Blog - Firefly IT Solutions Ltd

Ransomware – How to Avoid Extortion

27/08/2015 By fireflyits

Ransomware: How to avoid extortion

We have attended a Webinar so you don’t have to, and you can find our notes below. In this case it was presented by Infosecurity Magazine, specifically Chris Merritt from Lumension and John Walker, a professor at the School of Science & Technology at the University of Nottingham, and was all about ransomware which is a nasty type of malware that gets on your system and then charges you to get rid of it. More recently crypto-ransomware has come to the fore. This encrypts your files, so you can’t access them, and then charges you a large sum to get them unencrypted again.

Firefly IT Solutions Ltd can help you with further info on any of the notes below, simply email helpdesk@fireflyits.com if you have any questions.

Stats and info:

Ransomware was first heard of in around 1990
The number of ransomware infections tracked by McAfee in Q1 2015 was around 700,000 compared to 275,000 in Q4 2014
Over one third of firms in the UK has been hit by ransomware
31% of UK companies would pay the ransom to get their data back (highly controversial!)
In reality 41% of victims admit to paying up
Delivery of ransomware is via phishing, drive-by download from compromised websites, malvertising, botnets and malicious apps
Often relies on vulnerabilities in operating systems or apps
Ransoms vary from $300-$500 for home users or tens of thousands of dollars for enterprises
Generally if you pay you will get your data back as this reinforces the business model that the criminals are using. Note “generally” not “always” as you don’t always get what you pay for!
Payment is via bitcoins, a digital and untraceable currency
Many pieces of malware are more than one year old and target old vulnerabilities that people could have patched
Ransomware was defined by both presenters as evil
Apple devices are as susceptible as any other devices. Do not assume you are safe because you have a mac or iPhone!

What can you do? I have highlighted the most cost effective methods that a small business may afford to employ below, but unfortunately none of them are 100% effective, even when used in combination. Having any of them is more effective than having none.

Endpoint defences (be proactive!):
- Manage your patches and configuration
- Application whitelisting – a list of programmes that are allowed to run on your system
- Data encryption – often the data is stolen before it is encrypted. This protects you against it being stolen, not against it being encrypted again.
- Device control – Stop your employees connecting uncontrolled devices to your systems and networks as they can be sources of infection.
- Antivirus

Preparation. You should all be doing all of these:

Backups: 3 copies of any file, two on different types of media and one off-site. Know which files are the most important to you and look after them.
Staff training: Any IT staff should know how to deal with an infection
User training: First line of defence and they need to understand what ransomware is, not to click on attachments, to pay attentions to warnings etc.

Here are actions you should consider post infections:

Your configuration and restore procedures (incident response plan)
Forensics: How did the infection happen and what can be done to avoid it happening again
See the picture at the top of this article for some excellent recommendations on actions to take once infected

If you think this webinar sounds interesting then visit www.infosecurity-magazine.com as they do them regularly on a variety of topics.

Giving away your data with your old phone – encryption

11/02/2014 By fireflyits

Did you know that even if you have reset an old phone to factory settings before selling it on that your data is still most likely accessible on it? This means that someone with your old phone might have contact information, photos and other very important details concerning you and your family and friends. This is resolved pretty easily by using phone encryption. If you want to know how and why you should enable this on your phone then read on.

Encrypting your phone

Nearly all modern phones are capable of encrypting your data. It will mean that you have to put up with a mildly annoying screenlock, however you should have this on already anyway. Phones are ultimately portable, and they contain a huge amount of information about you. Ergo they are easy to lose and make it really easy for somebody to steal your identity if found by the wrong person. Why not take a minute to enable that screen lock and cloud based phone wiping service? I’ll remind you to do it at the end of the article.

Once you have a screen lock as your first layer of security then you can look to encrypt your phone this will protect your data from falling into the wrong hands and I have put some sample steps below for common devices. When it comes to selling your phone on then it still isn’t enough to simply reset it to factory settings. To be absolutely sure it is clean we recommend that you do the following:

Reset your phone to factory settings using the manufacturers approved method.
Set an arbitrary screen lock (not the same as before) and encrypt the device again
Reset your phone to factory settings again.

After doing this it will be much, much harder for someone to access your data. Here are some steps to encrypt common devices, but make sure that you backup your device and data first:

iPhone 3Gs and onwards already have hardware encryption built-in. To activate it: http://support.apple.com/kb/HT4175
Android Gingerbread 2.3.4 and newer: http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/
Windows Phone 8 devices are secure by design: Simply enable a pin lock: http://www.windowsphone.com/en-gb/how-to/wp8/basics/lock-screen-faq
Blackberries are also secure by design, and you can easily encrypt the SD card too. http://n4bb.com/how-to-encrypt-de-encrypt-blackberry-device-memory-and-sd-card/

Please note that we cannot be responsible for the content on sites that we link to, however if you spot a broken or erroneous link then please do get in touch and we will fix it straight away. richard@fireflyits.com

A word of warning, or two

When you encrypt your phone make sure that you tick the box to encrypt your SD card too. If there isn’t an option to do this then the SD card will likely remain unencrypted and accessible by everybody, so don’t give that away with your old phone. The chances are it will only contain photos and music, but hang on to it destroy it to ensure that it is gone for good.

Encryption can also slow down your device a little, so when wondering whether to spend a bit more and get a more powerful phone always go for the fastest that you can afford.

Windows XP is Dead, Long Live Windows!

11/02/2014 By fireflyits

As per our recent newsletter Microsoft Windows XP support is coming to an end on the 8th April. After this date Microsoft will no longer be providing security updates to a number of products including:

Windows XP
Office 2003
Exchange Server 2003 (a component of Windows Small Business Server 2003)

If you are using any of these products then it is time to change them for something that can be supported. For more on upgrading from Windows XP check out our recent newsletter. You can find it here: http://eepurl.com/NPM9n

If you are using an old version of Office then there are a number of cost effective ways of upgrading these days. The most popular two ways of getting the latest version are to either buy an OEM copy with a new PC or to buy a subscription to Office 365 which will keep you in the very latest version of Office software at all times.

If you are still using an old copy of Microsoft Exchange Server either on a standalone Windows 2003 server or on a Small Business Server then it is time to upgrade too. Our favourite option at the minute if it suites your requirements is to use Office 365 for this as well. In short a single monthly subscription can help remove your age old mail server and your ancient Office software with the latest supportable versions. For a business this costs from £8.40 per user per month including office or £3.30 without, and it is a migration that we can fully help you with and support. In fact you will find ongoing support costs much lower than those for hosting your own standalone mail server. Do be warned that this solution isn’t right for every business, so please do talk to us before deciding.

Full life cycle information on all Microsoft products can be found on the Microsoft website here.