Home Tags Posts tagged with "Ransomware"
Tag:

Ransomware

5 señales casi imperceptibles de que serás atacado por un ransomware

What to do if a Ransomware attacks me

 

How to know that Ransomware has infected me

Studies carried out on different victims of ransomware show that there are several signals that are repeated when looking through the telemetry records corresponding to previous weeks.

A meticulous analysis of the behavior of the system in the days prior to the moment of the attack, has shown anomalies that by themselves do not represent any danger; but in the inappropriate context they do act maliciously. These are legitimate network management tools, which are used by cybercriminals to set the stage for the attack.

The good news is that these small anomalies can be detected and considered as an important indicator of possible threats to the computer security of the future victim.

Without further ado, here are 5 signs that indicate a possible ransomware attack:

Network scanner, mainly on a server

Usually, attackers start looking for access to a server to find necessary information such as the domain name and / or the company; the type of administration rights that the computer in question has, among others. This, as long as it is a Mac or Windows.

Then they proceed to broaden the search to find out what data or resources are available on the network, and which one or more of them they can access. Before any unusual intervention of a network scanner, such as AngryIP or Advanced Port Scanner; it is best to seek help immediately and begin investigating immediately.

Tools that disable antivirus software

Once the attacker manages to get the network administration rights, the most common is that they try to disable the protective action of any security software with applications specially designed for that function, such as Process Hacker, IOBit Uninstaller, GMER, PC Hunter, among other.

While these are completely legitimate tools, they can pose a great threat to a company’s IT security when used by unauthorized personnel. Given the sudden appearance of this signal, the most recommended is, without a doubt, to carry out a deep analysis as quickly as possible.

Presence of MimiKatz

Any detection of MimiKatz should always be studied. Someone from the management team should be able to vouch for the use of MimiKatz, otherwise it would be a quick red flag. It is a tool that allows you to obtain credentials and for that reason it is widely used for hacking.

Microsoft Process Explorer is also sometimes used, a legitimate tool that lets you dump LSASS.exe from memory and create a .dmp file. This makes the attack even more effective, since it transfers the data to use MimiKatz on the attacker’s test machine to its own environment.

Suspicious behavior patterns

A detection that occurs daily and at the same time or that responds to any pattern is usually a sign that something may be happening, even when the malicious files are detected and removed. Generally, the fact that the attack returns regularly means that there is another, even more dangerous attack, which has not yet been detected.

Attack test

Sometimes the attacker uses a computer to do a test that allows him to measure the efficiency of his implementation methods, as well as the correct execution of the ransomware. When the security software detects and stops the attack, the test is usually repeated with another technique. Many times this happens hours before the real attack, so it is very important to react quickly to phenomena of this type.

If these 5 signals are present on your computer, then pay close attention to this cyberattack following the recommendations of our expert:

“Being attacked by Ransomware is one of the great challenges that sometimes we have to face; However, we can take the appropriate precautions to avoid these attacks, among which we have: make sure your firewalls are activated, avoid visiting suspicious websites and do not click on malicious links that come from email. An antivirus program can also help keep your company safe from any cyber attack”. Explains José Domingo Abogabir, CEO and General Director of Measured Security.

0 comment
0 FacebookTwitterPinterestLinkedinTumblrRedditStumbleuponWhatsappTelegramLINEEmail
cuatro-peligros-de-seguridad-informatica-que-podrian-estar-presentes-en-este-2020

What cybersecurity dangers lurk this 2020?

 

This 2020, the cybersecurity landscape becomes even more complicated, because each day techology revolutionizes our enviroment, making us more dependant of it.

This happens mainly in those companies that want to adopt these technologies in their informatic infrastructures, but afraid to being devoid and affected by any cyberattack that harms their infrastructure and risking company’s classified data, as well as having millionaire loses.

In the beginning of 2020, many companies have been involved in cyberattacks, going from most dangerous to least dangerous, nonetheless, we cannot stay still doing nothing, and we must be careful with these four computing security dangers that could be present in 2020:

  • Data leak: Data leak is occasionally related to cybercriminals themselves, but many times also are involved company’s employees, who accidentally share information or sensitive data. A similar situation happened august 2019 in Australia, when an employee accidentally sent to a provider a worksheet describing personal information of hundreds of people, including health care information.
  • Ransomware: It’s one of the most important attacks that all companies must counter, the ransomware. This malicious software is attacking more companies each day, including medium a big companies. It is estimated that in a future ransomware attacks will increase their levels and the trend is to increase further more, leaving big consequences worldwide in many organizations, including millionaire loses.
  • Weak passwords: Many companies worldwide conclude that weak passwords are one of the most vulnerable and easy targets for cybercriminals. In fact, Google revealed that 2% of a login information online are vulnerable due to the same fact. If you are gonna open a bank account, e-mail or any other access mechanism involving passwords, make sure that they are difficult to decipher, thus avoiding theft or data hijacking.
  • Phishing: Is one of the cybercriminals most used methods to steal personal data. Normally the most used method for this kind of illegal acts are e-mails, where the attacker infiltrates in the computing systems. Currently phishing attacks have increased a 200% this year. The ideal is to hire a Computing Security Agency that counters these attacks or educate people with necessary tools so that they are more prepared and avoid this kind of attacks.

If you are looking a cybersecurity company that brings you reliability and transparency to protect your personal files, contact us for free through the next link:

Click image:

0 comment
0 FacebookTwitterPinterestLinkedinTumblrRedditStumbleuponWhatsappTelegramLINEEmail
Seguridad cibernética 7 consejos principales para las PYME

Cybersecurity: 7 advices for small and medium companies

 

With the news headlines focused on big companies security breaches, it would be easy for small and medium companies (PYME) to suppose that its size keeps them out of a hacker’s radar, since they are not worthy for an attack. Unfortunately, when it’s about cybersecurity, small doesn’t mean safe.

The common error of saying that small and medium companies are not a target, it can often drive to weak security practices in organizations that lack experience and knowledge to insert simple security steps. Nevertheless, securing your business doesn’t have to come with a considerable price tag, so here are 7 advices in cybersecurity for PYMES.

Install the antivirus ¡EVERYWHERE!

Maybe an obvious advice since every organization has an antivirus in their systems and devices right? Unfortunately, very often they overlook business systems, like web servers. It’s important that PYMES considera ll its network points of entry and have an implemented antivirus in any server, as well as in employees personal systems.

Hackers are skillful to find wek points of entry and install malware, and antivirus software can be useful as a last resort defense, but it’s not a silver bullet. Through continuous monitoring and pentest, organizations can identify weaknesses and vulnerabilities in advance. It’s much better to stop a thief outside your house rather than inside.

Continually monitor your perimeter

The perimeter of an organization is the most exposed to remote attacks due to it’s 24/7 availability. Hackers are constantly scanning the web in search of weaknesses, therefore the companies should also scan their own perimeter. The longer a vulnerability is deactivated, the more probable an attack will happen.

Reduce your surface attack

An organization is composed of all systems and services that has been exposed to the web, the bigger the surface of attack, the bigger the risk.

The exposed services like Microsoft Exchange for e-mail, or Content Management System (CMS) like WordPress, may be vulnerable by brute force or credential stuffing, and regularly it’s discovered new vulnerabilities in the common software system. When removing public access to sensitive systems and interfaces that don’t need to be public access, and guarantee that the 2FA is available, organizations can limit their exposure and reduce their risk considerably.

Keep your software updated each day

There are all kinds of new vulnerabilities to softwares, from web browsers to commercial apps. Only a weakness without patch could lead to a complete system compromise and the client’s data breach; like Equifax discovered their detrimentin 2017. The hacked credit agency incurred in a considerable fine after millions of records of clients were stolen, because of a non-compliance originated in a single server without patch that executes a vulnerable versión in a common web framework.

Generate a security copy of your data

This has been a year with many ransomware-related attacks in which the commercial information acts as a hostage until a financial agreement is paid. Ransomware is designed to encrypt any information and access to it, leaving it unusable and the effects cannot reverse without the attacker’s password and dechiper the data.

Organizations that backup their data can frustrate attackers by recovering their information without the need to pay for ransom, since the systems affected by ransomware can erase and restore from a security copy that is not affected without the attacker’s password.

Data loss is a critical risk for any business, either by malicious intentions or by technical error, like a hard drive disk failure, which is why is always a Good idea to make a security copy of data

Enhance your employees security awareness

Cyberattackers trust in human error, so it is vital that employees are trained to recognize risks and respond adequately. Polls about cybersecurity infractions in 2017, revealed that the most common kind of identified violation were related to the staff that received fraudulent e-mails (72%), followed by virus, spyware and malware (33%), people posing as the organization through e-mails or online (27%) and ransomware (17%).

By enhancing your employees awareness about the benefits of using complex passwords and train the staff to detect common attacks like phishing and malicious links, small companies can guarantee that the staff is their biggest strengh instead of your mayor vulnerability.

Protect yourself in relation to your risk

Cybersecurity measures always must be appropiate for the organization. For example, a small company that runs banking transactions or have access to classified, like medical data, should apply a much mature security posture than a local pet store.

Hackers will be always motivated for money, so when the bigger the price, more time and effort will dedícate to achieve their profits. By identifying threats and vulnerabilities, PYMES can take measures to mitigate and priorize what risks must aboard and in which order.

It’s time that PYMES raise their Cybersecurity game

The attacks to big companies dominates the news that feed the perception of PYMES are safe, unfortunately it’s the contrary. Hackers prefer the way with less resistance, so that makes the PYMES a favorable target, since they don’t have the same level of resources for cybersecurity.

Learn more about how our team of cybersecurity specialists can create a safe space in your business.  +56 9 5413 5320 / +56 9 6676 4809  E-mail: contacto@measuredsecurity.cl

0 comment
0 FacebookTwitterPinterestLinkedinTumblrRedditStumbleuponWhatsappTelegramLINEEmail
Los 5 principales riesgos y amenazas de seguridad de la red

Top 5 main risks and threats

 

It’s an unpleasant truth that businesses must face: among vulnerabilities and the the ever-changing IT landscape, network security risks continue to evolve and underlining the need for surveillance.

With that purpose, proactive network managers know that they must routinely examine its security infrastructure, its best practices and consequently update. This approach can make the difference the capacity of efficiently respond to these next 5 network security threats.

Encryption

Encryption is a double-edge weapon. In the past few years, organizations have been looking to protect classified data by coding the communication, what we know as encryption. The “end to end encryption” can create a false feeling of comfort for consumers, said Bloomberg recently. Reality is that a hacker can control a device in many ways, including access to “complete discussion, regardless of security precautions integrated in an app that is being used”. Basically, encryption gives free rein to hackers so they can operate before their eventual detection and correction.

Data Hijacking

The network-based ransomware can paralyze data and systems. This threats is particularly alarming since it doesn’t depend on the human factor for being executed and make the organization to bend its knee.

Many times, for an attack to be succesful, the only set of needs is an active working station with no patches and an autamated software update. Data can be compromised or completely lost in an infected device. And aggravates the problem even more with the fact that many small and medium companies don’t inform ransomware attacks when happened.

DDoS attacks

DDoS attacks have a real cost. The severity and the frequency of the DDoS attacks worries many network managers. Hackers inflintrate organizations by flooding websites and networks with doubtful traffic. Two avenues are emboldening criminals in their nefarious efforts. “DDoS for hiring” services are a way in which they offer hacking habilities in Exchange for money.

Internal threats

Internal threats continue infecting organizations of all sizes. Experts estimate that internal threats are behind of an approximately 50% of data leaking, according to McKinsey & Company. These incidents are usually motivated by economical profits or negligence.

Although the process of thought behind the internal attacks are gaining popularity inside organizations, it’s posible that companies may not be always proactive, since most of the network security defenses are configured to protect against external threats.

Cloud security

It is adopting a security behind legitimate cloud services. As more organizations gravitate towards the cloud for storage and data recovery, hackers have found a way to enter it. They use the same legitimate services but they can have hidden motives and can cause havoc.

Organizations can be left vulnerable, since they have come to trust common cloud platforms and adopt a reactive focus before any cuestionable activity. This has an enormous cost for them in a formo f inactivity time and resource exploitation for damage control.

In conclusion, supervision of the files and system integrity in the whole network can establish a complete responsibility with audit tracks that cannot be modified. Also it should offer a unique advanced protection against threats by providing managers the capacity to restore files and systems to a previous status inmediately.

0 comment
0 FacebookTwitterPinterestLinkedinTumblrRedditStumbleuponWhatsappTelegramLINEEmail