Skip to content

Ransomware on Your Databases Could be a Catastrophe

Sophos has a good article detailng some potential methods the hackers can use to extort money out of companies:   Nakedsecurity Sophos Blogsite

This is the important part:

1. Hackers hack and penetrate your systems, including customer databases

2. Customer data will be encrypted - a ransom will be put on the data (that is the old method)

2a. now the new method is to modify only some of the data like usernames or passwords (sometimes passwords and usernames are set by the customer) so it is impossible to find this encryption until customers call saying they cannot access their accounts.

3. Customers log onto your site and they get infected with ransomware themselves on their personal computers.

 

So what just happened?

A. your server inattention has caused your customers their data and the relationship with you is now harmed.

B. The fix to this is not a restore of data, since it may have been done some time ago. And thus is in your backups as well.

cryptolocker-ransomwaremessage  This is a Cryptolocker2.0 message

We must figure out how to restore before the hack.

How do you know? Test, test, and test keep your datapoints

We are all about  testing here at Fixvirus.com   Contact us to help you in this new cybersecurity environment

 

Here is the Fixvirus Security Show explaining this and Risk Management problems.

The video expounds on the Risk Management failure as well (in tip of day segment)

That was started on our blog post:  http://oversitesentry.com/?p=1400 "Risk Management does not work"

 

Leave a Reply