Average Ransomware Payment Rises Again

COVID-19 continues to create opportunities for the “bad actors” to wreak havoc. In this week’s blog we discuss the latest security concerns created by the COVID-19 pandemic, specifically around Ransomware. This quarter saw a 33% increase in ransom from Q1 2020, with average payment requirement of $111K! It’s the seventh straight quarter that system hijackers have reaped more money and shows that this security breach continues to grow. Compare this to the previous numbers we shared in which the average ransom in Q4 2019 had increased from $84,116 reflecting a staggering increase from $41,198 in Q4 2018.

2020 Findings for Quarter #1 (Q1):

Ransomware Attack Vectors:

  1. RDP Compromise remains at 60%
  2. Email Phishing rose to 26%
  3. Software Vulnerability dipped to 10%.
    **Poorly secured Remote Desktop Protocol (RDP) access points continued to be the most common attack vector in the last two quarters.

Targeted Companies/Industries:

  1. Companies in the Professional Services Industries are the most commonly targeted
  2. Healthcare Companies
  3. Public Sector entities – schools, government
  4. Software Services Companies

Average Size of Companies Targeted by ransomware:

  1. The median company size victimized was 62 employees for Q1, 2020, a 2.5% rise from Q4, 2019.

Average Downtime From Ransomware Attack:

  1. The average downtime for a business compromised was 15 Days

In addition, Cybercriminals are now weaponizing sensitive data to increase pressure on their ransomware victims. More than just asking for a ransom to gain access to your data, they are now threatening to sell your data. Of note is that 99% of ransomware attackers demanded their ransom be paid in Bitcoin; the remaining 1% asked to be paid in Dash or other privacy coins. This has created even more issues and downtime for many companies as they had to scramble to set up BitCoin accounts. (Typical time to set up a BitCoin account is 2-days)

If You Haven’t Done so Previously, Now Is the Time to Evaluate Your Security Risk

Ransomware attacks are becoming more sophisticated and cybersecurity professionals are taking action. With the right tools, you can prevent, detect and respond quickly to ransomware attacks threatening your organization. Clare Computer Solutions offers a suite of security solutions to mitigate your risks. Cyber-extortionists will stop at nothing to steal your business data. Companies victimized by phishing emails and ransomware seek immediate assistance. Talk to your Account Manager or Virtual CIO to discuss your options for a greater security posture.

COVID-19 Relief Aid Phishing attempts have increased by 6000% – Is your Business vulnerable?

Uncertainty about the availability and allocation of financial relief funds for the COVID 19 pandemic has confused small business owners while simultaneously creating new opportunities for cyber attackers to prey on unsuspecting victims. Per a recent article published by IBM and Morning Consult, nearly 40 percent of small business owners believe they’ve been targeted with malicious coronavirus (Covid-19) spam emails. This new phishing scam has created an open door for those bad actors to wreak more havoc during this already stressful time.

Since mid-March, Covid-19 related phishing lures mimicking the Small Business Administration (SBA), the World Health Organization (WHO), banks offering relief funds, the U.S. Federal Reserve and other government organizations, have spiked by 6,000 percent, according to the report. For example, spam that impersonates the SBA and promises government relief funds trick victims into opening a spoofed application attachment that triggers a malware infection. With this continued rise of phishing attempts Security Awareness Training has never been more important. As you can see from the statistics below people are expecting to receive COVID-19 information and updates. As such, users may let their guard down and be easily tricked. “The data and intelligence should remind us that there is no honor among thieves,” the report reads. “Cyber criminals will continue to view times of uncertainty as an opportunity, seeking new ways to exploit targets when they have their guard down.”
Read more

[EXPOSED:] Coronavirus Elicits Phishing Attacks

Growing interest in up-to-date news on the COVID-19 (Corona Virus) is making many vulnerable to online cyber-attacks. Hackers are exploiting the public’s need to feel safe and in control, through phishing attacks.

Did you know Cybercriminals have ramped-up phishing attacks over 667% in the month of March alone?

With cybercriminals in a feeding frenzy, it’s super-important to conduct phishing training during this time. Make sure that your users are prepared. It’s better to have a “fail safe” in place and direct your users to a learning moment, than to have an employee click on a phishing email and have your entire organization experience a breach. According to Symantec, phishing emails have risen, common spoofs include the Center for Disease Control (CDC) Health Alert Network. Claiming to provide a list of local active infections, the links takes eager readers to a sign-up form that collected emails and passwords. Once these email/password pairs are stolen and in the hands of a cybercriminal, the damage can be catastrophic. Hackers use such methods to deliver payloads as: clicking a link, opening a PDF, or installing a program that infects your systems. Read more

How to Protect Your Business From the Dark Web

With flu season wrapping up, and the corona virus a real threat to many businesses here in the SF Bay Area, remote work could quickly become the norm. Regardless of policy, this opens many businesses up for credential stealing hackers to strike. With many workers out this time of year, business’ find themselves wondering how they can prevent cyber attacks, and infiltration as credential stealing becomes more popular than ever before.

Being a Small business used to be known, as a hacker deterrent; unfortunately that is no longer the case. Business owners have taken notice, and many have already began enhancing their security. For many SMBs, the dark web isn’t on their radar but it should be. Read more

IT Consulting made easy with Clare Computer Solutions leader in Bay Area IT Consulting

3 New Year’s Resolutions for Technology Minded Business in 2020

There is something special about flipping the calendar over to the peak of a new year. For many personally this means new years resolutions, for businesses it means fresh opportunity – a change to complete the things you missed in 2018! Like many, we’ve found businesses have a hard time considering what information technology goals they should have for the new year. Take this kick-starter for 3 New Year’s resolutions for your business to consider in the coming year. Read more

cloud computing

Don’t Be Left Battling Phishing Alone: Layering Your Security Approach

It’s time we admit it to ourselves, that the bad guys who draft up phishing emails to capture logins are getting much more thrifty. They have become so crafty in fact that even I could be fooled by these increasingly clever email attacks, one of them almost got me.

The Email That Almost Had Me Fooled

This email appeared from a trusted client, who we worked with for several years. The message read, that this client sent me a private message that was ready for me to read. Included was a link for me to click to take me to the message, or so one would think. The scary part of this is, it’s not unusual behavior at all. This fits the normal back and forth style of communication we have used in the past. In this instance, I didn’t check the email tool-tips, as I always recommend for people to do. Instead, I went ahead and clicked the link, opening what read as “Encrypted by Microsoft Office 365.” Asking me immediately to verify my identity by inputting my email and password. It was just about this time, I decided to review the URL and to my surprise, it was filled with an unpronounceable assortment of random numbers and letters. It was at this point, I realized this was not a Microsoft page. I stopped right then, in a moment of over-reaction, I unplug my internet connection, and run my anti-virus; they didn’t get me.

This example shows just how far employee training can go, showcasing how internal training and vigilance has been and continues to be, the foundation layer of every IT Security Strategy.

Lay & Wait Phishing

Another example I’ve seen countless times, something so subtle your anti-virus and SPAM tool wouldn’t have seen it coming. I received an email, from what appears to be a legitimate domain, asking to confirm the information on a business card they received, as their call didn’t go through. Once again, this is typical communication we all see and hear every day. What caught me off guard, is I never send anyone a digital business card, so why would they be referring to a link? I quickly hovered over to find a fishy address, one correlated to another message in my SPAM folder. The first message, from a different sender, included an email attachment asking why they are receiving the following bill.

When it comes to these phishing scenarios, a cool head, and proper training can combat the ever-evolving phishing techniques used by many today, adding further protection to improve the margin for error at your business.

3 Layers of Protection That Should Be Part of YOUR Security Strategy

Given the reality, nearly security-minded people can be fooled by these scams, employee training should always be backed by multiple layers of security, so you can ensure client data is safe.

Consider the costly ramifications and damages when a business fails regulatory compliance, letting in ransomware and losing customer trust.

  1. When I was moments away from handing over credentials to a scammer, I can still take comfort in knowing I had 2-Factor Authentication (2FA), adding a required code to my login process. For the bad guys, they would have had to gain access to my phone, the moment the key was sent to me, otherwise logging in is useless. I prefer the functionality of Duo 2FA, it’s simple for users, making it an easy to use app, for employees or clients to login. Providing a barrier that can defend against the vast majority of attacks.

  2. Demonstrable protection for device security is essential for protecting and securing your business data. If data remains and attacks that infiltrate systems can still be thwarted, and breaches averted. Showcasing things like forensics on how, and where the attack started. How they were able to penetrate your other defenses, through recording of log files we shorten the time it would take to restore all data.

  3. Finally, the most important of the three layers. We need something with the ability to endure successful attacks and recover quickly from such a disaster. This means having a data backup system in place that’s both robust, 100% trustworthy, designed to specifically maintain your business continuity. For your data backup to have value, data should be restorable with minimal downtime, with the ability to isolate and immune other devices from falling prey to these attacks. In those worst-case scenarios, where production data is corrupted or systems are locked by ransomware, the ability to simply replace data from a backup, empowers you to take victory over the attackers. We’ve found immense reliability, and when these scenarios occur you will want a backup solution to simply work, it might not make you 100 percent bulletproof, but your ability to recover data with haste will be.

While we understand the reality, mistakes will happen, click on phishing emails or compromising security can leave you, and your customers scrambling and outraged. Take a stance against cyber-attacks, knowing your Managed IT Support has your back, with layers of security to ensure no harm can be done.

Call us today to begin talking about what approach to security, would be the best fit for your business.

Purelocker

Built to Dodge Your Detection: Could This Be the First ‘Smart Malware’

Cybercriminals have done it again, they’ve developed ransomware that can now be ported to ALL MAJOR operating systems including, Windows, Linux, and MacOS. These attacks come targeted against your data servers. The name for this is PureLocker, a snaky nod to the programming language it’s been written in Pure Basic.

Carefully designed to evade detection, hiding malicious behavior in sandbox environments, using only functions seen in music playback. Reports have flown in that this malware can check if it’s in a ‘debugger’ environment, it will exit immediately deleting and hiding the payload from execution.

This has enabled PureLocker malware to stay hidden from many of the industry’s leading detection devices for up to several months. Many attacks will be launched on servers, laying aim to holding you hostage and only returning full-operation, after the ransom has been paid. Typically, these are seen by many as ‘high-value assets’ making these payment demands, suddenly sky-rocket. It should be noted, several of these examples had code to remove ALL DATA if the ransom was not paid within 7 days.

After doing some internet sleuthing, we uncovered several of these ransomware campaigns on the Dark Web, being offered to many as ‘Attacks-as-a- Service.’ Although cybercriminal operations and groups are on the rise, this bespoke attack is now being poised for use in phishing emails.

Don’t Be Fooled

These attacks mean business and are designed for criminals who know exactly how to hit organizations where it can hurt. Although uncertain how exactly its payload is delivered to businesses at this time, we know it operates with multi-staged attacks, further muddying the ability to rollback servers and systems from a single recovery point.

Those infected with the malware will see the normal signs of an attack, a ransom note with an email to begin communicating the negotiation of a fee to decrypt your files. BE WARNED: you will only have 7 days to pay the ransom, or all files will become uncoverable.

Concerned About the Health of Your Security Infrastructure?
We can help, with experts looking to provide your business, and employees with peace-of-mind knowing your data, and company reputation is protected. Bring constant visibility and threat reporting to your team, with NetCentral Secure from Clare Computer Solutions – Call us today to begin discussing your options.

FBI Updates Statistics: CEO Fraud Is Now a $26 Billion Dollar Scam and Growing

In 2000, the FBI created the IC3, known as the Internet Crime Complaint Center was first developed to handle singular fraud cases, until 2003 when the expansion of this department became unignorable. As of late, the cyber climate began growing at a rapid pace, so to aid in safer business computing, the FBI utilizes this division to receive complaints regarding any cybercrimes or fraud dealing with intellectual property, business data, client information, or employee contact information.

FBI’s Internet Crime Complaint (IC3) reports updated numbers, with Business Email Compromise(BEC) scams, known for CEO fraud are continuing to grow year over year. With over 100% increase in identifiable losses between May 2018 and July 2019. Since releasing their last report in June 2016, the IC3 received complaints regarding 166,349 domestic or international incidents – that is too many people falling for CEO fraud. It gets worse, with a total of $26 billion being stolen from 2016 – 2019. These findings are starting for any growing business, as criminals prey on Personal Identifiable Information or Wage & Tax Statements.

What’s the scam behind the Billions lost?

Although business email compromise scams have grown, there is a heightened awareness regarding this style of fraud schemes. Making this scam the most reported scheme from victims all over the world, making up the estimated $26 billion loss. Obviously, the U.S. is hit hard, but so are 177 other countries, across 140 banking institutions. Forcing small business owners, to begin acting on proactive methods of protection, and reactive measures for employees and technology.

Defensive Measures Against Business Email Compromises:

  • Use two-factor authentication or multi-factor Authentication to verify requests regarding changes in account information.
  • Always check URLs in email links, to double-check the business is who it claims to be.
  • Be aware of purposefully misspelled links to suspicious domain names.
  • Do NOT supply logins or Personal Identification Information through email.
  • Monitor your personal accounts on a regular basis, like a missing scheduled deposit.
  • Keep software patches on ALL systems, applying any possible feature updates.
  • Always check the sender’s email address to the company, they claim to be from. In most cases, domains should be the same.
  • Ensure email extension settings are setup, according to your company policy, to address the 2nd largest attack vector.

To make sure your employees don’t fall victim to Business Email Compromises, many businesses have implemented more strict processes to double-check/authenticate information regarding payment processing, HR, or Tax Information. using familiar methods. Not sure where you Stand? Need more direction? Cyber Security is a multi-layered approach, designed to uniquely target threat-vectors in a proactive attempt to shore-up any defenses that could easily be breached.

Leave Worrying About Hackers to the Experts
Clare Computer Solutions has provided clients with IT consulting, and Managed Services in the Bay Area since 1990. Security isn’t a one-and-done approach – get the right fit security for your business.

Hackers Execute Ransomware Attack & Encryption on SF Asian Art Museum

In the wake of destruction from an ever-growing threat of cybercriminals, many major municipal branches in Baltimore and Atlanta fell victim to encrypted systems and were extorted for millions. Soon after, the major targets became local school districts and colleges, but it would appear the targets have changed once again. This time to an industry that will surprise many, who think this could NEVER happen to them.

Museums…. That’s right, last Tuesday it was reported that the Asian Art Museum in San Francisco was hit with a ransomware attack back in May. Initially, when I heard this, I was as surprised as you were, why would a Museum be hit with Ransomware? Why would someone search out cultural institutions to attack? The answer lays closer then we think, dealing in lower monetary value, museum donors’ personal information, can be easily stolen, alongside the typical digital footprint of email, phone number, first name, last name, etc.

It sounds like something out of an action movie, the hacking of a museum in San Francisco, came to the surface when the Asian Art Museum refused to pay the demanded ransom, sticking with the city’s official “no-negotiation policy.” Although everyone at the Asian Art Museum has been tight-lipped about the tactic’s used against them, we do know the data was recovered, by utilizing a trusted backup system.  Always making sure technology partners are checking-in, and running tests periodically, making sure systems built for fail-over are fully operational, and providing the museum the confidence needed to NOT PAY the ransom, knowing they can easily restore data, giving everyone at the Asian Art Museum, peace of mind.

Don’t be taken by surprise, protect your business with these five tips to better your data protection:

  1. End-Point Protection – To protect employees and business’ from cyberattacks and encryption, it’s critical to your success to employ up-to-date End-Point Protection (EPP) and Malware Alerting on high-value targets like servers or domain controllers.
  2. Gone Phishing – The human element is what gets most people, and it’s because these phishing examples have been developed to simulate a popular brand or coworker email. Without successfully phishing someone to gain access, the doors on your network can remain closed. Be warry, as social networks have been hit hard with email spoofing.
  3. See Something, Say Something – One of the most important things to teach employees within your network, is if they see a ransomware pop up, you should immediately disconnect this machine from the network. This will prevent the infected system from communicating with other nods on your network, damaging more of your data, and encrypting more technology.
  4. Group Policy Controls – Generate access controls or Group Policy, in case someone does get into one of the computers, they won’t be able to remote into someone else’s PC or system. Making it critical to prevent the spread and damage of further entities.
  5. Prioritize your Vulnerability – How much of a threat can your business take on, with information everywhere on the network, it grows impossible to secure everything, making it imperative to create a layered approach – to further secure financials and company email that could contain personal information.

In today’s cybersecurity landscape, ransomware poses a serious risk to every business. Taking a proactive approach is the key to reducing your risk. You can learn more about disaster recovery planning and reliable backup solutions by consulting a technology partner who understands your organization’s unique needs. Contact a Clare Computer Solutions Consultant today to determine your risk.

Flipboard News gets hit by data breach in IT Support Blog Clare Computer Solutions

Read Between the Lines: What Your Business Could Learn from Flipboard’s Recent Data-Breach

According to Flipboard, hackers were able to tap directly into the databases where the app-company housed customer information. The information stolen, including customer names, user names, hashed passwords, emails, and digital tokens or API tokens for your favorite social media apps. Although Flipboard does not know how many accounts hackers infiltrated, nor have they fully-assessed the damage, one thing is for sure: It’s time for many companies to begin reading between the lines. While data that was stolen is serious, it’s the number of time hackers were able to go undetected that is cause for concern. Companies need to focus on Endpoint Protection. Read more