The city of Baltimore is still reeling from the effects of an attack three weeks ago. The city refuses to pay a ransom and is steadily recovering their systems.

Last night during my flights, several display screens that usually show departures and arrivals showed a crashed Windows screen. The advertising screen of one airport store’s advertising displayed the blue screen of death.

What should you do to protect your organization from ransomware and other exploits that use Eternal Blue?

Give your IT professionals time away from their other projects to double-check essential functions. If you outsource, be willing to pay your managed service provider to perform additional steps beyond their usual scope of work.

Be sure to update the operating systems and all applications on all Windows instances. Microsoft released essential updates in March and more in October. Your missing patches may be weeks behind because proper patching is so challenging. If you’re unsure, Microsoft has instructions on how to verify the patch is installed. If you need a work-around, Microsoft also provides guidance on how to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Servers.

Back up in multiple ways. Additionally, copy your essential files to storage that gets disconnected from your network in case your backup files get encrypted with ransomware.

Test the restore process and time it. If the restore takes longer than you can comfortably stand being down, find another way to back up.

Update and confirm that your anti-virus tools are up to date on all endpoints.

Ask IT to turn up the restrictions on the spam filter. You, executives, must examine your risk appetite to determine how restrictive the filtering should be. Are you willing to accept the risk some good email messages could be blocked?

The same goes for web content filtering. Increase the strength too. Block all countries’ websites and re-enable them as needed.

The IT team must limit the number of administrative accounts that have privileged access.

Constantly re-educate your users.

Additional reading: As EternalBlue Racks Up Damages It Reminds Us There Is No Such Thing As A Safe Cyber Weapon

.

The post Protect your Company from the Imminent Threat called Eternal Blue appeared first on Foster Institute.

Do you know someone who doesn’t like your organization and would like to cause harm? Can you think of anyone who may want to exploit you for money, other than a vast population of bad actors already in the world?

Even more worrisome than Inpivx is the realization that there will be more user-friendly tools to come from sources around the globe. Some attacks are already relatively easy to launch for a non-technical person, and such technologies are in an upward trend.

Remember typewriters? To move a paragraph, you had to re-type the page. Over time, typing documents became incredibly easy even for non-technical people. Creating ransomware is on the same path to easiness.
Anti-virus, firewalls, and passwords are crucial to cybersecurity. All of them are. However, if you feel that those are enough, you might be shocked if you get hacked.

How do you protect yourself? Keep patches up to date, remove all non-essential programs from computers, grant users only bare minimum privileges they need to do their jobs, use excellent spam protection, never allow users to check webmail at your organization, to name just a few. And, of course, keep those security IT Vital Systems Reviews current.

Please forward this to your friends, so they know that ransomware programs are more accessible to create than ever, even for non-technical people, so the danger is growing too.

The post You Do Not Need to Understand Computers to Make Ransomware appeared first on Foster Institute.

Encourage and provide time to your team to keep your systems up to date with all critical security patches for operating systems, Office, browsers, Flash, Java, and Reader. Ask them to show you a list, not a pie chart, of missing critical security patches. If they haven’t checked lately, this is an excellent time for them to be sure the firmware is up-to-date in the firewall and other infrastructure devices.

Thank you for all you are doing to protect against ransomware and all types of cyber threats. You are helping make the world a safer place to live and work!

The post Happy Computer Security Day! appeared first on Foster Institute.

By default, all of your computers permit communication between each other, and attackers use those same communication channels to spread attacks from one machine to the next.

The solution is so basic that it is often overlooked: Computers do not need to talk to each other anyway, just to servers. Block the communication between workstations, and you take away a major vector used by ransomware to spread.

Ask your IT team to use local firewall settings on each computer to prohibit communication between workstations. They can make the setting once, and your servers will propagate that message to the other computers on the network. Give them a little time to complete this, because they will want to test their settings.

Please forward this message to help make the world a safer place. And remember, the more secure your service providers are, the more secure you are too.

The post One Setting Can Protect Your Network from Ransomware appeared first on Foster Institute.

Regular backups, including file backups, can do a great job of protecting your documents, pictures, and other files. But a full restore of a computer after an attack can take a very long time, and often requires you to reset the computer to factory defaults and spend hours reloading your programs.

If you need to restore after an attack, restoring an entire image is much faster than starting a re-installation from scratch. Disk images are a one-to-one copy of everything on your computer’s internal hard drive. Most often, you will replicate your drives to an external USB hard drive.

Image backup tools include Shadow Protect Desktop from Storage Craft, and Acronis True Image. For Macs, use Carbon Copy Cloner.

Keep using whatever backup method you already use for backup too. Image backup is an addition, not a replacement.

Please forward this to everyone you know who would like to be able to recover their computer quickly in the event of a ransomware attack.

The post Recover Quickly if Ransomware Attacks at Remote Worker and Home Computers appeared first on Foster Institute.

1. Apply the most recent security patches including the ones for Flash and Java.
2. Use click-to-play in your browsers to stop them from automatically running scripts.
3. Be sure all users are local standard users.

Find more details at https://www.fosterinstitute dot com/blog/patching-10-steps-to-seal-the-holes-in-your-armor/

Please forward this to your friends and business associates so they can be sure that they are protected too.

The post Protect Yourself and Your Organization – New Ransomware Outbreak with Added Poison appeared first on Foster Institute.

Instructions for Windows and Apple home users are listed below the numbers. For organizations, here are 10 Steps To Avoid Incidents Including the Massive Ransomware Attack:

1. The reality is that most organizations are missing critical security patches and there is a very strong likelihood that yours is too.

2. Provide your team with extra time, and perhaps additional personnel, to test and then deploy patches ASAP. Some organizations are adding a new IT professional to their team whose sole responsibility is to manage patches. If the patch fails testing, then time must be invested to resolve the issue or implement compensating controls.

3. Prioritize critical security patches for the operating system, all the browsers, Flash, Java, your PDF Reader, and Microsoft Office. They are usually the easiest to attack and form your first line of defense.

4. Many IT teams are very reluctant to apply patches for fear of breaking your systems that are already running. Help remove their fears by reassuring them that you take on responsibility if the patch causes a problem. Encourage them to follow a procedure that mitigates risks:

5. Test Patches in a test environment that uses the same applications as the rest of your network. For very small companies, your test environment might be a single computer. For larger organizations, and organizations that stand to lose a great deal in the event of an attack, create a separate testing environment that is isolated from the production environment.

6. Have a pre-tested rollback plan so that, if the patch does cause a problem, your IT team will already know what they need to do right away to roll back a patch that causes an unexpected problem. They will then go back to the testing phase.

7. Deploy the patches in stages rather than patching all machines simultaneously. That way, even if the patch does cause a problem, not all your machines will be affected.

8. You may decide to empower your IT team with a patch management tool such as Ninite, LANGuard, Shavlik, or others. Allow them to test and choose a tool, and provide them with the means and time to do so, ASAP.

9. Ask IT, perhaps weekly and at least monthly, to provide you with a list of missing patches, not a pie chart.

10. You must upgrade from older operating systems, any of the ones that Microsoft no longer supports. If some machines cannot be upgraded, then they must be isolated or some other compensating control put into place. Microsoft clearly states when they stop producing patches for old operating systems.  So, there was no patch available for Windows XP and others.

Call me if they are not able to apply patches. Let’s team up to help prevent this.

At home, or if your organization is so small that you do not have an IT team or have an outsourced IT company that takes care of your patches, be sure that the option that provides automatic updates to Microsoft is enabled. The instructions are easy to find – just google the phrase: configure automatic updates site:Microsoft.com

Apple computer users, google: Automatic security updates os x site:apple.com

iPhone and iPad users, google: Automatic security downloads ios site:apple.com

Additionally, manually check for updates in Microsoft Office to be sure those are applied. Be sure that automatic updates are enabled in your browsers. Regularly download and apply patches to, or new versions of, Flash, Java, and your PDF reader.

Please forward this to everyone you care about and want to help stay secure.

The post Patching – 10 Steps to Seal the Holes in Your Armor appeared first on Foster Institute.

An example tool that can help protect against users opening or clicking in an email is Mimecast Targeted Threat Protection. At least one of our clients use this tool and now we do too.  There are similar solutions that may work better in your situation.

Here’s what the tools do: When an inbound email contains one or more links and a user clicks, Mimecast will intercept the link and attempt to determine if the link goes to a website that is known to be malicious. If it is a known bad site, the click is blocked and the user receives a message. Your existing firewall (if you have the web content filtering feature enabled) may provide you with similar protection already for users inside your office, but not always for users who are travelling or working from home.

These tools scan email attachments in an effort to detect malicious code in the attachments. Your existing spam filtering mechanism may offer this feature.

Mimecast will also block email messages that seem to be from impostors. When a user receives an email that appears to be from someone impersonating the boss, requesting a wire transfer, the service will warn the user to be careful.

While there are no guarantees this kind of tool will stop an email phishing attack, any kind of protection is a welcomed improvement. Ask whomever is providing your anti-spam solution if they offer an add-on solution similar to Mimecast’s Targeted Threat Protection.

Please forward this to everyone you know who is concerned about their users clicking a link in an email message, opening an infected attachment, or responding to an email asking them to transfer money.

The post E-Mail Protection Solution appeared first on Foster Institute.

Note: This blog is written for non-technical executives. So, if this sounds too technical, that’s fine, just skip the rest and know your computers can, in theory, be protected even when a user opens a malicious attachment or downloads a malicious file.

The experience would be that, when a user needs to open five PDF documents, you could temporarily give that user five new computers. One computer to use for each opened attachment or downloaded document.

If one of the files contains ransomware, the infection would be isolated to just one of the computers, and would not affect the user’s normal computer, nor your network.

Instead of you needing to buy more computers to loan to your team members, what happens is that a brand new tiny Windows Operating System gets created automatically, for each attached or downloaded file.

A product called Bromium is designed to do this, and Microsoft has something more basic called WDAG. Bromium only sold to companies with 500 or more computers, but will be offering services to smaller companies, and is even shipping free on some laptops soon. Your IT professionals can get a free copy now at Bromium dot com forward slash freebeta to experiment with this micro virtualization.

There was so much to see at the RSA Security convention last week. I’ll be sharing some of the more interesting technologies with you over the next few weeks.

We do not receive any kind of compensation for mentioning products. Nor are we endorsing the products. It just helps for you to hear about these neat technologies.

Please forward this to your friends who are concerned about users opening attachments and downloaded files.

The post Protect Against Bad Attachments and Employee Downloads appeared first on Foster Institute.

He pointed out that governments and banks are getting much better at tracking wire transfers.  The way ransomware attackers can remain anonymous is through requiring ransomware payments via Bitcoin. But, alas, Bitcoin is not going to go away.

Some people, as controversial as it sounds, feel that ransomware has a bright side. If an organization gets infected with ransomware, at least they know their systems have been compromised. Other successful hacks may not become obvious to the victim for months or even years. When an organization gets infected with Ransomware, then hopefully they will shore up their defenses, and that naturally helps protect them from many other attacks as well.

The security solutions demonstrated here at RSA are very powerful. And, for better or worse, so are the new attack vectors that are almost impossible to protect against.

The conference is exciting and depressing all at the same time. There is a lot of hype, and, when filtered through, a lot of hope. One thing is for sure, if you end up in the cross-hairs of attackers, well, let’s just hope you don’t.

The post If Bitcoin Went Away, would Ransomware be Defeated? appeared first on Foster Institute.