Zepto Ransomware – Taking the Net By Storm

July 7, 2016 — Leave a comment

encryptionAre You Protecting Your Clients From Ransomware?

This is likely one of their biggest threats – but if all you do is basic firewall management and backups, this attack won’t be stopped. Ultimately your client should be asking you – how did YOU let this happen.

Not that your client’s will all pay for more intelligent security, but it’s your responsibility to tell them – let them make the financial choice, knowing the risk they are taking.

Zepto is new – it’s dangerous.  It’s a varient of the Locky Ransomware, reportedly responsible for encrypting files at three major US hospitals;  Kentucky Methodist, Chino Valley, and Desert Valley.

This month, researches estimate that this one attack was carried to over 140,000 systems in just a few days. As social engineering evolves, people are tricked more often. Getting an email from your boss or higher level executive demands a response. And when there’s an attachment, it’s hard to call upstairs every time just to make sure it’s real.

This type of attack is gaining momentum – it’s highly profitable. And to date, the only consistent recommendation is to maintain good backups. But restoring dozens or even hundreds of systems could put a business on hold for days or even weeks.

In the case of Locky, one report estimates a group of hackers earning somewhere in the neighborhood of $12 Million in  single month! Software developers building these attacks may be earning up to $100,000/month!  This is big business and it’s not going away.

So What Should You Be Doing?

First, understand that basic firewalls and anti-virus software are not stopping these attacks. So you can continue to say things like, “My clients are too small to pay for more security,” or you can get real with them and let them know they can afford to take the risk. Like buying life insurance or equipping their homes with updated alarms, they may choose not to. As long as you’re making the right recommendations, you’ve done your part.

Second, start looking into “Detection” technologies – security technology that detects. FireEye was early to the market with sandbox technology, but today, there are similar solutions built and priced for almost any size business.

Finally – backups are still your fall back plan. I’m always amazed to see how many small businesses continue to limp along with outdated back up technology…they claim it’s just too expensive to upgrade. If you’ve read, The House & The Cloud – you know why. Without the Impact vs. Likelihood graph sitting in front of them, they don’t understand their risk. Without that, how can they make a decision to spend more? They can’t.

© 2016, David Stelzl

 

 

 

 

 

 

 

Advertisements

No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s