CRYPTOLOCKER'S FRESH LEGS - AND THE BITCOIN CRAZE KEEPING IT GOING
When the CryptoLocker ransomware virus first
appeared in September, few IT experts expected it to stick around for so
long. But in 2014, the ransomware, which generally appears as a .ZIP, .PDF, or
.EXE file attached to an unfamiliar email, is still infecting computers at an
alarming rate, according to a
Dell SecureWorks analysis. A University
of Kent survey released in March revealed that 1 in 30 users have been hit
by the virus — and 40% of those had paid the ransom.
Once CryptoLocker infects a machine, it encrypts all accessible files and attempts to extract hundreds or even thousands of dollars in payment to de-encrypt them. The payment is requested in Bitcoin, a digital currency rising in mainstream visibility but still lurking in the shadows of legitimacy.
Here’s a Bitcoin primer: the open-source, peer-to-peer payment network was introduced in 2009, quickly becoming the chosen currency of the online world’s dark underbelly thanks to the fact that it requires no exchange of notes or tokens between buyer and seller. Instead, buyers request an update to a public transaction log, called a “blockchain,” that is maintained via a decentralized network of Bitcoin “miners” who verify timestamp payments.
By 2013, Bitcoin was dominating mainstream news stories, thanks to extreme price volatility, US Senate hearings, and China’s decision to heavily regulate the currency. Bitcoin is gaining acceptance among legitimate vendors and merchants, including Virgin Atlantic, OkCupid, and Reddit. And many economists say Bitcoin use could become more widespread due to ease of use and lower transaction fees.
Bitcoin plays a big role in one nasty endeavor, though: the aforementioned CryptoLocker virus. After an initial requirement that affected users pay the ransom in MoneyPak prepaid credit cards, later iterations changed their payment method to Bitcoin. The only problem was that Bitcoin enjoyed a stupendous surge in value around the same time, raising the ransom’s going rate from around $300 per “coin” to, in some cases, over $4,000.
Many IT service providers admitted that computer users who didn’t have sufficient backup and disaster recovery systems like CMIT Guardian probably would have to “pay up” to recover their CryptoLocker-affected files. But security officials deplored the practice, saying it would only encourage Bitcoin’s continued use as ransom. “If even a few victims pay, then the cybercriminals will think they have got a viable business model and keep infecting people and asking for ransoms,” Dmitri Bestuzhev, a spokesman for anti-virus behemoth Kaspersky, told The Guardian in 2013. “If nobody pays, they will stop these campaigns.”
For now, here are 5 steps to avoid CryptoLocker infection:
• Implement regular, remote backups and a sound disaster recovery plan
• Never open ANY attachment from ANY sender you don’t recognize
• Validate ANY link in ANY unfamiliar email before clicking by hovering over it and looking for legitimate IP addresses, not long strings of unrelated characters
• Ensure that solid firewall, anti-virus, anti-spam, and malware programs are in place
• Have a trusted IT professional assess the security of your systems
Why Data Breaches Keep Happening - And What You Can Do to Avoid Them
With the end of 2014’s first quarter upon us, we decided to interrupt our longing gaze at the warm, sunny weather in the near future and take a look at top trends affecting the technology world since January 1st.
Unfortunately, the one story that continues to dominate tech news is data breaches, data breaches, and more data breaches. Although its massive breach affecting over 100 million customersoccurred last year, Target reported in January that its Q4 profits fell by nearly 50%, while 2013 profits declined by more than 33%. In a sign of how significantly the breach has shaken the company, last week, Target’s Chief Information Officer Beth Jacob even resigned, while CEO Gregg Steinhafel announced an overhaul of information security practices.
Plenty of new breaches have occurred in 2014, as well. Sally Beauty Supply revealed an attempted breach in February, Sears launched an investigation into one in March, and everyone fromKickstarter to the University of Maryland to Smucker’s has announced their own vulnerabilities. And that’s not even digging into the many small health care-related breaches coming to light daily thanks to the recently enhanced HIPAA Breach Notification Rule, which requires public reporting of any incident affecting more than 500 individuals.
As John Pirc of security organization NSS Labs told SC magazine last week, “The trend in breaches in 2014 will be like the movie ‘Groundhog Day’ — we will be reliving the same scenario day after day.” The worst part? Symantec and the Ponemon Institute estimated in an analysis last May that the average total cost of a data breach is nearly $200 per record affected.
So what can you do to avoid such a devastating occurrence?
• Implement a trusted remote backup and disaster recovery service. CMIT Guardian, for instance, employs top-flight encryption levels for data both at rest and in transit, while also providing a failsafe backup in the event a data breach does affect your business. At this point, unfortunately, it’s more a matter of when than if — so preparing for that possibility is the smartest way to survive it.
• Understand that even the most stringent security measures may still not be enough. We’ve said it before, and it bears repeating: every employee, workstation, and mobile device represents a possible vulnerability. Most high-profile data breaches are the result of coordinated cyberattacks, but many smaller ones stem from a single stolen thumb drive or employee that inadvertently opens an infected email attachment.
• Strengthen your passwords. The rash of recent data breaches makes this common-sense practice even more important. The Adobe breach in October that affected over 38 million users revealed a wealth of information. For instance, “123456” was the service’s most popular password, followed by “qwerty,” “abc123,” and “123456789.”
Worried about how data breaches can negatively affect your business? Afraid your information isn’t properly protected? CMIT Solutions can and will help. We understand the critical nature of data security and the impact a breach can have on your business. Contact us today to put our encryption, backup, and disaster recovery solutions to work for you.
Why Hire a Professional IT Company to Help Your Business?
As a small to medium-sized businesses owner, many questions come to mind when thinking about how to implement technology that is essential to your business. You may have thought about hiring a technology company but did not because you assumed such a service could be performed on your own. For example, you may currently have a friend working full-time that helps you out, or you may have an administrative assistant or another employee that dabbles in technology to help around the office. Other options include buying your own equipment, plugging in the computer, and hoping it works.
This may work for some, but if you want to
get the most out of your technology, you need a professional to handle such
critical equipment just like any other professional services company. For
example, you would probably not hire an inexperienced college student to
prepare your taxes and file tax returns for your business. You would hire a
professional tax preparer or CPA, right?
Small and medium-sized businesses can get the
most out of their technology by understanding what the most critical aspect of
their business is. They need to break down all the important parts of their
technology and ask themselves, “What if that piece of technology was not available
to me at the most critical time of my business?”
Would clients be impacted?
Would employees not be able to do all or part of their work?
Would the business owner lose money?
Would the business owner lose clients?
Is the business owner’s reputation on the line?
Proactive
vs. Reactive
Many business owners think reactively and
don’t realize that having a proactive technology plan will protect them from
the inevitable moment when they realize “Our
computers are down!” While no professional IT company can guarantee a
business 100% availability to all their systems, mitigating much of the risk by
hiring a professional IT services company can provide a huge lift to small and
medium-sized business owners.
As a small business owner myself, I understand that diverse
businesses have different needs. Just like I would hire the right professional
for the job of mitigating risks and adding value to my business, a professional
IT company can provide the same service.
Some business owners today look at their technology as a necessity but
try to implement the technology themselves by buying their own computers,
laptops, and routers and then installing it themselves. Many technology vendors
today also develop their products to give consumers the ability to have that technology
work as soon as you plug it in and install it. But while the device may work
and does what you need, how do you know it was implemented correctly?
For example, I met a prospect who told me his backups
have been running for eight years; he gets daily email alerts about whether those
backups succeeded or failed. When we checked the backups, they were only
backing up the “application” directory and not the “data.” For eight years, he
thought his backups were working — and technically they were — but they were
not backing up his actual data. When I told him this, he realized he could have
lost all his data, putting his business and clients at risk.
Having a professional IT company can also help you determine
what’s necessary for your company. Business owners know they will need a
computer or a laptop, but they may not realize they can benefit from certain
technology like a server or firewall, or that they can recover important emails
even if they already deleted them from their inbox. Professional IT companies
can provide long-term benefits to businesses by helping them come up with
informed technology decisions.
Budget
and Cost
Professional IT companies have many different cost
structures. Depending on the needs of the client, those costs can vary from one
business to another. If you are a small or medium-sized business owner, many
times you have a budget and allocate spending towards technology. During the
budget process, it is beneficial for both the business owner and professional
IT service provider to be involved in helping you make the right decisions.
Even if you don’t have a formal budgetary process, you can work with an IT
professional to help you.
It is also very important to consider costs for hardware,
software, and support. There is always going to be a cheaper way of
implementing your technology, but the most important question business owners
need to ask is, “What value can I get by hiring a trusted IT professional?” Aside
from hiring a professional IT company, business owners have several options, including
hiring someone full-time to handle technology. Typically, hiring someone full-time
can be costly, and you have to weigh that cost against outsourcing or hiring a
professional IT company.
As a business owner, you may think that hiring a
professional IT company is too expensive. To help you fully appreciate the
costs of your network going down, you can use this example for your own company
to determine the cost of lost productivity and calculate the benefit of hiring
an IT professional to help you with your technology costs.
Let’s say you run a small law firm with 50 employees who
have an average salary of $50,000. Your network is down and you cannot access
your email, applications, or data files. Since you don’t have an IT
professional, you call a few companies to come onsite and fix the issues. If
your employees are down for two hours, and generally full-time employees work 2,000
hours a year, the average hourly rate for each employee is $25 ($50,000 / 2,000
hours). If you multiply two hours of downtime at $25 an hour by 50 employees,
you paid your employees $2,500 for the time they were unable to perform their
job duties. Additionally, the cost of an IT company coming to perform its work
would result in additional expense.
Also, there is a cost associated with the attorneys and
staff not being able to work on billable client hours, which would result in
additional hours of lost revenue. For example, if the billable rate in the law
firm is $250 an hour, and 10 of the 50 employees were working on clients that
were billable hours, you would have a loss of revenue of two hours X $250 X 10
employees, which equals $5,000 of lost revenue.
You can see how a $7,500 loss of productivity and revenue
can easily affect your business bottom line. Working with an IT professional
can help budget and mitigate the costs associated with downtime and
support.
Hiring a professional IT company can provide you with many
major advantages. Some IT companies have the ability to get better pricing on
hardware and software and also provide support solution package that helps
reduce downtime. Additionally, having a trusted advisor means someone can
answer all of your questions about certain technologies like cloud services,
new applications, or new hardware.
As a business owner, it is important to remember that hiring
a professional IT company can help your business get the highest return on your
technology investment. Doing it yourself or hiring someone that is only
available at night or on weekends is not going to help you in an emergency. It
is important to consider the costs of hardware and software and how you would
potentially be affected by downtime before making this important decision.
Subscribe to:
Posts (Atom)