Use our LinkedIn Login to download this post to PDF or save it to MyLibrary!
And What You Can Do NOW to Minimize This Impact
Probablity versus Level of Devestation
With everything in life, we should not be focused upon the likelihood of getting or not getting hit by something that can cause harm, instead we should be focused upon minimizing the level of the devastation if and when we do get hit, especially when that something is consistently escalting.
A couple of weeks ago, a seemingly innocent download for an upgrade resulted hours later in our entire system – all our networked machines, synched machines, and all their drives – being literaly held for ransom.
As we were connected to our server at the time, thankfully the protection for our server stopped it from being affected.
Even though I work more than 3000 hours a year on the web and usually can recognize a stealth attempt to hack into our computers, I have discovereed since working on our recovery from this issue that even security experts are stunned by the ease at which this most recent version of ransomware can be implemented into a machine – as well as the spread it makes once downloaded.
It is a very professional job that pays attention to details, human habits, system weaknesses — and plays upon all 3 in quick fashion
It doesn’t matter whether yours is a home or enterprise system, they are finding ways around the protection and are usually not detected until activated behind your security wall — very Trojan Horse like.
In essence, an update is requested for a software you already have — which, in and of itself, gives excellence credence NOT to have updates implemented automatically.
The request has everything in order – the conteact information (even the links are legit), the logo, the font, the layout, even the copyright and distribution terms – even the hidden link for the download appears legit.
After the download, everything disappears save the file you downloaded – and nothing appears to happen, not even in your task manager.
The Grenade Effect
A few hours later, a HTML window opens up and you find yourself reading a notice that everything on your machine, every drive on your machine, every synched and connected device and their drives to your machine (through wi-fi, web, or hardwired network) have all been encrtypted — and for a healthy sum (US$500 is not uncommon) you can have the key to unlock it all.
And it has to be paid in bitcoin as bitcoin payments can’t be tracked.
Your options at this time are severly limted…
- Pay the ransom for the key — wisdom dictates this is a very stupid option as you are now assuming everything or nearly everything will be fine afterwards… Really? You’re going to give someone this ornery any level of trust? Who’s provding the guarantee that everything will be like it once was? What about repeat attacks? Probably with higher ransoms as well… They have you ONLY if you permit them to think you have no other options and are totally reliant upon them – you have other options, you are not dependent upon them for anything save more pain, move on…
- Visit the various geek boards and see if someone has cracked the key to the ransomware. Most likely IF they did, the hackers have already seen how they did and reinforced the weakness of the current version by which you have been hit. You would also need to know which variant of the ransomware hit you — most likely you won’t have a clue how to determine that in quick order unless someone techy is nearby.
- Attempt to find a decrypting tool that will break the encryption and return your files safely — sounds easy enough once you found a site that provides suxh, right? And it does sound easy enough – until you discover there are as many ways to encrypt as there are there are ways to make pizza, and you need to know which form of ecryption was used.
- Finding the right decryption tool is just a starting point as you still have a bit more research as well into refining the decryption process.
- Safely decrypting your data can be a nerve-wrecking process and necessates being as thorough as possible – IF and when you know what you are doing.
- In otherwords, the whole decrypting process forces you to make yourself available to learn something entirely new and probably pretty much beyond your abilities in order to do it successfully as partially decrypting something coud very well render it totally useless.
- For every machine attached to the source of the infection (including every synched machine, no matter how it is connected), you can format the entire system (meaning each machine) and use clean backups or mirror images to restore each and every machine in your system — emphasis on clean as that download could be on the backup if you did not initiate the ransomware immediately (I guarantee they are working on overcoming this very thing as you read this so even your backups could be affected in some manner, IF they have access to them).
- Format your entire system and perform a clean install – doing everything from the very beginning, as if new.
NOT a very prtetty picture, no matter how you slice that pie…
There are other things the ransomware will do with your data besides encrypt it — such as retreive as your address book and emails since they are rich in contact information that the hackers most likely will find useful…
There are also spyware and cookies that can be planted ont your machine(s) to track your progress…
Where is All This Going?
And ransomware has been growing very rapidly since its first launch more than 10 years ago in Russia – and it’s future is going to require you to be knowledgeable and protected from such.
post continues after these free offers
Today's Featured Free Offer
Communication is more than just a monthly newsletter.
A Modern Communicator's Guide to Corporate Communications
This 6-page guide is full of tips and tricks to help you create compelling stories and enable meaningful conversations inside your organization with the help of a modern intranet solution.
Offered Free by: Igloo Software
post continues from above
“So, what does the future of ransomware look like? If I had to put it into words: brands, and franchises.
“First, let’s talk about franchises. An interesting trend has emerged in the past few years, in the respect that the development of ransomware has become incredibly commoditized. Today, if you get infected with ransomware, it’s entirely plausible that the person who distributed it, is not the person who created it.
“Then there’s branding. While many ransomware strains have earned name-recognition for the destructive power they possess, some manufacturers are aiming to make their products as anonymous and generic as possible.
“The value of a white-label ransomware is that it can be rebranded. From one main ransomware strain, hundreds more can emerge. It’s perhaps this reason why in the first quarter of 2015, over 725,000 ransomware samples were collected by McAfee Labs. This represents a quarterly increase of almost 165%.
“It seems extremely unlikely that law enforcement and the security industry will be able to hold back this surging tide.”
If you read this far, then you are probably wanting to know more about ransomware, what you can do to protect yourself (as you are probably and most likely NOT protected, especailly if you have not heard of ransomware) as well as what to do if you have alreay been hit…
When it comes to insurance, nothing beats backups for protection.
Be sure you back-up each machine often (daily in most cases) and keep a series of back-ups for each machine, usually a week or longer.
Also, keep a set for each previous month for the previous 3 months, preferably the last back-up of each mont for each machine.
The likelihood you are going to use any of the backups are minimal – the likelihood you are going to wish you had them once hit is 100%.
It’s not about their dormant value, it is about their value once needed.
The reason for the series?
Anything that was on your machine is in those backups – including infections, viruses, nasty bots, etc…
Your backup quality is only going to be good as the protection you have on your machine in the first place – if you got hit by ransomware then your most recent backup may or may not be clean.
Buy an external drive, purchase a cloud service, talk to those who are in the know about technology as to which would work best for you – what works best for us would not necessarily work best for you.
Find something you are comfortable using, preferably something that will continuously backup automatically, as well as has a solid reputation for maintaining not only your files but protecting them as well.
Above all, be vigilant when using a computer – we have grown accustomed to them being an extension of ourselves, until they don’t work.
Whenever you are hit and taken down by a hacker, go to an outside computer (any computer NOT on your current network and system) and get the word out via social media to those who are in contact with you frequently as well as recently.
At this point it is far better for everyone to be overreacting than not reacting at all — remain calm however, whatever has happened has already happened, you need to shift to a what’s next mindset as well as make yourself available to learn something new.
It is always darkest when we are in the middle of anything devastating, and we are always amazed at how quickly things change once we have the tools, knowledge and discernment to move forward.
Both have been around for a very long time, are superior in their integrity, and focus primarily on the activity of hackers globally.
Be sure to enroll into their email subscriptions as well.
Let us know your successes in the comments below — or if you need some direction, ask us a question either in the comments or on socail media, we’ll get back to you shortly.
And again – with everything in life, we should not be focused upon the likelihood of getting or not getting hit by something that can cause harm, instead we should be focused upon minimizing the level of the devastation if and when we do get hit, especially when that something is consistently escalting.
KnowBe4 and other security vendors are providing more information for free.
Just click the button to make a selection – or selections!
Our Social Media Presence
Where to Follow Us!
Garrett is the publisher, editor, writer forThe HRIS World Research Group, which includes The HRIS World, The HRIS World Research, The HRIS World Jobs, The HRIS World News, and The HRIS World Videos
With more than 20 years in roles as a client executive sponsor (#thwCES), project manager as well as functional / technical lead, Garrett is sought for his expertise for project insights, thought leadership, and team management globally.
He has been involved in large-scale and complex implementations since 1991 and has recently moved his operations to be with his wife in Brazil.
Garrett has had the pleasure of working with some of the greatest talents in the industry, and constantly shares his experiences and knowledge through content and webinars.
He maintains his fluency in Portuguese, German, French, and English with his various endeavors and contacts..
When not working, you will have to be adventurous to stay up with him as Garrett loves motorcycling, gunnery, boating, sailing, flying, and sports fishing -- and accompanying his wife on her various likes
About The HRIS World Research Group
The HRIS World blog, which is read by more than 50,000 from more than 160 countries monthly, manages to have more than 550,000 pages viewed monthly. 40%+ of the audience are decision-makers in their organization (and about half of that being C-levels!).
As CEO for CGServices USA Inc, he focuses on multi-provider, multi-line implementations consultation for HRIS systems
Council and Education Member of Gerson Lehrman Group Council, helping institutions of the world leaders meet, engage and manage experts across a wide range of sectors and disciplines.
Your Invite to Contribute to The HRIS World blog
If you'd like to provide a post, a series of posts, or even be a regular contributor to any of The HRIS World blogs, click the blue contact us button on the bottom right of your screen to send us a message or reach us through our social media for details...
You can always contact Garrett via email, social media, or by leaving a comment below...
Latest posts by Garrett O'Brien (see all)
- Shouldn’t feel guilty about coffee addiction? Even just a little? - Wed, 26-Apr-2017
- Stop Being Tracked on ALL Your Browsers with ONE Plugin - Tue, 25-Apr-2017
- Searching with the Right Keywords and the Right Technique? - Mon, 24-Apr-2017
- The Top 10 Qualities That Influence Millennials In Their Choice of Company - Mon, 17-Apr-2017
- How Cybercrime Can Impact Human Resources and Your Business - Mon, 10-Apr-2017