Getting infected by ransomware is extremely alarming but panicking will only make it worse! If you see a notification on your screen that says the computer is locked or your files are encrypted, don’t start clicking on anything. Take a step back and see your options. There are numerous steps that can help you gain control of your system (Windows) and files before you decide to pay the ransom.

P.S If you are a part of an organization and a victim of a ransomware attack, then we recommend getting a full-fledged Root Cause Analysis done on your system. This will avoid a second attack from the hacker on the compromised machine. Call us at +971 4 2415888 or +971 50 8865252 for a Root Cause Analysis to best help your business.

What kind of ransomware is it?

You'll have to find out if you've been struck by encrypting ransomware, screen-locking ransomware, or something that is pretending to be ransomware. Check if you can still access your files on the desktop or in My Documents folder.

It is a screen-locking ransomware if you cannot pass the ransom note on your screen or the note claims to be from a government security agency accusing you looking at pornography or filing false taxes and asks for a “Fine” (which isn’t half-bad).

It is an encrypting ransomware If you are able to browse through directories or applications but are unable to open office files, media files or emails (which is scary).

It is a fake ransomware attack if you can both explore the system and read most of your files. Just ignore the ransom note in this case because someone is toying with you to get some money. In such a situation, try closing your web browser. If you can’t, press the CONTROL, SHIFT and ESC keys at the same time to open TASK MANAGER. Choose the APPLICATION tab, right-click on the Browser Application and click on END TASK.

Should I pay the ransom?

Keep in mind that if it’s a screen-locking ransomware, DON’T PAY THE RANSOM. Most security experts including Microsoft advise against paying the ransom because there is no guarantee that you’ll get your files back after paying. This only encourages more attacks.

On the other hand, if you need to recover business, medical or legal documents, family photos or other important files, paying a small amount may be a possible option because sometimes ransomware criminals unlock the files after receiving the ransom. We’d suggest staying neutral to the situation and decide accordingly depending on the impact.

How to handle Encrypting Ransomware

Bear in mind that this is the most common and most harmful kind of ransomware, so implement these steps in the same order.

1. Disconnect your computer (but DON’T SWITCH IT OFF) from any devices including external disks. Go offline if you are on a network to avoid spreading the ransomware on your local network to other phones or file-syncing facilities.

2. Take a photograph of the ransom note on your screen using your phone or a camera. Try if you can take a screenshot, if yes, do that also.

4. See if deleted files can be recovered. Many types of ransomware encryption duplicate your documents, encrypt copies and delete originals afterwards. With instruments like the free ShadowExplorer you may be able to retrieve deleted files.

5. Find out which type of encryption ransomware you’re dealing with. If the ransomware has not announced its own name, then try the online tool, Crypto Sheriff or Ransomware ID, for the same. They both allow you to upload encrypted files and tell you whether the encryption is reversible or not.

6. Check if there are any decryption tools available. If you get to know the name of the ransomware then head over to No More Ransom website and explore the list of decryption tools to possibly find any matching decryptor.

7. Try restoring your files from a backup that is IF you regularly back up your computer. But before you do that, ensure that the backup files aren’t encrypted as well. Plug a backup drive into another computer or log in to an online backup facility, to check the files.

If everything looks good, you will have to wipe the drive completely, reinstall the operating system and then restore these backup files.

P.S If this process doesn’t work, you may have to either pay the ransom or surrender the files.

8. If you plan to pay the ransom, try to negotiate first. Usually, the ransomware notes come with instructions to contact the criminals running the malware. If that’s your case then contact them and strike a deal for a lower ransom. It works, contrary to what you think.

Once the deal is final, follow the payment instructions. Now, there still isn’t a guarantee that you will receive your files but most sophisticated ransomware criminals stay true to the deal.

9. If you can cut the cord on the files then reinstall the operating system. You might have to use installation CD disks/USB sticks to install the OS unless its WIndows 10 because that has a “Factory Reset” option.

10. Definitely file a police report. Even though it sounds lame, it is an important legal step in order to file a lawsuit or an insurance claim related to the ransomware attack. This also helps authorities keep an eye on futures attacks.

To find out more call us at +971 4 2415888 or +971 50 8865252

How to handle Screen-locking Ransomware

Although screen-locking ransomware isn't as frequent as it was a few years ago, it still comes up now and again. Follow these steps to deal with it.

1. Disconnect your computer (but DON’T SWITCH IT OFF) from any devices including external disks. Go offline if you are on a network to avoid spreading the ransomware on your local network to other devices.

2. Take a photograph of the ransom note on your screen using your phone or a camera. Try if you can take a screenshot, if yes, do that also.

3. Reboot your system in Safe Mode by simultaneously pressing the POWER button and the S key on the keyboard. Run an antivirus software to remove the ransomware when the computer restarts.

4. If Safe Mode doesn't work, try System Restore. Most Windows computers allow you to roll back to the last known good state.

If you are unable to access the recovery screens but have the installation disk or USB stick for that variant of Windows, reboot from it and click Repair Your Computer instead of installing the OS.

5. To clean out your system completely, run an antivirus software one or more than once.

6. File a police report. This might sound pointless, but it's an important legal step if you want to file a lawsuit or an insurance claim related to the attack. This also helps authorities keep track of future attacks.

If nothing works and you’re still scared, then contact us!

Don’t wait for things to get worse if you cannot figure out how to deal with ransomware on your own. Call us straight away at +971 4 2415888 or +971 50 8865252 immediately. We provide 24x7 ransomware and malware support!

Statistics indicate that cybersecurity is a legitimate danger to small companies, but small businesses don’t always act on that knowledge. According to the 2018 Hiscox Small Business Cybersecurity Report, 47% of small businesses experienced a cyber attack in the past 12 months. Cybersecurity is a serious concern, yet the report shows only 52% of businesses have a cybersecurity strategy.

Unfortunately, this “out of sight, out of mind” mentality can have terrible implications for small businesses. If you don’t effectively protect your business from cybersecurity threats, you may lose critical data about your business while damaging your brand and losing money.

Occasionally cyberattacks can be so bad that you eventually go out of business. An absence of understanding and concern is one of the biggest reasons small companies avoid putting resources to cybersecurity. It just sounds complex to use the word “cybersecurity” but it doesn’t have to be a daunting job to protect your business from cybercrime.

Cybersecurity audits

Start by finding out if your company is well-protected against cyber attacks or not? Maybe you are secure in some areas but lacking in others? It’s best to start by understanding where you can improve.

While most of the initiatives that a small business can take may require more than an hour to implement, it might be worth spending an hour doing a fast audit of what cybersecurity measures you already have. The first and most important step is to formulate an acceptable use policy for devices, data and the network access to your employees.

If a lack of understanding is the reason your company avoids taking cybersecurity initiatives, get in touch with Digital Insights to help you with your cybersecurity plans. Ignoring cybersecurity is not a lawful excuse just because your team lacks technical expertise. There is always a solution!

Train your employees

Training your staff correctly is the fastest way to safeguard your company from cyber-attacks. Some companies may image a foreign hacker taking exceptional steps to break into the network of a small business, but this is generally not the case. A basic phishing email may compromise your small business in many situations. Basic security measures often deter effective attacks. If you forget about big hackers for a moment and realize that emails and employees are usually the number one causes of breaches for SMBs. If SMBs spent just one hour, training their staff on basic internet hygiene like spotting phishing emails, good browsing practices, not downloading suspicious files or clicking links, it would definitely improve their cybersecurity.

Small businesses should also be prepared to prevent ransomware attacks, which occur when malware infects your computer and locks it down until a ransom is paid. Even though using anti-malware software is a good way to prevent these attacks, sometimes hackers slip right through them. We recommend backing up all your files regularly and never pay the ransom should your business be attacked. For intense situations, Digital Insights offers multiple solutions for ransomware attacks and ways to avoid them.

Improve your password strength

Having a strong password may seem like a redundant tip to small businesses but honestly, it is really important and constitutes to avoid brute-force attacks. If you’re only looking for one way to improve your cybersecurity, this is a good place to start, by keeping strong passwords. We recommend keeping a complex password with letters, numbers and symbols and even better to use complicated combinations of these. If you’re afraid of forgetting, write it down in a phonebook (old school style) and not save it on online notes. It may seem unimportant but long passwords with different symbols and capitalization of letters tend to combat brute-force attacks.

A common mistake that employees and people in general make is using the same password across several platforms and websites. This does more harm than good because it increases the possibility of your data being compromised. Strengthening your organization’s passwords immediately reduces the risk of a successful cyber attack against your business, and it doesn’t take long.

Implement multifactor authentication

Multifactor authentication offers an additional layer of safety to protect your accounts beyond a username and password, generally by requiring you to enter a code sent to your mobile device or by providing a distinct safety key to your hardware. Most internet banking and loan card services, like email and social media services, give this capacity. It requires just a few minutes to enable this additional safety protection and protects your significant accounts by making sure that you access the account, not a cybercriminal who stole your password. Two-factor authentication in tech products is not difficult to enforce or look for and can assist avoid cybersecurity assaults by using it.

So, if you are a small-medium business looking to improve your cybersecurity then this is a good place to start. According to SiteLock’s annual security report, the average website is attacked 62 times a day. There is no room for excuses or overconfidence of “it won’t happen to us” in terms of cybersecurity in 2019. The no. of cybercriminals and cyber attacks have tremendously and increased and there is no hiding from it.

#cybersecuritytips #digitalinsights #cyberaware #cybersafe

We have heard multiple incidents involving large corporations experiencing massive data breaches in the news but you don’t often do you hear reports about the hacking of small business. Why? Because these attacks aren’t public knowledge. Many small businesses and entrepreneurs don’t realize that their company is just as at risk for cyber-attacks as larger companies. According to a report by Verizon, 61% of data breach victims were small businesses!

Breaches at big corporations like Yahoo, Target etc make the headlines but smaller enterprises are still a target for hackers. A senior security researcher at antivirus software company ESET, Stephen Cobb, said that small businesses fall into hackers’ cybersecurity sweet spot: They have more digital assets to target than an individual consumer has but less secure than a larger enterprise.

Since small enterprises are known to be less careful about their cybersecurity, it makes them an appealing target for hackers. According to Towergate Insurance, small businesses often underestimate their risk level, with 82% of small business owners saying they’re not targets for attacks because they don’t have anything worth stealing. This laid back attitude and lack of interest and investment into cybersecurity measures are why small businesses are easy to attack. Say, for example, there is a major data breach and the owners of this SMB are forced to pay the ransom attack to get the data back.

Why? Because such a security breach is devastating to small businesses and it could potentially put them out of business! Lastly, keep in mind that small businesses are often the key to gaining access to larger businesses with which SMBs work.

Types of cyber attacks

Usually, the big goal of a cyber attack is to steal and exploit sensitive and confidential data like credit card information or a person’s credentials which leads to manipulating their identity online. This is not the exact list of potential cyber threats mainly due to the ever-evolving hacker techniques but business should be aware of the most common types.

APT: Advanced persistent threats, or APTs, are long-term targeted attacks in which hackers break into a network in multiple phases to avoid detection. Once a target network is accessed by an attacker, they operate to stay undetected while creating their foothold on the system. If a violation is identified and repaired, the attackers have already provided additional paths into the system to allow them to continue plundering information.

DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests until it shuts down the target’s website or network system.

Inside attack: This is when someone with administrative privileges, generally within the organisation, is deliberately misusing their credentials to obtain access to private data about the business. In particular, former staff pose a danger if they leave the business on bad terms. Your business should have a policy in place to revoke all company data access instantly upon the termination of an employee.

Malware: This umbrella term is short for “malicious software” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access. Malware types include viruses, worms, trojans, spyware and ransomware and knowing this is essential to choose which kind of cybersecurity software you need.

Password attacks: There are 3 main types of password attacks: a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a program to try different combinations of dictionary words; and key logging, which tracks a user’s keystrokes, including login IDs and passwords.

Phishing: Perhaps the most frequently used type of cyber theft, phishing includes gathering delicate data such as login credentials and credit card data through a website that looks legitimate (but actually fraudulent), often sent in an email to unsuspecting people. Spear phishing, a sophisticated form of such an assault, needs an in-depth understanding of particular people and social engineering in order to gain their trust and penetrate the network.

Ransomware: Ransomware is a type of malware that infects your machine and demands a ransom. Typically, Ransomware either locks you out of your computer and demands payment in return for access or threatens to post personal data if you do not pay the given amount. Ransomware is one of the fastest-growing kinds of safety breaches.

Zero-day attack: Zero-day attacks are unknown faults and exploits in software and systems found by attackers before the problem becomes known to developers and security executives. For months, even years, these exploits can go undetected until they are found and repaired.

Security solutions to look for

Installing Antivirus software is the most common and will defend against most types of malware. Firewalls, which can be implemented using hardware or software, provide an additional security layer by stopping an unauthorized user from accessing a computer or network.

The first is a data backup solution so any data that is damaged or lost during an infringement can be readily retrieved from an alternative place. The second is encryption software to protect vulnerable data such as staff documents, client/customer information and accounts. The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking.

Learn more about cybersecurity solutions for small businesses here. Ultimately, having a safety-first mentality is the best thing you can do for your company. Small businesses are not supposed to be excluded because of their size from falling victim to a violation.

#cyberaware #cybersecuritytips #digitalinsights #cyberattacks #ransomware #phishing #ddos #malware #SMB