Hacking and Hackers 2016 - Defend Yourself Against Ransomware

Global Threats to I.T Security

Security Threats 2016 - - Defend Yourself Against Ransomware

Security is always a front runner in IT but new thinking from the fraudsters and hackers requires new, or at least updated, defences.

This year we have seen some really big stories in the news about hacking and security, and there have been some very nasty viruses released on to the internet. So, can we afford to continue in the same way as we always have? If we do it may cost us dearly. This is not scaremongering, these are the facts. Who's Been Hacked In The Past Two Years?


Experian, Premera Blue Cross, UCLA Health System, JP Morgan customers, Ashley Madison, US Government employees (including overseas spies!), Sony employees, Home Depot shoppers, EBay users... The list goes on but the above are the most notable. It's not just big companies that get hacked though, everyone is at risk and personally I have seen 3 instances of Ransomware attack in the past year (all data was recovered).

Most Notable Threats In The News:

Locky and other Ransomware - in our opinion the most prevalent and worrying viruses around at this time are those dubbed as "Ransomware". Have you or your staff received a slightly odd yet real looking email with a Word document attached? Or for that matter a PDF or Excel file? If you have and you opened it then your system is probably infected. Ransomware can come in all sorts of guises so it is difficult to pinpoint a tactical defense mechanism.

MazarBOT - A nasty virus affecting Android phone users that is capable of displaying false pages at the top of banking apps to try and trick you into handing over your financial credentials.

Linux Mint - if you happen to have downloaded this very popular version of Linux on or around February the 20th you may have been infected. Hackers had redirected the link to the ISO file to their own servers handing out an infected distro.

"Won't my Anti-Virus and Malware protection software stop Ransomware?" I hear you say...

The truth is that any very new virus won't be picked up by any AV software because it is not yet in their database.

Once infected Ransomware will start to encrypt your files so you can no longer access them. Then, at some point (and this could be several weeks later after all your backups are infected too) you will get a popup asking for a variable but not inconsiderable sum of money for the privilege of accessing your now hijacked data. Locky Ransomware is spreading at the rate of 4000 new infections per hour, which means ~100,000 new infections per day.

So are we all up the creek?

Well in a way, yes, we all have to be very careful. We all have to remain vigilant and be very aware that these attacks are out there, even to the point of training your staff so they know what to look for, and what NOT to do.

We wouldn't be surprised if cyber security even became part of the curriculum in the near future. There are some defences and practices we can adopt to minimise our risk though.

The Main Defenses

 

  1. Use a modern browser that is updated consistently, for example Chrome.
  2. Use a popup blocker extension with the browser, for example AdBlock Pro.
  3. Make sure your Anti-Virus software is up to date, we recommend Kaspersky as it is Russian; the majority of hackers are Russian thus it should have the most up to date protection available.
  4. Consider using Anti-Malware like MalwareBytes
  5. Don't open "dodgy" looking emails.
  6. Train your staff on what to look out for.
  7. Protect your data! Create a backup system which is designed to resist this type of threat. Most are only designed with mechanical failure in mind.

Other Hacking Vulnerabilities For Your Delectation

Do you have a wireless mouse/keyboard? For example the signal between your mouse and the computers receiver (usually a USB dongle) may be unencrypted, thus the receiver will accept any seemingly correct command, this is known as Mousejacking. The same goes for some wireless keyboards.

"With the use of around $15-$30 long-range radio dongle and a few lines of code, the attack could allow a malicious hacker within 100 meters range of your computer to intercept the radio signal between the dongle plugged into your computer and your mouse". Ref: thehackernews.com

Poor Passwords: We see this all the time! An example of a poor password is Dave12 since it is too short and could be guessed fairly easily. Strong memorable passwords are difficult to generate so use a free web service like SafePassword.

They should include a mixture of numbers, letters and symbols and be at least 10 characters long. NB: An 11 character password is not able to be hacked by brute force by any computer in the world.

 

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter