Not Another One…
The latest in a long string of cyber security breaches threatens to share your personal information with your contacts and targets Android users. Dubbed LeakerLocker McAfee Security has confirmed the breach. The ransomware masquerades itself as an app before integrating itself and collecting personal files. This malicious code is uploaded after you have installed the app, so as to avoid detection. Victims are then prompted to pay a ransom fee to avoid their sensitive information being distributed to their contacts.
It is enough to make the strongest squirm. For those that host business sensitive information on mobile it is an even greater worry.
Following Wanna Cry and NotPetya it seems to be that the importance of being on top of cybersecurity is at an all-time high. While most would assume that as our technology develops, data would get safer; these attacks prove that isn’t true. Although security is getting better and better, so too are the hackers that seek to crack through it. Cyber Security is not just a technical issue – it comprises intangible factors including economics and human psychology among other things.
Why is ransomware still around?
The ambiguous nature of ransomware causes chaos. It infects and spreads to new victims quickly. Attackers are working faster and smarter with the advent of anonymous currency such as bitcoin, and publicly available, powerful hacking tools. They are capitalising on outdated technology, and unsuspecting users to extort money. These attacks have been around as long as 1989, and are getting more profitable for criminals to capitalise on. For data stored locally on servers, a type of malware called a “worm” allows the spread of the virus throughout the network once one weak link is encrypted. This means that if one networked device is not updated it can exploit the others.
What can you do?
Unfortunately, turning a blind eye to ransomware attacks will not resolve them, nor keep your information safe. Technology and software solutions can only take us so far. While the cloud is far safer than servers for stored data today, it pays to take all other precautions.
Here are a few simple things to help in the quest for cyber security:
- Always apply the Latest System Updates: systems affected will release patches for breaches as soon as possible. Always install updates – these are not optional. If your systems are no longer supported by the vendor you should be planning to upgrade.
- Use strong Passwords and 2-Factor Authentication: unique strong password for each App combined with 2-factor authentication should be used whenever possible. Apps such as Google Authenticator make it easy. If your corporate network is in the Cloud or can be accessed remotely you should already have such mechanisms in place.
- Maintain a Current Backup: regularly backup all your data and including cloud business Apps where possible, ideally to a secure cloud based location, or otherwise to a password protected storage device.
- Education of Users: Ensure all staff understand the risks, what to look out for and how best to protect themselves – be suspicious of emails. As the saying goes… You are only as secure as your weakest link. Develop an internal training program and include regular updates to staff on best practices.
- The last resort – Should I pay the ransom: don’t pay it! Experts agree that this encourages the crime, and there is no guarantee that you will gain access to your information again or that the attacker will delete what they have stored.
If you have any queries about what you could or should be doing in terms of security, data backup or other technology solutions, Dynamo6 can help, simply give us a call.