Tips to Protect yourself against Ransomware attacks

The Protected Harbor Difference

At Protected Harbor we will not onboard a client without making the changes needed to protect against Ransomware. We think a new reality is that only good network design and good governance can keep networks safe. Most small IT companies are ill-equipped to understand the depth of the risk, much less take the necessary steps to protect against Ransomware.

The end-user resistance to change combined with tight IT budgets and the concept that IT is low cost has created a climate of a one-stop drop-in application or solution to stop all IT problems. This approach will not work to stop Ransomware. In short at Protected Harbor we protect our clients through better design.

Ways to PROTECT YOUR SYSTEM FROM RANSOMWARE

Below are the steps we take to protect our clients and we recommend the steps are deployed by all organizations.

Desktop/Network & Backup Isolation

The first step in a new network design is to limit through segmentation the network. Desktops, Servers and the backup should all be on separated and isolated networks. Using this approach an infected desktop will not be able to access the backups and will not infect the backups.

Virtualization

Protected Harbor will accomplish desktop and network isolation using virtualization. Virtualization allows Protected Harbor to back up the entire desktop, not just shared folders, or databases, or scanned folders, but all folders. This means we can recover the entire office, and not pieces of the office.

Email & Web Filtering

Filtering of email and web content is an important part of the Protected Harbor Ransomware defense. Good email filtering should include pattern recognition. The initial Ransomware attacks follow a template and email filtering systems when properly configured either block or quarantine the attack.

Tighten local server/desktop permissions

Our clients do not run their programs as Administrators. Enhancing the security drastically reduces a ransomware attack and virtually eliminates malware attacks. Enhanced security reduces what an attack can affect through better design.

Reduce the number of common shares folders

Typically, clients will have one or two shared folders that all users have access to. Ransomware attacks not only infect those shares but then use them to spread the attack to other non-infected systems. We work with clients to reduce or eliminate shared folders, increasing the protection through better design to ransomware.

Reduce public corporate contact information

Live email addresses should not be published on a website. If a website needs an email address, the published address shouldn’t use the same format as the internal address. If jsmith is the email prefix, as in jsmith@abc.com then for the website the published email should be jacksmith@abc.com. Additionally, sensors can be added to the content filter for petersmith@abc.com for example. This would mean the attacking IP (the one attempting to send email to petersmith@abc.com) is really a robot attacker; adding that IP to the block list would prevent all future attacks from occurring.

Parameter or Geo Blocking

For our clients we maintain enhanced network protection that includes active parameter checking and Geo-Blocking. For example, we check the address of inbound requests, and if the IP is from a blocked country, then the traffic is blocked even before it reaches the client’s network. Countries we routinely block are North Korea, Russia and countries are known for sending out Ransomware attacks. If access is needed from a blocked country, a simple support ticket resolves the issue.

Testing & Training

At Protected Harbor we perform routine simulated Ransomware attacks. These tests are productive at helping end user stay vigilant to attacks and the tests allow end users to be identified that might need some additional assistance to understand the importance of being careful with email.

“We guarantee we can PROTECT YOU FROM RANSOMWARE!”

Any vendor that says that or implies that is lying. There is no one magic happy pill, service, or device to stop ransomware. When done right guarding against ransomware is a combination of multiple technologies, backups, education good layered network design and human intervention.

Protected Harbor is a unique vendor because we don’t resell other company services, we engineer our own solutions. That depth of knowledge is a foundational difference between us and anyone else. The depth of technical ability allows us to write this document and solve the problem at the core and not band-aid the problem as others do.

Ransomware Explained

Ransomware is malicious software that targets computer systems and locks down important data until a ransom is paid. Ransomware is an increasingly prevalent form of cyber-attack, which can cause serious disruption to businesses and individuals alike. It works by malicious actors encrypting a victim’s data and then demanding a ransom payment in order to restore access to it. Organizations must take active steps toward ransomware protection and prevention, as the costs associated with a successful attack can be substantial. Investing in robust IT security measures, such as antivirus software and regular backups, will significantly reduce the risk of becoming a target. Furthermore, ensuring employees have the necessary understanding of ransomware prevention techniques will help protect your organization from this form of cyber-attack.

What is a Ransomware attack?

Ransomware is the encryption of files, without knowing the password, and most of the time the encryption is self-executed for local files, network files and operating system files combined with Trojan installations to enable later additional data theft or additional attacks.

Most of us have used or made a password protected ZIP file before. ZIP files are a form of encrypted and compressed files. The encryption and compression process
works by mathematically removing the empty and repeated characters in the data using password. The mathematical formula uses the password as a seed and applies a
compression algorithm to the data, securing and reducing the data. Using this technique, a ZIP file is both secure, because without the password it can’t be decrypted and smaller in size.

A Ransomware attack at its core is where the organizations data files have been encrypted using a similar technique to a password protected ZIP file. Typically,
ransomware attacks encrypt one file at a time. Ransomware attacks can be devastating because the data once encrypted is not recoverable. Initially versions of ransomware attacks targeted local files on local computers, but more recent attacks have caused greater damage by targeting network folders and operating system files.
Once an operating system file is infected the server or PC will never work right and should be totally reformatted and recreated.

Ransomware attacks also attempt to install infected files, also called Trojans. The Trojans are used to later attack the computer or server again and or are used to
monitor the infected system to steal data. Some Trojans don’t directly attack but instead run in background monitoring and sending new data. This is what occurred at the Sony attack;  Modern cleaning tools like Malwarebytes do a good job at removing infected cookies and web attacks but do not clean operating system files very well, which is why we always recommend not cleaning a PC or Server but rebuilding it.

How does a Ransomware attack occur?

But how did it occur? How did it get in? Virtually all of the time the attack is self-started, meaning the attack was triggered by a trusting employee. Most Ransomware attacks start via email. An external email server or email account is compromised, and the compromised account is then used to send out infected emails.

Image is an example. The email itself it not infected. The email account is legitimate, and at the time the email server amegybank.com was not flagged as a spammer – meaning this email would have passed through most firewalls, filters and blocking services.

The infection is the attached HTML file. The attached HTML file is the payload. The HTML file will look to many anti-virus programs as a web cookie or bot, i.e. a
legitimate attachment. Bots or payloads can take many forms, Macros in Word, Excel or PDF files are typically used.

A payload is a small piece of programming code designed to look like a legitimate web from a web site. Once the end-user clicks on the attachment the payload is activated. Once active the payload will download from a remote site the actual attack. The attack will be a larger program that is also designed to slip through firewalls and content filters, this program will start to encrypt files and also will look for links to remote data, either remote server (RDP for example) login information, web site links with stored passwords, FTP or STP file transfer links, virtually any form of data connection is attempted. The attack is designed to find as much data as is possible, the more data that is encrypted the more the infected company is willing to pay.

How to Protect Your Data from Phishing Sites

What’s a Phishing Attack?

A phishing attack is a deceptive attempt by cybercriminals to trick individuals into divulging sensitive information, such as usernames, passwords, or financial details, by masquerading as a trustworthy entity. These attacks often occur via email, where the attacker sends a fraudulent message appearing to be from a legitimate organization, enticing recipients to click on malicious links or provide confidential information. Phishing attacks can also occur through other communication channels, such as text messages or social media platforms.

To protect against phishing attacks, organizations and individuals employ various measures, including secure email protocols, email security solutions, and secure browsing practices. Secure email protocols utilize encryption and authentication mechanisms to prevent unauthorized access to sensitive information during transmission. Email security solutions, such as spam filters and malware scanners, help detect and block phishing attempts before they reach recipients’ inboxes. Secure browsing practices involve verifying website URLs, avoiding clicking on suspicious links, and being cautious when sharing personal information online.

Common types of phishing attacks include spear phishing, where attackers target specific individuals or organizations, and pharming, where attackers redirect users to fraudulent websites. By implementing robust data protection measures and promoting awareness of phishing techniques, individuals and organizations can mitigate the risks posed by these malicious attacks and safeguard sensitive information from unauthorized access and exploitation.

Here’s How Phishing Works

In today’s digital landscape, understanding how phishing works is essential for safeguarding your data and maintaining secure communication channels. Phishing, a form of cyber attack, typically involves fraudulent emails or messages disguised as legitimate entities to deceive recipients into revealing sensitive information. These attacks aim to compromise data protection measures and exploit vulnerabilities in secure email systems.

There are various types of phishing tactics employed by cybercriminals, including deceptive emails, spear phishing targeting specific individuals or organizations, and pharming redirecting users to malicious websites. Ensuring robust email security protocols and practicing secure browsing habits are paramount in mitigating phishing risks.

To fortify defenses against phishing attempts, prioritize implementing secure email solutions and employ encryption methods to safeguard sensitive information. Additionally, educate users on recognizing phishing red flags, such as suspicious sender addresses or unsolicited requests for personal data.

By understanding the mechanisms of phishing attacks and bolstering email security measures, individuals and organizations can proactively defend against data breaches and uphold robust data protection standards. Stay vigilant, stay informed, and stay secure in the ever-evolving landscape of cyber threats.

What to do if you fall victim?

If you fall victim to a phishing attack and disclose sensitive personal information, take immediate action. Notify your bank or financial institution to secure your accounts and monitor for fraudulent activity. Change your passwords for affected accounts and enable two-factor authentication where possible. Report the phishing attempt to the appropriate authorities, such as the Anti-Phishing Working Group or the Federal Trade Commission. Additionally, educate yourself and others on how to recognize and avoid phishing scams in the future. Remember to report any suspicious contacts to help prevent others from falling victim to similar attacks.

Tips to Fight Identity Theft

Protecting yourself from identity theft involves taking proactive steps and being aware of common risks and preventive measures. Here are effective ways to prevent identity theft:

1. Safeguard Personal Information: Refrain from disclosing sensitive details such as Social Security numbers, account numbers, or passwords online or over the phone unless you initiated the contact. This precaution is crucial in thwarting unauthorized access.

2. Exercise Caution with Emails: Avoid clicking on links in suspicious emails, as they may contain viruses that compromise your computer’s security. Instead, type the website URL directly into your browser or use a trusted bookmarked page.

3. Remain Skeptical of Threats: Do not succumb to urgent emails or calls threatening severe consequences if you do not provide financial information immediately. Verify the authenticity of such communications independently by visiting the company’s official website.

4. Act Promptly if Targeted: If you suspect or experience identity theft, take immediate action. Alert your financial institution, place fraud alerts on your credit files, and closely monitor your credit reports and account statements for unauthorized activity.

5. Report Suspicious Activity: Report any suspicious emails or calls related to identity theft to the Federal Trade Commission (FTC) or call 1-877-IDTHEFT. Timely reporting helps mitigate potential damage and prevent further incidents.

By adhering to these preventive measures and promptly addressing any signs of identity theft, you can significantly reduce the risk of falling victim to fraudulent activities. Being proactive and cautious with your personal information is essential in safeguarding your financial security in today’s digital landscape.