Treat Ransomware As Data Breaches And Report It Right Away

It’s only been a few months into the year but there’s already been a significant increase in the use of ransomware that steals data. It is a type of ransomware that encrypts the data of the victim and extracts it to the server of the attacker.

The data that’s been stolen will then be used to force the victim into paying their specified ransom. But, evidence shows that cybercriminals also utilize the data to execute phishing attacks on customers and business partners of the victim firm.

IT experts suggest that businesses disclose these ransomware incidents as soon as possible. Reporting incidents, especially the ones that involve ransomware that’s can exfiltrate data is important to prevent other companies from falling victims to a similar attack.

Lack of Disclosure

As of the moment, companies are not legally required to report ransomware incidents. Organizations that have fallen victim to ransomware could fix the problem, by paying or not paying the cybercriminals and resume regular business operations, without telling their partners, customers, or the public about the cyberattack.

This is a common response with traditional ransomware. The data of the company was encrypted but it was not read, altered, or extracted. In theory, PII or personally identifiable information was exposed so the company doesn’t have to deal with business interruption and reputational loss that come after they report the incident.

This kind of reasoning won’t hold up when it involves data-stealing ransomware. Nemty, DoppelPaymer Sodinokibi, Maze, and other ransomware groups have started using methods that allow them to extract the data of their victim to a remote server where they could read, manipulate, and use the data however they like. The data that was stolen will be used to force their victims to pay the ransom. But it can also be used for spearfishing attacks.

Data Theft and Spear Phishing

Spear phishing refers to a cyber attack that targets certain people in a company to access crucial data like staff credentials, financial data, in this situation, deliver ransomware through suspicious email attachments.

Given that actors have access to the data of the company, and in some cases, emails – lets them make very convincing email messages. In certain instances, those emails might even look like a reply to a message, which makes it look like it is a legitimate email to the victim.

Companies Stand Silent When It Comes To Cybersecurity

When a business face a ransomware attack, its business partners, suppliers, and customers will be on the lookout for targeted attacks. But, this is not the case. Because organizations are not required to report ransomware incidents, there is some motivation for businesses to come forward and admit that their company was hit by ransomware.

What Should Businesses Do?

Data stealing ransomware are becoming increasingly rampant. Now is the time to start referring to ransomware incidents like data breaches.

All ransomware incidents must be thought of as data breaches until they are proven otherwise. Governments create a legislation wherein ransomware attacks to be considered as data breaches and ask the affected business to immediately issue notifications.

Call SpartanTec, Inc. now and let our team set up the most effective cybersecurity measures to protect your business against today’s most common online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

5 Ways To Prevent Data Breaches

Businesses need to prioritize data security especially these days when high profile information security breaches are almost always making the headlines. Organizations today face a one in four chance of having an information data breach that would cost about $2.21 million over the next two years. The aftermath of a data breach includes distrust, revenue loss, decreased loyalty among customers, and a negative reputation for your brand.

Prevent Information Security Breach

Asset Inventory

Visibility of what software and hardware assets you have in your network, as well as physical infrastructures, would help you get a greater understanding of the security posture of your organization. An asset inventory could also be used to create ratings and categories around the vulnerabilities and threats your assets may come across with. Ratings and categories for these vulnerabilities could assist you in prioritizing the remediation efforts that would occur on these assets.

Information security breaches add emphasis to endpoint protection. It’s not enough to have an antivirus installed to prevent a major breach. As a matter of fact, if you depend only on your antivirus software, you’ll be leaving your endpoints such as your laptops and desktops, widely exposed. Your devices would become the entry points for breaches.

An in-depth endpoint solution would utilize encryption to stop data leaks and loss, implement unified policies to protect data across all your endpoints, networks, servers, thereby lowering the possibility of a data breach.

Vulnerability and Compliance Management

Using a VCM or vulnerability and compliance management tool or at least completing a vulnerability assessment can help you pinpoint weaknesses, gaps, as well as misconfigurations in the security within your virtual and physical environments. VCM could check your IT assets and infrastructure continuously for compliances, vulnerabilities, as well as configuration best practices. An effective VCM lets you develop an action plan for remediating such vulnerabilities and designate them to the appropriate employees.

Audit Security Posture Regularly

Undergoing audits on a regular basis to determine potential new openings in governance and compliance would help in your security posture validation. A security audit would be a more comprehensive assessment of your business’ security policies compared to the penetration testing or vulnerability assessment. A security audit will take into account the dynamic nature of the business and how the company deals with information security Myrtle Beach.

Common Questions During A Security Audit

• Does your business have documented policies about information security?
• Did you set up escalation profiles, management processes, and processes document and monitored, and a playbook in case there’s a breach?
• Did you prepare network security mechanisms?
• Did you set up a log and security monitoring?
• Did you come up with a Disaster Recovery & Business Continuity Plan?
• Did you test your applications for security flaws?
• Do you have a change management process set up at each level within the IT setting?
• How do you back up your files and media? Who can access the backup? Have you tested your restore procedures?
• Have you reviewed the auditing logs? When do you review them?

Employees Must Be Trained and Educated

Once you have completed your security policy audits, you can now implement a written employee policy that involves data security and privacy. You need to conduct security training regularly so that all of the staff members know about these newly created policies since they won’t comply with policies they are not familiar with. When you are setting up your security policy for your staff, you should take into account training on these things:

• Using different unique passwords on devices that are used at work
• Enforcing a documented system for employees, contractors, or vendors who are set to leave your company (laptop access, key cards, passwords, etc.)
• Training staff on the importance of reporting data security leaks or information security breach
• Developing a policy that will describe how your staff should deal with, get rid of, restore, and even send data

Your staff requires training on the kinds of phishing attacks that take place these days. Phishing is a common method used by cybercriminals to spread ransomware in an organization. If you could train and educate your staff about the signs to search for in a dubious email, your business will be well served.

Call SpartanTec, Inc. now and let our team of IT experts help you establish security measures and protocols to mitigate online security threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Old School Virus Called KBOT Is Hitting Networks

There was a day when worms were once common, terrifying threats on the internet. In the early days of the world wide web, there were a number of famous attacks that were considered highly advanced for their time.

Time and technology have moved on of course, and these days, modern malware is significantly more advanced.

Except for KBOT. KBOT is a blast from the past. Recently discovered by Kaspersky researchers, KBOT has been dubbed "the first living virus in recent years that we have spotted in the wild."

They describe the virus as follows:

"KBOT poses a serious threat because it is able to spread quickly in the system and on the local network by infecting executable files with no possibility of recovery. It significantly slows down the system through injects into system process, enables its handlers to control the compromised system through remote desktop sessions, steals personal data, and performs web injects for the purpose of stealing users' bank data."

As you can see from this brief description, this piece of malware might be old school, but it's a serious threat. By destroying the files it infects, it's not just a matter of getting rid of the infection. Invariably, you'll have to reinstall all the infected code on the PC.

In addition to being a highly destructive virus, it's also designed to steal vast quantities of data. Then it makes a priority of connecting to its command and control server once it establishes a hold so it can send back any data it's been coded to target.

If it's not already on your radar, it certainly deserves paying attention to. If you find yourself unfortunate enough to be on the receiving end of a KBOT infection, know that it will cause a tremendous amount of damage and bring your network to its knees before you get it under control.

SpartanTec, Inc. is here to analyze your network and help you design a plan to keep your data secure.  We work with companies of ant size and can provide services from a secure firewall to 24/7 monitoring.  Contact us for a free analysis.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-418-4792
https://www.spartantec.com/

Dangerous New Trojan Can Infect Systems Through Wifi

If you're not already familiar with the Emotet trojan, it deserves a special spot on your radar. It's one of the most dangerous forms of malware in the world today.

Their success is thanks to the fact that its creators have worked hard and diligently to keep it upgraded by bolting on a variety of modules that enhance its capabilities in new, and sometimes terrifying ways.

Recently, researchers at BinaryDefense have spotted a particularly nasty new module that allows the trojan to infect other devices nearby. Called a "WiFi Spreader," it allows the trojan to hop wirelessly from one device to another.

Granted, this capability does not guarantee a 100 percent infection success rate, because the nearby device may have protection protocols in place. It does, however, provide a new attack vector the malware can utilize to spread itself farther than it otherwise might.

The implications of this are staggering. If Emotet makes its way onto your system and the strain you have has the WiFi Spreader module, it poses many risks. It poses risks to your own network, to the personal devices your employees carry that aren't connected to your network, and also to any other networks in close proximity to yours. Whether the networks are one floor up, or down, right next door, they are also at risk.

Also, consider the implications of an Emotet infection in a shared work environment. For example, WeWork office space, or a constellation of small companies that share one floor of an office and work in close proximity to one another. These kinds of arrangements are increasingly common and will absolutely complicate forensic investigations of malware infections.

If there's a silver lining here, it is the fact that according to Binary Defense, the WiFi spreader doesn't work on Windows XP SP2 or Windows XP SP3. That is because it utilizes functions that are incompatible with those builds. In any case, stay vigilant and be on the lookout for Emotet. It's one of the most dangerous forms of malware out there.

Call SpartanTec, Inc. if you need the help of IT experts in securing your business data, devices, or networks.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Password Manager Malware Tricks Users Into Revealing Passwords

There's a new threat making the rounds called 'Metamorfo' that you should be aware of. The malware began its life as a banking trojan.

This news is from researchers at Fortinet, who report that the malicious code has recently gotten some upgrades that make it particularly nasty.

Like many similar programs, this one finds its way onto target machines by way of phishing emails. In this case, the vehicle of choice seems to be emails that claim to have an invoice attached in the form of a Microsoft Word document.

If a user receives this email and opens the 'invoice' he or she will be informed that the message cannot be properly displayed without enabling macros. Of course, enabling macros is the mechanism that allows Metamorfo to be installed on the target device.

Once installed, the malicious code will first check to be sure it's not running in a sandbox or virtual environment. Once it has confirmation that it is not, it will run its Autolt script execution program, which it uses to evade detection by antivirus programs that may be running on the target system.

Safe from detection, it will then shut down any browser sessions that may be running and prevent any new browser windows from using the auto-complete function when entering passwords. It then begins prompting the users to manually enter their passwords. When they do, the keystrokes are mapped and sent to a command and control server that the hackers control. It's a fiendishly clever way of making sure the hackers harvest as much password information as possible from each system they infect.

Be very wary of opening attachments from any unknown and untrusted source and make sure all your systems are fully patched and up to date. It's not a perfect solution, but it will certainly minimize your risk.

Call SpartanTec, Inc. and let our team help you develop and set up the most effective and suitable cybersecurity strategies that customized according to your business security needs.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

A Definitive Guide To Managed IT Services

Managed IT services refers to solutions that aim to replace or augment the management of certain business functions by a third party contractor. In the past 10 years, managed services have grown substantially, especially within the IT industry. In this area, managed services include managing technologies like telephony, core network, and data center. Meanwhile, legacy managed services include core IT maintenance obligations such as patch management and break/fix.

What Is MSP?

An MSP or managed service provider is a firm that owns and remotely manages a service or technology and permits the use of the said service or technology to any client through a subscription.

Why Use Managed IT Services?

Although managed services are not solutions that are suitable for all business, it is a clear cut solution to a few important business challenges that are faced by businesses of all shapes and sizes.

High hardware cost – technology architecture is costly and there’s no guarantee that they won’t be obsolete after a few years.

Specialized technology – conventionally, firms could hire a few IT staff to develop, manage, and fix problems across the whole IT enterprise. Now, to guarantee availability and high performance, IT teams are created for every IT function.

Cost of qualified staff – IT staff are in high demand and they are expensive.

Shortage of qualified personnel – even if you have an IT team, the question is if you have enough. Is your team qualified when it comes to maintenance?

Cost of constant maintenance – If you don’t have issues with maintenance, the members of your IT staff could concentrate on projects that could enhance your business like updating the CRM or creating new lead generation analytics and so on.

Are There Any Complaints About Managed IT Services?

Managed service providers provide an affordable and convenient way to help companies run smoothly. But, in an effort to maximize profits while cutting back their resource investment, several MSPs have decided to take a shortcut.

Inflexible programs – there are some providers that develop rigid program specifications at the expense of the clients. Flexibility is oftentimes the reason why the client turns to managed IT services, to begin with.

Low touch client service – with strict communication lines, there are a few MSPs that can automate away access to human professionals.

A Reliable MSP Partner

There are several MSPs these days that offer a range of services, to be used in different ways. Some are truly value-added partners while others are just service vendors. So how do you differentiate a vendor from a true partner?

A good managed IT service partner is the one that provides great advice, challenges you, and provides an honest critic. A good partner is one who is transparent in all of their dealings with their client and above all, handles sensitive problems, hiccups or shutdowns that affect your business just like their very own.

At SpartanTec, Inc., we believe in creating committed partnerships with our clients. We develop collaborative prosperity that affects businesses positively. Call us now for more information.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Active Directory Being Targeted By Malware Called TrickBot

The malware named TrickBot has some new tricks up its sleeves. Recently, a new strain of the malware was spotted in the wild with new capabilities that allow it to target the Active Directory database stored on compromised Windows domain controllers.

While TrickBot has never been seen as one of the most dire threats in the malware universe, this new functionality does make it dangerous.

Domain administrators need to be aware of the dangers associated with hackers gaining access to and exploiting Active Directory. The directory stores user names, password hashes, computer names, groups, and a variety of other sensitive data.

To understand how TrickBot manages this feat, it's important to dig into a few technical details. For example, when a server is promoted as a domain controller, the Active Directory database is created and saved on that machine in the c:WindowsNTDS folder. One of the files contained in this folder is ntds.dit, which is the specific file that contains all of the Active Directory services information.

Given the sensitivity of this information, Windows encrypts the data using a BootKey, which is stored in the System hive of the Registry. Since ntds.dit is opened by the domain controller, it's not possible for any external process to access the data it contains. Although Windows Domain Controllers have a tool called ntdsutil that allows administrators to perform maintenance on the database.

TrickBot gets around this by taking advantage of the "Install from Media" command into the %Temp% folder, where it can be compressed and sent to a command and control server controlled by the hackers. Once they've got their hands on the file itself, it's easy enough to crack it open to get what's inside. That of course, spells trouble for the organization that owns the server.

All that to say, if TrickBot isn't currently on your radar, it deserves a spot there. Its new capabilities make the malware significantly more dangerous.

Call SpartanTec, Inc. for professional help in protecting your business against malware and other online threats

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/