×

Archives for Updates

RANSOMWARE – Are you at risk?

The Essential Things to Know

Over the past few years, organisations around the world have seen an increased number of attacks of the new cybercrime known as Ransomware. Whilst many of us have heard the term Malware and understand that it’s a problem for many consumers and business alike, we don’t necessary understand the impact it could have on our business and lives, nor do we understand the true differences between malware and ransomware.

Outlined below are the essential things you need to know, how this threat operates and how to best protect yourself and your organisation, protection through technology, people, procedures and policies.

Included at the bottom of this page is a link to download a PDF handout, ideal to give to staff.

 

What is Ransomware

Ransomware is a type of malware, except instead of tracking your computer amount-lostusage, it blocks or limits access to your computer or files. In line with the name a ransom is demanded by the scammer to unlock your computer or files. In order to block or limit access to files, users are generally required to download a file. This could be a to watch a video – also known as a codec, or it could take the form of music, movies, a game or an application fix a computer problem. Files are then locked using an encryption key known only to the scammers. Once your files are locked, scammers demand a fee to unlock your files. In recent times scammers have jumped onto the Software as a Service (SaaS) model. Instead of a onetime payment, regular payments must be paid to ensure the continued access to files. Even then there is no guarantee you will get access to your computers or files again. Scammers have been known to go back on their ‘word’.

 

Anti-Ransomware

Also known as Malware Checkers or Malware Scanners are similar to Virus Checkers, except they have been specifically developed to check for known malicious files and prevent attacks by blocking files from downloading. If computers do become infected these applications can generally remove malware, but there are very few cases where they have successfully unencrypted files affected by ransomware.

 

Why you should Patch and Update Applicationslocation

Patching or updating your applications is one of many preventative measures you can take to protect your files. Applications providers like Microsoft, Adobe or Java, to name just a few, are continually looking at ways to protect your data files from attacks. The updates you receive from the providers are often patching identified security gaps in the products.

 

 Windows Policies can help

In recent times, ransomware applications have been known to delete your files locally stored backups. One course of action is to block access to Volume Shadow Copy Services (VSS) to stop deletions of backups. By blocking the ability for the computer to delete your backups, you may be left with a useable restore file.

delivery-method

 

Disable Script Hosting

Depending on the complexity of the ransomware program, these applications have been known to download additional files in the background. By disabling windows script hosting, blocks the ransomwares ability to download additional files to execute its tirade on your system.

 

Don’t Phish

Phishing is a term used when users are taken to a fake website that looks like the real thing. In order to maintain this type of appearance, website often have the same logo and branding of legitimate sites. In fact, many phishing sites are hard to tell apart from the real site. Often the only giveaway is the URL (or Domain name) in the address bar. But normally at this point, it’s too late. By then tracking cookies may have been downloaded. Never visit a website unless you have first checked the legitimacy of the address on other documentation provided by the organisation.

 

age
Filter ‘.exe’ Files

Also known as an executable file, by blocking these files in your modem/router can prevent the installation of these malicious programs. By denying the download of these files, also means emails are less likely to receive an executable file from downloading, and stops the temptation staff feel to open the files.

 

Backup

Backing up your computers and data files, especially retaining multiple copies over time is one of the most important things you can do. In the event such an attack is successful, you will have the ability to ‘roll-back’ to a time prior to the installation of the ransomware. It only takes one momentary lapse of judgement opening an email, or downloading a file and your entire computer network could be infected.





gender


Educate Users


Are your staff and family aware of these risks? One of the best prevention’s to ransomware attacks is to ensure other users are briefed on the same information. It is recommended that you educate other computer users to never open files attached to suspicious emails, especially ones from unknown senders. It is also important that all emails and recommended file downloads be treated as suspect until verified. Victims that have fallen to pray to these attacks may have had a program installed on their system that sends the same ransomware on to email address saved in their address book. Additionally staying current of ransomware developments, the most different and most dangerous strains and who’s most at risk, will help defend against attacks.




 


Don’t Panic


In the event of an attack, remain vigilant and isolate the infected computer to stop the spread of attack through the rest of the network. Contact your anti-ransomware provider and advise the situation. These organisations will have the most amount of knowledge to assist. They may have a solution or be working on one already. If attempts to remove the ransomware are unsuccessful, and providing regular backups have been maintained, a full clean of your computer, and re-installation of your application, and data from your backups is the only way to know conclusively that your computer has been returned to its original state.
 Security Article - Ransomware
This data is based on reports provided to the ACCC by web form and over the phone.

The data is published on a monthly basis. Our quality assurance processes may mean the data changes from time to time.

Some upper level categories include scam reports classified under ‘Other’ or reports without a lower level classification due to insufficient detail provided. Consequently, upper level data is not an aggregation of lower level scam categories.

Note: Due to a technical error, some scam reports from previous months are included in July 2016 causing an increase in reports for some categories. This error has been fixed for future months.


Read more
Why you should adopt the latest release of your business software
Upgrading your business software is not just about the extra functionality you receive in the latest release.


Or is it?   Consider these points:


Many of us forget why we purchased our business software in the first place.


When first considering to purchasing new software, many of the following reasons would have been considered:


    

  • Improve efficiencies of the business
    • 

  • Free up staff time so they can perform other tasks which increase company revenue
    • 

  • Communicate over new mediums to customers and suppliers (email)
    • 

  • Manage project workflow and costs, ensure projects remain on-budget and on-time
    • 

  • Keep track of business opportunities, and
    • 

  • Manage business finances
    • 



We are sure these points are still true today. Yet they only represent a fraction of how much today’s organisations rely on computer applications. Imagine going back to only filing cabinets, handwritten notes stored in manila folders and communicating with clients via the postal service all the time.


Given enough time, by not upgrading your software, your business could be missing out on functionality which could represent the same sort of value to your business you first considered. In fact, by not upgrading your business software to the latest version, it can cost the organisation money. Long-term, organisations that do not upgrade to the latest version cost their business efficiencies, staff frustration and ultimately money.


    

  • Thinking of hiring an extra person to manage increased workload?
    • 

  • Are you 100% confident there weren’t efficiency savings in that release that would have allowed redirection of your financial resources into increasing revenue, instead of increasing costs?
    • 



Consider the following points, that don’t look at software functionality.


However, end users can only benefit from the latest security tools and if they keep their software up to date.


It’s far better to keep your software up-to-date and secure, than one day have to contact your customers and advise them that their personal data has been compromised.


 


Faster diagnosis


Consider software upgrades from another angle. Older software versions require more attention, support staff may not be as familiar with it, later operating systems may not provide as stable environment for the application as it was originally written for, which in itself can cause problems down the track.


Every minute that staff have to stop performing a task that increases the company’s revenue, simply costs the company money. Not to mention the staff time consumed putting workarounds in place, and trying to limp applications along.


 


Lost investment  


Most software applications charge an annual license fee. This fee is often put toward the ongoing advancement of the product, thus ensuring the application continually develops in functionality and capabilities. These continual enhancements ensure the investment you made yesterday is still dollars well spent, and you application is kept up with other applications in the marketplace. If your organisation pays an annual fee for software, and does not upgrade each year… you are throwing away that investment. That investment typically entitles you to access those new enhancements. It makes good sense to take advantage of the opportunity and access all of the latest functionality and features you have already paid for.


 


Every other year upgrades


One school of thought for many organisations is to upgrade their software applications every second or third year. Whilst this concept can make a lot of sense for ‘Common-off-the-Shelf’ software, such as you spreadsheet and word processing programs, it does not necessary make sense for applications that are configured specifically for your organisation. In fact, many people do not realise, by upgrading every second or third year in often cases is costing the organisation more than had they upgraded each year.


For example, if a version has been skipped and in that upgrade was an alteration to the database structure, upgrading two or three steps down the track is not as simple had the original upgrade step been made at time of release.


In fact the additional time required to accommodate checking and rechecking of database structures when versions are missed can often times substantially increase the number of hours IT staff are required to put in for a ‘simple’ upgrade.  Not to mention, the organisations misses out on all the new functionality and efficiencies spoken about previously.


Read more