computer screen locked by ransomware

Ransomware: A New Security Threat to Your Site

IMPORTANT ALERT ABOUT RANSOMWARE AND YOUR SITE
Ransomware, once a menace mainly for consumers, has recently become a significant threat to business websites, even small ones. Please read the following important notice about this new risk and our recommendations for mitigating it.

WHAT EXACTLY IS RANSOMWARE?
Ransomware is a form of malware that encrypts or hides a victim’s files. The attacker then demands a ransom from the victim to restore access to the data, usually via bitcoin payment so the attacker can remain anonymous.

HOW RANSOMWARE WORKS
Hackers, employed by sophisticated criminal enterprises and governments like China and Russia, continually attack websites until they gain access. Once inside a website’s administration panel, they kidnap the site’s data files (by moving them or encrypting them) until a ransom is paid to release them.

In the case of most Desktop Solutions clients, the files affected could be a database of items in inventory system, or simply pages in a WordPress website. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

THOUSANDS OF ATTEMPTED ATTACKS IN THE LAST TWO WEEKS
Unfortunately, we have experienced thousands of attempted attacks in the last two weeks. Through diligent monitoring and mitigation tactics, we have been able to thwart all the attacks to date and keep our clients’ sites protected. Part of this Since attacking small business websites is a very new phenomenon, we have reported our findings to the OWASP and the FBI.

WHAT WE’RE DOING TO PROTECT YOUR SITE
In an effort to protect our clients’ data, we have made significant changes to our data back-up systems. We are now storing all site back-up materials on a separate server, so your data is better protected in the event of an attack.

ADDITIONAL SECURITY MEASURES WE RECOMMEND
Although we have taken measures to protect our data servers from these attacks, we strongly advise that all clients take the following actions:

Improve passwords and update them monthly:

  1. Make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long.
  2. Do not use the same password for all your different website logins.
  3. Change your passwords monthly to keep them doubly secure.
  4. Store users’ passwords in encrypted form. This ensures that even if there is a security breach, attackers do not get their hands on actual user passwords.
    Upgrade to two-factor authentication
    We recommend that all client sites implement two-factor authentication for all logins. That means we’ll install an additional security feature on your site, that requires you to enter an additional code to login to the site, usually sent to your cell phone via text message.

More frequent back-ups
We currently back-up all sites daily. If you’d like us to increase the frequency of back-ups, we can prepare an estimate to accommodate the frequency of your changes.

Add a web application firewall to your hosting package
A Web Application Firewall (WAF) inspects incoming traffic and weeds out malicious requests –- before a hacker gets to your site. These could-based systems are available to add to your site for a small monthly fee added to your hosting.

WHAT HAPPENS IF YOU DON’T IMPLEMENT THESE RECOMMENDATIONS?
Implementing these recommendations can allow you to avoid or mitigate the effect of a ransomware attack. Without them, should an attack occur, your site could experience prolonged downtime (24 hours or more) while we work to restore your data. And, without a recent back-up, some of your data could be lost forever. We also reserve the right to charge standard hourly labor rates for restoration of your data.

To learn more, please consult the following article, courtesy of ZDNet.

To discuss options for your site, please contact Lyn Nielsen at [email protected] or 631.428.4654.