Month: January 2016

Houston we have a problem - a kind of misunderstanding which leads to apathy.

Example: I wonder if you knew this week a new ransomware threat came out.  I should also say that every week new ransomware comes into the "wild", into our computers. (For example in the week of 3/28 - 4/1 we discuss in our blogpost [at Oversitesentry(5)] how to prevent the Locky ransomware and how the Petya Ransomware will now destroy your Master Boot Record (MBR) or the actual usage of the hard drive.

For the first time a program language called Javascript is now being used for Ransomware: Called Ransom32

The following picture is from an older ransomware so we can discuss what ransomware is and does.(and what to fear and be proactive about it).

Ransom means that the criminal has found a way to take something of yours and is now trying to extort money out of you so you can get that back. In this age we are talking data files.

Imagine that you are working on a Word document - like a proposal for a client.  Now somehow ransomware software got on your computer, once the software runs ...  it then tries to encrypt your files. Since you are still working on your proposal you try to save the file and it does not work - you cannot save the file as the file you saved to is now renamed and reconfigured(encrypted).

As you try to open other files you notice the encryption does not allow your files to be opened.

If you thought on your feet you can do a "save as" with the current file being worked on and thus at least save the current file. But hundreds maybe even thousands of the rest of your files are now encrypted.

This is obviously a problem, and can put you into a standstill. Will it matter if your files are on the cloud? Unfortunately it depends on how sophisticated the criminals will program, and it is definitely possible to get all files encrypted. The name of the game is money $$$ and if the hackers in eastern Europe are making more money as a hacker than a programmer at legitimate companies than our adversary will improve their attacks.

You cannot avoid this phenomenon for too long. The criminals are looking to make up to $7Bil dollars:

This is easy to figure out - As of 2013 there were 220 million PC's in the USA (I'm not even counting the world). 10% of PCs are not patched correctly (from my blog post and research here at Oversitesentry.com¹ and more background²) Microsoft Statistics as they know how many PCs are being patched.

 

We know from news reports and experience that an unpatched computer is susceptible to these types of attacks. Thus I have drawn a conclusion - 22million PCs are susceptible and with that the criminal has a potential 6.6Bil$ ransomware market - and if there are a few computers that the hacker can steal more information that he can resell then one can project $7Bil ransomware market.  That is a lot of potential money...

So we can't assume the threats will be the same as last year, in fact the threats will become more sophisticated and dangerous.

Instead of throwing up our hands and giving up... the thing to do is to make sure you spend more time on security this year.

There are ways  to shore up or improve your perimeter (firewall), make sure to do patching ontime and effectively. Maybe a new firewall which can do more than filter traffic.  By filtering traffic, I mean make sure certain traffic stays out and others are allowed to run. The problem with this old model is what if the traffic is allowed (like JavaScript inside Facebook?).

Patching your computer is actually not so easy because not all updates are good updates³. So sometimes IT pros recommend to wait until the patch/update has been tested and only then will it be installed. This  process takes time even in the best run IT department. there is always some bits of time which create some vulnerability.

 

Testing your backup is also an important part of security defense. Since if Ransomware gets through you can't afford to see if the criminals wrote good Ransomware software to recover your data when you pay. Our recommendation is to never pay - assume you will lose data and backup - test the backup to make sure you will recover all data properly.

You can't get away from it these days - A company which has computers on the Internet cannot just have a regular firewall anymore - must get a NGFW (Next Generation FireWall) which now will inspect the traffic and is essentially another layer of defense.

 

A regular firewall cannot inspect data like Social Security numbers or Credit card numbers. set up correctly you can do many things with a NGFW(4) . Here is one:  If I see my social security numbers then  email me.   I.e. if somebody is stealing these numbers then email me!

 

 

Because the criminals have such a large budget you can't just trust your capable IT department, you have to make sure that everything is working as it should. Test the IT department

I would be happy to discuss this diagram where your IT department works on the output and Fixvirus.com uses CEH(Certified Ethical Hackers) to test your environment.

 

If you want to discuss how to improve your security (audit security, test backup, and more) in 2016 contact me 314-504-3974 tonyz@fixvirus.com Tony Zafiropoulos Now.

 

 

1. http://oversitesentry.com/happy-new-year-2016/
2. http://oversitesentry.com/is-your-it-system-low-hanging-fruit-for-criminal-hackers/
3. http://oversitesentry.com/are-we-falling-behind-on-patching-computers/
4. http://oversitesentry.com/what-is-an-advanced-firewall-utm-ngfw/
5. http://oversitesentry.com/ransomware-vaccine-can-it-be-done/