I’ve Got my Eyes On You: How to Protect Your Business From Ransomware

In an era where technology is constantly progressing, users face the difficulty of keeping up with the various trends.  From virtual reality glasses to game-changing Uber; individuals are sure to find a topic of interest.  This is exactly what happened in 2016, when numerous users not only found interest in ransomware, but profited $1 billion through this illicit act.

What is ransomware?  It is a form of malicious software that restricts access to data stored on computer systems and the criminals implementing the attack can use threat of exploitation or impeding the administration of a business in exchange for a ransom.  The use of ransomware isn’t necessarily new, but the reason it presents a threat more than ever to companies is due to the fact that it is now a service for other illegitimate users.

Referred to as Ransomware-as-a-Service (RaaS), by IT World’s Ryan Francis, criminals are now offering services that provide unique variations of ransomware for purchase by users.  Many IT professionals are becoming concerned.  With the large potential profit to be gained through these services, the criminals behind ransomware are constantly developing the software to break through anti-viruses.  The concern is for good reason.  An intensive study conducted by KnowBe4.com discovered that a staggering 38% of companies were successfully compromised by ransomware, almost a 100% increase from the 20% in 2014.  Nearly half of the individuals who partook in the survey stated that “they would be forced to pay the ransom”.

So what can you do to be proactive?  61% of those surveyed deemed email attachments as the biggest exposure to ransomware.  89% of IT professionals agree that Security Awareness Training by end-users is one of the best proactive solutions to deterring ransomware, with backup of computer systems following at 83%.  Security Awareness Training is encouraged because software that can detect ransomware is not always efficient due to the rapidly evolving developments to the software, and therefore, may or may not intervene the hack.  Unfortunately, this does not guarantee that subjection to the threat will not occur, which is why a backup for your computer systems is suggested as well.

We implement both of these measures at Nerds Support, Inc. by providing our clients with Security Awareness Training, through KnowBe4.com, and generate offsite backups to their systems.  This way, in case there were to be an intrusion, we are able to access our clients’ data via the offsite location and reinstate regular business functions, while our IT experts work diligently to remove the ransomware.

In a world of rapidly-progressing technology, threats will unfortunately follow the trend.  Nonetheless, this should not discourage companies from taking advantage of new technological advances that can headway their growth.  By staying up-to-date with potential security breaches and educating employees on proactive measures, businesses can enjoy the conveniences of our technology-driven world.

If you have a concern or want to make sure your company has implemented effective measures against ransomware, contact us for a Security Network audit at 305.551.2009.


Ransomware attack hit San Francisco train system

A ransomware attack took ticket machines for San Francisco’s light rail transit system offline all day Saturday during one of the busiest shopping weekends of the year, but rather than shutting down, the agency decided instead to let users ride for free.

The San Francisco Municipal Transportation Agency, known as Muni, reported that agents’ computer screens displayed the message “You Hacked, ALL Data Encrypted” beginning Friday night.

The attackers demanded 100 Bitcoins, worth about $73,000, the San Francisco Examiner reported. The agency did not respond to questions about whether the amount was paid.

The cyber crime disrupted Muni’s internal computer system and email but did not affect the actual running of the transit agency, which runs buses, light rail, historic streetcars and the city’s famed cable cars.

The system provides 735,000 trips per day but the free rides were only on the light rail portion when patrons were boarding in the city’s subway stops, which must be accessed by stepping through fare gates.

The ticket machines at those stops instead carried pink “Out of Service” messages, along with hand-written signs saying “Metro free.”

” The fare gates were closed on Friday and Saturday as a precaution, to minimize any impact tO customers. They were operational again on Sunday.Neither customer privacy nor transaction information was compromised ” Muni said in a release.

“Encrypting files and asking for ransom has been a popular method of attack in recent years. Earlier this year, the Melrose Massachusetts Police department actually paid the ransom to unlock their files,” said Tim Erlin, senior director of IT security and risk strategy for the security firm Tripwire.

The majority of ransomware infections do not go public because they are often small in size and do not have a large impact, said Jason Rebholz, director of professional services at The Crypsis Group, a security firm.

The San Francisco incident became public because it touched a large number of systems responsible for daily operations. “These ransomware events, while more rare than typical ransomware infections, typically result in public notification due to the widespread impact,” Rebholz said.

It’s unlikely the transit system was specifically chosen, as a target as ransomware is generally a very opportunistic and financially motivated attack method, said Kevin Albano, global lead for threat intelligence with IBM X-Force.

“Recently, these campaigns have started to become a little less indiscriminate, casting a wider net to see what they’re able to compromise. Once they infect their targets, the hackers can always adjust the price if a higher value target is caught in their net,” he said.

Practical Tips For Cybersecurity This Cyber Monday

It’s that time of year again. A chill is in the air, pumpkin-spice-everything is on the menu, and your online news feed is peppered with Cyber Monday headlines.

Cyber Monday has become so embedded in our online shopping culture that many may not remember a time without it – yet it’s quite a contemporary holiday tradition.

As ubiquitous as its current presence, so too are its security warnings. For most of us, these warnings are mainstays of the modern online era. As a quick refresher:

    1. Use a unique password for each website, especially sensitive accounts.
    2. Enable two-step verification for sensitive websites and services.
    3. Check out as a guest whenever possible.
    4. Use a credit card instead of a debit card.
    5. Monitor your bank and credit card statements.
    6. Monitor your credit report – identities are more valuable than credit cards, and have no expiration date.

But this year, we want you to pay increased attention to security concerns that extend beyond the cyber shopping cart payment, and instead look at what’s actually in your cart.

Internet Of Things Devices Fill Shopping Carts

That FitBit, “smart” thermostat and baby monitor you can access from your phone are all examples of devices that fall under the “Internet of Things,” or IoT. It’s a burgeoning and lucrative market: A July Business Insider Intelligence report forecasted 34 billion connected devices by 2020, more than tripling the 2015 count.

Wearables are particularly popular. Whether you’re shopping for health buffs or expectant parents, you can find wearable devices that track everything from stairs climbed to pregnancy contractions. And according to MarketResearch.com, these wearables and sensors will reach a market level of $117 billion in just three years.

Odds are good that this year’s cyber holiday purchases will help meet that estimate.

Hackers Also Benefit From Christmas

However, as connectivity grows, so do our risks. Last year’s CyberMonday brought us the VTech hack that accessed connected tablets that children used to communicate with their parents and download content. Hackers gained access to the customer database, which was rife with personal information such as addresses, birthdates, and passwords that could allow access to other sites. Having such personal information can pose a physical threat, as well as facilitate identity theft (and with children, identity theft may not be discovered for years).

Contact us to learn more about our Cybersecurity services and how to stay Cyber Safe online.

Preparing for the Holiday Season? Cybercriminals are getting ready as well !


Here’s a short list to avoid becoming a victim of holiday phishing scams during the upcoming Black Friday, Cyber Monday and Christmas.


 The number of financial phishing attacks is expected to rise during the holiday season, which starts unofficially on so-called Black Friday and continues through Cyber Monday and Christmas. A retrospective research by Kaspersky Lab specialists shows that, over the last few years, the holiday period was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.A peak season for sales is obviously also a peak hunting season for criminals. Retailers offer lots of hard-to-resist deals and people plan on spending money on gifts for themselves, their friends and relatives. So, while e-commerce customers are making wishes for the upcoming sales, the retailers themselves are preparing their stores for a massive rise in the number of visitors, and financial infrastructure owners — banks and payment systems — are getting ready for a huge increase in the number and value of transactions; cybercriminals are preparing too. At least, that was the case in previous years.


As Kaspersky Lab threat statistics shows, in 2014 and 2015 the proportion of phishing pages that hunt financial data (credit cards details) detected by the company during Q4 (which covers the holiday period) was around 9 percentage points higher than the average for the year. In particular, the result for financial phishing in all of 2014 was 28.73 percent, while the result for Q4 was 38.49 percent. In 2015, 34.33 percent of all phishing attacks were financial phishing, while in Q4, that type of phishing was responsible for 43.38 percent of all attacks.

Holidays influence the type of financial targets that criminals are after. Both in 2014 and 2015, researchers witnessed a significant (several percentage points) increase in phishing attacks against payment systems and online stores. Attacks against banks also grew, but at a lower rate.



When trying to steal payment data, criminals use different schemes. They may create a fake payment page of a famous payment system or they copy legitimate online retailer sites or even create 100 per cent fake shops with incredibly attractive offerings.

And of course, criminals exploit the Black Friday theme itself. While doing research into the threat landscape, in October 2016, researchers spotted a Black-Friday themed phony internet shop offering products at attractive prices. Which means that, weeks before the actual start of the holiday sales, the criminals are already preparing.

“In 2014, we conducted some research into how the phishing threat landscape behaves itself in the holiday period and discovered that the number of attacks against particular targets – payment systems and famous retail networks – increased during the Black Friday and Cyber Monday period. In 2015, the situation repeated itself and this makes us think that in 2016 it will happen again. So we urge users to be as cautious as possible when shopping online this season,” said Andrey Kostin, senior web content analyst at Kaspersky Lab.

In order to avoid becoming a victim of holiday phishing scams during the upcoming Black Friday, Cyber Monday and Christmas periods, we advise the following measures:

  • Do not click on any links received from unknown people or on suspicious links sent by your friends on social networking sites or via e-mail. They can be malicious; created to download malware to your device or to lead to phishing web pages aimed at harvesting user credentials.
  • Do not enter your credit card details on unfamiliar or suspicious sites, to avoid passing them into cybercriminals’ hands. If these websites are offering advantageous deals that look too good to be true, they most likely belong to criminals.
  • Always double-check the web page is genuine before entering any of your credentials or confidential information (at least take a look at the URL). Fake websites may look just like the real ones.
  • Install a security solution on your device, with built-in technologies designed to prevent financial fraud.

Phishing is one of the most widespread cyber threats that users may encounter during holidays, but it is not the only one. Read more about other types of threats to customers, retailers and banks that are likely to emerge in the coming holiday period .

Contact us to learn more about how we help Businesses ensure a Cyber Safe working environment.

DATA Security: Why Managers and Owners are the Most Dangerous Negligent Insiders

If you really want to move the needle on data security in your organization, start at the top.

Hardly a day goes by that there isn’t news of another vulnerability, another attack, another patch — and often the biggest, worst of its kind.

You’d think we’d all be on hyper alert, but that is far from the case.

Instead, pleas for compliance with data security basics fall on deaf ears. Here’s why: employees, including managers and business owners, don’t assume personal responsibility for security.

Consider this: 43 percent of C-level executives say negligent insiders are the greatest risk to sensitive data in their organizations, according to data cited in this infographic compiled by the University of Alabama at Birmingham’s Online Master of Science in Management Information Systems program. Yet, senior managers are twice as likely workers overall to take files with them after leaving a job. And 58 percent of senior managers (compared to 25 percent of all workers) have accidentally sent sensitive information to the wrong person.

promoting data security in the workplace - uab

Get a quote now. Find out how affordable this is for your organization and be pleasantly surprised.