Call us if you suspect you have been hit by malware
Loss of Data
What was critical:
What was critical was Absence of recent backup .
A high executive traveling to an urgent meeting overseas had lots of work and preparation before the trip, leaving no time for a manual backup. The laptop was left in a taxi or stolen at the hotel, and there was no recent data to recover.
Lesson:
Always have a recent backup of your critical data, it MUST be automated (or you will fail to do it), must be remote (or data would be lost in case of theft or fire), must be encrypted (too easy to steal a tape or drive), and have a HISTORY. A copy on a disk is NOT a backup.
Why data loss?
DATA loss can happen in multiple ways, with the most popular issues are:
A Hard Drive can stop working at any time, based on shock, vibration or manufacturing defect.
- Hard Drive malfunction
- Computer loss or theft
- Virus infection
- Malware attack
- Ransomware
- Human error
- Natural disaster
It is important to prepare for the loss of Data, and it should be normal procedure.In fact, every hard drive, due to the mechanical elements, will wear out or suffer from mishandling. Data backup with clear history is the only valid method for recovering from such damage.
Identity Theft
What was critical:
What was critical was a lack of internal procedure.
A hacker managed to infiltrate an email system and observed activity until they identify a purchase process. They immediately build fakes websites to communicate between companies and eventually managed to redirect a payment to a foreign bank account.
Lesson:
Never modify a procedure based on email alone, make sure you have multiple ways to acknowledge an important change like bank account, new email address for Director, official person in charge.
The highest risk of Identity theft are:
- Email phishing – where instruction will drive an employee to disclose confidential information, either about himself or the system/passwords he uses or the processes in place in his company.
- Social Engineering – when an employee is convinced to disclose his credentials to a pseudo colleague, calling from the IT department
This kind of attack is only relying on employee gullibility. Most companies do not have a real security training or an awareness program, and employees are usually launched in their position with little or no explanations of the risks.
SafeComs offers awareness training sessions to get your employee risk aware and consult on company procedures and policies .
Ransomware
What was critical:
What was critacal was the Absence of procedure and of recent backup.
An employee received an unusual email contesting a payment with attached information but clicking on the link failed to open. The employee passed the mail to another accounting employee to check if they can open it, they end up suggesting that the file was corrupt and ignored the incident.
3 days later, all files on both computers and the peripherals attached + the online backup drive were encrypted and a message requesting a ransom appeared on the screen, together with a clear procedure to purchase bit coins and transfer them to a specific account. The Accountant just lost all data that he was using to close the fiscal year and report to the board for the consolidation of country data.
Lesson:
Always have a recent backup of your critical data, from an automated process, encrypted, remote, with significant history (min 30 days).
- Ransomware is a kind of Virus or Worm that propagates through emails. It can also be found in copies of pirated software and is now also distributed through file sharing and software updates.
- The Ransomware elements are usually extremely small to allow distribution via all forms of communication, including PDFs . As soon as the first bytes of the trap is downloaded, the malware will communicate back home to download the rest of the program to encrypt the data, meaning the algorithm and the asymmetric keys to perform the encryption and the instruction to organise the payment of the ransom.
The virus or worm will sit dormant on your computer for a while collecting data to encrypt your file and when ready will hit you with a ransom.
I got hit! now what?
What was critical:
What was critical was absence of protection, procedure and backup.
It can take time to know what went wrong and how the hacker got inside your systems, but basically you can expect a human factor to be the cause more than a technology glitch.
Unless you are the CIA or an organisation holding very high level secrets, hackers will not specifically target you, but instead you will appear as a result of a large network operation, targeting easily guessed passwords, gullible employees, simple phishing exploits, or a trojan was imported from installing some pirated software.
Lesson:
Make sure you have a security policy in place, that your staff are aware of important procedure when handling ordering and payments, and that regularly run awarenesstraining . You can subscribe online on SafeComs awareness training.
What you should do now will greatly depend on what hit you, but basically, there are a few steps that are common to all issues:
Disclose the information internally
Immediately inform the management and the security team. This is the best way to prevent the issue from spreading, and also the only one to immediately kick start the recovery procedure. It will also help share the information on what happened, how it happened when it is known, and what should be done to prevent it from happening again.
Isolate the elements that were hit.
Disconnect from the network and cut all access to the system until a security expert can look into it.
Check associated or connected peripherals
Verify if anyone else was hit at the same time and request a check of each element connected on the same network to be performed.
Reset all passwords
On all accounts accessed by the compromised device, but also on any other service where you might have used a similar password.
Call in a forensic expert
Request a test on all services you have access to and all connected devices, attempt to find the root cause of the hack.
Assess damage and kick start recovery procedure
You will now value the time you spent creating this recovery policy, backup in multiple locations, firewalls segregating departments of your infrastructures and all other security measures that were taken.
Document the Incident
Make sure that a serious root cause analysis is performed and that information is disclosed amongst other employees to prevent future recurrence of this type of incident. You will gain greater knowledge and staff commitment if you share the details of the incident without blaming anyone.
We selected Sophos
As our partner for the best End Point Security Protection
Security made simple
We have selected Sophos as our partner for the best Endpoint Security Protection. Sophos combines endpoint security with pattern and traffic analysis to react immediately to abnormal behavior.
Sophos offers protection against phishing, ransomware, penetration attempts, trojans, worms, viruses, and other intrusions. Watch this short presentation of Sophos’ approach.
Securing a Wifi
Protect your wireless networks with robust encryption and access controls to prevent unauthorized access and data breaches.
Internet Security
Implement comprehensive internet security measures, including firewalls, anti-malware, and real-time monitoring to safeguard your online activities.
Worried About Emailing, WiFi, Internet Security?
Security is serious, but it doesn’t mean it can’t be engaging.
Email Protection
Ensure your emails are protected with advanced filtering and threat detection to prevent phishing and other email-based attacks.
Forensic Analysis
Loss of Data
Eliminate malicious software
The majority of hacks are perpetrated to use your computer's resources for illegal purposes. By exploiting vulnerabilities in your system, hackers gain access to distribute copyrighted material, perform DDoS attacks on other computers, or hack other systems. In some cases, hackers install ransomware that encrypts your files and demands a ransom for decryption. Regardless of the purpose, if your systems are used without your permission, it is imperative to clean them quickly. During the electronic discovery process, SafeComs detects and eliminates all tools left behind by hackers.
Identify the source of the attack
When analyzing a compromised system, SafeComs extracts useful information about attackers' actions by examining logs, registries, databases, settings, etc. Whether an outside attacker compromised your systems, an inside employee engaged in nefarious activities, or malware infected the machine, SafeComs provides detailed insights.
Find evidence of 'unauthorized' activities
SafeComs searches for, obtains, secures, and processes any electronic evidence regarding unauthorized activities on your systems. They report on files or data stolen, added, copied, removed, or sent outside your company's firewall during the breach.
Preserve Digital Evidence
Preserving digital evidence is crucial for legal proceedings. SafeComs ensures that all collected data is handled with the utmost care, maintaining its integrity for potential use in court. This includes creating forensic images of compromised systems and documenting every step taken during the investigation.
Comprehensive Incident Reporting
After the forensic analysis, SafeComs provides a comprehensive incident report detailing the findings, including the nature of the breach, the data compromised, and the methods used by the attackers. This report is essential for understanding the scope of the breach and for taking corrective measures to prevent future incidents.
Customized Security Recommendations
Based on the forensic analysis, SafeComs offers customized security recommendations tailored to your organization's specific needs. These recommendations help to strengthen your security posture and mitigate the risk of future breaches.
Continuous Monitoring and Support
SafeComs provides ongoing monitoring and support to ensure that your systems remain secure. They offer continuous threat assessments and updates to your security measures, keeping your organization protected against evolving threats.
Training and Awareness Programs
Educating your employees about security best practices is vital for preventing future breaches. SafeComs offers training and awareness programs to help your staff recognize potential threats and respond appropriately.
Contact SafeComs Team Today!
Our tech experts are here to help. Reach out to us now.