Protecting Your Network from Potential Iranian Cyber Attacks

The Cybersecurity and Infrastructure Security Agency has released a warning resulting from heightened tensions between the United States and Iran. Surprisingly, Iranian cyber attacks against the United States are nothing new.

2011 through mid-2013: Using Distributed Denial of Service (DDoS), bad actors blocked bank customers from accessing their accounts, costing financial institutions millions. 

2013: Over the summer of 2013, a cybercriminal hacked the data of the Bowman Dam in New York and gained access to the dam’s operational status. It’s commonly thought that the breach was in preparation for a larger terrorist attack that would have involved flooding the region. 

2014: The famous Sands corporation in Las Vegas was breached, resulting in stolen customer information including financial and personal details.  The hacker wiped corporate computer systems as well. 

2013-2017: Multiple attacks on educational institutions occurred over the course of a four-year period. Hackers stole email credentials, personal information, and intellectual data from numerous educational facilities across the globe, multiple private sector companies, many US and state government institutions, and the children’s charity, UNICEF. 

The IRGC, Iranian Revolutionary Guard Corps, was behind each of these attacks and the CISA warns there could be more targeted Iranian cyberattacks in America’s future. 

What Methods are Commonly Used in Iranian Cyber Attacks? 

Iranian cybercriminals have constantly evolved their attacks over time. The scope of their activities can range from DDoS and identity theft to the spread of malware. It is also suspected that the IRGC can create deadly cyber-kinetic attacks by exploiting weaknesses in existing systems, such as might have happened in the Bowman Dam incident. 

Some of the common methods used in Iranian cyberattacks include: 

  • Malware 
  • Spearphishing 
  • Powershell and scripting attacks 
  • Credential hacking 
  • Hidden or hacked files 
  • Data compression 
  • File copying 
  • Registry run keys and startup folder tampering 

Frequently, users unknowingly click on a link or attachment that enables the attack. Hackers also search for weaknesses in security, such as uncovering passwords or unprotected data. 

Why Would the IRCG Target My Business? 

Iranian cyber attacks can affect any business at any time. As proven during the four years spanning 2013-2017, the industry isn’t important: it’s the fallout from the attack that matters. 

It’s vitally important that you make sure your protections are up to date and your security strategy is in place. This includes anti-malware, employee cyber awareness training, backup and recovery systems, and monitoring. 

Protecting Your Network from Potential Iranian Cyber Attacks 

The fundamentals of cyber security always stay the same, no matter the nature or origin of a potential attack.  

1. Be Ready for a Possible Cyber Attack 

Make sure your network is ready for Iranian cyber attacks by ensuring that all anti-malware protections are patched and updated, all hardware is secure, and data encryption is in use whenever possible.  

Employees should be aware of the potential for breaches in emails and unprotected devices. Since your employees are on the frontline of your security strategy, your entire workforce needs to have cybersecurity awareness training by a professional team of IT specialists. 

2.  Have a Response Plan 

Your organization needs to have clear plans to address a cyber threat in real-time. Make sure your staff knows who to notify and what to do to lessen the damage if suspicious activity is detected.  These topics will be part of your cybersecurity awareness training classes. 

3.  Enhance Monitoring Activities 

Look at your records and logs to see if there are any unnecessary ports and protocols that can be terminated.  Find any potential weakness in your security, such as unprotected devices or vulnerabilities in external facing equipment and patch them.  

4.  Test Back-Up and Recovery Plans 

Your back-up and recovery plans are only good if they actually work during a cyber attack. Make sure you test your business continuity plan to ensure it will be fully functional when it’s needed. 

Iconic IT is Ready to Protect Your Business 

From cyber security awareness training to business continuity plans and every step in between, Iconic IT is ready to help your business stand strong in the face of cyber threats. We provide complete security packages for small to medium sized business, personalized for your needs and budget. 

It’s more important than ever to make sure your business is secure, especially considering the warning from the CISA about an increasing threat of Iranian cyber attacks. 

Contact Iconic IT for a free, no obligation consultation today to see how we can help keep your business up and running, safely and smoothly, no matter what. 

Valuing Employees and Embracing Change: Marty Mucci Explains How He Tripled the Value of Paychex in Under a Decade

Sitima Fowler, General Manager, Iconic IT (Rochester/Buffalo)

It’s not every day that I get a chance to sit down and talk to the CEO of a $30 billion market cap company. I recently got to do just that, though, when I had the pleasure of speaking to Marty Mucci, CEO and President of Paychex Payroll and HR Solutions.

In 2010, Marty took over a $10 billion company and, through hard work and dedication, tripled its profits in just under ten years.

How? Here are three of his most valuable tips to help you grow a successful, thriving business.

1. Value Your Team: Marty largely credits his success to his team. He prides himself on the “small company feel” of his business, despite having over 16,000 employees. He values each one of them, and welcomes their feedback, opinions, and ideas.  He goes out of his way to make sure his employees are recognized for their achievements, but also makes sure that they are always motivated to keep moving forward. “It’s very important I think that that our employees have a buy-in and understand where we’re going as a company so that they can be part of it,” Marty explains.

2. Set Clear Goals Throughout the Company: Marty sets clear goals and values and makes sure they are shared across the board. His motto is: “How can we do the best for our clients, employees, and share owners?” He believes in open lines of communication and allows his employees to have a say in how the company achieves these goals.

Per Marty, “I think culture starts at the top. We set values, define values that we had as a business, and we agree with them from top to bottom across the entire organization in the way we’re going to treat our clients and the way we’re going to treat our colleagues, our fellow colleagues. We work in partnership, we’re accountable, we have high integrity.” 

3. Embrace Change: Marty cautions, “Keep an open mind in the face of change.”  He believes in forward thinking, always embracing change in order to grow and beat the competition. For Paychex, this involved an investment in technology. Paychex has streamlined its mobility app to allow clients to access paystubs, get their W2’s, sign up for retirement plans, and many other services that historically involved personal interactions in person or on the phone.

While Paychex continues to offer customer service and a helpline if needed, Marty acknowledged that the current mindset of most people is the desire to do it by themselves, on their own time, and online.  

Marty’s decision to invest in technology has allowed his company to change the way his services are marketed and sold. He is aware that people no longer want, or need, to talk to sales reps before deciding to purchase a product or service.  He has focused his attentions on an online presence that allows potential customers to look at his services, try them out, and even purchase them completely online.

Marty Mucci’s recipe for success is a combination of acknowledging the value of those you surround yourself with, having clear goals across the board, and never being afraid to embrace change.

“They have to see what you’re trying to get to, what’s the goal you’re trying to get to. You don’t want to just tell someone you’re changing for change sake. We’re changing because there’s going to be more opportunity for you. More opportunities for you, more products and better service for our clients, and a better investment for those who invest in the company.”

Marty’s advice really hit home with me on a personal level.  While Paychex provides payroll support and Iconic IT delivers quality computer support services to small and medium sized companies, our businesses have a lot in common. We both rely on our relationships with our employees as well as our customers. The quality of our workspace is as important to us as the quality of services we provide for our clients. We know that happy employees who feel valued and have a sense of ownership with their employer are far more likely to deliver a fantastic and memorable customer experience. 

Recently my company, Capstone IT, merged with Networking Results,  Live Consulting, and Choose Networks to form Iconic IT. The transition wasn’t easy, but we did it for the same reasons Marty talked about during our interview. We wanted to create more opportunities for our employees while offering more products and services to our clients. We are learning to embrace change along with the challenges that may come with it.

If you want to find out more about incorporating mergers and acquisitions for your company’s growth, you can contact me and I am happy to share our lessons learned.

If you love to be inspired like I do, check out these other great success stories at www.RochesterRockstars.com.

End of Days: What Windows 7’s End of Life Means for Your Network

“Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22, 2009. When this 10-year period ends, Microsoft will discontinue Windows 7 support so that we can focus our investment on supporting newer technologies and great new experiences.”

The date long foretold in days of old has come and gone; it’s January 15 and you are now several Microsoft versions behind in the game.  If you haven’t transitioned to Windows 10 for your company devices yet, you’re not alone. 48% of small and medium-sized businesses still rely on outdated operating systems according to Kaspersky Research.

You may be wondering what Microsoft’s End of Life means to you, your company’s network, and your bottom line.

What is End of Life?

When a product reaches End of Life, it is no longer promoted, sold, or supported. You can continue to use the product, but results are not guaranteed. Consider it an expiration date, like on bread: the bread may still be edible for a while after the loaf expires, but it will be stale and probably not taste very good. Eventually, the bread will be completely inedible.

Continuing to use Windows 7 after its End of Life means you will not be receiving any upgrades or updates, including those necessary to keep your networks secure. Without these security updates, your network’s safety will continue to weaken, leaving you more vulnerable to attacks.  Eventually, your system will be nearly wide open to any cyberattack.

Why Hasn’t Everyone Upgraded Already?

Netmarktshares reports that an estimated 39% of PCs are still running the Windows 7 platform. There are many reasons given for not upgrading, most of which are financial and not entirely valid.

One reason that companies have not upgraded to Windows 10 is the worry that there are stringent hardware requirements. Per Techradar, the requirements to run Windows 10 include:

  • Processor: 1 gigahertz (GHz) or faster processor or SoC.
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit.
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS.
  • Graphics card: DirectX 9 or later with WDDM 1.0 driver.
  • Display: 800 x 600 resolution

If the company’s hardware is not up to speed, they may fear that replacing or updating devices may be cost-prohibitive. In reality, most hardware meets these specifications, and the costs associated with replacing hardware isn’t as much as they may think. Our recommendation, however, is to upgrade your hardware to an i5 Proc and 8g RAM combined with a solid-state drive for a more reliable environment for standard business use.

Another reason commonly given by companies relying on outdated operating systems is the fear of losing data during the transition. Switching operating systems will not result in any extensive downtime, lost information, or general instability when performed by a competent IT company.

Some businesses rely on outdated business software that is unsupported by Windows 10 (think payroll programs, scheduling coordinators, creative suites). This is especially problematic because some of these software programs are going to have an End of Life of their own, meaning manufacturers will no longer offer support for the older versions of their applications.  Bottom line? You could be running unsupported applications on an unsupported operating system. Ouch.

What Does Windows 7’s End of Life Mean for Office?

If your business relies on Microsoft Office 365 commercial, you are in good company. Microsoft’s CEO Satya Nadella reported that users of the popular program number nearly 180 million per month.

Running Office 365 on your outdated operating system is still possible. Microsoft will no longer be updating the program, however, or updating security on the platform on any device still running Windows 7. Microsoft’s help desk will no longer be helping Windows 7 users fix any bugs or glitches in Office unless you have a perpetual license. Even with a perpetual license, you will not receive the updates and upgrades commonly rolled out by Microsoft Office.

Remember that Office 365 is responsible for many of the applications you currently use, from Outlook email to calendars and planners.  Office 365 is also very popular for its Word and Excel programs. It’s important to have a comprehensive data backup plan in place if you continue to use Office 365 on an unsupported platform in case of a fatal error or crash.

Microsoft Internet Explorer

Love it or hate it, Microsoft has been pushing Microsoft Edge, as its default browser. Windows 10 features both Edge and Internet Explorer 11. IE11 is available for older applications that may not be compatible with Edge.

Some businesses still run IE10, especially older websites that aren’t compatible with the latest web browsers like Chrome and Firefox, but that are still needed for critical business functions.  Hold on to your toolbars, IE10 is an End of Life victim, too.

IE10 will no longer be supported by Microsoft. This means your go-to browser will soon be rife with compatibility issues and security gaps. While you can upgrade to IE11 and Microsoft Edge on your Windows 7 operating system, they will not be supported after Microsoft Window 7’s End of Life, either.

Windows 7 End of Life: Breaking it all Down for Your Business

If you are reading this on your Windows 7 computer system, you’ve probably figured out how to disable those pesky End of Life warnings you’ve been getting for over a year. You have also figured out that your computer systems will not crash catastrophically the day after End of Life.  Your computer and other devices will continue to work.  If you have a Windows 7 embedded device, such as Point of Sale, it will continue to be covered under Microsoft support.

Of course, Windows suggests an upgrade to Windows 10; it is, in most cases, the best option. If you choose to run your company’s network on Windows 7, however, here are a few things to keep in mind.

  1. Tech Support Will End: As of January 15, 2020, Microsoft will no longer be troubleshooting any technical issues arising with Windows 7. This leaves you vulnerable to potential crashes and lost data.
  2. Upgrades Will End: Your Windows 7 will no longer be receiving any bug or glitch fixes, or any software upgrades from Microsoft.
  3. Software Programs Will Also Stop Support: If you have any software that currently runs on Windows 7, it may be reaching an End of Life of its own. Many software applications will stop supporting their programs for Windows 7.
  4. Compatibility Issues: Your company will become increasingly limited in software compatibility and may be unable to use new applications.  These companies may not offer any support for this issue.
  5. Outdated Browser:  After Windows 7’s End of Life IE10 will no longer be supported by Microsoft, no matter what version you are running.
  6. Security Risks: Those annoying pings, dings, and notifications were a necessary part of Microsoft’s security updates and once Windows 7 reaches End of Life, so do these important security patches. Your system will be vulnerable to cyberattacks. It’s predicted that cybercriminals will begin targeting companies that continue to use Windows 7.

Your choices at this point are somewhat limited:

  • Purchase new computers that come with Windows 10 installed
  • Purchase licenses and transition to Windows 10
  • Purchase the extended security plans
  • Continue to run Windows 7 and risk a security breach

If you are still running on outdated software, now is the best time to get a consultation from a Managed Services Provider to see what your options are.

Transitioning from Windows 7 to Windows 10

Some companies worry that rolling out a new version of Windows will impact productivity.  Windows 10 is a smoothly running platform, user-friendly and sensibly arranged. Still, your employees may experience some issues in transitioning from Windows 7 to Windows 10.

Windows 10 is app-based, so navigating through the platform may be much different than they are used to. They will need to learn where their files are stored, and how to get around the panes and start menu. Luckily, Windows 10 allows users to personalize their desktops in ways that make the most sense for them.

Windows 7’s toolbar will be different from Windows 10, which will take some getting used to.  Users may need to learn their way around the features of Windows Internet Explorer 11 and Microsoft Edge, too.

Employees will enjoy the Microsoft login feature, which allows them to sync settings across all devices. They will also get to meet Cortana, a virtual assistant like Alexa, Siri and “Google.”  Microsoft 10’s smart new task manager is far more useful and versatile, too.

Don’t be tempted to “save a few dollars” and update to Windows 10 Home version for your network. Windows 10 Pro offers many features that Windows 10 Home does not, including:

  • the ability to tie your computer to a domain
  • Mobile device management
  • Increased security features
  • Assigned access
  • Microsoft updates deployed across multiple devices and users

Your MSP can help you train your employees during the transition from Windows 7 to Windows 10.

End of Life for Windows SQL Server 2008/2008 Leaves You Out in the Cold

Microsoft SQL (Structured Language Query) is the communication language for Windows computer database management systems. Microsoft SQL Server supports transaction processing, analytics applications and business intelligence frequently used by IT professionals in corporate environments.

Windows SQL Server 2008/2008R extended support ended earlier this year, leaving users with unprotected and outdated versions of the program.  Window 7’s End of Life on January 15 means that Windows Server 2008/2008 will no longer be supported, either.  Continuing to run Windows Server 2008/2008R or Windows 2008/2008 leaves your network wide open for cyberattacks and compatibility issues.

Upgrading to Windows 10 allows you to also upgrade to the sleek, fluid SQL Server 2019 or the cloud-based Azure SQL Server.  

Still on the Fence?

It’s a lot to consider, but the bottom line is this:  stick with Windows 7, and you will be putting your network at risk for fatal errors and security threats on an unsupported platform. Even if upgrading may not have been in your budget,  your best option is to upgrade to Windows 10. Under the guidance of a trained IT team like Iconic IT, the costs and disruptions will be minimal.

Call Iconic IT for a free, no-obligation consultation today. We can help you make an informed decision that has the best interest of you, your company, and your budget in mind. Iconic IT can provide you with the necessary system assessments:

  • Hardware assessment: Is your hardware capable of running Windows 10?
  • Software assessment: Are the programs you are currently running compatible with Windows 10?
  • Overall cost assessment: How much will an upgrade to a new, secure version of Windows cost your company?
  • Upgrade assessment: What is the best upgrade option for you and your business?

If our professional team decides, along with you, that the recommended upgrade to Windows 10 is your best choice, count on Iconic IT to be by your side every step of the way. We will help you smoothly transition from Windows 7 to Windows 10.

Schedule Your Free Business Assessment Today

Is Ransomware Holding Your Data Hostage?

Ransomware is a malware attack that is uploaded to your computer by clicking an infected email or visiting infected sites on your computer. Once infected, a computer cannot be used until the infection is scrubbed or the “ransom” is paid. Files are encrypted by the virus and cannot be accessed, or, in some cases, a user’s screen is locked on the “ransom” note. The only way to release a file that has been infected with ransomware is to unlock a key to unencrypt the files, usually by paying the ransom.

Ransomware is a disturbing and frightening malware that, because of its encryption of all your company’s data, can have implications that last long after the virus has been scrubbed. The disruption to your company’s systems can be devastating. Not only will ransomware block users from accessing important data, it can wipe some data from the system permanently, result in lost income from unplanned downtime, affect emails, disrupt billing cycles, and more. It can take days, weeks or even months to clean up the mess after a ransomware attack.

Because it’s expected that companies and businesses have security in place that will stop these types of cybercrimes, once the public hears that a company has been infected with a ransomware its confidence in that business will plummet.

Ransomware: Not a New Threat

With all the recent focus on cyberattacks, you might think cybercrime is a relatively new trend. The reality is a bit more sobering: while cybercriminals continue to evolve and up the game, cybercrime has been around for decades.

The first ransomware attack hit the healthcare industry in 1989 when Joseph Popp, PhD, sent over 20000 infected floppy discs to 90 countries across the globe. The malware wasn’t immediately apparent; the infected computers had to be turned on 90 times before the ransomware message was displayed. Payment of $189 was demanded to release the networks, along with a demand for an additional $378 for a “software lease.” The payment was to be mailed to “PC Cyborg” in Panama.

Joseph Popp was an AIDS researcher who targeted other Aids researchers with his attack. He cleverly hid the virus in discs titled “AIDS Information: Introductory Diskettes” and handed them out to the attendees of the World Health Organization’s AIDS Conference.

This ransomware attack became known as the AIDS Trojan, or the PC Cyborg virus. It was a very basic virus and, while it affected many networks, the files were easily decrypted without paying the ransom.

Over time, ransomware has evolved. Many notable ransomware attacks have targeted big, established companies, banks, healthcare organizations and even governments from the mid 2000’s to the present day.

In 2013, the devastating ransomware Cryptolocker earned its creators over $3 million. It was stopped when its running platform, Gameover ZeuS botnet, was taken offline. That might have been the end of the story, but other creators quickly replicated the ransomware in copycat programs such as Cryptowall (which earned its creators $18 million) and TorrentLocker. Gameover ZueS re-emerged to continue the spread of malware and spam.

In 2017, the WannaCry ransomware attack hit over 200k computers across the globe, costing companies billions of dollars. This cryptoworm targeted Microsoft users who continued to use outdated software and Windows versions that had passed End of Life. Even though the attack lasted only a few days, the damage was devastating. It was revealed that North Korea was behind this ransomware attack. The Wannacry cryptoworm made a brief reappearance in 2018 at Taiwan’s Semiconductor Manufacturing Company. It spread through over 10,000 computers before finally being stopped.

Baltimore City Maryland found its government crippled for months following a ransomware attack known as RobbinHood in 2019. Financial information, billing, some payroll services and much more were affected. Some of the data was lost forever.

Ransomware Trends: Ever Evolving

In 2017, U.S. Deputy Attorney General Rod Rosenstein revealed that every day, over 100,000 endpoints are impacted by ransomware.

There are several different types of ransomware, but the most common are:

  • Scareware: This is usually a pop-up form of ransomware. It warns the user that their computer is infected and suggests running a PC scan immediately. Once the user clicks the button to run the “scan,” the virus is introduced into the device and networks.
  • Doxware: Doxware hijacks sensitive data, with the actors threatening to release it publicly unless payment is made.
  • Mobile Devices: A user’s mobile device is locked down, usually by downloading a malicious app, and payment must be made to release the functionality of the device.
  • Lockers: When your network is infected by a locker, all users are locked out of the ability to access their devices.
  • Crypto Malware: Crypto malware affects your files and data, encrypting it and offering a decryption key in exchange for payment.

According to research conducted by IBM, Ransomware attacks have been decreasing throughout 2018 and 2019, dropping from an affected 48% of companies across the globe to only 4%. This is largely due to increased security measures, early detection, and the increased understanding of how ransomware is spread. While this drop in ransomware incidents is a good thing overall, it’s important to remember that it’s an ongoing cyber threat that’s still very much in play.

Lifecycle of a Ransomware Attack

A ransomware attack is not just a random occurrence. These actors do their homework before identifying potential victims. Specifically, they look for companies that are:

  • Most likely to pay a ransom
  • Using outdated platforms
  • Reliant on their reputation in the public sector will suffer
  • Not using proper security on their networks

Businesses specializing in finances, healthcare, and manufacturing remain the top targets, alongside governmental agencies.

Once a potential victim is identified, ransomware actors do more research to discover the best way to infect the network. Employees are consistently the most common targets for an infection.

Next, the malicious code is introduced, and the network is encrypted and locked down. The entire network is scanned as the virus looks for files to infect. Changes are made to the network itself, rendering data inaccessible by normal users. This process can take several hours to complete.

Once the ransomware actor has encrypted your files, your business is at a complete standstill and you are at the mercy of the cybercriminal. It’s at this point the ransom note will be introduced, demanding payment in exchange for the decryption key. If you haven’t backed up your data, you will most likely lose many important functions and files permanently, even if you pay the ransom.

Payment

The average ransom demand in 2018 for ransomware was around $115,000 per incident. Some ransom demands were far higher, however, and ranged upwards of several billion dollars. Victims are usually given a very short window of time to pay the ransom before the actors destroy data permanently.

Ransomware demands are usually paid in a virtual currency, most notably bitcoin. Bitcoin is a fast and reliable form of payment that the actors can watch in real-time; they will see exactly when the ransom has been paid. The downside for these cybercriminals is that bitcoin transactions are closely monitored by the global community, meaning that transferring bitcoin into physical payments may be tricky. Law enforcement can trace a bitcoin transaction right back to the cybercriminal.

Payday for ransomware actors does not automatically mean you will regain access to your data. Kaspersky Labs reports that one in five victims pay the ransom and do not receive a decryption key. The FBI strongly urges victims not to pay the ransom.

The lure is there, however, and the panic companies feel in the face of losing all their data may be worth the risk. In some minds, the ransom may be comparatively small compared to the potential data loss. Sadly, the reality is that after the initial payment is made the attackers may demand a second payment and still not give the victim the key after payment.

Ways Your Network Can Be Infected by Ransomware

Like most cybercrimes, ransomware infects your network using several different approaches. The most frequently used methods are:

Social Media Ransomware Attacks

Savvy cybercriminals use social media platforms, such as Facebook, to trick the user into clicking a link. Criminals hack into a Facebook user’s account or create a fake one with the user’s name and send out private messages in Facebook Messenger to the user’s friends. The messages may vary, from an invitation to see a funny picture to “tagging” someone in an attachment.

Once the unsuspecting user clicks the link, ransomware spreads through the user’s device and potentially the entire connected network, locking down data and sensitive information.

Pop-Up Ransomware Attacks

Other ransomware attacks come from a pop-up window that “advises” a user that his system is infected with malware. These windows are realistic and closely mirror the systems and platforms the user is familiar with. The user will click the call to action, usually a “PC Scan,” and infect his device.

Email Attachment Ransomware Attacks

This is probably the most well-known weapon for cybercriminals. An email is sent to users with a clickable attachment. Once the attachment is opened, the ransomware is released into the device and the network.

The emails tend to be urgent in nature, such as overdue bills or time sensitive information, and will appear to be from a source the user trusts.

Unfortunately, employees continue to be the most common source for infecting networks with ransomware. Reusing passwords, lax security, and overall complacency all play big parts in these threats.

How to Know Your Network is Infected with Ransomware

Sometimes the signs that you have been infected with ransomware are as plain as a banner splashing across your home screen. Other signs are far more subtle and can involve files you are trying to open.

If you try to open a file in Windows, you may see the notification:

“Windows can’t open this file. To open this file, Windows needs to know what program you want to use to open it. Windows can go online to look it up automatically, or you can manually select from a list of programs that are installed on your computer.”

This doesn’t automatically mean your network is infected, of course, but alongside other signs it can be an indicator.

File extensions, such as .jpeg, .doc and .pdf may be altered. If you spot unfamiliar file extensions, including .cryptor and .crypted, or a blank where the extension should be.

If you have missing files or can’t find files in your libraries, you may have been infected with ransomware.

Most obviously, if you receive a notification and a demand for payment, you have been infected.

What to Do if You Suspect a Ransomware Infection

If you suspect your computer has been hit with ransomware, there are a few things you can do to try to mitigate the damage before it gets too far.

  • If you think your network has been hit with ransomware, it’s important to stop using the computer at once. Isolate it from the main network to stop the spread of the malware through your network.
  • Notify IT immediately.
  • Try to identify the ransomware family if possible. You may be able to do this by cross referencing file names, the message used, etc.
  • Your IT company may attempt to wipe the device and reinstall files and software. They may also have knowledge of the ransomware family and already have a decryption key available.
  • Notify authorities.

Chances are, however, by this point you should be planning on using your backup data to recover from the attack. Listen to the authorities when it comes to paying the ransomware and tracking the actors.

Preventing a Ransomware Attack

Baltimore Maryland’s ransomware attack came on the heels of several warnings regarding haphazard security. If they had updated security features in place, chances are the attack would never have happened at all.

Companies can invest in anti-virus programs, but many of these are easily overcome by a dedicated cybercriminal. Outsourcing your IT needs is a better way to protect your network, your employees, your reputation, and your data.

An MSP is a team of pros that understands the trends in ransomware, the latest threats and families of ransomware, and how to effectively block them from ever taking hold of your network. MSPs have access to cutting edge technologies and security features for your network.

MSPs will also make sure your data is safely backed up, meaning minimal disruption to your workflow if a cyberattack happens.

Since most cyberthreats are introduced to the network unwittingly by workers, employee education is a priority for MSPs. Employees need to learn to be watchful for potential cybercrime schemes as well as to be able to identify if their device has been infected.

T’is The Season…For Cybercrime

This time of year is a winter wonderland, especially if you are a hacker looking for financial information and other sensitive data being sent online. Cybersecurity may be the last thing on your mind right now, but it shouldn’t be.  

Your employees will be taking advantage of many online sites this season. Most likely they will be taking their lunch breaks in front of their work computer, logging on to sites and making purchases on your network.  Even if your company has a BYOD policy, your company may still be at risk for cybercrime. 

No one wants to be a Scrooge, but there are a few things to keep in mind this year to keep sensitive data safe from cybercrime over the holidays.

Do You Hear What I Hear? 

Cyberspying sounds like a science fiction movie plot, but it happens every day to companies…just like yours. Hackers sneak into your network and can stay hidden for days, months, and even years. Operation Shady Rat went unnoticed by affected networks for five years as it stole proprietary secrets from victims. The attack was released by employees clicking attachments in the process known as “spearfishing.” 

Generally, cyberspying is done by groups seeking to steal information that will benefit them; rival companies looking to uncover your company secrets, for instance. They usually attack computers and users most likely to give them the information they need, so it is a more targeted attack seeking very specific information. 

Keep your sensitive data safe from cybercrime over the holidays by screening email messages before clicking attachments. 

Pro Tip: Limit access of proprietary information to only those users who need it.

On the First Day of Christmas, a Hacker Gave to Me…A Nightmare for My IT 

Stealing credentials is a fun holiday pass-time for cybercriminals. Your employees will be logging in to sites, filling out order forms, and leaving their information exposed.

This is dangerous for them on a personal level, but it can have devastating consequences for your business. 

Cybercriminals will be using one of three ways to steal your employees’ credentials. 

  1. Hacking directly into the websites of popular e-commerce sites 
  2. Sending out phishing emails 
  3. Malware that targets keystrokes in real-time as a user logs into the network 

Once a user’s password is uncovered the hacker has access to all the information he or she has on the site, including financial data. The hacker may also have access to the user’s work accounts, making it harder to keep sensitive data safe from cybercrime over the holidays. 

Pro Tip: To minimize the damage of a cyberattack, passwords should never be reused across multiple platforms.

I Saw Mommy Kissing Santa Claus 

Your employees may not realize that someone is posing as someone else within their corporation, asking for sensitive data via email.  Criminals will stalk a user’s social media to gain information about their supervisor, the chain of command, even the CEO of the company. The hackers will use this information to contact an employee. These emails are usually “urgent” in nature, and ask for financial information, information about the employee, or other potentially useful data. 

In these “spoofing” attacks, the employee will hand over this information thinking they are helping a boss, the human resources department, or even a customer. 

Pro Tip: Never allow employees to respond to emails asking for sensitive data. 

Rudolph, The Red-Nosed Hacker 

Online cybercrime may not be as obvious as a shiny red nose on a reindeer, but hackers have some red flags of their own.

Your employees will be surfing the net in search of deals from popular websites. They may be responding to emails from sites they trust, eager to cash in on the big sales they offer. Not all websites that look legitimate are legitimate. 

In a process known as “water-holing,” hackers take advantage of known websites to infect a visitor’s computer with malware. In 2013, this cyberattack targeted the US Department of Labor and gained information on thousands of users. 

Another way your employees may be tricked is to click on a link that mimics a trusted website. The user will then be redirected to a fraudulent website where they will unwittingly give financial information and more, thinking they are on a legitimate site.  This is called “typosquatting” or “lookalike domains.” The copycat site itself may closely resemble the original site, adding to the overall hoax.   

Unsuspecting employees may fall prey to a completely fake website that promises sales and deals. These sites will be for companies they have never heard of with deals that are “too good to be true.” The employee will attempt to buy something and by the time they realize they will not be receiving the product, the company and all traces of it will be gone. Meanwhile, the employee may have opened the door for cybercrime targeting your business. It’s a good idea to read reviews on sites you are unfamiliar with to make sure you don’t fall victim. 

Pro Tip: Always look for a “secure” connection and check for common tricks such as “.net” vs “.com” or misspelled company names. 

All I Want for Christmas is Your Credit Card 

Hackers are getting more sophisticated, leaving your employees and your company at risk. “Magecart” is another example of cyber-savvy criminals taking advantage of your network and your employees this holiday season. 

Magecart is a Russian-based hacking scheme that targets digital credit card information. Magecart was used to steal financial information from Ticketmaster and British Airways customers. Hackers insert code into a breached company’s website, effectively “skimming” credit card numbers from unsuspecting customers. 

Your company may be held financially responsible for any information lost to cybercrime. Additionally, it’s well known that even established companies will lose their reputation after a breach, taking months or years to recover. Some companies may never recover from the financial hit when a hacker gains control of customer financial information. 

Pro Tip: Remove some of the liability of cybercrime by outsourcing your IT needs to an MSP. 

There’s No Place Like Home Page for the Holidays 

Your employees may be sneaking into social media sites like Facebook, Twitter, and Instagram to keep up with holiday happenings back home. They will be tempted to click on ads they see for gift-giving ideas, opening themselves wide for scams and hackers.  Unfortunately, social media has become a playground for cybercriminals who can track sites the employee visits and steal information. 

The ads on social media run a high risk of being “baiting” sites, inviting unwitting consumers to log on, log in, and create an account. This is bad news for your employee and could be even worse news for your company if the hacker gains access to the user’s computer. 

It’s the Most Wonderful Time of the Year 

It’s the most wonderful time of the year to inform your employees about their role in keeping sensitive data safe from cybercrime. If you haven’t scheduled employee cybersecurity training, this is the time to decide on a comprehensive plan. The more informed your employees are, the more proactive they will be in detecting a potential cyberattack. 

With the super-sophisticated ways hackers use to breach a company’s defenses, contracting an MSP to handle your employee cybersecurity training is the best idea. Your MSP will work closely with you to make sure all employees receive training, all your devices (including personal devices used for work) are secured, and your networks are protected. Some of the services a reputable MSP provide for employees include: 

  • Easy to understand cybercrime prevention posters in common areas (cafeteria, breakrooms, restrooms) 
  • A comprehensive cybercrime training class for all employees 
  • Onboarding cybercrime training for new employees 
  • A clear platform for reporting potential scams or hacks 
  • Partnering with in-house IT departments (if applicable) to form long-term cybersecurity plans 
  • Routine refresher training for all employees 

This holiday season, your employees may be taking chances to score those top deals. Don’t be a Grinch; just make sure your employees are “cyber aware” as they cruise the sales. 

Call us for a free, no-obligation consultation to see how we can help you keep sensitive data safe this year. Happy holidays from all of us and have a cyber safe season!