MSPNetworks Blog

Since it was first documented in 1989, ransomware has only become far more severe, ruthless, and, most of all, prevalent. Let’s review some important statistics to remember if you are to understand ransomware and, even more importantly, avoid its impact on your business.

Like many of the past few years, this year has witnessed a significant surge in high-profile ransomware attacks. If you haven't already strategized how to safeguard your business from these threats, now is the time to act. Fortunately, you can take several proactive measures to mitigate the impact of ransomware attacks, and it all starts with preparation.

Cybercriminals fight dirty, whether it’s attacking small businesses, large enterprises, or individuals who just want to watch Netflix. It doesn’t matter who you are or what you do for the community; you’ll always be a target for hacking attacks. To save time and effort, hackers will use low-tech attacks and social engineering attacks to target individuals. Hackers aren’t developing new threats all the time; if anything, they largely use existing exploits, purchasable software, and social engineering to take advantage of people.

Let’s look at some of the more common types of attacks you might see.

Billing and Invoice Fraud

Let’s say you’re expecting a bill from one of your vendors. A hacker could impersonate that vendor through the use of email spoofing. Cybercriminals can usually take a pretty close guess at what an invoice might look like and use it to worm their way into your inbox.

For example, if you register your domain through GoDaddy, this information is available to the public. A cybercriminal could make an official-looking phishing email stating that your account is up for renewal or that your hosting bill is overdue. They can use this email to steal your website credentials and cause a lot of chaos in the process.

You’re the Bad Guy

Now imagine what the hacker can do with these credentials. They could take over your website, send emails from your company’s email domain, and even impersonate your company to steal even more information from your clients. You effectively become the bad guy in a situation like this, and it doesn’t take a rocket scientist to crack an email account that isn’t using complex passwords or multi-factor authentication.

When a cybercriminal gets a chance to mimic a legitimate organization, they have opportunities to take advantage of others who will use your good name as a reason to trust them. Don’t let them drag your business through the mud in this way!

Communication Mediums are Potential Threat Avenues

Depending on the configuration, hackers can exploit solutions like Microsoft Teams, Skype for Business, Slack, Zoom, and Discord against you. For example, back in September, a cybersecurity firm called Truesec announced they would be investigating a cybercrime campaign that used Microsoft Teams to send phishing messages and malware-infected attachments. This is hardly the only instance of this type of attack, as there was another back in 2020 that targeted 18,000 SolarWinds customers with malware distributed during a software update. This attack is thought to have originated in Microsoft Teams.

These types of solutions aren’t necessarily insecure; they’re just easy to trick people with, which is how hackers get your business and its employees into trouble.

Social Media is a Common Culprit

More likely than not, you’re already aware that social media can be used for cybersecurity attacks, so we won’t waste our breath here… but again, cybercriminals can and will use social media vectors that take advantage of the constant shifts in policy and procedure of websites like Facebook. You can never be too careful that the messages pretending to be from a social media authority are authentic, and if you get an urgent message claiming that you have violated community guidelines or some other nonsense, never trust it outright. Don’t click any links, or hand over your security credentials.

I hate to be the bearer of bad news, but when it comes to cybersecurity threats it’s kind of hard not to be. I used to look at it from two sides; one side is fascinated at the innovation and intensely brutal ways that high-end cyberattacks work, and the other side of me loses sleep at night worrying about these risks affecting our clients, prospects, and even my own business. This one particular classification of cyberattack, however, takes the cake for being especially frightening.

Introducing Killware, About as Bad As Cybercrime Gets

Imagine a computer virus or malware that is specifically designed for your organization. It knows the software and hardware you are using. It knows what settings and configurations can cause the most harm to your organization. It knows exactly how to slip in, infect the most vulnerable parts of your business, and do massive damage.

That implies a lot of things. It suggests that the cybercriminals targeting you are intimate with your organization and its inner workings. It suggests that the bad guys have an insider, or that you’ve already been compromised so severely that they may as well have an inside agent. Either way, at this point, the network is more their network than it is your own.

But it gets worse.

Not only can they dish out a threat to do harm to your business, but the goal of Killware is to cause as much public harm as possible. This is a frightening mixture of cybercrime and terrorism. It’s real, and it has real consequences.

A Cyberattack Almost Poisoned an Entire Community in Florida

In 2021, a water treatment plant in Oldsmar, Florida, a small city with a population of almost 15,000 people, suffered from a cyberattack. The attack seemed to have a singular goal; to raise the amount of sodium hydroxide in the water that Oldsmar residents were drinking. 

Sodium Hydroxide is used in water treatment to manage the pH level and reduce lead corrosion. In small amounts, it is considered safe. In larger quantities, it can cause severe burns and permanent tissue damage. The attack increased the amount of sodium hydroxide being added to the water by a factor of 100.

Fortunately, staff at the water treatment plant noticed the change immediately and nobody was hurt.

Cities and Local Government Systems are Often the Target

We’ve seen a few cases over the years where malware disrupted portions of city and town infrastructure. In 2018, Atlanta suffered from an attack that took down over a third of its systems, and it cost taxpayers over $17 million and over a year before things went back to normal.

In 2019, Baltimore suffered from a similar attack, which impacted the state's real estate market and dozens of other systems. The attack cost the city an estimated $18 million.

Healthcare, Nonprofit Organizations, Banks, and Others are at Risk Too

The U.S. Department of Homeland Security warns that other critical services like hospitals, police departments, utilities, and other highly networked industries are potential targets for this kind of attack.

In order to reduce the risk, organizations need to take cybersecurity seriously, and ensure that regular audits are happening throughout the year. Committing to industry compliance standards is a good first step, but depending on your industry, your business may want to raise the bar even more.

No matter what kind of organization you run, you have employees and customers to protect. MSPNetworks can help secure your business so that your organization avoids doing harm to the community in the event of one of these devastating attacks. 

Ransomware has rapidly climbed to be one of the most dangerous and feared malware attacks that is used nowadays. It’s gotten to the point that, if you wish they would just stop, we can hardly blame you.

Unfortunately, there is no reason to believe that ransomware is going anywhere.

Numerous Statistics Show That, If Anything, Ransomware is On the Rise

Let’s go over just a few of these stats to really put the situation into perspective:

• In 2022, the average ransom was $812,380. This year, that average is $1.54 million.
• There’s been a 13% increase in ransomware attacks over the past five years.
• 27% of malware breaches involve ransomware.

Clearly, ransomware is here to stay. As a result, you need to be prepared to prevent it from interfering with your business.

How to Prevent Ransomware Infections in Your Business

In the vast majority of cases, ransomware is spread by taking advantage of the end user. Therefore, user training and testing is paramount.

Make sure that your team is aware of the threat of ransomware—what it is, how it works, and how to spot it. Teach them about phishing attacks, which are frequently used to spread ransomware, and general data security practices. Evaluate their readiness to avoid phishing and other cyberthreats regularly, and in addition to targeted training to resolve any identified shortcomings, make sure that all of your team members are maintaining their security practices with regular training and evaluations on the basics.

This is, admittedly, a lot…but it also isn’t something you have to tackle alone. We’re here to help. Reach out to us for assistance with your inclusive cybersecurity needs, as well as general IT maintenance and management, by calling (516) 403-9001 today.

Ransomware is such a common occurrence these days that it has entered the public discourse, but we also want to note that it’s such an important topic to discuss with your team that you can never talk about it enough. We want to address some of the most common questions we get asked about ransomware and what can be done about it.

How Does Ransomware Affect Your Business? Why Should You Be Concerned?

Ransomware is malware that encrypts, or locks down, data on a device or system, rendering it useless until the decryption key is provided by the attacker. The criminal attacking your device essentially holds your data for ransom until you pay a price of some sort, usually through Bitcoin or other cryptocurrencies, but hackers can also steal your data and sell it to the highest bidder if you don’t pay up.

This is obviously bad, but it gets worse when the hackers threaten to delete data after a time period has passed—usually represented by some sort of countdown clock. There is pressure to pay the ransom coming from multiple fronts, and it can be very difficult to manage if you’re inexperienced with threats like these.

Does Antivirus Help Against Ransomware?

Ransomware enters a network in all of the usual ways, but it’s often through social engineering that it makes its way to your network. In other words, the hacker skirts around your security solutions by using your users as a means to enter the network through phishing attacks. If hackers can get the requisite amount of information and access through the use of malicious links or email attachments, and if the user provides permission, then your antivirus software is not going to help prevent it.

What Do I Do if I’ve Been Infected?

Rather than react to ransomware as it occurs, you should be preparing to prevent ransomware attacks in the first place through maintaining a comprehensive, off-site, isolated data backup. This allows you to effectively restore your infrastructure without having to pay the ransom, which can be a powerful option if there are no others present.

Should I Pay the Ransom?

It can be tempting to just pay the ransom in exchange for the decryption key, but we urge you not to do so. There is no way to guarantee that the hackers will give you what you need, and worse, you’re providing financial support to those who are wronging you and will likely harm others.

What Do I Do After a Ransomware Attack?

It might be tempting to rest on your laurels after a ransomware attack, but the work is only beginning. There is a chance that your data has been stolen or compromised as a result of the breach, meaning you could have regulatory issues from noncompliance and legal concerns stemming from the attack. Furthermore, you’ll need to address the root cause of the issue—how you were attacked in the first place—and shore up the vulnerability as quickly as possible.

You might also experience some loss of trust and customer confidence as a result of the attack. Indeed, the prolonged impacts of ransomware could last for much longer and be much more devastating than you might expect.

How Can You Protect Against Ransomware?

If you want to keep your business safe from ransomware, you’ll want to focus on protecting your data by teaching your team about ransomware, phishing, and how it could affect the business. Additionally, you’ll want to ensure that your backup is prepared, tested, and ready to go at a moment’s notice. This will help you respond quickly should the need arise. There’s also the plethora of cybersecurity solutions we always recommend, as well, as you can never be too careful.

To best prepare your business for ransomware attacks and other cybersecurity threats, reach out to MSPNetworks at (516) 403-9001.

Ransomware is one of the more dangerous threats out there for businesses of all industries and sizes. To help emphasize just how dangerous it is, however, you have to look past the initial threat of having to pay a ransom and look at the other risks associated with it. We’re here to try to get the point across that ransomware is something your business should absolutely be taking seriously.

Ransomware Spreads Easily

There is a reason why ransomware is picking up in popularity, and it’s because it is a remarkably simple threat to spread. While it certainly spreads through the usual methods, like downloading infected files or clicking on suspicious links, ransomware is most effectively spread through the use of phishing attacks which trick users into falling for a trap. Whether it’s being fooled by a phony tech support email or being scammed through a social media message, you can bet that ransomware attacks will use phishing as one of their primary modes of distribution.

Restoring from a Backup is Not Enough

It never hurts to have data backups ready to go in the case of any security breach or attack, but it’s even more important in the case of ransomware as you often cannot get around the encryption on the system without them. Even if you do have a backup, however, there is always the threat that the hacker will steal your data or leak it online somewhere, creating additional problems. Simply put, restoring data from your backup might not be enough to solve all of your problems, and you should be aware of the fallout that could result from such a ransomware attack.

Ransomware Costs More Than Just the Ransom

Some individuals think that ransomware really only costs your business money in terms of the ransom, but the costs associated with ransomware are far more and far scarier than what you’ll pay the hackers for the safe return of your data. In reality, a ransomware attack is going to cause costly downtime—time that your business is not functioning as it should—and you could also be subject to compliance fines. Add in the cost of your data potentially being leaked online, and you have yourself a recipe for the downfall of your business, unless you play your cards right.

Obviously, ransomware is a scary thing to deal with, and not in the expected ways, but it’s fairly straightforward to protect against. And, thankfully, you don’t have to do it alone.

Don’t Let Ransomware Harm Your Business

If you want to ensure that ransomware doesn’t cause trouble for your company, then MSPNetworks can help. We can equip your business with preventative security solutions, train your staff on how to identify potential threats, and back up your systems so that you’re not impacted drastically in the event of an attack. To learn more, reach out to us at (516) 403-9001.

We talk a lot (and we mean a lot) about cybersecurity, with ransomware getting a lot of our focus…and for very good reason. Ransomware is a huge threat that today’s businesses need to be prepared to deal with. In light of this, we wanted to share a few tips to help you avoid the negative ramifications of ransomware.

Keep Stock of Your Network and Its Protections

When you consider how many potential access points an attacker has to target your business’ network with ransomware—or any other threat, for that matter—it can be really concerning, really quickly. In short, there are a lot of ways that your business could be targeted, so you need to take the time and ensure they are all sufficiently protected. All internet-facing applications need to be fully up-to-date, every endpoint needs to be locked down, and your team all needs to be educated to help lock down security further.

The key is that you need to be aware of these needs in order to do anything about them, so make sure you’re paying attention.

Protect Your Data Through Backups

Your business relies on its data, and as such, your data is a prime target for cybercrime. The entire point of ransomware is to take advantage of this reliance, cutting off your access to it in order to coerce a payment out of you—a payment that you’re more motivated to make as your business drags to a halt without its essential resources. However, this all hinges on the fact that you wouldn’t have access to your data. If you maintain your access to this data (by keeping it safely backed up, for instance) you’ve eliminated what makes ransomware so effective, allowing you to purge the infection and start fresh.

If you aren’t sure how you should be handling your backups, you don’t have to worry. All you need to do is call (516) 403-9001 for our help.

Train Your Team

One extremely common way that ransomware is spread is through various means of manipulating your business’ users, like phishing messages, malicious attachments, and infected downloads. You can help minimize your risk by educating yourself and your team members on how to identify risks and avoid them appropriately. Remind them not to open or click on unexpected attachments or links, not to plug in random devices they’ve found, and generally act in a more secure way.

MSPNetworks can not only help keep your business productive, but secure and resilient as well. Learn more about what we can do by giving us a call today at (516) 403-9001.

There is a lot made about ransomware, for good reason. It is quite simply one of the nastiest cyberattacks out there and it demands your attention. A lot of people understand what exactly ransomware sets out to do, but they don’t understand how it got that far and how to address the situation if they have the misfortune of being put in that position. 

How a Ransomware Attack Works

Basically, the ransomware attack can be deployed in any way that malware would get into a network. Most of the time it is deployed through phishing, which is a scam that uses fear to get people to make impulsive decisions and give network or system access to hackers. Once in, it is pretty simple for them to execute malware, including ransomware. 

Once run, the ransomware will encrypt and lock down all of the files on a device or even a network and then inform the user that they have been infected. File access is replaced with a notice with a ticking clock: Pay the ransom demanded or else. 

What Do You Mean “Or Else”?

Ransomware is one of those rare attacks that can hurt your organization in many different ways. Obviously, holding your files and data isn’t exactly targeted altruism, so that is the first sign that something terrible is happening. The ticking clock telling you that you have only a short amount of time before your files are lost forever isn’t great either. While we never recommend paying the ransom, it might seem like the only viable choice to get back in action following such an incident. This is especially true in more recent ransomware cases where hackers are also threatening to release encrypted data if the victim refuses to pay the ransom. This puts businesses in a difficult situation; do they risk the security of their data as well as the fines that come from the failure to properly protect it, or do they pay the ransom? It’s a lose-lose situation, and one that is entirely preventable with enough precautions.

What Can You Do to Stop Ransomware?

Let’s look at three strategies that you should have in place to help you ward off all types of cybercrime, including ransomware attacks:

Train Your Users to Detect Phishing Messages

Phishing is the #1 attack vector for ransomware and if you train your staff about the signs that they may be dealing with a potential phishing attack, the less likely your business will ever have to deal with ransomware. Some things your staff should be on the lookout for in their correspondence include:

• Messages that ask for sensitive information.
• Messages that use different domains from legitimate sources.
• Messages that contain unsolicited attachments and links.
• Messages that tend to have poor grammar and don’t typically have the elements of personalization that you would expect.
• Messages that try to elicit panic resulting in impulsive action.

A message having any or all of these variables doesn’t automatically make it a phishing message, but the illegitimacy of phishing messages can often be ascertained by the message itself. 

Keep Your Software Patched

You will want to make sure that firmware, antivirus software, operating systems and other applications you utilize are consistently patched. New ransomware versions come out of the blue and by the time anyone catches on, the hackers that perpetuated them are counting their Bitcoin. By patching software, you ensure that your software is current and has taken into account the threat definitions necessary to keep malware of any type out of your network. The knowledgeable professionals at MSPNetworks have a patch management platform that can save you and your staff the time and effort needed to keep up on all new software updates. 

Backup Your Data

Finally, you will always want to back up your data; not only to combat ransomware, but because it could literally save your business. Having up-to-date backups can help you bypass the ransom demand and restore data and applications affected by the hacker’s encryption. Since most ransomware today is sophisticated enough to search for backup files, you will definitely want to keep a backup offsite, so that they aren’t corrupted.

If you would like to ensure that your business is set up to combat ransomware, give the IT experts at MSPNetworks a call today at (516) 403-9001. 

This past January, the Federal Bureau of Investigation issued an announcement that they had targeted and taken down the servers for a Dark Web organization responsible for the Hive ransomware group. While there is certainly cause for celebration here, one major statistic is enough reason to continue being concerned.

Only About 20% of Hive’s Victims Reported Their Problems to Law Enforcement

That’s over seven months, too. This is nowhere near enough, and even worse is the fact that law enforcement officials are under the impression that this number is high. There are several reasons why this might be the case, however. Some of them include:

• Federal investigators would be just another distraction to internal IT teams and complicate the process of data recovery efforts.
• Businesses might just not think to report it in the highly-stressful circumstances following a ransomware attack.
• Some organizations might believe that involving authorities would only escalate the attacks or get in the way of their own investigations.

However, the FBI’s goal is to identify those responsible for a given attack and to recover the data and/or funds, working discreetly to lend its aid to those impacted.

The FBI is putting forth effort to improve relationships with businesses so that proactive measures can be taken, in the event incidents occur. These resolutions can occur much more quickly if the organization has a good relationship with impacted businesses.

If You Work with Us, You Can Bet on the FBI’s Support

Considering the plethora of resources at the government’s disposal, it would be foolish not to involve the FBI in any ransomware attack. Furthermore, information from your attack could prove useful in finding and eliminating threat actors so that others don’t have to suffer the same fate as you—a worthy cause to say the least.

We’ll still work to prevent attacks whenever possible—after all, that is the best way to respond to attacks of any kind, to prevent them rather than deal with them as they happen—but that’s a different story. To get started, give us a call at (516) 403-9001.

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.

No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.

Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.

Why You Should Never Pay the Ransom

Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.

Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.

This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.

Instead, You Should Call Us!

If you become the target of ransomware, we suggest you call MSPNetworks at (516) 403-9001. We can walk you through the appropriate next steps to address ransomware on your network.

Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.

Get started today by calling us at (516) 403-9001.

Ransomware is devastating as a cyberthreat, but some industries are hurt by it more than others. One such industry is education, and universities and schools are struggling to keep up with these cyberthreats. Most even do the unthinkable in response to attacks: they pay the ransom.

Sophos reports that cybercriminals are increasingly going after the networks of universities and schools with their ransomware, seeing these targets as extremely profitable victims. If you think about it, it makes sense, as institutions of education tend to store immense amounts of personal data that could be valuable to hackers who might want to sell it on the black market. According to Chester Wisniewski, principal research scientist at Sophos, “Schools are among those being hit the hardest by ransomware. They're prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold.”

The average ransom paid by schools suffering from a ransomware attack is $1.97 million, an absolutely astounding number. The average victim from the higher education industry, however, pays on average $905,000. One can see how these types of attacks would be tempting to pull off for ransomware hackers.

The large reason behind why schools and universities are paying up in response to these ransomware attacks is because these organizations cannot function without access to their data. With school records and networks being encrypted, many of the functions involved with their operations cannot occur. For example, many schools have intranets set up where resources and services can be accessed, and if networks are locked down by ransomware, they cannot be accessed, making things like attending class or accessing services impossible.

Sophos indicates that only 61 percent of the data stolen from schools and universities is recovered after paying the ransom; so, in addition to paying the ransom, cybersecurity professionals need to spend even more time and resources recovering the rest of the data.

These kinds of ransomware attacks cannot be taken lightly. Schools and universities are not exclusively vulnerable to ransomware. All organizations, including your business, can potentially become victims of ransomware attacks.

The best way to keep ransomware from affecting your business is to take a two-pronged approach. Implementing preventative measures and training your staff can go a long way on its own, but we also recommend proactively monitoring your infrastructure for potential vulnerabilities and threats. As long as you keep tabs on what is going on with your network, you won’t have anything to fear—especially if you work with a security provider like MSPNetworks.

MSPNetworks can help your business prepare for ransomware attacks through a combination of preventative measures and proactive monitoring. With the right technology solutions on your side, you’ll have all the protections in place to ensure that there is minimal chance of ransomware affecting your operations. To learn more, reach out to us at (516) 403-9001.

We often discuss how your business can avoid the impact of ransomware, but what we don’t often discuss is what happens to businesses that do, in fact, suffer from such a devastating attack. We want to use today’s blog as an opportunity to share what your business should (and should not) do in the event of a ransomware attack, as well as measures you can take to avoid suffering from yet another in the future.

First of All, Don’t Panic

If you suddenly get a message from a ransomware attacker claiming that the files on your computer have been locked down, first of all, don’t panic. Ransomware is scary, but there is a chance that the attacker really hasn’t infected your device. Some recent threat actors have been able to make a quick buck with “fake ransomware” attacks, where the threat is so dangerous that they can make money just from the panic these attacks can create.

Also, you absolutely should not pay the ransom without first consulting your trusted IT resource. You don’t know if the situation is out of control just yet, so it’s best to not make any impulsive decisions. Paying the ransom only proves that ransomware is effective and further funds future ransomware attacks against other businesses like yours.

Contact Your Trusted IT Resource

Regardless of the extent of the attack, your business needs to contact its trusted IT resource to accurately gauge its impacts. Depending on how bad it is, you might be able to get away with restoring a data backup to a point before the ransomware attack struck. If the hacker is using double-extortion methods, however, this might not be possible. Either way, you don’t want to take action until you have had a discussion with your IT resource about what to do. There is almost always another option available, so you want to know what these are before you commit to any one in particular.

Implement Proactive Measures for the Future

Obviously you don’t want to suffer from another ransomware attack in the future, so it’s best practice to prevent these types of threats from infecting your infrastructure in the first place. You can do so with comprehensive security measures designed to keep threats out of your systems. Furthermore, we recommend that you implement multi-factor authentication and train your employees to identify threats. Doing so can keep your employees from making silly mistakes due to social engineering attacks, as well as limit user access controls in the event someone does slip up.

MSPNetworks can help you implement any measures needed to keep ransomware at bay, including cybersecurity training for your business’ employees so they are more cognizant of the threat in the future. To learn more, reach out to us at (516) 403-9001.

Did you know that the United States is the leader in ransomware payments? According to a survey from Mimecast titled “The State of Ransomware Readiness,” the U.S. has the highest average payment for ransomware out of the entire world at more than $6 million per victim. These shocking numbers likely stem from high-profile ransomware attacks, but they are also indicative of a larger problem, that being people who still pay the ransom.

This study examined 742 cybersecurity professionals and found that 80 percent of them had become victims of ransomware attacks over the past two years. Of that 80 percent, 39 percent paid the ransom, with the average United States victim paying $6,312,190. To put that into context, let’s take a look at other parts of the world.

• Canada: $5,347,508
• United Kingdom: $850,000
• South Africa, Australia, Germany: $250,000

That’s for those who actually paid up, though. Close to 40 percent of victims did not pay the ransomware at all, and some were even able to negotiate a lower ransom. That said, the survey also cites that the primary instigation of these ransomware attacks were phishing attacks and web-based threats, and many victims believed that they needed to improve the security of their data centers.

Perhaps the best tool against ransomware attacks is to have a data backup system in place, but again, the survey claims that less than half of respondents had data backup systems in place. Even with this fact, 83 percent of respondents claim they can get their data back without paying the ransom, and 77 percent believe that they can get their operations back to normal within two days.

If your company were to suffer a ransomware attack, we urge you to think before taking any action to resolve it. First of all, what if you’re not actually infected and just making things worse for yourself by paying up? Second of all, what guarantees do you have that your data will be safe and unencrypted should you decide to pay the ransom? And third, how many other businesses or individuals are going to suffer because you just funded the activities of a cybercriminal? All of these factors influence how successful a ransomware attack is.

One thing you absolutely should do is contact your trusted IT resource to determine the extent of the attack. After this has been determined, you should have an easier time figuring out how to address your predicament. Still, we never recommend you pay the ransom. There are often other options to pursue; you just have to have the gumption to look past the immediate panic and focus on the big picture. Plus, you can also implement security solutions and measures that can deter ransomware later on, like multi-factor authentication, user permissions, and unified threat management.

Don’t let ransomware hold your business back from achieving its full potential. To learn more about how you can secure your company’s future, reach out to us at (516) 403-9001.

We know, we know; you’re probably sick of seeing ransomware in headlines, and so are we, but we cannot stress enough how important having an awareness of it is for any business owner. A new study has found that businesses infected by ransomware who choose to pay up experience a different type of fallout--one that is a major cause for concern and a stark reminder that there are no guarantees with ransomware. Ever.

A Cybereason survey, conducted by Censuswide, polled 1,263 security professionals from all over the world and discovered some concerning results. Here are some of the major takeaways, specifically related to companies that paid their ransomware attackers:

• 80% of organizations that paid their ransomware attackers the ransom experienced a second attack.
• Of these organizations, 46% believe that the same hackers were responsible.
• 46% of organizations that paid the ransom found that at least some of their data was corrupted.
• 51% of organizations did not experience data loss or corruption.
• 3% were not able to retrieve their data at all.

This study confirms something that we have been preaching for years. Why should you ever trust a hacker who has encrypted and stolen your data to return it to you? It just doesn’t make sense. Furthermore, when you pay hackers to decrypt your data, you are doing two things. For one, you are inadvertently funding future ransomware attacks by providing the funding hackers need to execute such attacks. You are also showing hackers, and everyone else watching the situation, that ransomware works, which is a far more dangerous idea to foster. If cybercriminals see that these attacks work, they continue to propagate them.

Granted, we understand that it’s not always so simple; the recent rise in “double-extortion” ransomware puts a lot of pressure on organizations to pay the ransom. Hackers threaten to release the encrypted data when the ransom is not paid, potentially subjecting the company to further data privacy fines. It’s just adding insult to injury and kicking organizations when they’re down. This particular approach is devastating because even the usual method of beating ransomware--restoring a data backup--won’t stop the hackers from releasing said data. It’s a tough spot to be in.

Our recommended course of action is simple: take proactive measures against ransomware before you get infected by it, as no matter what circumstances you find yourself in post-infection, it is sure to get messy and complicated.

MSPNetworks can equip your business with the proper security measures and tools to minimize the chance of ransomware infection. Furthermore, we can help you take appropriate action in the event that you do get infected. Don’t let hackers dictate the future of your business; give us a call at (516) 403-9001.

The threat landscape is filled with more types of malware than ever. To keep your business’ network running effectively, it’s important to have a strategy to keep malware out. Today, we’ll talk about a few basics you should know to keep your cybersecurity strategy working properly.

Under A Thumb

Are you aware that there are readily available websites that are strictly devoted to providing the default factory passwords for devices of all types? With these passwords, and a little bit of knowledge about what hardware you have, people could access your network easily?

To combat this, you need to think about every single access point your business has and lock them down. Once they are locked down, you will also need to secure your online accounts and your physical location’s access points. To do this you should take time to document all of your network’s possible entry ways and do what you need to do to secure them. You can do this by ensuring that every access point is secured with different passwords (and two-factor authentication where possible).

Keep Your Antivirus Updated

The antivirus solution you use keeps out unwanted entities. But what happens when malicious entities aren’t recognized by the antivirus solution? That’s right, it passes right by, infiltrating your network. To avoid this scenario, you will want to ensure that your antiviruses, antimalware, and firewalls are all updated with the latest threat definitions. 

Keep a Backup

Most importantly, you may think you are in control, but it only takes one thing to slip by your defenses to complicate things. That’s why you will want to keep routine and periodic backups to ensure that if something does happen that you can restore from backup quickly and get back in business fast. 

Remember all it takes is one. MSPNetworks staff's professional technicians versed in the best practices and protocols of comprehensive data and network security. To talk to one of our knowledgeable IT experts about securing your business, call us today at (516) 403-9001.

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At MSPNetworks, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (516) 403-9001.

Windows 10 isn’t just a great operating system for getting things done--it’s also jam-packed with features that you might not even have known about. This week’s tip is all about some of the handy features that Windows 10 can provide for your office.

Defending Against Ransomware
Even if the best approach to ransomware is proactively backing up data and staying informed about new developments, Windows 10 offers an additional approach that is built right into the operating system. One example of this is how you can use the Controlled Folder Access function. This feature can make it easier to keep “unfriendly applications” from making “unauthorized changes.”

By default, this protects the Documents, Desktop, Pictures, and Movies folders, and you can assign it to do the same for others, as well as whitelist specific apps. To do so, navigate through the following selections: Windows Security App > Virus & threat protection > Manage ransomware protection.

Dynamic Lock
If your organization has a Bring Your Own Device policy, or you have a company-issued device, you can have your desktop lock automatically if the phone (which is on your person) physically moves too far from the unlocked workstation. You can set up Dynamic Lock by first letting your devices communicate with each other. This connection can be done by following Control Panel > Hardware and Sound > Devices and Printers. Next, you’ll have to go through Settings > Account > Sign-in Options.

Creating Start Menu Folders
If there are too many Live Tiles on your screen whenever you click on the Start menu, Windows 10 gives you the option to drag them over each other to place them in folders. These folders will expand when you click on them. Once you have the folders open, you can assign them names.

Scheduled Restarts
Installing updates comes with a major annoyance to some users: restarting the computer. Windows 10 allows users to schedule the restarts for these updates so that they take place automatically. To do this, you can set your computer to wait until you’re all set with your device. To do so, navigate to Settings > Updates and Recovery > Windows Update > Restart options.

This is only a bite-sized glance at what Windows 10 can do for your business. To learn more, reach out to us at (516) 403-9001.

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

Both the Federal Bureau of Investigation and the Department of Homeland Security have issued alerts for the ransomware, also known as MSIL/Samas.A. The alert was issued on December 3, 2018, and outlines an attack on multiple industries, some with crucial infrastructure. The ransomware has been in the news as of late, as two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were indicted by a U.S. grand jury in New Jersey for ransomware attacks on the Colorado Department of Transportation.

The pair is alleged to have victimized over 200 hospitals, businesses, government agencies, and schools in the U.S. and Canada beginning in 2015; extorting over $6 million over that time. In addition to these charges, the two hackers have now been indicted by the state of Georgia on charges that they were the ones that perpetrated the ransomware systems that crippled Atlanta’s government in March of 2018. By taking almost 3,800 of the City of Atlanta’s computers hostage, prosecutors state that Mansouri and Savandi have cost the city millions of dollars in consultant fees, downtime, and other costs.

What is SamSam?
SamSam is a privately developed ransomware that is being used to target specific companies selected by the developers. This means that it isn’t just a commodity ransomware, it can’t be found on some type of criminal forum on the dark web, and it isn’t sold as a service like many other forms of ransomware. This is a major problem for any organization that is targeted, as none of the typical endpoint defensive strategies work to stop it.

What’s worse, is that that once a SamSam strain is used, and security vendors publish a report, another SamSam strain is developed. It is thought that this development team includes the two hackers implicated in the Colorado DoT crimes, the Atlanta crimes, and hundreds of other attacks over the past three years.

What Can You Do?
Thus far the SamSam ransomware has entered victims’ networks using exploits in web-facing servers. It has been deployed as millions of other pieces of malware as an executable file that is mistakenly unleashed, or via brute force via the Remote Desktop Protocol. So, while you can lock down your RDP, your best bet is to have a dedicated strategy that:

• Doesn’t allow unauthorized users to have administrative privileges
• Limits use of Domain Access accounts to administration tasks
• Doesn’t provide service accounts for important services
• Restricts access to critical systems

If you are diligent in your organizational cybersecurity practices, you should be able to conduct business as usual without having to worry about ransomware, SamSam or otherwise. If you are interested in knowing more about SamSam and how to stop it, contact the IT professionals at MSPNetworks for more information at (516) 403-9001.