Blog

Ransomware is a type of malware (malicious software) that takes over your computer and threatens harm, typically denial of access to your data. The modern era of ransomware began in 2013 with CryptoLocker which targeted Microsoft Windows via infected email attachments which encrypted certain types of data. When the computer was infected, it would display a message noting how you could make payment to have your data released. Sometimes paying the ransom worked, sometimes not. In the intervening years, ransomware has become more sophisticated in its targeting and operations.

The first thing is to determine what type of ransomware is attacking your computer: encrypting ransomware, screen-locking ransomware, or “pretend” ransomware. Check to see if you can access files or folders, such as desktop or My Documents items.

If you can’t get past the ransom note on your screen, it’s likely screen-locking ransomware. Notes claiming to be from the ASIO, ATO or police saying you owe a fine, that’s typically screen-locking as well. This is the least destructive form of ransomware.

Check to see if you can browse through directories or apps. If you can open those but can’t open your regular office files, videos, pictures, or emails, you have encrypting ransomware. This is more destructive and difficult to manage.

Fake ransomware threatens that your documents are encrypted. If you can still navigate your system and read most files, then you are probably seeing something fake and you can ignore the ransom note. Try closing your browser; if that doesn’t work, hit Control/Shift/Esc at the same time to open the Task Manager. Choose the Application tab, right click your browser app, and select End Task.

Security experts, including Microsoft, advises against paying ransoms. Paying does not guarantee the return of your files, and paying encourages more attacks. Especially resist paying a screen-locking ransom, as it can almost always be corrected. Paying the ransom also makes you vulnerable to future attacks, as the perpetrator experienced success once and may expect to do so again.

Take a photo of the ransom note presented on your screen, as you may need it for a police report or insurance later. If you do decide to pay, negotiate first. Often you can bring down the price of the ransom. Make sure you contact your financial institution immediately to alert them and have your credit card re-issued or to put your bank on alert.

If you are struck with encrypting ransomware, disconnect your machine from any others, and from any external drives. Go offline if you are on a network, to avoid spreading the ransomware to other devices or to services such as Dropbox. If you have decided not to pay the ransom, use antivirus or anti-malware software to clean the ransomware from the machine. Removing ransomware will not decrypt your files and may end your chances of getting files back with the ransom.

At Blutone Technologies, we ensure your computers and systems are safe from all types of attacks. If you are experiencing a cyber security event, get in touch and let us help. If you’re ready to take serious action to secure your devices, we’re ready to give you the peace of mind you deserve.

Your organisation’s brand and reputation are its most important assets – and if your servers fall victim to a successful phishing attempt, those assets can be severely compromised. In addition, you may well have legal obligations regarding the security and privacy of your customers’ personal and financial information.

Even with the best security, there are ways someone with malicious intent might access your account. And once an account has been compromised, the data in that account is lost – and the account typically becomes the gateway for a hacker to jump from account to account within your organisation. It can also become a portal for them to reach your customers, vendors and partners as well.

Cloud-based solutions, while inexpensive and convenient, are often more vulnerable because all a hacker needs is someone’s credentials to break in. Phishing attacks have recently moved from using “paypal-like” spoofs to mimicking common SaaS services such as Dropbox, Gmail, and business social media such as LinkedIn. They will create message that look exactly like these services and send them to your employees, luring them in to what appear to be legitimate login landing pages. And then once in, they often have access to entire suites of connected services (such as Office 365).

In some cases, the takeover is completely looped – when a suspicious email is received and the receiver does not respond but creates a new email to ask “did you send me X?” and a human is at the other end, ready to reply “yes, I sent you that file about the meeting we had” or some other plausible, genuine-sounding response. It is easy to see how even a careful, security-conscious user might be tricked.

So what do you do if you discover you or your organisation is the victim of a phishing attack? Immediately changing user names and passwords for any compromised access is a first step. You should not be using the same password for other applications – but many people do, so make sure you and your employees change any passwords that might have been the same. Common targets are email and social media networks, so it’s important to change those as well.

Immediately scan the system and all devices for malware, and take steps to remedy any you find. Also, if any credit card information may have been compromised (such as the account billing credit card if you experience a SaaS attack), contact your financial institution immediately to cancel the card and alert them to any possible fraudulent charges.

If there is any possibility of customer data having been compromised, you may have legal and notification obligations. If you are unsure, below are the entities StaySafeOnline.gov.au recommends you contact:

• The business advisory service run by your local council or state or territory government
• The Office of the Australian Information Commissioner – www.oaic.gov.au
• The Office of the eSafety Commissioner – www.esafety.gov.au
• Your relevant industry or member association
• iDcare (iDcare.org) also works with organisations of all sizes to make sure they know what to do if customer details are digitally or physically stolen. They can provide “best practice” recommendations and support for your particular situation.

Of course, the best case scenario is to avoid a phishing attack altogether. With Blutone Technologies, your system is monitored 24/7 for potentially malicious login attempts, and you are notified immediately if anything is compromised. Give us a call today and find out how you can get the peace of mind you need, knowing your system and business reputation is secure.

It’s important to take preventative action to stop cyber-security incidents from occurring. But realistically, many individuals and companies will find themselves under attack by hackers and subjected to other threats. Don’t wait until something happens to make a plan for how to respond and limit the damage. The stress of the attack itself will push you into hasty actions that may actually make the situation worse.

Give yourself some peace of mind and create an incident response plan that answers these questions:

• What is your threat environment? How likely are you to experience an incident? What is the possible severity? Be sure to consider industry-specific threats, your third party networks, at-home workers who may be working on less secure devices, and what type of data your company collects and stores.
• What are your key assets? Identify your mission-critical systems and most important data. What would the effect be of losing any of them?
• What is the plan for each major incident type? Different incidents have different responses – a loss of personnel data vs. a ransomware attack vs. a breach of customer payment information, for example. What are the response objectives and timetable for each?
• Who’s in charge? All parties – management, IT and line staff – need to understand the chain of command. Who makes what type of decisions? What is the involvement of senior management? Management responsibilities and staff.
• Who are your resources? Include key contacts with third party providers, local or home office workers. Create checklists and guides for staff and management to use during the incident response.
• Who needs to know? Senior management, Board members, suppliers, external agencies and third party providers may all feel the impact of your incident. Be sure you understand under what circumstances you need to alert the Australian Cyber Security Centre
• What about the public? How will you communicate with your customers or clients? Who will be your spokesperson if the media is involved? These are key questions, because damage to your reputation can be far greater than the cost of the incident itself.
• When do you need to practise and update the plan? Create a schedule for reviewing your plan periodically to make sure it takes changes in the threat environment or organisation into account. Larger organisations are advised to review every three months; a smaller organisation perhaps every six months.
• What else needs to be considered? Legal exposure? Impact of each type of incident across the rest of the business team (not just the technology department)?

When an incident occurs, it is critical to document all incident details and your response actions. This will not only protect your reputation and limit potential liability, it will offer insights into what can be done in the future to avoid a cyber-security incident.

With a well-planned response protocol in place, recovery time and the effects of the incident are decreased recovery time. As always, being fully prepared is your best defense – and prevention is better than reaction. Blutone Technologies is here to make sure your systems are protected and your data secured. Get in touch today and find out how we can safeguard your business.