What Your Company Needs to Know About Ransomware

security

Security

The Threat of Ransomware: How to Keep Your Business Safe Tech experts say your next quarterly conference call could produce an unusual action item: extortion. If recent events are any indication, there’s a hefty ransom coming for many corporations – specifically, for IT professionals and their networks. And not paying could result in the loss of valuable files and data. The reason? A rising form of malware called ransomware. Ransomware restricts access to a user’s data and then extorts money from the user in exchange for the access. Chameleon by design, ransomware can take many forms, all corrupted and infectious: attachments, advertisements, emails, webpages.

Its ability to shape-shift means that even Internet-savvy companies and individuals are vulnerable. Of late, popular peer-to-peer file-sharing service BitTorrent, and even Adobe’s ubiquitous Flash platform, have been infected by ransoming cybercriminals. What’s more, on March 7, 2016, ransomware infected its first set of Apple computers. Ransomware – until that day in March – did its damage mostly on Microsoft machines. But this ransomware strain,

dubbed “KeRanger,” was downloaded on Macs over 6,000 times. Said the Palo Alto Threat Intelligence Director of the Mac malware, “This is the first one in the wild.” This incident is wild. And it eerily confirms what many businesses are coming to know: no one, and nothing, is safe. No organization, no machine, no operating system, no network. The ransomware hackers are evolving alarmingly quickly. Ransomware itself looms and lies in wait, threateningly. Today’s businesses – even Apple – are mostly powerless to stop it.

According to McAfee, there were more than 4 million unique types of ransomware on the market at the end of Q2 2015, which on its own saw 1.2 million new instances of ransomware.

Extortion

Coding

Customer Service

The unfortunate genius behind ransomware that targets and attacks your business.

Understanding the Threat At times called cryptware or cryptoware, ransomware first reared its ugly head in 2005. As malware goes, it’s hardly a newcomer. What’s new, though, and improving constantly, is its sophistication. Ransomware differs from your gardenvariety malware in a few startling ways: • Professionally written code • A professional messaging interface • Multiple levels of encryption Ransomware is “a strange hybrid”: equal parts extortion, coding and customer service. The unfortunate genius behind ransomware is that, in most cases, victims can only recover their compromised data by isolating and removing the source of the infection, and then restoring from backups. If files aren’t backed up, or if the backups are also corrupted, then victims have no recourse. They have to pay the ransom.

The other strain of evolution in the development of ransomware is the target. Until recently, ransomware masterminds largely targeted individuals. But now they’ve found that it’s far more lucrative to target businesses. They’re targeting servers and cloud drives in order to encrypt as many important files as possible – and demanding payment in Bitcoin in exchange for unlocking the data. Such a scenario can be devastating to a company. From April 2014 to June 2015, 992 victims had reported over $18 million in losses to just one form of ransomware – Cryptowall – and even that estimate is on the low end, since many victims simply do not report their attacks, or will simply abandon their

files. The figure also doesn’t include any of the ancillary losses businesses incur due to ransomware, such as • Decline in productivity • Strain on IT • Breach of proprietary data In February 2016, a hospital in Los Angeles was attacked; the ransomware locked down some of its critical systems. The hospital, scrambling, incapacitated, reverted to paper patient registration and medical records. Some emergency care patients were diverted to other hospitals. In an instant, ransomware set Hollywood Presbyterian Medical Center back two decades. And the attackers extorted a pretty penny: 40 Bitcoin, or roughly $17,000.

The Threat is Growing The hospital incident, according to leading tech website Ars Technica, “appears to be part of a trend of increasingly targeted ransomware attacks against businesses and larger institutions.” The spread of ransomware has also caught the FBI’s eye; their Internet Crime Complaint Center has issued an alert warning businesses about it. Interestingly, most businesses stay mum about their attacks. Many fear that going public could actually encourage cybercriminals. The thought is, perhaps the fruits of ransomware’s success are just what some aspiring hackers don’t need to see.

organizations, too, are further at risk because of how mobile modern employees are. That’s a problem, because ransomware is no stranger to Android phones; increasingly malevolent strains are resetting users’ PINs and forcing factory resets.

And then, from the same Ars Technica article, there is this: “There are an increasing number of targets on organizational networks that could be disrupted by crypto-ransomware – including Internet of Things devices running common embedded operating systems.”

The capper to all this? There is no easy solution, no magical potion or panacea. Even careful employees at secure companies can’t entirely avoid the cause of these corruptions. We can’t all prevent en masse what we’re all programmed to do: make mistakes.

That’s not good, because ransomware already has the proven ability to wreck a given company’s database and encrypt shared network files – even if they aren’t mapped. Some

In fact, what the FBI says about ransomware – probably with a deep sigh – sums up the resigned acceptance of the status quo: “use antivirus software and keep them updated.” Well, okay, sure. We can do that. We’re all mostly doing that. But can’t we do anything else?

Prevention Ransomware is not unique. That is, though ransomware behaves uniquely, the human and IT systems a business would need to prevent a ransomware attack are the same systems the same business would need to prevent any other malware attack. To prevent malware attacks, your business needs a multi-layered security infrastructure: • User training; according to IBM, 95 percent of all cybersecurity incidents involve human error • Constant monitoring; even with training, human error is inevitable, so continuous updating of malware protection, firewalls, etc., will minimize the impact • BYOD policy; bring-your-own-device and mobile-friendly workplaces are particularly vulnerable to ransomware, so a thorough and proactive protection plan can help safeguard data • Security Operations Center (SOC) services; security threats can arise at any time of the day or night, and if your IT services partner has an SOC, then you can be confident that threats will be monitored and responded to in real-time Read more about each facet below. User Training If an employee is sent a suspicious link or attachment in an email, there is an 11 percent chance that they will click it, according to the Visual Media Alliance. If it is sent to 10 employees, the chance that one of them will click it is greater than 90 percent. What’s more, around 50 percent of those who receive such an email, and click on the link or attachment, will do so within the first hour after they have received it. What this means is, employees need to know what they’re up against. And they need to know how they should react. • Train employees on computer and network security, such as

• How to avoid dangerous applications • How (and when) to safely share company information • Additional best practices, like not downloading files from untrusted sources or opening attachments in unsolicited emails • Outline clear security policies for employees and vendors, such as • Open attachments, or click on links in emails, from only trusted sources • Use public Wi-Fi only if you are also using a VPN • Always use the most recent version of your browser and operating system Constant Monitoring Many IT professionals will tell you: training, though essential, is rarely enough. Human error is inevitable, and that’s why businesses must be prepared for a security breach: what to say, what to do, what to know. Here’s how to spot weaknesses and establish tried-and-true failsafes. • Update antivirus software routinely—and use a firewall • Back up the data on the network regularly • Use GPO to prevent users from opening executables • Limit admin access on user accounts • Monitor all applications with access to data • Create specific access controls so that the number of people who can access (and infect) the network is limited

• How to recognize phishing emails

• Collect detailed logs of day-to-day, and suspicious, system activity

• How to create strong passwords

• Maintain security patches

When Home Depot’s point-of-sale system was hacked, they were allegedly installing a belated security patch that would have protected them completely. BYOD Policy You can’t prepare for what you’re not aware of – namely, rogue devices accessing your network. To many employees, their mobile devices are essential to their productivity. And it’s not uncommon for them to access their company email basically every hour they’re awake. Checking in from home on an iPad, from the subway on a smartphone, from the airplane on a laptop – this behavior is becoming increasingly everyday. That’s understandable, of course, even reasonable. But it also presents security hazards. Understanding them, and planning for them, is vital. Here are a few tips. • Set administrative rights on popular company programs to prevent unauthorized installations • Create a detailed data breach response plan • Maintain, and train staff to ensure, compliance with the plan These three layers – training, monitoring, planning – share a theme: don’t let your guard down. To avoid owing a literal ransom, your business needs regular scans for vulnerabilities, automated patching and documented policies and procedures. A recent study by HP found that 97% of employee-owned devices contain privacy issues, and 75% lack adequate data encryption.

All Covered • Security Operations Center monitoring • Firewall management

Managed Services Provider (MSP)

Managed Security Services Provider (MSSP)

Choosing the Right MSP This type of protection requires foundational malware experience and a comprehensive security plan. In a ransomware attack, for example, automated patching and multiple backups are crucial steps to take. They’re the difference between close calls and catastrophic data losses. mandated, and followed, and acted on repeatedly – is the backbone of smart security policy.

If your business lacks these in-house resources, All Covered can provide them – along with leading industry expertise and comprehension. Such security comprehension is rare; at All Covered, we offer a unique, expansive and exhaustive security suite. We mark every box on a company’s security checklist.

What we offer – an all-in-one MSP and MSSP – hinges on a powerful engine: our security operations center, or SOC. A dedicated team monitoring your security 24/7. A single point of contact for anything that might threaten your data. Our capabilities cover:

From start to finish, choosing All Covered bolsters your security, delivering the proactive monitoring of a managed service provider (MSP) – plus the prevention and protection of a managed security services provider (MSSP).

• Cloud services

Finally, our Cloud Services SOCs are also SOC2-compliant, which mandates that we document and follow each of our policies. It is shining industry recognition that we at All Covered are leaders in pivotal cloud computing areas:

• Compliance

• Security

• Documentation

• Integrity

• Backup

• Privacy

• Firewalls

• Policy

This dual capability means we outproduce our competitors twofold, because we’re not only a partner in security alerts. We identify, and we mitigate, any issues in performance or infrastructure. Documentation, implementation, monitoring, response and correction – it’s an end-to-end security platform. All Covered is an always-watching, never-wavering, nose-to-tail partner in security.

• Infrastructure

• Vulnerability Management • Scanning • Patching All Covered also provides services that help clients meet the compliance requirements of their respective industries. It’s tangible proof of our belief that thorough documentation –

First, we document your business’s requirements and objectives and inventory your technology. Based on the data we collect, we customize a Technology Business Plan. Once the plan has been approved, then we get to work.

What We Offer One of the most important parts of a security plan is protecting your messaging. Spam, phishing scams, viruses, worms—the dreaded ransomware—each one attacks and bombards your business’s email servers relentlessly. All Covered can provide inbound and outbound email protection, which will block more than 99 percent of spam. Encryption If your business moves confidential data via email, an encryption program is paramount. Encryption is even more useful when it comes to industry or government regulations such as HIPAA, GLBA, PCI DSS or EU PPD. All Covered knows encryption. Our messaging solutions protect against viruses, malware and email interruptions, while protecting your valuable business data through encryption. Automated Filtering and Patching Automated deployment, plus continuous scanning and malware

cleaning, quickly detects, prevents and destroys malware. And our DNS filtering adds another layer. It can block threats by malicious domains, URLs or IPs. Unlike pure proxies, it contains botnet callbacks from infected devices over physical servers, virtual servers, PCs and laptops. At All Covered, we also offer web content filtering: category-based filtering, whitelists and blacklists, and control over users’ access to specific blocked categories. With this offering, your business can better manage unauthorized, unproductive Internet use.

And our patching program keeps servers, workstations and remote computers up-to-date with the latest security and software services. It can • Automate network scans, external and internal, for security patches and critical exposures • Monitor and maintain comprehensive patch compliance • Test periodically for security vulnerabilities Since new threats are discovered almost daily, these scans ensure that your network stays healthy.

Email and Web Content Your Business

Technical Support System & File Backup Patch Management

The Bottom Line Once we collaborate with your organization on a plan, develop it and implement it, the last steps are maintenance and review. At All Covered, we protect your business – completely – with the following resources: • Managed backup and recovery for physical servers, virtual servers, PCs and laptops • Email and data archival and security • Support for industry and regulatory compliance • A secure, private cloud data center, hosted in the U.S., that is SSAE 16 SOC 2 compliant

These cloud solutions are second to none. They span system and file backup, patch management, remote monitoring, event log tracking and technical support. Each cloud server has a dedicated firewall, allocated RAM, disk space and bandwidth, so your business can rest assured – your data will be online and available every minute of every day. At All Covered, we practice exactly what we preach. We reduce your investment in hardware and software while increasing your server uptime. Tangibly and empirically, choosing All Covered to protect your networks saves you what you value most: time and money.

Remote Monitoring

Event Log Tracking

Take Our Quiz When it comes to malware vulnerability, some businesses are better protected than others. Start with a simple quiz to check if your IT systems are vulnerable. 1. Does your business keep multiple backups on a secure server?

YES

NO

2. Have your employees been actively trained in how to spot a phishing email?

YES

NO

3. Does your business have firewalls in place to prevent malware from spreading?

YES

NO

4. Does your business receive automated anti-virus updates?

YES

NO

5. Does your company’s IT policy extend to employee-owned devices?

YES

NO

6. Are you able to remote-wipe devices in the event that they’re lost or stolen?

YES

NO

7. Does your MSSP have a security operations center?

YES

NO

8. Does your business have documented processes in place in the event of a malware infection?

YES

NO

9. Does your business have automated patching, including third-party patching?

YES

NO

10. Does your business get regular IT vulnerability assessments?

YES

NO

GOOD SHAPE If you answered “Yes” to 9 or 10 of these questions, your overall business security appears to be in good shape. An assessment is still recommended to make sure you have covered all the bases.

 EQUIRES FURTHER R EVALUATION If you answered “Yes” to 7 or 8 of these questions, your overall business security may be insufficient and needs further evaluation. An assessment is highly recommended to find areas of vulnerability.

© 2016 KONICA MINOLTA BUSINESS SOLUTIONS U.S.A., INC. All rights reserved. Reproduction in whole or in part without written permission is prohibited. KONICA MINOLTA, the KONICA MINOLTA logo, Count on Konica Minolta, bizhub, PageScope, and Giving Shape to Ideas are registered trademarks or trademarks of KONICA MINOLTA, INC. All other product and brand names are trademarks or registered trademarks of their respective companies or organizations. All features and functions described here may not be available on some products. Design & specifications are subject to change without notice.

REQUIRES IMMEDIATE ATTENTION If you answered “Yes” to 6 or less of these questions, your overall business security is inadequate and needs immediate attention. An assessment is very highly recommended to find areas of vulnerability.

KONICA MINOLTA BUSINESS SOLUTIONS U.S.A., INC. 100 Williams Drive, Ramsey, New Jersey 07446

CountOnKonicaMinolta.com Item #: SECURITYEB 4/16-I