Archives For stopping ransomware

Over the past 12 months I’ve spoken at dozens of executive lunch meetings

Ransomware is one of 7 major trends I’ve used to wake people up to their need to assess risk.  

Over 90% of my listeners – ranging from small business owners to CIOs, admit that their firm has not had a risk assessment done in 12 months!1-hc-book-ad-3-0a

When asked what the FBI recommends – most understand the FBI recommends not paying.  But when asked what the FBI will then do to help them get back to business, I get a blank stare. The truth is, the FBI’s recommendation is meaningless, because the FBI has no ability to restore the data. The victimized company is left without data.

Security manufacturers have recommended backing up data. Great…but when I ask my audience how long it might take to restore data, again, I get the blank stare. It could take weeks. Can the doctor afford to keep his patients waiting while he restores? Can the CPA, in the midst of tax season ask his client to hold on? The answer is no.

Do your clients have the ability to detect this intruder before it locks them out? Is there a tested response plan in place in the event that one is hit? Do your clients know what this really is, and what to expect in the coming 12 months?  They all need to face this reality.  Check out more on how to  get people to listen – it’s in my book, The House & the Cloud.

© 2016, David Stelzl

Advertisements

encryptionAre You Protecting Your Clients From Ransomware?

This is likely one of their biggest threats – but if all you do is basic firewall management and backups, this attack won’t be stopped. Ultimately your client should be asking you – how did YOU let this happen.

Not that your client’s will all pay for more intelligent security, but it’s your responsibility to tell them – let them make the financial choice, knowing the risk they are taking.

Zepto is new – it’s dangerous.  It’s a varient of the Locky Ransomware, reportedly responsible for encrypting files at three major US hospitals;  Kentucky Methodist, Chino Valley, and Desert Valley.

This month, researches estimate that this one attack was carried to over 140,000 systems in just a few days. As social engineering evolves, people are tricked more often. Getting an email from your boss or higher level executive demands a response. And when there’s an attachment, it’s hard to call upstairs every time just to make sure it’s real.

This type of attack is gaining momentum – it’s highly profitable. And to date, the only consistent recommendation is to maintain good backups. But restoring dozens or even hundreds of systems could put a business on hold for days or even weeks.

In the case of Locky, one report estimates a group of hackers earning somewhere in the neighborhood of $12 Million in  single month! Software developers building these attacks may be earning up to $100,000/month!  This is big business and it’s not going away.

So What Should You Be Doing?

First, understand that basic firewalls and anti-virus software are not stopping these attacks. So you can continue to say things like, “My clients are too small to pay for more security,” or you can get real with them and let them know they can afford to take the risk. Like buying life insurance or equipping their homes with updated alarms, they may choose not to. As long as you’re making the right recommendations, you’ve done your part.

Second, start looking into “Detection” technologies – security technology that detects. FireEye was early to the market with sandbox technology, but today, there are similar solutions built and priced for almost any size business.

Finally – backups are still your fall back plan. I’m always amazed to see how many small businesses continue to limp along with outdated back up technology…they claim it’s just too expensive to upgrade. If you’ve read, The House & The Cloud – you know why. Without the Impact vs. Likelihood graph sitting in front of them, they don’t understand their risk. Without that, how can they make a decision to spend more? They can’t.

© 2016, David Stelzl