Surprise, surprise—another ransomware strain made the news earlier this month. Dubbed “Satana,” this new virus is a blend between classic file encryption malware and the Petya strain of ransomware, which can lock a computer’s Master Boot Record (MBR). But Satana then encrypts the MBR and replaces it with its own version, so that when a user reboots their computer, all that shows up is a ransom note in red on black.
Which, as anyone who has experienced a strain of ransomware can tell you, is not good. Once the virus gets inside a host computer, it connects to illicit servers, uploads sensitive info like your public IP address, location, and system information, and generates a random encryption key. That key begins copying individual files, both on your computer and on any mapped external drives, shared networks, and cloud-based storage. Once encrypted copies of those files are created, the originals are deleted from the hard drive, preventing users from accessing them.
There are ways to retrieve your data, particularly if you have a good backup and disaster recovery program in place. But for those who don’t have remote backups done on a regular basis—at least once a day, if not more often—even security experts recommend that the only way to fully retrieve ransomware-encrypted data is often by paying the ransom. Which only enables hackers and opens computer users and business owners up to further problems (who wants to share their financial information with cybercriminals?).
More Ransomware and Data Breach Reports?
The problem doesn’t end with ransomware, either, as the number of data breaches continues to increase. Last week, more than 1,000 Wendy’s restaurants had credit card records compromised. The FBI recently revealed that problems with such a breach don’t stop with financial information being used to make illegal purchases or commit identity theft either.
Apparently, hackers then exploit these data breaches by threatening to expose the victim’s personal information to their employer, friends, and family using social media unless the targeted person agrees to pay another ransom ranging from two to five Bitcoins or $1,300-$3,250. These lists of so-called “fraud suckers” are then sold on the black market, allowing future extortion attempts to be made. The FBI printed one such example as a warning for computer users:
“Unfortunately, your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members. If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too), then you need to send the specified Bitcoin payment to the following address. We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 Bitcoins to the following address.”
What can you do to stay safe?
Eight Things You Can Do to Keep Your Business Systems and Data Secure
Follow These Guidelines and Make Sure Your Employees Follow Them Too:
- Do not open any attachments to email messages from unknown individuals.
- If you are contacted by them, do not communicate with cybercriminals—instead, call your trusted IT partner or file a report online with the FBI’s IC3 office at ic3.gov.
- If you think you have been compromised, monitor your bank account statements and credit report.
- Do not store sensitive or embarrassing information about yourself online or on your mobile devices to avoid blackmail attempts.
- Create strong, unique passwords—and do not use the same password for multiple accounts.
- Never respond to requests for personal information or financial transactions via email.
- Make sure security settings for social media accounts are turned on and set at the highest level of protection.
- When entering personally identifiable data or credit card information online, ensure that the transmission is secure by verifying the website’s URL prefix includes “https,” or that the status bar displays a “lock” icon.
CMIT Solutions remains committed to preventing such data breaches and ransomware infiltrations through proactive maintenance and monitoring and layered network security solutions that stay up to date on all new cybersecurity developments. But accidents can happen, especially in today’s increasingly dangerous cyber environment. That’s why reliable backup and disaster recovery are so important.
Want to know more about how to keep your systems safe and your data secure? Contact CMIT Solutions today.