The Best Protection Against Ransomware

Just under 950,000 unique users were victims of Ransomware in 2017, with 26.2% of those being business users. So just what is the best way of preventing this vicious piece of malware?

Ransomware is a type of malicious software which hijacks the user’s machines and typically prevents access to data and files through encryption. To retrieve access, users have to pay a fee (or ransom) which could reach the thousands of pounds. Upon payment (which is paid in Bitcoin), users are given a decryption key to then access their files again – although this is not always the case. While falling victim to ransomware may result in lost data, if you put preventative measures in place to begin with, this is not necessarily a huge problem… Continue Reading

Embedding IT Security in Your Company Culture

IT security should be a priority for your company, but helping your employees to this is not an easy task.

You will need to make changes to your entire working culture by introducing set rules and structures in the form of a comprehensive IT policy, but ensuring this is carried out, and becomes an integral part of your company ethos can be difficult. Here are some key ways that you can manage a shift towards good IT security practice, while making it as simple and effective as possible for your whole organisation…

Continue Reading

Back Ups and Disaster Recovery

When catastrophe strikes you need to be able to rely on a robust disaster recovery strategy, and backing up your data is the best way to ensure your business keeps going.

Disaster Recovery is about ensuring your business is back to full operational capacity in the smallest time frame possible, should something go wrong. Businesses hold so much valuable and crucial information, that should it be lost, could result in dire consequences.

If you do suffer any data loss, a reliable back up allows you to retrieve your information quickly and get your company operational again. It’s important to remember that there’s more than just data at stake when disaster strikes. Time, money and productivity are all on the line, with the potential for damaged business reputation should your clients’ suffer as a result.

Here’s why data back ups for your business should be a priority… Continue Reading

Developing an IT Policy in Your Organisation

Yours and your clients’ data is only ever as secure as your company’s IT policy.

By creating a comprehensive and thorough IT policy for your company, you should be aiming to address at least some of the more obvious ways your company could be compromised through your use of IT. Thinking about the way your team uses technology, and the data that you store, you should be able to bolster your security while reassuring clients that their private data is safe with your organisation.

Here are some starting points for you work from when creating your own company IT policy…
Continue Reading

Adopting Best Password Practices in Your Business

Bad password etiquette could spell trouble for your organisation…

Despite increased warnings and growing threats to businesses from hacks and data breaches, many people are still failing to adopt strong password practices. This isn’t just a matter of being unaware either – 91% of people surveyed by LastPass said they know that using the same password for multiple accounts poses a security risk, with 59% saying they still did it anyway. 53% also said they had not changed their passwords in the past 12 months, even when a data breach had made the news. Continue Reading

Keeping Your Company Network Secure

In a business with multiple people connecting to the company network, keeping your data secure is a tough, but not impossible task…

We have discussed the importance of promoting security among your team in a previous blog, but we want to look at some of the tangible ways you can increase your network’s security. The best way to ensure your company is as secure as possible is to take a multifaceted approach, working in different ways to bolster your defences. Here are some practical ways to tighten up your network and make sure you are as safe as possible. Continue Reading

Promoting IT Security In Your Business

Your IT security problem may not actually be with your hardware…

No matter how many pieces of security and anti-virus software you have installed, your business’s data could still be at risk due to one fundamental aspect of your company – your staff. Communicating with your team and having an IT policy in place will go a long way to ensuring that you have the best chance of protecting yours and your clients’ operations. Many company data breaches come as a result of human error or a lack of security awareness, so we’ve put together a brief checklist on how to take significant steps to reducing the risk of a data breach. Continue Reading

Google warns: ‘Ransomware here to stay’

Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google.

The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type.

Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat.

Two types of ransomware made most of the money, it said, but other variants are starting to emerge.

Track and trace

“It’s become a very, very profitable market and is here to stay,” said Elie Bursztein from Google who, along with colleagues Kylie McRoberts and Luca Invernizzi, carried out the research.

Ransomware is malicious software that infects a machine and then encrypts or scrambles files so they can no longer be used or read. The files are only decrypted when a victim pays a ransom. Payments typically have to be made using the Bitcoin virtual currency.

Mr Bursztein said Google used several different methods to work out how much cash was flowing towards ransomware creators.

As well as drawing on reports from people who had paid a ransom, it sought out the files used to infect machines and then ran those on lots of virtual machines to generate “synthetic victims”, he said.

It then monitored the network traffic generated by these victims to work out to where money would be transferred. The data gathered in this stage was also used to find more variants of ransomware and the 300,000 files it found broke down into 34 of them, he said.

The most popular strains were the Locky and Cerber families, added Mr Bursztein.

Payment analysis of the Bitcoin blockchain, which logs all transactions made using the e-currency, revealed that those two strains also made the most money over the last year, he said, with Locky collecting about $7.8m (£5.9m) and Cerber $6.9m (£5.2m).

The research project also revealed where the cash flowed and accumulated in the Bitcoin network and where it was converted back into cash. More than 95% of Bitcoin payments for ransomware were cashed out via Russia’s BTC-e exchange, found Google.

On 26 July, one of the founders of BTC-e, Alexander Vinnik, was arrested by Greek police on money laundering charges. The police were acting on a US warrant and his extradition to America is being sought.

The gangs behind the ransomware explosion were not likely to stop soon, said Mr Bursztein, although established strains are facing competition from newer ones.

“Ransomware is a fast-moving market,” he said. “There’s aggressive competition coming from variants such as SamSam and Spora.”

Novel variants were expanding quickly and many were encouraging fast expansion by paying affiliates more if they placed the malware on to large numbers of machines. The ransomware as a service model was already proving popular, he warned.

“It’s no longer a game reserved for tech-savvy criminals,” he said. “It’s for almost anyone.”