Like other app stores, Android’s Google Play Store attempts to mitigate the risk of malware exposure within their approved apps. Unfortunately, malware authors are finding ways to worm their way past these controls.
Read More
A decade-old form of malicious software known as ransomware has been making headlines after cybercriminals hijacked hundreds of thousands of computers worldwide.
Ransomware, which is often transmitted by email or web pop-ups, involves locking up people’s data and threatening to destroy it if a ransom is not paid. The global cyberattack has affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany and Britain.
The cybercriminals have generally targeted hospitals, academic institutions, blue-chip companies and businesses like movie theater chains. The attacks highlight the challenges that organizations face with consistently applying security safeguards on a large scale.
“Not only individuals, but even governments and big companies with so much to lose fail to secure their systems and train their employees about necessary security practices,” said Marty P. Kamden, a marketing executive for the private network service provider NordVPN. “Cautious online behavior would probably have prevented the malware from infecting the network in the first place.”
What can businesses and individuals do to protect themselves from ransomware? Here are some tips from security experts.
Update your software
Security experts believe the malware that spurred this global attack, called WannaCry, may have initially infected machines by getting people to download it through email. After that, the malicious code was able to easily travel to a broader network of computers that were linked together through the Windows file-sharing system. (Users of Macs or other non-Windows computers were not affected.)
The most disheartening revelation from the cyberattack was that there was a fix available for the ransomware before the attack. Microsoft, which makes Windows, released a patch for the WannaCry vulnerability eight weeks ago, said Chris Wysopal, the chief technology officer of Veracode, an application security company.
In other words, if people had simply stayed on top of security updates, their machines would not have been infected. “People kind of got complacent and not vigilant about updating their machines,” Mr. Wysopal said.
Consumers can remedy this by configuring their Windows machines to automatically install the latest software updates.
Even though WannaCry specifically targeted Windows machines, that does not mean Mac or Linux users are off the hook in the future. Other breeds of malware may infect various operating systems, so no matter which device you are using, you should regularly update your software to install the latest security enhancements.
Install antivirus software
In addition to keeping Windows up-to-date with the latest security enhancements, antivirus software can prevent malware from infecting your computer. Mr. Kamden of NordVPN said 30 percent of popular antivirus systems were capable of detecting and neutralizing the ransomware.
Of course, with antivirus software, the same principle applies: Make sure to keep the antivirus app up-to-date, too, so it blocks the latest emerging malware. Also, download antivirus apps only from reputable vendors like ESET, Kaspersky Lab, Bitdefender or Malwarebytes, Mr. Kamden said.
Be wary of suspicious emails and pop-ups
Security experts believe WannaCry may have initially infected machines via email attachments. The lesson: Avoid clicking links inside dubious emails, Mr. Kamden said.
How do you spot a fishy email? Look carefully at the email address of the sender to see if it is coming from a legitimate address. Also, look for obvious typos and grammatical errors in the body. Hover over hyperlinks (without clicking on them) inside emails to see whether they direct you to suspicious web pages. If an email appears to have come from your bank, credit card company or internet service provider, keep in mind that they will never ask for sensitive information like your password or social security number.
In addition, ransomware developers often use pop-up windows that advertise software products that remove malware. Do not click on anything through these pop-ups, then safely close the windows.
Create backups of your data
In the event that a hacker successfully hijacks your computer, you could rescue yourself with a backup of your data stored somewhere, like on a physical hard drive. That way, if a hacker locked down your computer, you could simply erase all the data from the machine and restore it from the backup.
In general, you should be creating a copy of your data in the first place, in case your computer fails or is lost. To be extra safe from hackers, after backing up your data onto an external drive, unplug the drive from the computer and put it away.
Create a security plan for your business
For larger businesses with hundreds or thousands of employees, applying security updates organizationwide can be difficult. If one employee’s machine lacks the latest security software, it can infect other machines across the company network.
Mr. Wysopal said businesses could learn from how WannaCry spread through the Windows file-sharing system by developing a strict schedule for when computers companywide should automatically install the latest software updates. Businesses should determine the best time to apply these security updates to office computers without interrupting productivity, he added.
Information technology professionals should also regularly educate and test employees on spotting suspicious emails, said Matt Ahrens, vice president of Crypsis, a cybersecurity firm.
What to do if already infected
If you are already a victim of ransomware, the first thing to do is disconnect your computer from the internet so it does not infect other machines. Then report the crime to law enforcement and seek help from a technology professional who specializes in data recovery to see what your options might be. If there are none, don’t lose hope: There may be new security tools to unlock your files in the future.
In some extreme cases, it might make sense to pay a ransom if you have no backups and the encrypted files are valuable, Mr. Wysopal said. But he added that with WannaCry, people definitely should not pay the ransom. That’s because the hackers are apparently overloaded with requests from victims asking for their data to be released — and many who have paid the ransom are not hearing back.
Proactive Care
We offer a Proactive Care Solution that performs daily checks of your computers’s health and alerts us if there is a problem. We then rectify the problem remotely or inform you of the issue.
Every year when the Holiday’s roll around things tend to get busier, everyone is more giving, and the shopping season ramps up to its peak. Unfortunately these aren’t the only things that increase during the holidays, criminals are out to take advantage of your holiday spirit. Check out our top five holiday scams to avoid this season.
In a perfect world when the holidays rolled around we would only need to worry about the warm apple cider, great decorations, and giving spirit. Unfortunately that’s not how it typically works out. All of those things and more are what makes this time of year my personal favourite, but it’s also the favourite for scammers. It’s very typical to see the amount of scam attempts rise by almost 10% at the end of the year.
Quick tips for avoiding all scams
- If it sounds to good to be true, it probably is.
- Read carefully, scams almost always have improper grammar or spelling mistakes which you won’t normally see in a legitimate message.
- Check the email it was sent from, it will often be easy to spot that the email didn’t come fromsupport@amazon.com for example.
- If you click a link and are taken to a page looking for personal information, turn around. No company will immediately request that information from you to get a deal.
Now we’re here, it’s finally time for the list. Lets get rolling:
5. Fake Charity Emails
There is no doubt that during the holidays we tend to give more as a society. We’re all feeling happier, and are more willing to spread the cheer during the “giving season.” Cyber criminals are always on top of their best chances to scam you out of money and may even try to do it using fake charity emails. These could come in looking to get donations out of you, and may appear to be legitimate at first. Make sure to read carefully through the emails and look for their typical mistakes (typos, poor grammar, etc.). To be extra careful, if you’re looking to donate to a charity that came from a suspicious email, open your browser and manually navigate to their website. Using this process you ensure you’re not being fooled by any fake webpages and can continue to spread holiday cheer!
4. Fake Shipping Notifications
This scam attempt is very popular at all times of the year, but even more so during the holiday season. We all tend to order more things online during the holidays which means Australia Post and FedEx are ramping up their deliveries to get all the packages out on time. Cyber criminals look to target this aspect by alerting you that your packages were not able to be delivered and you need to fill out forms with personal information to reschedule the delivery. As we all know, if Australia Post attempts to make a delivery and can’t they will leave a note on your door. You can also sign up for programs Australia Post and FedEx offer to monitor packages being sent to your address. This will allow you to skip over these shady emails and go right to your account to check a delivery status.
3. Black Friday or Cyber Monday Extravaganzas
We’re not the only ones who get overly excited for the steal of the year on that flat screen TV, cyber criminals look forward to Black Friday and Cyber Monday just like consumers. Cyber criminals have been preparing for this time of year and are often putting some serious dedication into their scams. In previous years entire “Black Friday Deals” websites have been created trying to lure customers into buying fake products on their fake website. These sites are showing even lower prices than normal stores are offering to try to prey on customers looking for the best deal wherever they can find it. Be sure to always purchase directly from retailers no matter what sites you see deals on.
2. Fake E-Greeting Cards
E-greeting cards are not something that really caught on as a popular trend but they’re still used as a cute way to spread some holiday cheer and happiness. They’re even sometimes sent out by businesses as a way to spread some cheer to customers and wish them a happy holidays. Because of this, criminals are out looking to take advantage of your holiday spirit and trick you into clicking their malicious links.
Sometimes these E-Greeting cards will come loaded with malware as an attachment, however they also may try to get you to give up personal information. This type of attack is focused on social engineering and will attempt to get you to enter personal information to win a “holiday contest”, or another silly excuse they come up with. Remember to avoid giving out personal information on the internet when possible, especially if it is solicited through a shady email or pop-up.
1. Fake Last Minute Shopping Deals
This year specifically be on the lookout for scams that could involve Wal-Mart or Amazon. They are two of the big powerhouses in retail store and online shopping, and cyber criminals see pretending to be them as an easy target. These scams could come in the form of last-minute sales or coupons that will often sound to good to be true. If you see a deal like this and want to see if it’s legitimate, go directly to Amazon.com or Walmart.com and see for yourself. If they’re emailing about a deal it will most likely be on the front page of their site.
Another way the criminals try to scam people with shopping related deals are free gift cards, that’s right FREE GIFT CARDS. They’ll often exclaim this offer in full caps to you in an email or malicious pop-up. A good rule of thumb for this one is no store is ever going to give you a free gift card for filling out a form with personal information. There are some instances where stores offer gift card deals with a purchase, these are legitimate and are often done by stores like Target.
Stay safe out there, and have a happy holiday season!
This advice comes from researchers at Barkly.com and it’s rather grim. As per their recent survey of ransomware victims in 2016:
- 77% said the attacks bypassed their email filtering solutions
- 95% of the attacks bypassed their firewalls (not surprising since ransomware is “allowed in” by unsuspecting users
- 52% bypassed malware solutions that were in place
- as for cash losses, 32% of victims said they were out of pocket $US100,000 to $US500,000 because of the attack!
- Following the attacks, 65% of victims undertook security awareness training and 57% invested in better protection mechanisms and policies
Basically, ransomware is cybercrime’s most profitable business! Largely because most organisations do not have the right solutions to combat it.
Are you next? Where are your vulnerabilities? If you don’t know, then let us provide you with an audit and sound security readiness measures.
If you feel you’ve been the victim of an online fraud attempt, PLEASE REPORT IT IMMEDIATELY to ACORN (Australian Cybercrime Online Reporting Network)
www.acorn.gov.au
