Ransomware Advice for Businesses

Ransomware Advice for Businesses

The Federal Trade Commission (FTC) in the United States has responded to the current ransomware epidemic by issuing ransomware advice for businesses and consumers. The FTC ransomware advice for businesses comes following a spate of high profile ransomware attacks on U.S businesses. The threat has prompted many U.S. government agencies to release ransomware advice for businesses in the past few months.

Ransomware is a form of malware that encrypts files on a victim’s computer and prevents them from being accessed. After a computer is infected, the attackers issue a ransom demand. In order to obtain the key to unlock the encryption the victim is required to pay a ransom. The ransom amount can be set by the attackers, although it is often around $500 per infected computer.

Ransomware has proved incredibly popular with cybercriminals as it offers a quick source of revenue. Since payment is made in an anonymous cryptocurrency such as Bitcoin, money can be collected without fear of being caught.

The scale of the problem has been shown by numerous reports by security firms. This month, SentinelOne released the results of a global survey that showed 48% of organizations had experienced at least one ransomware attack in the past 12 months. The companies that had been attacked had been forced to deal with an average of 6 ransomware incidents in the past year.

A report released by Beazley’s Breach Response Unit suggests ransomware attacks between January and September were four times higher than in 2015, while a report from Kaspersky Lab suggests there has been an eightfold increase in attacks in the past year.

Ransomware is installed via a number of different attack vectors. Ransomware gangs use exploit kits on websites that probe for vulnerabilities in browsers. Those vulnerabilities are leveraged to download ransomware. Malvertising is also used. This is the use of third party ad networks to spread malware. Adverts are created containing malicious code which directs users to websites that silently download ransomware. Ransomware downloaders were also allegedly sent out via Facebook Messenger this week.

However, the biggest attack vector is email. Spam emails are sent containing attachments that have been infected with malicious macros, JavaScript files, and other ransomware downloaders. Links to malicious websites are also distributed via email. The attackers use a range of social engineering techniques to convince email recipients to click on malicious links or open infected attachments. Doing so results in ransomware being installed.

While not all ransomware attacks result in files being encrypted, attacks carry a significant cost. SentinelOne suggests that in the United States, organizations spend an average of 38 man-hours restoring files from backups after a ransomware attack. Additional investment in security is also required after an attack.

Since ransomware can spread laterally across a network, a single infection can result in many computers being infected. Ransom demands of the order of tens of thousands of dollars are not uncommon. The recent ransomware attack on the San Francisco ‘Muni’ rail system saw a ransom demand of $73,000 issued.

Ransomware Advice for Businesses

Unfortunately, antivirus software can be ineffective at preventing ransomware attacks. Businesses looking to defend against ransomware must therefore use a range of techniques. These include:

  • Ensuring all software is kept up to date and patches applied promptly
  • Setting antivirus and antimalware programs to update definitions automatically
  • Use endpoint security controls to prevent ransomware installations
  • Implement a robust spam filter to prevent malicious emails from being delivered to end users
  • Use a web filtering solution to prevent employees from visiting malicious websites and to monitor users’ online activities to identify high risk activities
  • Use intrusion prevention software
  • Train the workforce on security best practices and test knowledge to ensure training has been effective
  • Ensure all members of staff are aware who to contact and what to do if they believe they have inadvertently installed malicious software

To avoid paying a ransom, it is essential to ensure that regular backups of data are performed. Multiple backups should be made to minimize the risk of data loss. Those backups should be stored on an air-gapped device to avoid backup files also being encrypted. A ransomware response plan should also be developed to reduce disruption to the business in the event of an attack.

Malicious Spam Emails Sent After MailChimp Account Hack

The email marketing service MailChimp employs security controls to ensure that its customers do not use the service to send spam; yet, this week malicious spam emails were sent from multiple accounts after a MailChimp account hack.

Customer accounts that were breached included Business News Australia, Brisbane’s The Sit Down Comedy Club, and gardening and home services provider Jim’ Group.

MailChimp accounts are valuable to spammers as subscribers to company newsletters are more likely to trust the emails than they would an email from an unknown sender. The hijacked accounts were used to send spam emails demanding an invoice be paid. Spammers often target businesses with malicious emails that spread malware. If malware such as a keylogger can be installed, the attackers can gain access to corporate email accounts or gain network access. Corporate bank account details can be stolen and fraudulent transfers made.

A fake invoice is a common ploy used to fool email recipients into opening an infected email attachment or clicking on a malicious link. A sense of urgency is often included to scare the recipient into opening the attachment. A threat of legal action if the outstanding invoice is not paid promptly is a common tactic.

In this case, a number of different variants were sent. Some emails contained an image with an embedded hyperlink which recipients could click to view the invoice. The spammers also included the logo of accounting software Quickbooks for extra authenticity.

Other emails included an attached zip file which contained a malicious JavaScript file. If run, the JavaScript downloaded malware onto the email recipient’s computer.

Initially, it appeared that MailChimp had experienced a security breach that resulted in spammers gaining access to accounts; although the company issued a statement saying that an investigation of the incident did not point to an internal breach.

MailChimp told Motherboard “MailChimp’s normal compliance processes identified and disabled a small number of individual accounts sending fake invoices. We have investigated the situation and have found no evidence that MailChimp has been breached. The affected accounts have been disabled, and fraudulent activity has stopped.”

How the MailChimp account hack was pulled off remains a mystery. The spammers may have managed to guess the passwords that were used to secure accounts or they could have obtained those passwords by other means. The practice of reusing passwords on multiple platforms could be to blame. If a breach of one platform occurs, cybercriminals can gain access to all other online services that use the same password.

In a recent post, computer security blogger Graham Cluley suggested some passwords were obtained by the password stealing Trojan Vawtrak. Cluley was contacted by an anonymous source who claimed to be in possession of two thousand MailChimp login credentials which were recorded by Vawtrak.

Details of the MailChimp account hack are unlikely to be released, although the incident shows how important it is for businesses to use two-factor authentication to secure their online accounts. The incident also shows how important it is to exercise caution and to treat any email attachment of hyperlink as potentially malicious, even if the sender of the email is known.

Phishing: The Biggest Hacking Threat to Businesses

The biggest hacking threat to businesses comes not from unpatched software, but phishing. An incredibly simple, yet highly effective way that cybercriminals gain access to networks. Phishing can be used to bypass even the most sophisticated of cybersecurity defenses. Why go to the trouble of trying to find a weakness in highly sophisticated cybersecurity defenses when a simple email can get an employee to give the attacker their login credentials?

As Jeh Johnson, Secretary for the U.S. Department of Homeland Security, recently explained to attendees at the Financial Crimes and Cybersecurity Symposium in New York, phishing is one of the department’s biggest fears.

“The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing,” says Johnson. It is no surprise that phishing is the biggest hacking threat to businesses. Phishing is alarmingly effective.

Even multi-million dollar cybersecurity defenses can be bypassed with a simple phishing email. The social engineering techniques used by cybercriminals often get the desired response.

Most of the largest hacks in the United States were possible not due to a security weakness, but because an employee responded to a phishing email. The cyberattacks on Ebay, Target, the Office of Personnel Management, JP Morgan, Anthem, and Sony Pictures all started with a simple phishing email.

Cybercriminals have also started using phishing emails to distribute ransomware. Malicious links are sent to company employees along with a request to click for free items, to take part in prize draws, or even to secure their computers to prevent cyberattacks.

Phishing has been around for as long as email and cybercriminals will not stop using phishing to gain access to networks, install malware, lock files with ransomware, and steal data. Phishing is likely to remain the biggest hacking threat to businesses. Organizations – and their employees – just need to get better at identifying and blocking phishing attempts.

One of the best defenses against phishing is to ensure that all staff members from the CEO down receive security awareness and anti-phishing training.

Training alone is insufficient. Staff can be told how to identify phishing attempts, but their ability to spot a phishing email must be put to the test. Anti-phishing skills need to be regularly tested. Dummy phishing emails should be sent to check to see who responds. Johnson says his department often sends fake phishing emails – free Redskins tickets for example – to test anti-phishing prowess. Anyone who responds is provided with further training.

Training is important in case a phishing email reaches an employee’s inbox, although it is far better to ensure phishing emails are not delivered. The best technological defense against phishing is the use of a spam filter. If phishing emails are not delivered to inboxes, staff members will not be able to respond and their anti-phishing skills will not be put to the test.

SpamTitan is a highly effective spam filtering solution for businesses that blocks 99.97% of spam email. Each month SpamTitan is independently tested for effectiveness. SpamTitan has now won 36 consecutive VB Bulletin antispam awards.

SpamTitan is a highly scalable anti-spam solution that’s suitable for businesses of all sizes. SpamTitan can be installed as a software solution, as a virtual appliance, or as a 100% cloud-based solution, the latter being ideal for managed service providers (MSPs).

Each solution is quick and easy to install, requires a low management overhead, and incorporates a host of features to block malware and prevent the delivery of phishing emails.

We are so confident that you will be impressed with SpamTitan that we offer the full product on a 100% free, 30-day trial. For further information contact TitanHQ today and take the first step toward banishing spam.

Malicious Email Spam Volume Hits 2-Year High, Says Kaspersky Lab

Malicious email spam volume has increased again. According to the latest figures from Kaspersky Lab, malicious email spam volume in Q3, 2016 reached a two-year high.

In Q3 alone, Kaspersky Lab’s antivirus products identified 73,066,751 malicious email attachments which represents a 37% increase from the previous quarter. Malicious spam email volume has not been at the level seen in Q3 since the start of 2014. Kaspersky Lab’s figures show that six out of ten emails (59.19%) are spam; a rise of around 2% from Q2, 2016. September was the worst month of the year to date, with 61.25% of emails classified as unsolicited spam.

Spam includes a wide range of unsolicited emails including advertising and marketing by genuine companies, although cybercriminals extensively use email to distribute malware such as banking Trojans, keyloggers, and ransomware. The use of the latter has increased considerably throughout the year. In Q3, the majority of malicious emails contained either ransomware or downloaders that are used to install ransomware on personal computers and business networks.

Ransomware is a form of malware that locks files on a computer with powerful encryption, preventing the victim from gaining access to their data. Many ransomware variants are capable of spreading laterally and can encrypt files on other networked computers. All it takes is for one individual in a company to open an infected email attachment or click on a malicious link in an email for ransomware to be downloaded.

Spammers often use major news stories to trick people into opening the messages. The release of the iPhone 7 in Q3 saw spammers take advantage. Spam campaigns attempted to convince people that they had won an iPhone 7. Others offered the latest iPhone at rock bottom prices or offered an iPhone 7 for free in exchange for agreeing to test the device. Regardless of the scam, the purpose of the emails is the same. To infect computers with malware.

There was an increase in malicious email spam volume from India in Q3. India is now the largest source of spam, accounting for 14.02% of spam email volume. Vietnam was second with 11.01%, with the United States in third place, accounting for 8.88% of spam emails sent in the quarter.

Phishing emails also increased considerably in Q3, 2016. Kaspersky Lab identified 37,515,531 phishing emails in the quarter; a 15% increase compared to the Q2.

Business email compromise (BEC) attacks and CEO fraud are on the rise. These scams involve impersonating a CEO or executive and convincing workers in the accounts department to make fraudulent bank transfers or email sensitive data such as employee tax information. Some employees have been fooled into revealing login credentials for corporate bank accounts. Cybercriminals use a range of social engineering techniques to fool end users into opening emails and revealing sensitive information to attackers.

Security awareness training is important to ensure all individuals – from the CEO down – are aware of email-borne threats; although all it takes is for one individual to be fooled by a malicious email for a network to be infected or a fraudulent bank transfer to be made.

The rise in malicious email spam volume in Q3, 2016 shows just how important it is to install an effective spam filter such as SpamTitan.

SpamTitan has been independently tested by VB Bulletin and shown to block 99.97% of spam emails. SpamTitan has also been verified as having a low false positive rate of just 0.03%. Dual antivirus engines (Kaspersky Lab and ClamAV) make SpamTitan highly effective at identifying malicious emails and preventing them from being delivered to end users.

If your end users are still receiving spam emails you should consider switching antispam providers. To find out the difference that SpamTitan can make, contact the Sales Team today and register for a free, no obligation 30-day trial.