Use our LinkedIn Login to download this post to PDF or save it to MyLibrary!
We posted this in March 2017, as we had been hit by ransomware. Given the current environment since then, we are reposting this for everyone’s information. It is NOT something to be taken lightly and it CAN, if not properly prepared, freeze all operations of a business for days… or longer. We provide you with our experiences, what we learned, some material to help you beef up your protocols and security, as well as a link to a superb site that tracks all the security threats on the web.
If you believe your company is safe from such (or even your own personal computer), I advise you strongly to think again – here is the experience and thoughts of Golan Ben-Oni, the Global CIO for IDT, whose employer was hit with two cyber weapons that had been stolen from the National Security Agency. Golan was able to fend them off, but the attack left him distraught as (1) he had been sounding the alarm for months before the attack, and (2) he fully believes there is still attack to come that may still be invisible, striking victims undetected around the world and has been attempting to get the attention of the largest enforcement agencies globally about it all. This article was brought to my attention by on the LinkedIn group TI Especialistas – Brasil (84,000+ members) by a post shared by Ricardo Mauricio Pellenberg, IT Specialist in Systems | Functional | Support | Quality | Processes | Business | Projects for Supergasbras Energia Ltda in Rio de Janeiro, Brasil (Golan’s experiences and thoughts are shared throught the NYT, in English).
What You Can Do NOW to Minimize This Impact
Probability versus Level of Devastation
With everything in life, we should not be focused upon the likelihood of getting or not getting hit by something that can cause harm, instead, we should be focused on minimizing the level of the devastation if and when we do get hit, especially when that something is consistently escalating.
A couple of weeks ago, a seemingly innocent download for an upgrade resulted hours later in our entire system – all our networked machines, synched machines, and all their drives – being literally held for ransom.
As we were connected to our server at the time, thankfully the protection for our server stopped it from being affected.
Even though I work more than 3000 hours a year on the web and usually can recognize a stealth attempt to hack into our computers, I have discovered since working on our recovery from this issue that even security experts are stunned by the ease at which this most recent version of ransomware can be implemented into a machine – as well as the spread it makes once downloaded.
It is a very professional job that pays attention to details, human habits, system weaknesses — and plays upon all 3 in quick fashion
It doesn’t matter whether yours is a home or enterprise system, they are finding ways around the protection and are usually not detected until activated behind your security wall — very Trojan Horse like.
In essence, an update is requested for a software you already have — which, in and of itself, gives excellence credence NOT to have updates implemented automatically.
The request has everything in order – the contact information (even the links are legit), the logo, the font, the layout, even the copyright and distribution terms – even the hidden link for the download appears legit.
post continues after these featured free offers
Want to inspire others? So do we!
Help us inspire our audience as well as expand your audience so they may inspire others as well!
Your sponsorship will bring podcasts, videos, and interviews that will motivate both our audiences into action!
Just click the image above to discover more!
post continues from above
After the download, everything disappears save the file you downloaded – and nothing appears to happen, not even in your task manager.
The Grenade Effect
A few hours later, an HTML window opens up and you find yourself reading a notice that everything on your machine, every drive on your machine, every synced and connected device and their drives to your machine (through wi-fi, web, or hardwired network) have all been encrypted — and for a healthy sum (US$500 is not uncommon) you can have the key to unlock it all.
And it has to be paid in bitcoin as bitcoin payments can’t be tracked.
Your options at this time are severely limited…
- Pay the ransom for the key — wisdom dictates this is a very stupid option as you are now assuming everything or nearly everything will be fine afterward… Really? Are you going to give someone this ornery any level of trust? Who’s proving the guarantee that everything will be like it once was? What about repeat attacks? Probably with higher ransoms as well… They have you ONLY if you permit them to think you have no other options and are totally reliant upon them – you have other options, you are not dependent upon them for anything save more pain, move on…
- Visit the various geek boards and see if someone has cracked the key to the ransomware. Most likely IF they did, the hackers have already seen how they did and reinforced the weakness of the current version by which you have been hit. You would also need to know which variant of the ransomware hit you — most likely you won’t have a clue how to determine that in quick order unless someone techy is nearby.
- Attempt to find a decrypting tool that will break the encryption and return your files safely — sounds easy enough once you found a site that provides such, right? And it does sound easy enough – until you discover there are as many ways to encrypt as there are there are ways to make pizza, and you need to know which form of encryption was used.
- Finding the right decryption tool is just a starting point as you still have a bit more research as well into refining the decryption process.
- Safely decrypting your data can be a nerve-racking process and necessitates being as thorough as possible – IF and when you know what you are doing.
- In other words, the whole decrypting process forces you to make yourself available to learn something entirely new and probably pretty much beyond your abilities in order to do it successfully as partially decrypting something could very well render it totally useless.
- For every machine attached to the source of the infection (including every synched machine, no matter how it is connected), you can format the entire system (meaning each machine) and use clean backups or mirror images to restore each and every machine in your system — emphasis on clean as that download could be the backup if you did not initiate the ransomware immediately (I guarantee they are working on overcoming this very thing as you read this so even your backups could be affected in some manner, IF they have access to them).
- Format your entire system and perform a clean install – doing everything from the very beginning, as if new.
NOT a very pretty picture, no matter how you slice that pie…
There are other things the ransomware will do with your data besides encrypting it — such as retrieve your address book and emails since they are rich in contact information that the hackers most likely will find useful…
There are also spyware and cookies that can be planted onto your machine(s) to track your progress…
Where is All This Going?
And ransomware has been growing very rapidly since its first launch more than 10 years ago in Russia – and its future is going to require you to be knowledgeable and protected from such.
“So, what does the future of ransomware look like? If I had to put it into words: brands, and franchises.
“First, let’s talk about franchises. An interesting trend has emerged in the past few years, in the respect that the development of ransomware has become incredibly commoditized. Today, if you get infected with ransomware, it’s entirely plausible that the person who distributed it is not the person who created it.
“Then there’s branding. While many ransomware strains have earned name-recognition for the destructive power they possess, some manufacturers are aiming to make their products as anonymous and generic as possible.
“The value of a white-label ransomware is that it can be rebranded. From one main ransomware strain, hundreds more can emerge. It’s perhaps this reason why in the first quarter of 2015, over 725,000 ransomware samples were collected by McAfee Labs. This represents a quarterly increase of almost 165%.
“It seems extremely unlikely that law enforcement and the security industry will be able to hold back this surging tide.”
If you read this far, then you are probably wanting to know more about ransomware, what you can do to protect yourself (as you are probably and most likely NOT protected, especailly if you have not heard of ransomware) as well as what to do if you have alreay been hit…
When it comes to insurance, nothing beats backups for protection.
Be sure you back-up each machine often (daily in most cases) and keep a series of back-ups for each machine, usually a week or longer.
Also, keep a set for each previous month for the previous 3 months, preferably the last back-up of each month for each machine.
The likelihood you are going to use any of the backups are minimal – the likelihood you are going to wish you had them once hit is 100%.
It’s not about their dormant value, it is about their value once needed.
The reason for the series?
Anything that was on your machine is in those backups – including infections, viruses, nasty bots, etc…
Your backup quality is only going to be good as the protection you have on your machine in the first place – if you got hit by ransomware then your most recent backup may or may not be clean.
Buy an external drive, purchase a cloud service, talk to those who are in the know about technology as to which would work best for you – what works best for us would not necessarily work best for you.
Find something you are comfortable using, preferably something that will continuously backup automatically, as well as has a solid reputation for maintaining not only your files but protecting them as well.
Above all, be vigilant when using a computer – we have grown accustomed to them being an extension of ourselves until they don’t work.
Whenever you are hit and taken down by a hacker, go to an outside computer (any computer NOT on your current network and system) and get the word out via social media to those who are in contact with you frequently as well as recently.
At this point it is far better for everyone to be overreacting than not reacting at all — remain calm, however, whatever has happened has already happened, you need to shift to a what’s next mindset as well as make yourself available to learn something new.
It is always darkest when we are in the middle of anything devastating, and we are always amazed at how quickly things change once we have the tools, knowledge, and discernment to move forward.
Both have been around for a very long time, are superior in their integrity, and focus primarily on the activity of hackers globally.
Be sure to enroll into their email subscriptions as well.
Let us know your successes in the comments below — or if you need some direction, ask us a question either in the comments or on social media, we’ll get back to you shortly.
And again – with everything in life, we should not be focused upon the likelihood of getting or not getting hit by something that can cause harm, instead, we should be focused on minimizing the level of the devastation if and when we do get hit, especially when that something is consistently escalating.
KnowBe4 and other security vendors are providing more information for free.
Just click the button to make a selection – or selections!
Our Social Media Presence
Where to Follow Us!
Garrett is the publisher, editor, writer forThe HRIS World Research Group, which includes The HRIS World, The HRIS World Research, The HRIS World Jobs, The HRIS World News, The HRIS World NewsMagazines, and The HRIS World Videos
With more than 20 years in roles as a client executive sponsor (#thwCES), project manager as well as functional/technical lead, Garrett is sought for his expertise for project insights, thought leadership, and team management globally.
He has been involved in large-scale and complex implementations since 1991 and has recently moved his operations to be with his wife in Brazil.
Garrett has had the pleasure of working with some of the greatest talents in the industry, and constantly shares his experiences and knowledge through content and webinars.
He maintains his fluency in Portuguese, German, French, and English with his various endeavors and contacts..
When not working, you will have to be adventurous to stay up with him as Garrett loves motorcycling, gunnery, boating, sailing, flying, and sports fishing -- and accompanying his wife on her various likes
About The HRIS World Research Group
The HRIS World blog, which is read by more than 50,000 from more than 160 countries monthly, manages to have more than 550,000 pages viewed monthly. 40%+ of the audience are decision-makers in their organization (and about half of that being C-levels!).
As CEO for CGServices USA Inc, he focuses on multi-provider, multi-line implementations consultation for HRIS systems
Council and Education Member of Gerson Lehrman Group Council, helping institutions of the world leaders meet, engage and manage experts across a wide range of sectors and disciplines.
Your Invite to Inspire Others
If you'd like to provide a post, a series of posts, or become a regular contributor to The HRIS World, click the blue contact us button on the bottom right of your screen to send us a message or reach us through our social media for details...
You can always contact Garrett via email, social media, or by leaving a comment below...
Latest posts by Garrett O'Brien (see all)
- How to Master Speaking Confidently for Presentations - Wed, 14-Jun-2017
- How to Learn the Art of Negotiating Your Contract - Tue, 13-Jun-2017
- Our Education System Needs a Wake-Up Call – From You - Mon, 5-Jun-2017
- New Feature: Weekly Video Presentations… Or How We Bounced From A Critical Error - Fri, 2-Jun-2017
- Ransomware: Stop Playing With Fire… and Fate - Tue, 16-May-2017