Posts

New York Ransomware Payment Ban Thumbnail

New York Proposes Bills Banning Ransomware Payments

Two New York state senators proposed bills to ban local governments from paying ransomware with taxpayer money.

The bills, S7246 and S7289, are virtually the same except S7246 proposes to create a state fund to help municipalities strengthen their cyber-security. This is the first time states have proposed such a law.

Why is this happening?

In 2019 alone, there have been over 100 reported ransomware attacks across the U.S. in government entities and municipalities.

Texas suffered from 9 separate attacks. Florida had 8 and New York, Connecticut, and North Carolina each had 6 reported attacks.

Moreover, 37 of the 104 ransomware attacks, or 35.5%, were committed against schools. This isn’t surprising considering the fact that schools are particularly easy targets.
The reasons for this are simple: schools lack security. They lack security because they have limited budgets.

Neglecting cyber security has been a practice for both businesses and governments alike and now the consequences are being felt. In fact, school ransomware attacks are  so problematic, the United States Senate also introduced a bill in December that would mandate bolstering they cyber security and infrastructure of schools.

Local Governments

The problems aren’t just the schools, however. Six figure payments have been made to hackers freezing stolen data from other government facilities in cities like Riviera Beach, Fla., New Orleans and 22 separate municipalities in Texas.

In New York specifically, Albany County Airport authority chose to pay out a ransom demand and two school districts within a two month period were infected by ransomware.

Last July, the US Conference of Mayors adopted a resolution declaring they would not pay ransom demands after an attack and presented their cyber security plans, but the resolution was informal and toothless.

The bill indicates something Cyber security experts have been saying for years: If our society doesn’t prepare itself for the digital age it will cost everyone. Luckily for governments, they were able to rely on tax money to pay a ransom. The question is, what about a small, private business with no cyber security plan in place?

Who Really Pays?

The main point is, this type of negligence always costs.  An article  released by the New York Times stated in 2019, 205,280 organizations turned in files that were eventually hacked in a ransomware attack.

Furthermore, the average payment to went up to $84,116 towards the end of 2019.

Ransomware attacks have led to the shutdown of numerous businesses as well. The Heritage Company was forced to send more than 300 employees home after their IT department failed to recover last October.

The Heritage Company is by no means an isolated case. In fact, one in five businesses are forced to shut down after a ransomware attack according to a report by the security firm Malwarebytes.
All of the experts warn that cyber-attacks are becoming more sophisticated, targeted and costly.

Ransomware is the most damaging from of cyberattack because both businesses and governments haven’t kept up with security.

It’s as if someone invented a buzz saw and banks kept all of their money behind a wooden door.

They’re Getting Away With IT

As for the robbers, tracking them down has proven difficult because they ask for ransom in the form of bitcoin. Bitcoin is untraceable and can be encrypted to ensure anonymity.

Riviera Beach Fla., another victim of ransomware, agreed to pay over $600,000 to criminals and they still haven’t been identified. With payouts like those ransomware attacks are not going away.

The F.B.I. said it received nearly 1,500 ransomware reports in 2018 and the agency acknowledges all report numbers are under-reported. In other words, the problem is even bigger than anyone knows.

What New York is doing only begins to scratch the surface of this epidemic.

Cities, like Lake City,Fla., are rushing to improve and strengthen their back up systems and infrastructure. It’s even adopted a cloud-based back up system that cost $60,000 a year.

Then again, what would you pay to protect your business?

For more on cyber security, cloud and tech, follow us on social media to stay updated.

New York Ransomware Payment Ban Leaderboard

Texas Ransomware Cyber Attack

Ransomware Attacks & Financial Firms

Ransomware Attack On Texas

Tuesday, August 20, 2019 a ransomware attack took place in 22 municipalities in Texas. Computer systems were hacked and held for ransom in a widespread ransomware strike. The cities of Borger and Keene were among those affected. Borger residents couldn’t access birth certificates or pay their utility bills.

Ransomware attacks are a growing problem for governments on a city, state and county level, according to a report by the Cybersecurity and Infrastructure Security Agency (CISA). The type of ransomware was not revealed and no state networks were breached in the attack according to Texas officials.

What is known is that the ransomware came from a single source.

Ransomware

Ransomware is the most common tactic used by cyber criminals because it’s relatively simple to execute and it’s cheap.

This has led to a rise in ransomware attacks since 2017 and most victims are small cities and counties. These cities are perfect because they often have underfunded IT staff and are therefore most vulnerable.

The same reasons that make these places so vulnerable to attack make financial firms vulnerable as well.

Cyber criminals are leveraging ransomware attacks to steal from industries of all kinds, but financial services firms are among the most lucrative.

Here are the reasons why:

  1. They store valuable, sensitive and confidential data that can be sold on the dark web or to a competitor.
  2. They usually have significant amounts of money available. This making them more likely to pay a ransom to get back encrypted data if there’s substantial downtime.
  3. Their IT security is believed to be lacking and inefficient, especially within smaller banks and credit unions.

The Looming Threat of Ransomware Statistics

Ways to Avoid Ransomware & Cyber Traps

Effectively combating ransomware requires implementing technical and cultural measures. This includes:

Training

Ransomware attacks are perpetrated through an email containing an infected link or attached document. Knowing what to look for is half the battle and greatly reduces the chances of falling victim to these attacks.

Here are some telltale signs of a ransomware attack:

  • There are glaring grammar and spelling errors in an ostensibly professional email.
  • You receive an email at odd hours of the day or night.
  • If the link attached to the email connects to an unusual URL. Hover your cursor over the link to check the URL.

Now more than ever it’s important to address this concern. Cyber-attacks affect financial services 300 times more than other companies, according to a report from Boston Consulting Group (BCG). Despite this, BCG found that many financial institutions are poorly equipped to respond effectively to a ransomware attack.

This comes from a failure to prioritize cybersecurity as a top issue. There is an overemphasis on prevention over detection and response. There is also a lack of security awareness in company culture in general, which can worsen the problem.

If employees reuse account credentials like passwords attackers can easily obtain them and cause serious damage. The most dangerous threats come from inside a firm- from a careless employee who fall victim to phishing, spoofing and other social engineering schemes. The resulting losses across the financial services industry run up to tens of billions of dollars.

 

Securing Your Network

It’s important to train users to recognize certain kinds of attacks, but keeping a secure network requires an approached focused on strong network architecture. An infrastructure capable of detecting and eliminating malware that may have found its way into the network.

It’s possible that your network may contain numerous latent threats, so all applications and email inboxes should be properly scanned for malicious content.

Top IT Service providers, like Nerds Support, deploy firewall as well as implementing comprehensive email security to stop threats before they become problems.

They’re also allow you to segment and control access throughout the network to minimize the spread of a virus attack should it get in.

Backups

When a hacker uses ransomware, they encrypt all data and sensitive information necessary to operate. That means payroll, customer’s financial information, email, internal documents and more. The only way to regain access is to pay a ransom of some kind.

If you backup your data, however, that doesn’t have to be the case. With the right strategy, rather than paying ransom, you can just restore your files from the latest back-up and the cyber criminal’s ploy will have been stopped in its tracks.

Cloud based back-up services are the best at this. Nerds Support provides partners with daily backups and updates all systems with the latest security features to combat cyber-attacks. These advanced solutions even allow you to create a virtual copy of your servers on the cloud and restore all compromised data within minutes of a breach or attack.

The Greatest Risk Isn’t What You Think

It’s logical for a cyber-criminal to target financial firms for the reasons mentioned above using ransomware. It’s a reality of living in an ever-more-digital era. Ransomware and other malware attacks are here to stay and should not be ignored. The greatest damage to a firm is not to their business, their productivity or their infrastructure, it’s to their reputation.

Financial services organizations possess people’s most personal financial information. Social security, banking information, credit history, etc. If you’ve failed to take the necessary precautions to prevent or mitigate an attack and your firm is breached, it will be nearly impossible for anyone to trust you again.

When you take on a client, there is an agreement that you will safeguard their information. There is a supposition of trust. If that trust is broken, the thing your service is founded upon, rebuilding your reputation will be an uphill battle for years to come.

What Does it Mean?

In the case of the Texas attacks, the governments of these municipalities have resources that help them recover. They have taxpayer funding, cyber security experts and other advantages that a private organization does not have. Even with these advantages, it’s still struggling to address the overall issue of cyber-attacks.

According to the cyber security firm Recorded Future, the attacks on these 22 cities were the most organized and coordinated attack they’ve ever seen. The Texas Department of Information Resources (TDIR) are currently involved in trying to bring back all systems online as are officials from other federal agencies.

If this is the type of damage that can be done on government institutions, there is no excuse for negligence on the part of any business let alone one as frequently targeted as a financial organization. Take stock of your current IT resources and make sure your company is properly prepared in all respects against ransomware and cyber-attacks.

For more information on Malware, ransomware and social engineering visit our blog or contact us and we’ll answer any questions or inquiries you may have about how to make your firm safe and secure.

Wanna Cry Protection for Miami businesses

With IT Services in Miami, You Don’t Have to Worry About Ransomware

Since its sudden increase in 2015, Ransomware has become more than a cruel petty crime…it has become a full blown illegal business model. The profits crypts have taken from this crime have turned Ransomware into a billion dollar business and if your company has not experienced any sort of attack yet, then our Managed IT Support team recommends that you take the time to read this article and follow the necessary precautions to prevent a Ransomware, or other cyber security, attack. Since its sudden increase in 2015, Ransomware has become more than a cruel petty crime…it has become a full blown illegal business model.

Ransomware-Prevention-NerdsSupport-ITservices-Miami

How Do I know if I have Ransomware:

Warning signs of ransomware is not an easy thing to detect, but that does not mean they are impossible to detect. Our IT support team has found some of the following to be common signs of a Ransomware attack:

• Slowdown
• Pop-Ups
• Running out of hard drive space
• Unusually high network activity
• New browser homepage, new toolbars and/or unwanted websites accessed without your input
• Unusual messages or programs that start automatically
• Your friends tell you that they are getting strange messages from you
• New, unfamiliar icons on desktop + battery life drains quickly

However, some malware is so advanced, that most companies don’t even know they are in danger of a ransomware attack until the attack has already been carried out. If your computer has experienced any of these symptoms, our IT consulting experts advise that you do not touch the laptop and that you call your IT support team for help. With a great engineer team, like the one at Nerds Support, Inc. you can assure that your cyber security plan will be the most secure one in Miami.

How Does Ransomware Spread?

Another way that ransomware can spread is through spam emails. Once a computer becomes infected with a type of ransomware, like wannacry, the virus goes through your computer to see the people you have interacted with, typically through email, and they begin sending the virus to your contacts, in the form of spam email. With Nerd Support’s expert Managed IT team, you can assure yourself that your inbox will be monitored and you will be made aware of any suspicious emails. In all cases, it is important that you delete every suspicious email that you get. To protect your email, you should try to delete any strange emails that appear to look like spam. You should also try to stay off of strange or inappropriate websites, to further decrease the risk of a virus. However, the simplest way to assure your internet security is to call a great IT consulting firm to monitor your servers, or move you into the cloud.

How You Can Prevent a Ransomware Attack?

The easiest way to prevent a ransomware attack is to have a great security protection plan in place. A great IT company, like Nerds Support, would already know the perfect plan to protect your company, no matter what size, and their 24/7 IT Support would mean that a cyber attacker would never take your business by surprise. Finally, the best way to prevent a cyberattack, whether it is ransomware or a Trojan horse, is to have the right software on your computer.

Nerds Support engineers pride themselves on having the most important certifications and years of experience to provide companies with the IT support that they deserve. Our company knows the importance of having a secure company and works non-stop to make sure that your company is safe from all types of malware, including some of the most dangerous viruses. If you’re looking for a Miami IT support company that can make your company the most secure company, then you need to consider Nerds Support, Inc. You can leave us message on our website or you can call 305-551-2009.

Ransomware can be deadly for your business but IT Services Miami can help you prevent a hack

How to Protect Your Miami Business From Ransomware

In an era where technology is constantly progressing, Miami businesses face the difficulty of keeping up with the various trends.  From virtual reality glasses to game-changing Uber, individuals are sure to find a topic of interest.  This is exactly what happened in 2016, when numerous users not only found interest in ransomware, but profited $1 billion through this illicit act.

What is ransomware?

It is a form of malicious software that restricts access to data stored on computer systems and the criminals implementing the attack can use threat of exploitation or impeding the administration of a business in exchange for a ransom.  The use of ransomware isn’t necessarily new, but the reason it presents a threat more than ever to companies is due to the fact that it is now a service for other illegitimate users.

Referred to as Ransomware-as-a-Service (RaaS), by IT World’s Ryan Francis, criminals are now offering services that provide unique variations of ransomware for purchase by users.  Many IT professionals are becoming concerned.  With the large potential profit to be gained through these services, the criminals behind ransomware are constantly developing the software to break through anti-viruses.  The concern is for good reason.  An intensive study conducted by KnowBe4.com discovered that a staggering 38% of companies were successfully compromised by ransomware, almost a 100% increase from the 20% in 2014.  Nearly half of the individuals who partook in the survey stated that “they would be forced to pay the ransom”.

So what Miami Business Owners do to be proactive?

61% of those surveyed deemed email attachments as the biggest exposure to ransomware.  89% of IT professionals agree that Security Awareness Training by end-users is one of the best proactive solutions to deterring ransomware, with backup of computer systems following at 83%.  Security Awareness Training is encouraged because software that can detect ransomware is not always efficient due to the rapidly evolving developments to the software, and therefore, may or may not intervene the hack.  Unfortunately, this does not guarantee that subjection to the threat will not occur, which is why a backup for your computer systems is suggested as well.

We implement both of these measures at Nerds Support, Inc. by providing our clients with Security Awareness Training, through KnowBe4.com, and generate offsite backups to their systems.  This way, in case there were to be an intrusion, we are able to access our clients’ data via the offsite location and reinstate regular business functions, while our IT experts work diligently to remove the ransomware.

In a world of rapidly-progressing technology, threats will unfortunately follow the trend.  Nonetheless, this should not discourage companies from taking advantage of new technological advances that can headway their growth.  By staying up-to-date with potential security breaches and educating employees on proactive measures, businesses can enjoy the conveniences of our technology-driven world.

If you have a concern or want to make sure your company has implemented effective measures against ransomware, contact us for a Security Network audit at 305.551.2009.