Doesn’t it seem like every week we are flooded with news about a new cyber attack, virus or something a presidential leader just tweeted.

That’s a huge problem, because as humans we are predisposed to tune out what we consider to be noise and as such, may ignore and not heed the proper attention to the return of two ransomware attacks.  “What do you mean they are back?”  Yes, they are back,.  Basically the person or people behind the attack have modified the code enough of the parent ransomware executable/script so that it won’t be detected by your network’s countermeasures this will in-turn make you vulnerable and susceptible to infection.  Which, if you’ve ever been a victim of ransomware, makes for a very unpleasant and more so unproductive morning.

Our beloved Locky Ransomware has returned as: Diablo6.  Diablo6 is a new variant which is spread via email containing a MS Word file attached.  Upon launching the file, the unsuspecting computer user has initiated a VBS Downloader script that will download the Locky Diablo6 payload from a remote server.  This payload will then encrypt all of your files with a RSA-2048 key on the infected computer, all file extensions will be replaced with a .Diablo6 suffix  and will display a set of instructions

 

for the infected party asking them to download a Tor browser and go to a defined address and follow the instructions on the site.  The current ransom amount seen so far has been 0.49 Bitcoin (which is roughly $2,080 USD) for you to get a key to unlock your files.  At this time all attempts to use other methods to decrypt the files have been unsuccessful; so PLEASE we urge you to info your team members to use extra precautions when opening MS Word attachments.

If you think this bad boy is trouble, this next ransomware is a new strain of the Mamba, which utilizes the the open source Windows disk encryption utility, DiskCryptor and this one doesn’t just encrypt your files, no it encrypts your entire hard disk.  This past Thanksgiving, San Francisco’s MUNI ( Minicipal Transportation Agency) systems were infected, in turn causing major delays during an already intense travel weekend; in turn forcing the officials to shut down the ticketing kiosks and entry gates at several stations.  To this day it is quite unclear how the ransomware initially finds its way into a corporate network, researchers believe like most ransomware variants, Mamba might be using either an exploit kit on compromised or malicious sites or malicious attachments sent via an email.

The ransom note does not immediately demand money, rather the message displayed on the infected screen only claims that the victim’s hard drive has been encrypted and offers two email addresses and a unique ID number to recover the key.

 

In the last few years, Ransomware has climbed to the up the cyber threat charts to become one of the largest threats faced by any computer user (personal and business), the attacks have increased in the last few months.

You’re probably asking, “What do we need to do to keep ourselves safe? and the answer is although at this moment there is still no fool-proof method to fully protect yourself from these threats there are some preventative actions that may be taken.

Ensure that your system is properly patched and that your current Antivirus is up-to-date:  It is imperative to stay on top of these two.  Another tip is to run regular scans of the system to ensure that nothing has infected your workstation or server.

Educate yourself and your end users on phishing emails:  Alway be on the look out and hypervigilant when you receive an attachment that is out of the ordinary.  Be cautious to not open a link within an emailed document, without verifying with the sender and or your IT Department or IT Services Provider.

Perform regular backups:  You need to keep a good backup of all critical files and data.  Ensure that your backup solution incorporates copies of data to external or remote media that is not always connected to your server or PC.

There’s no excuse today for SMBs to leave themselves unnecessarily at risk of a cyber-attack. With the right investments, a proper appraisal of your risks, and some good old-fashioned common sense, it’s a straightforward task to keep your SMB as safe as it can be.

Want to know how your business measures up in today’s world of cyber-threats?

Contact us today at 954-908-3600 about our Cyber Security Assessments, one of our skilled Network Security Experts can work with you to determine your current risk levels and establish an action plan to mitigate any threats.