Ransomware Statistics: What Ransomware Can Cost Businesses

Ransomware Statistics: What Ransomware Can Cost Businesses

How Does Ransomware Work?

The topic of ransomware has been huge in the last year, and public awareness of this once obscure method of cyber crime has peaked in recent months.  But how does ransomware work, and what exactly does it do?

Ransomware is a malicious program or string of code that encrypts all the file on a computer system and effectively locks them up.  Access to these files is impossible without an encryption key, which is offered in exchange for a ransom.  Attackers usually request that the ransom be paid through anonymous means such as bitcoin or other cryptocurrency.

The encryption used in most malicious ransomware attacks is essentially unbreakable.  Only in a few isolated cases have security professionals been able to break the encryption.  Not all ransomware is the same, either.  There are many different malware programs that go by various names and use various means to encrypt victim data; Locky, CryptoLocker, TeslaCrypt, SimpleLocker, and WannaCry are some of the names that have been used over the years for the different programs.

Some Sobering Ransomware Statistics

The numbers are alarming when it comes to the latest ransomware statistics.

  • Out of 582 cybersecurity professionals, almost 50% do not believe their organization is equipped to withstand a ransomware attack.
  • Ransomware attacks total almost $75 Billion in damages to businesses.
  • The average cost of a ransomware attack on a business was $133,000.
  • 75% of companies that were infected with ransomware were running up to date endpoint security.

Source: PhoenixNap.

Examples Of Costly Ransomware Attacks

Ransomware attacks almost all sectors and industries.  In February of 2018 Colorado’s Department Of Transportation (CDOT) was crippled by a ransomware attack that infected almost 2,000 computers, costing the city between $1 and $1.5 million to only partially recover.  It took over two weeks just to contain the ransomware, and another two weeks to get systems back online.  There were between 50 to 150 people working on fixing the issue at any one time.

The city of Atlanta was crippled by the SamSam ransomware in early 2018, and it cost over $2 million USD in government funds total in order to deal with the crisis, which debilitated city resources for several days.  At the time, the ransomware attackers wanted about $50,000 USD in Bitcoin.

Why Not Just Pay The Ransom?

You may be looking at those numbers from the Atlanta attack and wonder why the city wouldn’t just pay the $50,000 instead of spending $2 million cleaning it up.  However, the FBI and law enforcement officials contend that paying the ransom is not always the easiest move.

First, you have to trust that the attackers will actually give you the key in return for payment.  The anonymous nature of bitcoin means that you could send the money and never hear from the attackers again.

Another challenge is in regards to actually decrypting the data itself.  Decrypting data is slow – it can take upwards of a week to decrypt a 1 TB drive, even with the proper key.  Downtime due to this can be incredibly costly for many businesses.

The True Cost Of Downtime And Reputation

Although monetary damages can be enough to set even a well-insured company back to the point where recovery may ruin the business, another cost that is hard to measure is in terms of reputation and downtime.  How much would it cost your business to be out of commission for several days to a week?  The loss in profits and business should be added to the cost of cleaning up the malware.

Another cost that is hard to put a figure on is reputation.  Will your clients lose trust in your business if you lose valuable data?  Will patrons of a hospital or medical center be wary of returning if their medical data falls into the wrong hands?

Don’t Think You’re “Too Small” To Be A Target

The nature of ransomware makes it easy to distribute for attackers, and therefore they won’t stop at attempting attacks on smaller businesses just because they are small.  Sometimes smaller businesses are more apt to pay the ransom because they don’t have the resources to hire and expensive IT company to help them clean up and get back in business.  This can make attacking smaller businesses more appealing to cyber criminals.

What Is The Best Ransomware Protection?

The best ransomware protection is having a solid backup and recovery system.  Utilizing the 3-2-1 backup system involving at least one off-site and insulated backup, most businesses can mitigate the costs of a ransomware attack.  It also reduces the likelihood that priceless data will be lost in the event of an attack.  It is all too common for many businesses both large and small to neglect having a solid backup and recovery strategy in place.

Additionally, having adequate security as well as ensuring all systems and software are up to date are critical in terms of preventing attacks.  The question of how to avoid ransomware in the first place is also raised quite often, and the answer lies heavily in ensuring that employees have a basic understanding of how to spot suspicious files, emails, and other protocol.

If you are in the southern California area and want a consultation on ensuring that your business is protected from ransomware, contact AMA Networks today for a free assessment.

Maintaining Data Security In Cloud Computing

Maintaining Data Security In Cloud Computing

With more and more businesses and companies moving to cloud computing solutions it’s important to understand the basics of maintaining data security in cloud computing.  Hackers aren’t looking for financial and credit card information as much as they used to—they are looking to obtain sensitive data that they can hold for ransom.  Much of the time these hackers can access this data through security holes in cloud data storage that have been overlooked.  It’s crucial that businesses take a hard look at how thorough their cloud security is and how employees are briefed on proper usage of cloud storage systems as well as virtual servers and software.

There’s a common misconception that cloud computing is less safe than traditional networks.  But this isn’t the case.  In most data breaches it’s an obvious oversight that leads to a breach in the first place.  The key is to ensure that you have all your bases covered when it comes to points of contact and the links you have within your network.

Examples Of Cloud Data Breaches

There are many examples of companies getting caught with less than stellar cloud security protocol.  Oftentimes it’s a small oversight that leads to big-time losses as cyber criminals are quite adept at sniffing out even the tiniest of holes in a security plan.

In April of 2018, cloud-based compliance resource company ComplyRight experienced a data breach affecting more than 76,000 customers which compromised names, social security numbers, dates of birth, phone numbers, addresses, and email addresses.  Although ComplyRight didn’t specify how the breach happened, security researcher and reporter Brian Krebs suspects that their tax filing website efile4biz.com was hacked and malicious code installed to capture information as it was entered into the website–before it could be passed on to any sort of encryption protocol.

Krebs goes on to write: “While ComplyRight hasn’t said exactly how this breach happened, the most likely explanation is that intruders managed to install malicious code on the efile4biz.com Web site — malware that recorded passwords entered into the site by employers using the service to prepare tax forms.  Translation: Assurances about the security of data in-transit to or from the company’s site do little to stop cyber thieves who have compromised the Web site itself, because there are countless tools bad guys can install on a hacked site that steals usernames, passwords and other sensitive data before the information is even encrypted and transmitted across the wire.”

Thus the obvious point: no matter how secure of an encryption protocol your company has on data in transfer, the data is only as safe as its weakest point of contact.

Cloud Data Protection Steps For Businesses

So is your data safe in the cloud?  The short answer is yes, with a caveat; you must ensure that no stone is left unturned when examining your network for security vulnerabilities.

Outsource Your IT Security

Since your data security is only as strong as your weakest link, it’s important to ensure that you are treating it as a top priority.  If your company’s in-house IT staff is too busy with tasks related to just keeping the servers online and systems running properly, then it might be too much to ask for them to also ensure that the IT security is properly tested and covered.  This is a common problem for small businesses as well as public organizations such as schools that have limited budgets.  This is where outsourcing your IT security could save you from a costly breach in the future.  Allowing professionals to take over security concerns can be more effective than having an already overburdened in-house IT staff try to do it.

Educate Employees

Oftentimes unsavvy employees can get tricked into falling for phishing schemes and other sophisticated email and phone attacks that can allow hackers access to vital information or logins.  Ensuring that your employees are cognizant of cloud security issues and threats is an excellent way to head them off before it becomes a problem.

Ensure Your Business Is Ready For Cloud Computing

Security protocols for in-house networks may not always be adequate for cloud-based infrastructure.  You’ll likely need to examine your current systems to ensure that they can handle cloud-based security standards.  In some cases, hardware or software must be upgraded in order to ensure that basic security levels are maintained.  This is especially true if you want to take advantage of server virtualization.

Vet Third-Party Vendors Carefully

When doing business with third parties you must do your due diligence in selecting only those that place security at a very high importance level.  In December of 2018, Baylor Scott & White Medical Center – Frisco reported that a security issue with a third-party credit card payment vendor had compromised the financial data of 47,000 patients.  In this case it was the security negligence of a third-party contractor that caused problems for the hospital.  This type of breach is a big problem for medical providers in particular due to the number of third-party vendors that they typically use.

Strengthen Your Cloud Security With An Outsourced IT Company

With threats becoming more numerous by the day it can be very hard to keep up with IT security standards and methods of prevention.  Letting a dedicated IT company manage your cloud security is an excellent way to ensure that a data breach will never be an issue.

If you’re a Southern California business or organization and need help moving to the cloud or ensuring that your current cloud-based systems are compliant and up to date with the latest in security protocol, give AMA Networks a call today.

Planning On Failing: The Importance Of Network Disaster Recovery Planning For Your Company

Planning On Failing: The Importance Of Network Disaster Recovery Planning For Your Company

Businesses and organizations both large and small rely on their data systems to function.  In the event that these systems are compromised it can be incredibly costly to conduct data recovery, and those companies who decide to put off setting up a disaster recovery plan can end up paying a huge price.  According to San Diego-based AMA Networks owner Amir Hadziosmanovic data loss due to malware, ransomware, and scams are currently the biggest threats to the IT security of companies.

“The biggest global threat to business cyber security today is malware or ransomware. Company data is their nucleus, and a malware/ransomware attack has the potential to take out even the most stable business in the world in matter of minutes–think Home Depot, Aetna, Target, etc,” says Hadziosmanovic.

Attacks Are Alarmingly Common

Although current data suggests that malware and ransomware attacks are increasingly and troublingly common, many of them are not even reported—suggesting the actual number of attacks is much larger.  “According to the IT community, MSP forums and general IT discussion, ransomware and malware attacks on business are more frequent and they will continue to be,” says Hadziosmanovic.  “So many incidents that we do not know about are not reported because the payout amount was below $500. Average ransomware request is between $500-$2,000 and 20% of them are over $5,000.”

And if you don’t pay the ransomware or your data is non-recoverable by normal means due to a fire or flood it can get incredibly costly.  “There was a study completed by Datto in 2016 that suggested downtime from malware and ransomware can cost a small business as much as $10,000. Some say it is $1,000 per hour if you hire some of the big recovery firms to help you. According to the FBI Internet Complaint Center there were nearly 2,500 complaints registered in 2015 resulting in about $1.6B in damages,” says Hadziosmanovic.

It’s important to weigh the cost of putting proper disaster recovery in place vs how much it would cost to lose everything.

You’re Never Too Small To Be A Target

Never think that you won’t be a target, whether it’s the size of your business or your industry.  “The old school mentality “I am too small” for the hackers is no longer acceptable,” says Hadziosmanovic.  “You are a business, you make money, therefore you are fair game. If hackers can hit up 10,000 small business and every one of them paid $1,000 ransom, that would equate to a very nice paycheck for the hacker of $10,000,000.”  And it’s true; hackers often spread their nets very wide in an attempt to target hundreds of thousands of businesses at once in an effort to get a few to bite.

What Is The Best Method For Disaster Recovery?

So how can a company take steps to prevent data loss, theft, and extortion?  Planning ahead is the biggest step.  Implementing a plan of action in case your business suffers a catastrophic loss is essential to preventing the loss of money, time, and customer trust.

Establishing a disaster recovery and backup plan is tempting to put off because it’s not technically necessary for a business to have in order to operate.  You can hum along just fine without one.  However, this can leave you high and dry in the event of an emergency.  You don’t want to join the throngs of people Googling “hard disk recovery”, “ransomware recovery”, or similar.  Setting up a plan of action is also cheaper than recovery.

Additionally, ensuring that security best practices are followed by your team can also help prevent “zero day” threats, or new threats that use phishing and scam tactics to gain access via human error.

Hire The Pros

Hiring a professional IT company to custom-tailor a BDR (Backup Disaster Recovery) solution fit to your needs and budget is the most cost-effective way to ensure that your business will be protected from both cyber threats as well as natural disasters such as earthquakes, fires, and floods.

Test, Test, Test

According to Hadziosmanovic, it’s important to ensure that these backup disaster plans are tested multiple times throughout the year to ensure that they are working properly.  At AMA Networks in San Diego, when BDR plans are set up for companies they are tested for redundancy multiple times throughout the year, and often they can have a company back up in a few hours or even minutes.

San Diego Data Recovery And Planning For Businesses And Organizations

If you are a Southern California or San Diego based business and you’re interested in hiring a professional IT company to handle your backup disaster recovery planning, AMA Networks is a great choice.  “AMA Networks has helped companies implement this solution across multiple vertices; construction companies, healthcare providers, government subcontractors, professional services, government agencies, and more,” says Hadziosmanovic.  “AMA Networks will test your BDR and BC solution 2-4 times a year and ensure proper testing and failover for both BDR and BC solutions.”  Contact AMA Networks today to get a free assessment!

AWS Security Best Practices

AWS Security Best Practices

With the advent of Amazon’s cloud technology, it has become very easy for businesses to be more flexible and enhance the sharing and usage of files and applications.  However, there are certain things that companies need to be aware of when it comes to the security of the cloud.  According to security expert and writer Brian Krebs, it’s increasingly common for hackers to steal files from unsecured AWS accounts and hold them for ransom.  And this is even when a company knows about the risks.

In order to prevent your business from falling victim to hacking or extortion it’s important to follow some important AWS security best practices.

Understand Security Responsibilities

Many Software As A Service providers (SaaS) will handle the security on their end – anything going on in their software will be secured as will the data going to and from.  However, certain cloud technology providers such as Amazon’s AWS leave the security and access controls of the storage up to the users in the “shared responsibility model”.  This means that companies and users are responsible to ensure that their ecosystem in AWS has the proper security setups in place to prevent data breaches.

In one example the company All American Entertainment, a public speaking contractor, had left thousands of speaking contracts in an unsecured Amazon S3 folder.  They were not technically “hacked” in the traditional sense, but the company was publicly exposed as having left secure files out in the open by a security researcher from NightLion Security.

Not all companies end up getting exposed by a “white hat” security researcher, and instead have their files seized and held for ransom by hackers.

Ensure That User Roles Are Defined

Defining user roles is very important for access control.  Taking advantage of temporary access roles in AWS is a great way to ensure that you don’t have to manage a large amount of user roles in the future.

Never share primary AWS access credentials; instead, use the Identity and Access Management (IAM) tools to create unique roles for users.  These various users are then easily managed by the Admin.

Take Advantage Of Multi-Factor Authentication

As a second layer of security it’s a good idea to set up two factor authentication for both the Admin AWS login and the IAM users in your AWS account.

Control S3 Buckets Via IAM Credentials

The default mode for Amazon S3 buckets for cloud storage is to only allow the creator access to them.  Do not make these buckets public, as that means that anyone on the internet can have access to the files. Use IAM credentials to ensure that only proper users have access. If you do need to make them public, ensure that your have a proper reason to do so and that there aren’t any other sensitive files in the bucket.

Make Use Of The AWS Trusted Advisor

The Trusted Advisor is a tool that can let you know of possible misconfigurations of security in your AWS environment. Another great tool that can be helpful is Netflix’s Security Monkey, which monitors AWS accounts for policy changes and can alerts admins of insecure configurations in their setup.

Hire An IT Security Team If You’re Unsure

If you’re not sure that your AWS setup meets proper security guidelines, contact your local IT services company and ask them for a review of your setup.  It’s better to be safe than sorry when it comes to handling sensitive data.  Security breaches can be very costly for companies in terms of both reputation and money.  All forms of hacking and extortion schemes such as tech support phone scams and phishing attempts are getting more and more sophisticated and difficult to detect.

If you’re a San Diego business or company unsure about any of the topics in this post or wondering if your AWS setup is secure, feel free to give AMA Networks a call for a free assessment and to see whether or not we can help you with your cloud security.

Tech Support Phone Scams Are Getting More Sophisticated

Tech Support Phone Scams Are Getting More Sophisticated

Think phone scams died off along with landlines?  Think again.  Phone scams are still alive and well, if not more so than in years past.  These scammers are now using specific knowledge acquired through hacking and weaving that personal information into their calls to seem more authentic to their victims.  And it’s working.  Phone scam calls are on the rise, and it can be increasingly difficult for unsavvy people to identify them.  These scammers target both individuals as well as businesses and companies.

In addition to the famous IRS phone scam that has been making the rounds in the past few years, there have been an increasing amount of fake “tech support” scams, with criminals posing as tech support agents from popular companies such as Dell and Microsoft.

Tech Support Scammers Use Your Personal Data To Seem Convincing

In one instance a scammer was able to tell their target the last time the target had called Dell customer support, what the issue had been about, and provided their Service Tag Number and Express Service Code.  Clearly that scammer was quite sophisticated.  The person on the receiving end, thankfully, was savvy enough to know that this was in fact a scam.  However, can you be sure that all the employees in your company have the know-how to spot these types of calls?

Scams are one aspect of IT security that can sometimes elude business owners because they’re not always that obvious or talked about.  Employee education of common scams and basic computer security practices is a simple but effective way of preventing not only phone scams but email phishing and other forms of intrusion that happens on an employee-enabled level.

Oftentimes business owners doing all their own IT themselves might fall victim to these sophisticated scams because they simply don’t know the ins and outs of computer security–and that’s ok!  One person can’t be good at everything, and not all business owners can be expected to be computer experts as well.  The same goes for your employees.  If you think that any of your employees might be the type to fall victim to phishing or phone scams, it might be a good idea to educate them.

Hire A Managed IT Service Provider To Avoid Scams

One way to remove yourself and employees from the IT security “chain of command” is to hire a managed IT services company to handle all your IT needs–including security.  That way you’ll know that any random calls or email solicitations received can be forwarded to the IT company.  You can let them handle it from there – a good IT security team can sniff out a scam in seconds.

A good IT security team can also ensure that your entire network is as secure as it can be, is following various AWS security best practices and other cloud security measures, and is up to compliance standards for the industry that your business is in.

Methods Phone Scammers Use

Malicious Computer Access:  Computer access is a big one for these sophisticated scams.  In the above story the “Dell” tech support agent requested the victim to access a website from the command prompt of his computer, which almost certainly would have resulted in some sort of malware intrusion.  If an employee allows one of these phone scammers access to a company computer it could lead to a huge data breach disaster which could be incredibly costly.

Asking You For Money For Phony Or Pirated Software:  Scammers may also pose as big brand tech support agents in order to sell you software, which in some cases may be pirated software or hacked software that does not have a legal license.  One commenter on the above-linked article indicated that he had been upsold thousands of dollars’ worth of Avast security software and other services such as insurance and Windows security.  Avast then contacted him and told him he was using illegal copies of the software.

Having You Enter Payment Information Into Phony Websites:  Scammers may also simply try to get you to enter payment information into fraudulent websites so they can capture and use this data later.

The Most Common Scams In 2017 and 2018

Here are a few of the most common scams currently making the rounds:

  1. “The IRS is filing a lawsuit against you” – This scam uses a computerized voice informing victims that the IRS is filing a lawsuit against them and that local law enforcement will arrest them unless they pay a fine. This one often tricks many immigrants and elderly people.
  2. The “Can you hear me?” or “Say Yes” phone scam – This scam is very, very tricky. The aim is to get the victim to say yes, and scammers will use the recording of that person saying yes to authorize purchases made in the victim’s name.
  3. The tech support or “your computer has a virus” scam – This scam is what much of this article has been about. Scammers inform a victim that there is a virus on their computer or that they are representing tech support from companies such as Dell or Microsoft.  Scammers attempt to gain access to a victim’s computer through directing the victim to malicious websites, or they attempt to acquire financial information.
  4. The “information verification” scam – Scammers will call a victim and pose as an agent from an insurance company, telling the victim that they simply want to verify information on file.

Tips To Avoid Becoming A Victim:

  • Do not trust unsolicited calls. If you need tech support, contact the company yourself.
  • If you receive an unsolicited call that asks you to click links or hand over personal information, hang up. Companies such as Microsoft do not make unsolicited calls to consumers asking for this type of information.
  • Obtain any software that you purchase directly from the vendor website.
  • Hire a managed IT company to help you ensure that all network and computer security is up to current standards and hand off any calls or information to them.

If you think hiring an IT company to manage your network security, AMA Networks might be a great option.  AMA Networks is an IT Security services provider in the San Diego area, helping dozens of businesses ensure that their IT systems are secure and compliant with national industry regulations.  Call for your free assessment today!

Why Is Cyber Security Important?  Can You Be 100% Secure?

Why Is Cyber Security Important? Can You Be 100% Secure?

The Overall Increase In Cyber Security Necessities

It seems like every year there is a new must-have security measure in place.  Whether it is changing your password every thirty days, or requiring a one-time authentication code, or mandatory two factor authentication for some websites, the IT security industry is constantly trying to outwit the cyber criminals that are constantly nipping at the heels of unwitting victims.

There’s no question that people consider cyber security to be important.  However, the difference lies in how far people and companies are willing to go to ensure that they have a secure infrastructure and environment.  The fact that many companies don’t even have a solid backup strategy in place shows that while they consider security important, they seem to think that it is something that won’t happen to them.

There’s No Such Thing As Perfect Code

Why is it so hard to have a perfectly secure computer system?  The answer lies in the fact that code is written by humans, and humans simply can’t write perfect code.  Perfect code is impossible in part because it can be impossible to even get two people to agree on what perfect code even is or looks like.  These same people could have totally different ideas.  It is estimated that the industry average is approximately 15-20 errors per 1000 lines of code.  And that is a lot!

Beyond just code, software and applications have architecture and design that has been developed by humans, and thus are imperfect.  It is hard for one person or even a team of people to conceive of every possible way a line of code or vulnerability could be exploited.

Why Systems Can Never Be 100% Secure

Because of how complex computers are, and the fact that they are made up of components that have been designed by different teams in different ways, it is almost impossible to make everything completely secure.  Even software that runs in the OS has millions or billions of possible different interactions depending on how users decide to run them.  These can never all be accounted for.

Our computers are modern Frankensteins of highly complex code and hardware, and no two computers are even the same given tiny manufacturing variables or defects.

There was even the case recently where a Chinese computer hardware manufacturer secretly installed tiny chips no bigger than a grain of rice on hardware destined for computers in the United States Government.  Even the supply chain cannot be entirely controlled given that it is run by humans.

Best Cyber Security Policy Precautions And Best Practices

Security isn’t really an absolute – you aren’t either insecure or totally secure.  There is a gradient, and it pays to ensure that you’re striving to be on the “more secure” end of the spectrum.

If you’re running a business with a small IT team, outsourcing your IT security to a managed IT company can free up a lot of resources and give you the best bang for your buck.  These companies have seen it all and keep their finger on the pulse of the latest in terms of threats.  This is something that your in-house IT team might have a hard time with if they are also tasked with keeping the computer infrastructure running and assisting employees with computer issues.

You can also have a cyber security policy that is too invasive – if employees get sick of dealing with blocked websites and features, they will likely try to disable firewall features.  A balance of security and usability will provide the best environment for everyone involved.

How Having A Solid Backup Is The Best Security

By ensuring that your business and computers are as up to date and secured as possible within reason and you are following as many cyber security best practices that you can, you can also beef up your security by ensuring that you have an adequate backup and disaster recovery plan in place.  This ensures that even if you do suffer a breach you can recover without loss of sensitive data or have to endure too much costly downtime.  The costs of breaches such as ransomware attacks can be truly astronomical.

Establishing Better IT Security

If you’re a Southern California business that wants to improve their overall cyber security presence and strategy, then AMA Networks can provide a wide array of managed IT solutions.  From deciding on the best firewall for small businesses to setting up a proper backup strategy, AMA Networks can customize a plan for your business while taking into account your growth and future goals.  Contact us today for a free assessment.