Update on Ransomware Technology 60 Minutes Video ransomware ( noun) - PowerPoint PPT Presentation

Update on Ransomware Technology 60 Minutes Video

ran·som·ware ( noun) A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the user’s files unless a ransom is paid. Update on Ransomware Technology

RANSOMWARE CHARACTERISTICS Popular Targets • Computers • Endpoints on company network • Servers Prevents you from using your PC You will be asked to do something before you can use your PC Update on Ransomware Technology

How it works… Infiltrates Your PC, Network or Servers • Prevents you from accessing Windows • Encrypts files so you can't use them • Stops certain apps from running (like your web browser) “Ransom” Demand • Demands that you pay money (a “ransom”) to get access to your PC or files • Some make you complete surveys No Guarantees • No guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again • Usually impossible to reverse-engineer the encryption or “crack” the files without the original encryption key – only the attackers have access to Update on Ransomware Technology

Update on Ransomware Technology The Rise of Ransomware : Is Your Organization Prepared? Internal Use Only

Quick Question Have you had a security breach? 6 Update on Ransomware Technology

What are the odds of … Ponemon Institute Update on Ransomware Technology

It’s affecting everyone – 2018 breaches Update on Ransomware Technology

Source: Datto Update on Ransomware Technology

Source: Datto Update on Ransomware Technology

Source: Datto Update on Ransomware Technology

91% Of Cyber Attacks Start With A Phishing Email Update on Ransomware Technology

SPAM/Phishing Emails Lack of Employee Training Malicious Websites/Web Ads Other Lack of Security Source: Datto Update on Ransomware Technology

Phishing Emails Example 1 Example 2 Beware of sender & links ! Beware of attachments ! Update on Ransomware Technology

Sample Ransom Demand Update on Ransomware Technology

Whaling Emails Convince executive that the email requires urgent action by following a link to a fake website Enter confidential company information and passwords to carry out fraudulent activities

Whaling Executives TheWindowsClub.com Update on Ransomware Technology

SMS Text Cyber Attacks Update on Ransomware Technology

What do Hackers target? • Valuable data to target ฀ Credit card information ฀ Client data ฀ Employee records ฀ Financial reports • Organizations with inadequate protection • SMB’s as a gateway to large corporations Update on Ransomware Technology

Risk Prevention Best Practices Update on Ransomware Technology

Steps to Cyber Security User Education and Awareness • Staff Training program Network Security • Maintain user awareness of cyber risks • Protect network from external and internal attack Home & Mobile Working • Develop mobile working policy and Malware Prevention train staff to adhere to it • Policies and defenses across entire organization Secure Configuration • Apply security patches and maintain Monitoring secure configurations • Continuously monitor all systems and networks for unusual activities Removable Media Controls • Policy to control access to removable media • Scan all media before importing into corporate systems Incident Management • Establish incidence response and Managing User Privileges disaster recovery capabilities • Limit user privileges and monitor user activity Update on Ransomware Technology

Enhanced Risk Mitigation EDUCATION PROTECTION RECOVERY Popular Precautionary Measures: 1. Identify Vulnerabilities - Risk Assessment 2. Train People - 1 st Line of Defense 3. Deploy Intrusion Detection & Intrusion Prevention Solutions 4. Backup … Backup … .Backup – Constantly & Frequently 5. Test Recovery - Data restoral process & results Update on Ransomware Technology

User Awareness Training Update on Ransomware Technology

END USER RISK MITIGATION BEST PRACTICES ฀ WEBSITES: Avoid visiting unsafe, suspicious, or fake websites ฀ WEB PAGES: Don’t click on a link on a webpage unless you absolutely trust the page or sender ฀ EMAIL: Don’t open emails and email attachments from people you don’t know, or that you weren’t expecting ฀ SOCIAL MEDIA : Don’t click on malicious or potentially bad links on Facebook, Twitter and other social media posts ฀ LOOK FOR TYPOS : Often fake emails and webpages have bad spelling, unusual spaces, odd symbols / punctuation or just look unusual. • Ex:“PayePal” instead of “PayPal” • Ex. “iTunesCustomer Service” instead of “iTunes Customer Service” General Rule: If you’re unsure – don’t click it! Update on Ransomware Technology

System Mitigation Tools Detect | Prevent | Mitigate Update on Ransomware Technology

rethink BACKUP start thinking CONTINUITY Update on Ransomware Technology

Source: Datto Update on Ransomware Technology

Where do we go from here? Option 1 Option 2 Engage Security Experts ฀ Conduct Security Risk Assessment ฀ Train your Employees ฀ Protect network and devices ฀ Keep software up to date ฀ Create cybersecurity policies ฀ Back up data frequently ฀ Test restores ฀ Enable Uptime Update on Ransomware Technology

Risk Mitigation Best Practices ✔ Assess ✔ Educate ✔ Reinforce Awareness ✔ Measure Your Employee’s Security Effectiveness ✔ Create Human Firewalls ✔ Create a security awareness culture Update on Ransomware Technology

Contact Information Justin Schwartz 917-647-3431 jschwartz@tomorrowsoffice.com Brian T Campbell 845-418-4829 Brian.Campbell@rocklandpros.com Update on Ransomware Technology