Cyberattacks launching ransomware

In today’s connected world, cybersecurity is at the forefront of IT security, network security and computer security.  Cyber attacks are successfully penetrating small and medium-sized SMB businesses, as well as large enterprises.  Often, cyberattacks focus on a form of computer virus called ransomware.  Ransomware encrypts files on the infected computer so that the user cannot open the files.  After the ransomware encrypts the files, the only way to get the files open is to decrypt them with the private decryption key.  And in order to obtain the private decryption key, the user must pay the hackers a ransom (the hackers usually require payment in the form of bitcoin to help hide their identity).  The following FBI article provides further insights on cyber-attacks and ransomware: Cyber Crime.  In addition, the following article from Wikipedia defines cyberattacks in greater detail: Cyberattack defined.

How do computers become infected?

The most common attack vector used by hackers is phishing emails.  Most email users have received phishing emails saying they are due a refund from the IRS, or with a receipt for a large purchase on their credit card, which of course they actually did not purchase.  Other phishing emails include fake emails from a social network like Facebook saying the user needs to update their profile, fake emails from a financial institution or insurance company purporting to require the user to verify some information, emails with links to open a shared document that another person has shared with the user, and fake emails from UPS or FedEx with an attachment purporting to have shipment tracking information.  In reality, the hackers are constantly dreaming up new ideas into tricking users to click on bad links and open malicious attachments.

The goal of these phishing emails is to get the user to click a bad link in the email or to open a malicious attachment.  In either case, once the link is clicked and the malicious web site visited, or once the bad attachment is opened, automated code will launch that tries to exploit a vulnerability in the computer.  The most common computer vulnerabilities are Flash, Java and browsers that are not updated with the latest security patches.  If a vulnerability is found by the automated code, the next step will be to exploit the vulnerability to gain some measure of control over the computer.  Often the exploited vulnerability will allow the initial automated code to have the computer contact the hacker’s command and control center through the Internet to then download additional code that starts encrypting the user’s files.  Thus, it is more vital today than ever before that users not click on links in emails and not open email attachments unless the user is expecting the email.  Even if the email purports to be from a known associate, the user should verify the person actually sent it if the contents appear to be strange.

How to use cybersecurity to protect against cyberattacks?

Hardened cybersecurity with a proper backup and disaster recovery system for data protection is the best defense against cyber attacks and ransomware.  If implemented and managed properly, cyber-security will ensure you can recover from a cyberattack and ransomware.  First of all, a firewall at the network perimeter must be configured properly, hardened and include malware scanning.  Secondly, each endpoint on the network must have an anti-virus / anti-malware program that is regularly updated.  A monitoring and alerting system should be in place to ensure notification to the IT help desk in the event the antivirus or antimalware program stops working, or hasn’t been updated.  Thirdly, computers should be configured to update the OS and applications on a regular basis.  This includes Windows, as well as applications like Office, Flash, Java, iTunes and other Apple programs, etc.  Patch management is critical for a proper cybersecurity plan to protect against cyberattacks and ransomware.  And again, patch management should be monitored with an alerting system put in place so tech support / technical support personnel can be notified when necessary.  Next, a web surfing protection / content filtering agent should be implemented on each computer to protect against visiting malicious sites.  Finally, a managed backup and disaster recovery solution to protect your data is paramount in the case an attack successfully exploits a system.  With proper and recoverable backup, your files can be quickly restored without having to pay hackers the ransom.  Here at IT Tropolis we implement and manage a hardened cyber security plan as discussed above.  Contact us today for your customized cybersecurity proposal.