt is a ransomware written in the Delphi programming language that encrypts your files using the RC4 encryption algorithm. Encrypted files get renamed to *[email protected] and a ransom note named “!!!.txt” can be found on your Desktop.

Contact us Now 319-227-7000

2017-02-02T12:37:56-06:00February 2nd, 2017|Ransomware|0 Comments

GlobeImposter Ransomware Decrypter

GlobeImposter Ransomware Decrypter

If your computer has been infected by the GlobeImposter Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

GlobeImposter Decrypter (Emsisoft)
GlobeImposter is a Globe copycat that imitates the ransom notes and file extension found in the Globe ransomware kit. Encrypted files have the extension *.crypt and the base name of the file is unchanged. The ransom note is named “HOW_OPEN_FILES.hta” and can be found in all folders that contain encrypted files.

2017-02-02T12:34:52-06:00February 2nd, 2017|Ransomware|0 Comments