FBI: Russian hackers spy on, scour energy sector of the US; 5 companies targeted

FBI Russian hackers spy on, scour energy sector of the US 5 companies targeted


FBI: Russian hackers spy on, scour energy sector of the US; 5 companies targeted

According to a March 18 FBI advice to US businesses received by CNN, hackers affiliated with Russian internet addresses have been examining the networks of five US energy corporations as a possible preliminary to hacking operations.
As the Russian military suffers significant casualties in Ukraine and Western sanctions on the Kremlin begin to bite, the FBI alert only days before President Joe Biden openly warned that Russian-linked hackers could target US companies.

Key Highlights:

  • According to the Federal Bureau of Investigation, at least five U.S. energy businesses and 18 others in critical infrastructure sectors have seen “abnormal scanning” from Russian-linked IP addresses, according to a Friday bulletin first published by CBS News on March 22.
  • The behavior “certainly suggests early phases of reconnaissance, searching networks for vulnerabilities for use in potential future attacks.”
  • In a statement, Dennis Hackney, senior director of industrial cybersecurity services development at ABS Group, stated, “It is not surprising that Russia would activate its most effective war-fighting tools online.” “State-sponsored cyberattacks are difficult to attribute definitively,” he added.
  • On Monday, Biden warned business executives, “The enormity of Russia’s cyber capability is fairly consequential, and it’s coming.” Read more here.
  • Although no breaches have been established due to the scanning, the FBI advises the latest in a series of warnings from US officials to critical infrastructure operators about the possibility of Russian hacking. Biden’s public notice was broad and aimed to raise awareness of the problem, whereas the FBI advice was intended for a private, technical audience to help firms defend their networks.

An overview of the situation

In an address to the Detroit Economic Club, FBI Director Christopher Wray said Tuesday that federal law enforcement is “working closely” with cyber personnel in the private sector and abroad to assess potential threats.

“With the ongoing crisis in Ukraine, we’re focusing especially on the catastrophic cyber threat posed by Russian intelligence services and the cybercriminal groups they defend and promote,” Wray added. “We have cyber personnel collaborating closely with Ukrainians and other allies overseas, corporate sector, and local partners.”

Wray’s remarks come four days after the FBI warned that vital infrastructure providers were under attack, particularly the energy sector.

According to CBS News, the FBI warning instructed: “US Energy Sector companies to analyze current network traffic for these IP addresses and initiate follow-up investigations if discovered.”

However, the FBI advisory does not specify if the “scanning” is a new threat.
“I’m not sure what this announcement is supposed to mean,” independent security consultant Tom Alrich said in an email. “Probably every large utility in the country is scanned thousands of times an hour, 24 hours a day, by bad actors, so I’m not sure what this announcement means.”

An attack on crucial infrastructure, according to experts, might be interpreted as a war crime, giving a nation-state actor pause. The most adept attackers, on the other hand, maybe able to conceal their origins, according to Hackney.

“He explained that the higher the sum of money, the better the cybercriminals’ capacity to hide who they are and how they are funded. “Because state-sponsored threat actors might have large funds, they are usually adept at concealing their true ties. As a result, assigning blame is impossible.”

President Joe Biden has warned Russia that “we are prepared to retaliate” if it “pursues cyberattacks against our industries, our key infrastructure.” For months, the federal government has been striving to improve the protection of 16 critical industries, including energy, communications, finance, and agriculture. On Monday, President Trump released a statement reinforcing previous warnings that Russia could use harmful cyber activity to retaliate for economic penalties imposed by the US and other countries.

Utilities in the United States have stated that they are “closely monitoring” the situation in Ukraine and that they are collaborating with their peers and the federal government.

“Russia has the capability to launch cyberattacks in the United States that have localized, temporary disruptive effects on critical infrastructures, such as temporarily shutting down an electrical distribution network.,” according to the assessment by Senate Select Committee on Intelligence.


Safety Tips from Protected Harbor

Protected Harbor’s security team has been following the matter for a long time and continues to emphasize cybersecurity. Some tips from our experts on how you can protect your business from cyberattacks:

  • Install firewalls and other advanced protections at workstations and network equipment such as routers and switches to detect unauthorized activity by hackers who might try compromising your system remotely through internet connections.
  • Backup & Disaster Recovery Plan- Always back up data before it is lost in case of an attack. Ensure that all devices are constantly updated with the latest antivirus software available. Password protection should be enabled not just on computers but also on any mobile device or tablet someone may have access to.
  • Know your organization’s pain points and consider how to protect them. Understand that cybersecurity is not just about protecting data but also ensuring resiliency so services can continue when attacked or compromised
  • Consider security from end-to-end; it’s essential to have a sound strategy for both physical and digital assets on-site and remote access via mobile devices.
  • Be aware of what you share online: make sure all social media posts are set appropriately (e.g., don’t post sensitive information like passwords); be cautious with attachments in emails; choose strong passwords that are different than those used elsewhere because they may get stolen by cybercriminals.
  • Logging tools such as Palo Alto Network’s next-generation firewalls should be used to monitor for odd activities (NGFW) continuously. The records should subsequently be examined daily to detect any irregularities.
  • Enable multi-factor authentication (MFA) for all websites, accounts, systems, and network logins, particularly emails. A user’s mobile device is loaded with an application that generates a series of random codes during the login procedure. The code, as well as the password, must be entered by the user.
  • Patch any vulnerabilities and software, including older versions. If you merely patch against known attacks, you risk being caught due to an unknown exposure. Patch your computers, networks, webpages, mobile apps, and anything else connected to the Internet.

The Cybersecurity and Infrastructure Security Agency recently issued a notice listing 13 known vulnerabilities that Russian state-sponsored hackers have used to attack networks. Criminals use gaps to penetrate systems. Therefore network cybersecurity and network protection are critical for a company’s safety.

Recent cyber-attacks on government websites were carried out with simple tools. The website crashed due to multiple users accessing it at the same time. As shown in this piece, cyberwar threatens Western governments and agencies. To increase their security, businesses must take proactive actions.

Protected Harbor assists businesses in defending themselves and their IT operations against known and unknown threats, such as malware, ransomware, viruses, and phishing. We help organizations back up their data and prevent data loss due to ransomware attacks or other security issues. Learn more about Protected Harbor and request a free IT audit to learn how we can assist you in defending against the Russian Cyber Invasion.

Biden Warns of Russia Cyberattack on US Businesses & Economy

Biden warns of russia cyberattack on us businesses & economy


Biden Warns of Russia Cyberattack on US Businesses & Economy

russia cybertattackThe United States Government has warned privately-held American firms about the growing threat of cyberattacks from Russian hackers.

President Biden warned on Monday that Russia is considering launching cyberattacks on the US businesses in revenge for the economic sanctions placed on Moscow for the invasion of Ukraine.

The President advised private sector organizations in the United States to tighten their cybersecurity against a potential Russian breach in a statement released days before he travels to Brussels for a NATO summit.

“It’s part of Russia’s playbook,” President Biden said in the statement. “Today, my administration is renewing those concerns, based on increasing data indicating the Russian government is considering hacking possibilities.”

According to Anne Neuberger, the deputy national security advisor for cyber and new technology, the administration has no evidence of a specific, significant potential cyberattack against the United States but rather “preparatory activities” targeting critical infrastructure.

Key Findings:

  • The US government has been more cautious about Russian hackers’ activities, even as it accuses Moscow of meddling in the 2016 presidential election.
  • The private warnings respond to mounting concerns from companies such as Microsoft Corp. (MSFT) and Cisco Systems Inc. (CSCO) that hackers are targeting in Russia and other countries.
  • The private, non-public warnings, first reported by Bloomberg, also signal the growing concern among US officials, who have been reluctant to publicly discuss alleged Russian hacking activities.
  • The private warnings also come as President Joe Biden’s administration reviews options to retaliate against Russia for its alleged hacking activities.


As the crisis in Ukraine rages, the US has previously warned that Russia may attempt to attack US corporations. According to Ms. Neuberger, the Biden administration’s warning on Monday was an attempt to raise awareness of Russia’s ability to launch a digital attack on American infrastructure.

Ms. Neuberger stated that the administration had lately noticed “preparatory behavior” for future hacking of American infrastructure and had shared that knowledge with businesses in a secret briefing last week. Scanning websites for flaws is one example of this type of action. Ms. Neuberger stated unequivocally that Russian hacking of essential infrastructures, such as oil and energy firms and hospital systems, continues to be a serious concern.

“There’s so much more we need to do to the confidence that we’ve shut our digital doors, especially for Americans’ important services,” Ms. Neuberger said, noting that the private sector manages most of America’s critical infrastructure. “Those owners and operators have the power and obligation to harden the systems and networks we all rely on.”

Last week, the White House briefed more than 100 US corporations on the best ways to guard against a cyberattack. On Monday, the Trump administration issued a directive to businesses to “quickly reinforce your cyber defenses,” recommending actions such as enabling multifactor authentication, ensuring data backups offline, and teaching personnel on hacking techniques.

In the statement, Mr. Biden added, “You have the authority, the capacity, and the obligation to increase the cybersecurity and resilience of the key services and technology Americans rely on.”


Protected Harbor’s Take On The Issue

As one of the top cybersecurity firms in the US, Protected Harbor has been following the matter for a long time. Last week Richard Luna, CEO of Protected Harbor, had a session with SCMagazine about how U.S. businesses can protect themselves from Russian cybersecurity attacks.

He gave the following tips on how to protect from Russian cyber-attacks.

  • A solid and robust firewall is a must that can be backed up by effective anti-virus software running on all devices in your network.
  • Install network segmentation or ‘air gapping,’ which prevents data transfer between networks without proper authorization. This process also limits potential damage if one part of your system gets hacked as it will not spread across the whole company’s systems afterward, potentially destroying them all at once.
  • Continuous monitoring for the unusual activity should be done through logging tools like Palo Alto Network’s next-generation firewalls (NGFW). The logs should then be analysed daily, so any anomalies are immediately noticed.
  • Enable MFA for all websites, accounts, systems, and network logins, especially emails. A typical method is that an application is loaded on the users’ mobile device generating a series of random codes during the login process. The user is requested to enter the code along with the password.
  • Patch for all vulnerabilities and software, even the old ones. Do not take shortcuts because if you only patch against known attacks, you may get caught due to an unknown vulnerability. Patch your systems, networks, websites, mobile applications, and everything on the Internet.

US Businesses need to quickly identify vulnerabilities, exposure, and misconfigurations that can give opportunities to hackers for gaining a foothold in their IT infrastructure and then implement relevant patches. Russian operators are well known for exploiting edge systems.

The Cybersecurity and Infrastructure Security Agency has put an alert recently that lists 13 known vulnerabilities used by Russian state-sponsored criminals to compromise networks. Network cybersecurity and network protection are essential for a company’s safety, as criminals detect the loopholes to infiltrate the system.

The recent attacks on government sites were carried out using trivial tools. Multiple users accessed the website at the same time causing a crash. Western governments and agencies are also at risk of cyberwar, as we have discussed in this article. Businesses need to take proactive measures to strengthen their security.

Protected Harbor can help organizations protect themselves and their IT operations from known and unknown attacks, including all forms of malware, ransomware, viruses, and phishing. We help businesses back up their data and prevent ransomware attacks or other security issues resulting in data loss. Learn more about Protected Harbor and reach out for a free IT Audit to see how we can help against the Russian Cyber Invasion.

What varieties of viruses and ransomware are there?

What are the different types of viruses


What are the different types of viruses and ransomware?

In this digital age, viruses and ransomware are becoming a growing security concern for computer users. The threat of malicious software is real, and understanding the different types of viruses and ransomware is essential to protect yourself and your data. There are four main types of viruses, each with its own characteristics and potential harm. These include Trojans, bots, malware, and ransomware. With some basic knowledge, computer users can better protect themselves against these malicious programs. Knowing the differences between these types of viruses and their capabilities is the first step to keeping your computer safe and secure.


A computer virus is a malicious code or program written to alter how a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros to execute its code. In the process, a virus can potentially cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.

A macro virus is a malicious code quickly gaining popularity amongst hackers. It is a type of virus that replicates itself by modifying files that contain macro language, and these modifications can replicate the virus. Macro viruses can be extremely dangerous as they can spread from one computer to another and can cause damage by corrupting data or programs, making them run slower or crash altogether. Users need to take preventive measures against the threat of macro viruses, as they can eventually cause serious damage.


A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction and does not need to attach itself to a software program to cause damage.


The idea behind ransomware, a form of malicious software, is simple: Lock and encrypt a victim’s computer or device data, then demand a ransom to restore access.

In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since malware attacks are often deployed by cyber thieves, paying the ransom doesn’t ensure access will be restored.

Ransomware holds your personal files hostage, keeping you from your documents, photos, and financial information. Those files are still on your computer, but the malware has encrypted your device, making the data stored on your computer or mobile device inaccessible.

Who are the targets of ransomware attacks?

Ransomware can spread across the Internet without specific targets. But the nature of this file-encrypting malware means that cybercriminals also can choose their targets. This targeting ability enables cybercriminals to go after those who can — and are more likely to — pay larger ransoms.


A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or inflict some other harmful action on your data or network.

A Trojan acts like a bona fide application or file to trick you. It seeks to deceive you into loading and executing the malware on your device. Once installed, a Trojan can perform the action it was designed for.

A Trojan is sometimes called a Trojan or a Trojan horse virus, but that’s a misnomer. A Trojan cannot. A user has to execute Trojans. Even so, Trojan malware and Trojan virus are often used interchangeably.


Bots, or Internet robots, are also known as spiders, crawlers, and web bots. While they may be utilized to perform repetitive jobs, such as indexing a search engine, they often come in the form of malware. Malware bots are used to gain total control over a computer.

Bots, or Internet robots, are also known as spiders, crawlers, and web bots. While they may be utilized to perform repetitive jobs, such as indexing a search engine, they often come in the form of malware. Malware bots are used to gain total control over a computer.

The Good

One of the typical “good” bots used is to gather information. Bots in such guises are called web crawlers. Another “good” use is automatic interaction with instant messaging, instant relay chat, or assorted other web interfaces. Dynamic interaction with websites is yet another way bots are used for positive purposes.

The Bad

Malicious bots are defined as self-propagating malware that infects its host and connects back to a central server(s). The server functions as a “command and control center” for a botnet or a network of compromised computers and similar devices. Malicious bots have the “worm-like ability to self-propagate” and can also:

  • Gather passwords
  • Obtain financial information
  • Relay spam
  • Open the back doors on the infected computer


Malware is an abbreviated form of “malicious software.” This is software specifically designed to gain access to or damage a computer, usually without the owner’s knowledge. There are various types of malware, including spyware, ransomware, viruses, worms, Trojan horses, adware, or any malicious code that infiltrates a computer.

Each type of malware has its own purpose and potential impacts, making it important to be aware of the different types of malware. We can protect ourselves from these malicious software threats with the right knowledge and resources.

Generally, the software is considered malware based on the creator’s intent rather than its actual features. Malware creation is rising due to money that can be made through organized Internet crime. Originally malware was created for experiments and pranks, but eventually, it was used for vandalism and destruction of targeted machines. Today, much malware is created to make a profit from forced advertising (adware), stealing sensitive information (spyware), spreading email spam or child pornography (zombie computers), or extorting money (ransomware).

The best protection from malware — whether ransomware, bots, browser hijackers, or other malicious software — continues to be the usual preventive advice: be careful about what email attachments you open, be cautious when surfing by staying away from suspicious websites, and install and maintain an updated, quality antivirus program.


Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge. Spyware gathers your personal information and relays it to advertisers, data firms, or external users.

Spyware is used for many purposes. Usually, it aims to track and sell your internet usage data, capture your credit card or bank account information, or steal your personal identity. How? Spyware monitors your internet activity, tracking your login and password information, and spying on your sensitive information.

Evading Rise of Ransomware

Evading Rise of Ransomware


Evading Rise of Ransomware

Security can be termed as protection from unwanted harm or unwanted resources. Information security protects the data from unauthorized users or access. It can also be termed as an important asset for any organization which plays a vital role. In earlier days it was difficult to identify ransomware before it enters or attacks the user’s system. These attacks would damage the mail servers, databases, expert systems, and confidential systems. In this paper, we propose the analysis and detection of ransomware which will have a major impact on business continuity.


Lately, with the extensive usage of the internet, cybercriminals are rapidly growing targeting naïve users thru threats and malware to generate a ransom. Currently, this ransomware has become the most agonizing malware. Ransomware comprises of two. They are locker ransomware and crypto-ransomware. Of them, crypto-ransomware is the most familiar type that aims to encrypt users‟ data and locker ransomware prevent the users from accessing their data by locking the system or device. Both types of a ransomware demand a ransom payable via electronic mode for restoring the access of the data and system. Locker ransomware claims fee from the victims in terms of fine for downloading illegal content as per their fake law enforcement notice. Crypto ransomware has a time limit that warns the victims to pay the ransom within the given time else the data will be lost forever.

Spreading of ransomware is possible by the following methods:

  1. Phishy e-mail messages with malicious file attachments;
  2. Software patches that download the threat into the victim’s machine whilst working online.

Spreading of Ransomware Attack

  1. Phishing emails: The most common way of spreading Ransomware is thru phishing emails or spam emails. These mails include a .exe file or an attachment, which when opened launches ransomware on the victim’s machine.
  2. Exploit kits: these are the compromised websites planned by the attackers for malicious use. These exploit kits search for vulnerable website visitors to download the ransomware onto their machine.


The vulnerability can be termed as unsafe or unauthorized access by an intruder into an unprotected or exposed network. Common vulnerabilities are worms, viruses, spyware applications, spam emails, etc. Vulnerability Assessment is the most important technique that is conducted to rate the spontaneous attacks or risks that occur in the system thereby affecting the business continuity of an organization. Vulnerability assessment has many steps such as

  1. Vulnerability analysis
  2. Scope of the vulnerability assessment
  3. Information gathering
  4. Vulnerability identification
  5. Information Analysis and
  6. Planning

Assessment Tools

Vulnerability assessment which is nothing but testing can be carried out by best-known tools which are called vulnerability assessment tools. These tools are used to mitigate the identified vulnerabilities such as investigating unethical access to copyrighted materials, policy violations of the organizations‟ etc. The red alert issue about the vulnerability assessment is that it warns us about the vulnerability before the system is compromised and helps us in avoiding or preventing the attack. These vulnerability assessment tools can also be categorized as proactive security measures of an organization. The major step of the vulnerability assessment is the accurate testing of a system. The major step of the vulnerability assessment is the accurate testing of a system. If overlooked, it might lead to either false positives or false negatives. False-positive can be presumed as quicksand where we can’t find what we are searching for. False-negative can be presumed as a black hole where we don’t know what we want to search for. False positives can be rated as a significant level in testing.

Common Vulnerability Assessment Tools

  • Vulnerabilities are the most crucial part of information systems. An error in configuration or violation of a policy might compromise a network in an organization. These attacks can be for personal gain or corporate gain.
  • Not only the local area networks but also the websites are also more susceptible to attacks where the systems can be exploited either by the insiders or outsiders of an organization.
  • Some of the very commonly used vulnerability assessment tools are listed below:
    • Wireshark
    • Nmap
    • Metasploit
    • OpenVAS
    • AirCrack

Limitations of Existing Vulnerability Assessment Tools

The concept of false positives is the dangerous and horrendous limitation of the existing vulnerability assessment tools. These false positives require lots of testing and study for assessing the nature of the errors that occurred, which is a very expensive and time taking process. All the identification-related information mostly leads to false positives.

Penetration Testing

  • Penetration Testing also called as Pen Test is an attempt to assess a malicious activity or any security breach by exploiting the vulnerabilities.
  • It includes the testing of the networks, security applications and processes that are involved in the network.
  • Penetration testing is done to improve the performance of the system by testing the system’s efficiency.

Best Tips to Protect yourself from Ransomware

Best Tips to Protect yourself from Ransomware


Tips to Protect yourself against Ransomware attacks

It is becoming more difficult to prevent ransomware attacks, event large IT departments can have difficulty, just ask Sony, the City of Baltimore, or the City of Atlanta.

For the last 40 years, we have built networks and office systems with the concept of sharing data. Shared folders for example make it easy for users to exchange and edit documents, but also those shared folders are the target of Ransomware attacks.

Some tools can be added to reduce the likelihood of ransomware, but nothing can be purchased to “protect” a company.

The most effective protection for Ransomware starts with a network and desktop redesign followed by layers of security and isolated backups. The best approach is not to try to protect against Ransomware, it is to develop a plan that minimized the impact of an attack. Unfortunately, many of the steps listed below require a desktop or office changes and many organizations are unwilling to change.

tips to protect against ransomware

The Protected Harbor Difference

At Protected Harbor we will not onboard a client without making the changes needed to protect against Ransomware. We think a new reality is that only good network design and good governance can keep networks safe. Most small IT companies are ill-equipped to understand the depth of the risk, much less take the necessary steps to protect against Ransomware.

The end-user resistance to change combined with tight IT budgets and the concept that IT is low cost has created a climate of a one-stop drop-in application or solution to stop all IT problems. This approach will not work to stop Ransomware. In short at Protected Harbor we protect our clients through better design.

keep your business protected from ransomware


Below are the steps we take to protect our clients and we recommend the steps are deployed by all organizations.

Desktop/Network & Backup Isolation

The first step in a new network design is to limit through segmentation the network. Desktops, Servers and the backup should all be on separated and isolated networks. Using this approach an infected desktop will not be able to access the backups and will not infect the backups.


Protected Harbor will accomplish desktop and network isolation using virtualization. Virtualization allows Protected Harbor to back up the entire desktop, not just shared folders, or databases, or scanned folders, but all folders. This means we can recover the entire office, and not pieces of the office.

Email & Web Filtering

Filtering of email and web content is an important part of the Protected Harbor Ransomware defense. Good email filtering should include pattern recognition. The initial Ransomware attacks follow a template and email filtering systems when properly configured either block or quarantine the attack.

Enable network monitoring

We monitor for inbound and outbound traffic, which allows us to react to attack patterns in addition to standard monitoring. Network monitors can alert and warn on unusual traffic, or traffic that is typical of an attack; for example, if certain information is transmitted out of the network that would trigger an alert. We protect our customers by constantly monitoring network traffic, especially activity to or from parts of the world that are high sources of attacks, for example, Russia or China. We also monitor and alert on traffic flow. Oftentimes, if an end-user connects an infected phone or laptop to the network, we will see a change in the traffic flow which will trigger an alert.

ransomware traffic monitoring
Above is a sample of our traffic monitoring.
ransomware network traffic monitoring

Tighten local server/desktop permissions

Our clients do not run their programs as Administrators. Enhancing the security drastically reduces a ransomware attack and virtually eliminates malware attacks. Enhanced security reduces what an attack can affect through better design.

Reduce the number of common shares folders

Typically, clients will have one or two shared folders that all users have access to. Ransomware attacks not only infect those shares but then use them to spread the attack to other non-infected systems. We work with clients to reduce or eliminate shared folders, increasing the protection through better design to ransomware.

Reduce public corporate contact information

Live email addresses should not be published on a website. If a website needs an email address, the published address shouldn’t use the same format as the internal address. If jsmith is the email prefix, as in jsmith@abc.com then for the website the published email should be jacksmith@abc.com. Additionally, sensors can be added to the content filter for petersmith@abc.com for example. This would mean the attacking IP (the one attempting to send email to petersmith@abc.com) is really a robot attacker; adding that IP to the block list would prevent all future attacks from occurring.

Parameter or Geo Blocking

For our clients we maintain enhanced network protection that includes active parameter checking and Geo-Blocking. For example, we check the address of inbound requests, and if the IP is from a blocked country, then the traffic is blocked even before it reaches the client’s network. Countries we routinely block are North Korea, Russia and countries are known for sending out Ransomware attacks. If access is needed from a blocked country, a simple support ticket resolves the issue.

Testing & Training

At Protected Harbor we perform routine simulated Ransomware attacks. These tests are productive at helping end user stay vigilant to attacks and the tests allow end users to be identified that might need some additional assistance to understand the importance of being careful with email.

What is a Ransomware attack?

What is a Ransomware attack


“We guarantee we can PROTECT YOU FROM RANSOMWARE!”


Any vendor that says that or implies that is lying. There is no one magic happy pill, service, or device to stop ransomware. When done right guarding against ransomware is a combination of multiple technologies, backups, education good layered network design and human intervention.

Protected Harbor is a unique vendor because we don’t resell other company services, we engineer our own solutions. That depth of knowledge is a foundational difference between us and anyone else. The depth of technical ability allows us to write this document and solve the problem at the core and not band-aid the problem as others do.


Ransomware Explained

Ransomware is malicious software that targets computer systems and locks down important data until a ransom is paid. Ransomware is an increasingly prevalent form of cyber-attack, which can cause serious disruption to businesses and individuals alike. It works by malicious actors encrypting a victim’s data and then demanding a ransom payment in order to restore access to it. Organizations must take active steps toward ransomware protection and prevention, as the costs associated with a successful attack can be substantial. Investing in robust IT security measures, such as antivirus software and regular backups, will significantly reduce the risk of becoming a target. Furthermore, ensuring employees have the necessary understanding of ransomware prevention techniques will help protect your organization from this form of cyber-attack.


What is a Ransomware attack?

Ransomware is the encryption of files, without knowing the password, and most of the time the encryption is self-executed for local files, network files and operating system files combined with Trojan installations to enable later additional data theft or additional attacks.

Most of us have used or made a password protected ZIP file before. ZIP files are a form of encrypted and compressed files. The encryption and compression process
works by mathematically removing the empty and repeated characters in the data using password. The mathematical formula uses the password as a seed and applies a
compression algorithm to the data, securing and reducing the data. Using this technique, a ZIP file is both secure, because without the password it can’t be decrypted and smaller in size.

A Ransomware attack at its core is where the organizations data files have been encrypted using a similar technique to a password protected ZIP file. Typically,
ransomware attacks encrypt one file at a time. Ransomware attacks can be devastating because the data once encrypted is not recoverable. Initially versions of ransomware attacks targeted local files on local computers, but more recent attacks have caused greater damage by targeting network folders and operating system files.
Once an operating system file is infected the server or PC will never work right and should be totally reformatted and recreated.

Ransomware attacks also attempt to install infected files, also called Trojans. The Trojans are used to later attack the computer or server again and or are used to
monitor the infected system to steal data. Some Trojans don’t directly attack but instead run in background monitoring and sending new data. This is what occurred at the Sony attack;  Modern cleaning tools like Malwarebytes do a good job at removing infected cookies and web attacks but do not clean operating system files very well, which is why we always recommend not cleaning a PC or Server but rebuilding it.

How does a Ransomware attack occur?

But how did it occur? How did it get in? Virtually all of the time the attack is self-started, meaning the attack was triggered by a trusting employee. Most Ransomware attacks start via email. An external email server or email account is compromised, and the compromised account is then used to send out infected emails.

Image is an example. The email itself it not infected. The email account is legitimate, and at the time the email server amegybank.com was not flagged as a spammer – meaning this email would have passed through most firewalls, filters and blocking services.

The infection is the attached HTML file. The attached HTML file is the payload. The HTML file will look to many anti-virus programs as a web cookie or bot, i.e. a
legitimate attachment. Bots or payloads can take many forms, Macros in Word, Excel or PDF files are typically used.

how ransomware occurs

A payload is a small piece of programming code designed to look like a legitimate web from a web site. Once the end-user clicks on the attachment the payload is activated. Once active the payload will download from a remote site the actual attack. The attack will be a larger program that is also designed to slip through firewalls and content filters, this program will start to encrypt files and also will look for links to remote data, either remote server (RDP for example) login information, web site links with stored passwords, FTP or STP file transfer links, virtually any form of data connection is attempted. The attack is designed to find as much data as is possible, the more data that is encrypted the more the infected company is willing to pay.

Go Phishing

Go Phishing

With COVID-19 changing the way many businesses are forced to work, phishing attacks have increased significantly while becoming more complex. Hackers often look at crises as opportunities and COVID-19 is no different. Attackers are using names of coworkers and companies to fool people into thinking they’re legitimate emails. With many employees working from home and logging in, there is an increased reliance on remote system tools, and phishing scams have evolved to mimic them.

Stressful times are upon us and there is no letup in sight. As a result, IT staff are finding themselves overwhelmed as they address a multitude of system issues, software problems, and new problems stemming from employees working remotely. Many employees are using personal devices, which are more vulnerable to cyber-attacks. To be truly prepared for remote work and sophisticated threats, businesses need to analyze their weaknesses and implement proper cybersecurity approaches.

At PROTECTED HARBOR, we provide custom solutions to cyber-attacks, ransomware and other debilitating infrastructure issues. Our team of IT professionals ensures your infrastructure is secure through the creation and implementation of security policies. We analyze and remediate risks to keep you safe. On average, we save our clients up to 30% on IT costs while increasing their security, productivity, durability and sustainability. We are an extension of many IT departments, freeing them up to concentrate on daily work while we do the heavy infrastructure lifting.

Contact us today to find out more, www.protectedharbor.com

How did Twitter get hacked?

How did Twitter get hacked?

On July 15th many Twitter accounts were compromised.  How did this happen to a company like Twitter?

‘This was the worst social media hack ever happened in history’twitter hacked

The security involvement of the hack are also wide-reaching, not just for Twitter but for other social platforms.

Early suggestions are the hackers managed to access administration privileges, which allowed them to bypass the passwords of any account they wanted.

Twitter appeared to confirm this in a tweet saying: “We detected what we believe to be a co-ordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

As we generate more content online we are creating a larger digital footprint.  These attackers simply contacted Twitter and asked for the names of key personal, the head of the customer service, their CIO, etc.  Once the attackers knew the identity of key individuals they then researched their web pages, Facebook links, LinkedIn profiles, etc.

The attackers were able to gain enough information from those pages to be able to correctly answer Twitter’s support questions and gain access to those accounts.

Once the attackers had access to an Admin account they could reset end-user accounts and then login as those users.  It was that easy.

Some questions that should be asked; What would have helped prevent this disaster?  Is your system(s) vulnerable to a similar attack?   How can your system(s) be protected?

2FA or Two Factor Authentication would have stopped this attack.  With 2FA the mobile device is registered to the account and the login is not possible until a code on the mobile device is entered.

At Protected Harbor we support 2FA for all systems, allowing our customers to be safe, secure, and protected, as in Protected Harbor.

How to Protect your data from Phishing Sites

Please follow these steps to help protect your data from phishing sites:-

Follow these steps to stay Protected as in Protected Harbor!
  1. Never enter password and ID on a web site opened from an email
    With the exception of when you forget a password and you requested the link, never ever enter your password and ID on a web site opened from an email. If a web site needs to be opened, then open the website in your browser, not by clicking on the link.
  2. Never log in to a secure server or site from a public computer
    Never log in to a secure server or secure site (HTTPS) from a public computer. Cookies can be left that will contain enough information for your account to be compromised, use your cell phone instead.
  3. Do not use public WiFi
    Do not use public WiFi. Criminals are always scanning public WiFi systems looking for users to connect so that they can capture the ID and password.

How to Protect your data from Phishing Sites