Security

Ransomware to begin self-propagation

2016June9_Security_COne of the biggest fears security experts have may be coming true: self-replicating ransomware. Viruses that have the ability to copy and spread themselves to new systems are nothing new, but until now ransomware attacks have been targeted campaigns. The best way to protect your network from a security threat is to understand it, here’s everything you need to know about this latest development.

Ransomware, the malware that locks up infected systems and demands payment to return access to users, has been steadily increasing its infection rate over the course of this year. Enigma Software reported that, “After staying steady for the last six months of 2015, ransomware detection has begun to climb; February saw a 19 percent increase over January, while March had almost a 10 percent increase over February. Then, in April, infections more than doubled.”

And as if that wasn’t frightening enough, Microsoft announced last week that a recently detected ransomware software was found copying itself onto USB and network drives. The ransomware, titled ZCryptor, disguises itself as either an Adobe Flash installer or a Microsoft Office file to trick users into opening it.

Once opened, it displays a prompt that says “There is no disk in the drive. Please insert a disk into drive D:”. If you see this after opening a suspicious file, it is most likely ZCryptor trying to distract you while it works in the background to add a registry key that buries itself deep in your system and begins to encrypt your files.

Although previous ransomware iterations like Alpha Ransomware had the ability to find and encrypt files on shared network drives, security experts believe this is the first time a ransomware variant has included self-replication via removable drives into its framework.

When it was first detected in May, Microsoft found ZCryptor singling out 88 different file types for encryption. However, later on a security expert analyzed the ransomware and found 121 targeted file types — inferring that creators of the malware were continuing to develop its source code.

It’s commonplace for ransomware to demand payment to be made in Bitcoins as they’re an almost totally untraceable online currency. ZCryptor is no different, demanding 1.2 Bitcoins (500 USD) unless payment is more than four days after infection — then it increases to five Bitcoins (2,700 USD).

Compared to other more complex security threats, ransomware is still relatively easy to avoid. Always verify the source of email attachments and website downloads before opening files, disable macros in Microsoft Office programs, maintain regular backups and update your security software.

Still concerned about security at your SMB? It doesn’t have to be as difficult and draining as you may think. Contact us today for advice on keeping your network protected around the clock.

Published with permission from TechAdvisory.org. Source.

/by

Are your site’s images hiding an attack?

2016May17_Security_CAs more and more content management services are released to aid SMBs in online marketing, security risks also increase. One such helper is the image processing service ImageMagick. And while it has proven useful to countless businesses, it is now something you should be concerned about from a security standpoint. Let’s take a minute to discuss this vulnerability and what you can do to protect yourself.

What is ImageMagick?

ImageMagick is a tool that allows sites to easily crop, resize, and store images uploaded by third parties. Vendors continue to improve user interfaces and experiences by consolidating functions into all-in-one packages, which means administrators are becoming increasingly unaware of what specific services they are actually utilizing. ImageMagick is deeply integrated into countless web services and many webmasters may not even be aware they are using this unsafe software.

How can an image make my site vulnerable?

Recently, it was discovered that images can be uploaded that force ImageMagick into executing commands and permitting attackers to remotely insert harmful code into vulnerable sites. Images are actually made up of complex code that is translated into photos, icons, etc. Different file extensions use what are called “Magic Numbers” to define their file types. Manipulating these numbers allows attackers to exploit a flaw in ImageMagick. The service scans the uploaded file, and attempts to decode the source information whenever it detects the file is not what it claims to be. Scanning that code and attempting to rectify the file misappropriation can then trigger whatever was hidden inside the image and result in remote command of your site.

How should I protect my site?

ImageMagick has admitted knowledge of the security flaw and promised to release a patch very soon. Until then, experts advise implementing multiple workarounds to keep your systems safe. However, if you’re not well acquainted with your web server and its code, then it’s wise to consult an expert instead of attempting these changes on your own.

For those who are familiar, follow these steps. The first is to temporarily incorporate lines of code that preemptively block attackers from exploiting these holes. Those lines of code, and where to insert them, can be found here.

The next step is double checking that any image files utilizing the ImageMagick service aren’t hiding any harmful information. This can be accomplished by opening an image file with a text editor, and checking for a specific set of letters and numbers at the beginning of the text that define what type it is. The list of these “Magic Numbers” can be found here, and will reveal if an image is hiding its true purpose.

Ideally, administrators will halt all image processing via ImageMagick until a patch is released from the developers.

Data security is one of the most crucial aspects of any SMB, however, keeping up with the constant flow of security exploits and patches can be overwhelming for administrators of any ability level. Why not contact us to learn more about keeping your network secure and protected from exploits like this one?

Published with permission from TechAdvisory.org. Source.

/by

Understand these 4 types of hackers

2016Apr28_Security_CWhy do hackers attack? Is it for money, notoriety, or political reasons? Many business owners never ask these questions, and instead only think about the means of how a cyber attack takes place. But knowing the motive behind a hacker’s attack can help you understand whether or not you’re a target and what data you need to protect. So let’s take a closer look at 4 different types of hackers and their motives.

Script Kiddies

When it comes to skill level, Script Kiddies are at the bottom of the totem pole and often use scripts or other automated tools they did not write themselves – hence the name. With only an elementary level of technical knowhow, Script Kiddies usually don’t cause much damage…usually. The Script Kiddy virus known as the Love Bug which sent out an email with the subject-line “I LOVE YOU” fooled millions of people, including some in the Pentagon, in the early 2000’s. The virus reportedly caused around 10 billion in lost productivity and digital damage.

So who is a Script Kiddie? Most of the time they’re simply bored youth looking for a thrill or notoriety. Many never evolve into a full-time hacker, and instead just use their skills as a hobby. Oddly enough, many Script Kiddies find a career later on working in the security industry.

Hacktivist

If you’ve heard of Anonymous, LulzSec or AntiSec, then you’re familiar with Hacktivists. These groups are made up of members of varying skill levels, all the way from Script Kiddies to some of the most talented hackers in the world. Their mission is largely politically motivated as they aim to embarrass their targets or disrupt their operations, whether that be a business or government body. Two of the most common ways they attack their target are by stealing sensitive information and exposing it or denial of service (DDoS) where a server is overloaded till it finally crashes.

As a small or medium-sized business owner you are not necessarily immune to Hacktivist disruption. If your business or a company you’re associated/partnered with participates or provides services that can be seen as unethical, such as Ashley Madison (who fell victim of a major Hacktivist attack last year), then you too may be targeted by Hacktivists.

Cyber Criminals

Often talked about in the media and well-known by most SMBs, cyber criminals are after one thing: money. Their targets run the gamut, including everyone from individuals to small businesses to large enterprises and banks. But what do these targets usually have in common? They either have a very valuable resource to steal or their security is easy to exploit…or a combination of both of these. Cyber criminals can attack in a number of ways including using social engineering to trick users into providing sensitive information, infecting an organization/individual with ransomware or another form or malware, or exploiting weaknesses in a network.

Insiders

Perhaps the scariest type of hackers are the ones that lurk within your own organization. Insiders are made up of disgruntled employees, whistleblowers or contractors. Oftentimes their mission is payback; they want to right a wrong they believe a company has perpetrated toward them, so they’ll steal sensitive documents or try to disrupt the organization somehow. Edward Snowden is a prime example of an insider who hacked his own organization – the US government.

Now that you know what motivates your enemy, you’ll hopefully have a bit of an idea as to whether or not you’re a target. To learn more about how to secure your business from these types of hackers, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

/by

4 BYOD security risks you should address

2016Apr13_Security_CIn the 21st century, personal computing is with us wherever we go. This is all thanks to the proliferation of mobile devices such as smartphones and tablets. These devices allow us to take work home with us. And, with bring your own device (BYOD) strategy, businesses have never been so productive. However, BYOD poses a number of security risks if you’re not careful. What are these problems? How are they caused? Here are some BYOD security risks you should know before implementing it in your business.

Data leakage

The biggest reason why businesses are weary of implementing a BYOD strategy is because it can potentially leave the company’s system vulnerable to data breaches. Personal devices are not part of your business’s IT infrastructure, which means that these devices are not protected by company firewalls and systems. There is also a chance that an employee will take work with them, where they are not using the same encrypted servers that your company is using, leaving your system vulnerable to inherent security risks.

Lost devices

Another risk your company has to deal with, is the possibility of your employees losing their personal devices. When devices with sensitive business information are lost, there is a chance that this could end up falling into the wrong hands. Additionally, if an employee forgets to use a four digit PIN code to lock their smartphone or tablet, anyone can gain unauthorized access to valuable company data stored on that particular device. Therefore, your company should consider countermeasures for lost devices like completely wiping the device of information as soon as an employee reports a missing or stolen phone.

Hackers can infiltrate your system

Personal devices tend to lack adequate data encryption to keep people from snooping. This along with the fact that your employees might not have updated their devices can allow hackers to infiltrate your IT infrastructure.

Connecting to open Wifi spots makes your company more susceptible to hackers. Open wireless points in public places can put device owners at risk because there is a chance that hackers may have created that hotspot to trick people into connecting. Once the device owner has connected, attackers can simply surveil web activity and gain access to your company’s accounts.

Vulnerable to malware

Viruses are also a big problem when implementing BYOD strategies into your business. Using personal devices means your employees can access whatever sites or download any mobile apps that your business would normally restrict to protect your system.

Jailbreaking or rooting a device also puts your systems at risk because it removes limitations imposed by the manufacturer to keep the mobile software updated and protected against external threats. It’s best to understand that as your employees have the freedom to choose whatever device they want to work with, the process of keeping track of vulnerabilities and updates is considerably harder. So if you’re thinking about implementing BYOD strategies to your business, prepare your IT department for an array of potential malware attacks on different devices.

So you might be thinking that it would probably be best to just avoid implementing a BYOD strategy in the first place. However, BYOD will help your business grow and adapt to the modern workplace, and should not be dismissed as a legitimate IT solution. It’s just important to educate your company about these risks so that problems won’t occur for your business down the line.

If you need some help implementing IT security solutions for your company, or if you have any concerns regarding IT, give us a call.

Published with permission from TechAdvisory.org. Source.

/by

7 Warning signs of malware infection

2016Mar29_Security_CAs companies go to the Internet to conduct their business, their IT security becomes more vulnerable to many hackers and viruses. That’s why it’s even more important to recognize whether or not your systems are under threat from malicious software to swiftly fend off the infection. So how do you know if your company’s IT security is under threat? Here are a few warning signs to tell if you are a victim of malware infection.

Slow computer

The most common symptom of a malware infection is a slow running computer. Are your operating systems and programs taking a while to start up? Is your data bandwidth suspiciously slow? If so, your computer may potentially have a virus.

However, before you immediately assume your computer has a virus, you should check if there are other causes to your computer slowing down. Check if you’re running out of RAM. For Windows, open task manager (Ctrl + Shift + Esc) and go to the Performance tab and check how many gigabytes of RAM you are using under the Memory section. For Mac OS users, you can open the Activity Monitor app and under System Memory you should be able to find out your RAM usage.

Other causes of a slow system include a lack of space on your hard drive and damaged hardware. Once you’ve ruled out the other potential causes, then a virus may have infected your device.

Blue screen of death (BSOD)

If your PC crashes regularly, it’s usually either a technical problem with your system or a malware infection. You might not have installed the latest drivers for your device or the programs you’re running could possibly be incompatible with your hardware. If none of these problems are apparent in your PC then the virus could be conflicting with other programs causing your crashes.
To check what caused your last BSOD go to Control Panel> System and Security> Administrative Tools> Event Viewer and select Windows Logs. Those marked with an “error” are your recorded crashes. For troubleshooting solutions, consult forums or your IT department to figure out what to do next.

Programs opening and closing automatically

Malware can also be present when your programs are opening and closing automatically. However, do check if some programs are meant to behave this way or if they are simply incompatible to run with your hardware first before coming to the conclusion that your computer has a virus.

Lack of storage space

There are several types of malware that can manipulate the files saved on your computer. Most tend to fill up your hard drive with suspicious files. If you find any unknown programs that you have never installed before, don’t open the application, search up the program’s name over the Internet and use antivirus protections once you’re certain that it’s malware.

Suspicious modem and hard drive activity

Combined with the other warning signs, if your hard disk is working excessively while no programs are currently running or if you notice that your external modem is always lit then you should scan your computer for viruses.

Pop-ups, websites, toolbars and other unwanted programs

These are irritating signs that your computer has a virus. Pop-ups come from clicking on suspicious pages, answering survey questions to access a website’s service or installing free applications. Don’t click on ads where Jane says she earned $8000 a month staying at home. When you get pop-ups appearing out of the blue, refrain from clicking anywhere on the pop-up page and just close out of the window and use your anti-malware tool immediately.

Equally, free applications allow you to download their service for free but the installation process can be riddled with malware. When you’re installing a program from the Internet it’s easy to just skim over the terms and conditions page and repeatedly press next. This is where they get you. In the process of skipping over certain installation steps, you might have agreed to accepting a new default browser, opening unwanted websites and other programs filled with viruses. Just be cautious the next time you download something for free. It’s best to try avoiding any of these practices when you can in order to protect your computer.

You’re sending out spam

If your friends are telling you that you’ve been offering them suspicious messages and links over social media or email, you might be a victim of spyware. These may be caused from setting weak passwords to your accounts or forgetting to logout of them.

In the end, it’s best to know how malicious software affects your computer so you can take steps to rectify the situation as soon as possible. Regardless of whether or not your system has experienced these symptoms, it’s always smart to perform regular malware scans to ensure your business is safe. To find out more about malware and IT security, contact us today.

Published with permission from TechAdvisory.org. Source.

/by

Tips to monitor employee activities online

2016Mar15_Security_CWhen it comes to monitoring your employees online, there are potential positives and negatives for your company. But as a business owner who’s never done it before, you may be clueless as to what these are. So to help, we’ve come up with a list of the pros and cons of employee monitoring. And if you do decide to go through with it, we’ve provided some tips for a smooth implementation process.

The case for monitoring

There are a number of reasons why monitoring your employees is a good idea. Doing so can help you:

  • Protect your organization from data theft or harm – because some disgruntled employees may try to steal from you or corrupt your data.
  • Ensure you have a harassment free workplace – because cyber harassment (sexual or otherwise) happens among employees.
  • Ensure staff are complying with policies – not downloading illegal programs or spending time on websites with illegal or hostile content.
  • Provide evidence in case of a lawsuit – heaven forbid this happens, but if an employee participates in illegal activities on your business’s computers, monitoring can provide evidence of it.

The sad fact of the matter is that many businesses who monitor end up discovering that employees are doing things they’re not happy about. Research by Nancy Flynn, the executive director of the ePolicy Institute in Columbus, Ohio, revealed that two thirds of companies monitor their employees, and half of them have fired employees due to their behavior on email and the web.

Cons

Of course there are some potential downsides to monitoring that you should be aware of as well. These include:

  • Productivity loss – monitoring can kill employee morale, and therefore you may see a hit in their productivity if they feel you distrust them.
  • TMI and lawsuits – you’ll likely learn about the personal lives of your employees that you would’ve never known about had you not monitored. You may discover their political or religious views, sexual orientation or medical problems. This could potentially open up your business to privacy or discrimination issues if you or your management team act negatively on this information.

Monitoring guidelines to follow

If you decide to monitor your employees, here are a few tips you should follow.

1. Create written policies

When you decide to monitor, ask yourself, are you doing it for security purposes? Is it to ensure your employees are not wasting large amounts of time on Social media? Whatever the reasons, it’s smart to balance your policies with the expectations of your employees. If you’re too strict with your monitoring, you could create that atmosphere of distrust we mentioned above. So set guidelines for acceptable use of email, social media, web surfing, instant messaging, and downloading software and apps. Also, in your policy, include how monitoring will be carried out and how data will be secured or destroyed.

2. Tell your employees

It’s important to inform your employees about your monitoring. If they find out you’re doing it without their knowledge, you could create resentment among them or even face legal issues. And just by letting staff know, you may actually see a boost in productivity as it could deter them from wasting time on the web.

When you tell your employees, explain why you’re doing it and the risks your business faces from misuse of digital assets. Reassure them you’re not doing it to spy on their personal life, but only attempting to create a compliant and law abiding workplace. Because their activities will now be less private, encourage your staff to keep their personal communication to their smartphones. Also, provide a copy of your written policy to employees to read over and sign.

3. Get the right technology tools

While there are many technology tools to monitor your employees, bear in mind, you don’t need to follow their every move. In fact, you shouldn’t as it will not only waste your time, but also cause you to find out more information than necessary. So look for technology that will alert you to potential problems, so you can focus on more important things. Lastly, you may also want to consider technology that can block certain content, like porn or hate websites, as employee access to this content could create larger problems.

Whether or not to monitor your employees can be a tricky decision but, if implemented correctly, could benefit your business in making it more secure and even more productive. For more information about security and other IT support tools, get in touch. We’ll make our best effort to help however we can.

Published with permission from TechAdvisory.org. Source.

/by

Secure your business with these IT policies

2016Feb9_Security_CEmployees are one of your biggest security holes. There is no foolproof prevention method for human error, and this is why employee mistakes are one of the most common causes of a security breach. So what can you do to prevent it? Well at the very least you need to include policies in your employee handbook, and ensure your employee reads through it and signs off on agreeing to abide by them. Having measures in place drastically reduces the chances of a security breach. Here are four areas to keep in mind when developing your own.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:

  1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
  2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
  3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.

These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

Published with permission from TechAdvisory.org. Source.

/by

The true story of an SMB attacked by hackers

2016Jan20_Security_CWhen big companies like Dropbox or Ashley Madison are hacked, the whole world hears about it. But how often do you hear about cyber attacks on the SMBs of the world? Probably not often, or never. Well, today, that’s all about to change. The NY Times recently ran an article telling the story of a small business, just like you, who suffered a major cyber attack. Here’s the story, and some ideas as to how to protect your business.

Last holiday season, Rokenbok Education, a small, California-based toy company of seven employees realized its worse nightmare. During the busiest time of the sales year, the files in their database had become unusable, infected with malware. The hackers used ransomware, a malware designed to hold a business’s data hostage, to encrypt their files and demanded a payment to make them usable again. However, instead of paying the ransom, Rokenbok restructured their key system. To do this it took four days. That’s four days of downtime, lost sales, and confused customers who likely lost confidence in the integrity of their company. Luckily this did not put Rokenbok Education out of business. But many SMBs aren’t so fortunate, and are forced to close after such a security debacle.

So why do security breaches like this happen to SMBs?

There are many reasons, but a common one is that small and medium-sized businesses often focus on profits over security. And really, it’s hard to blame them. When you’re small, you want to grow your organization as quickly as possible. And you likely think that because you’re small, no one is going to attack you. However, nowadays hackers are on to this way of thinking. They know that SMBs don’t focus as much on security, which make them a perfect target. In fact, according to Timothy C. Francis, the enterprise lead for Cyber Insurance at Travelers, 60 percent of all online attacks in 2014 targeted SMBs.

So what can your business do to protect itself against online attacks? There are a range of options, but it’s best to start off with an audit of your current security system to see where the holes are. This audit should check areas of risk which include customer data, employee access, and assets such as servers, computers and all Internet-enable devices.

After that, an obvious thing to do is to strengthen your passwords. While this has been said thousands of times over, many SMB owners do not take heed. Clay Calvert, the director of security at the Virginia-based firm MetroStar Systems, notes that hackers analyze how we create passwords and use big data analytics to crack them. “They have databases of passwords,” Calvert said. The best way to create a strong password is to make it long with a mix of characters. Password managers that encrypt your passwords can also help.

Aside from passwords, there are many other ways to boost your business’s security that include installing a firewall, keeping your antivirus up-to-date, and moving data over to the cloud (instead of storing it on company servers). Also, since many security attacks occur because an employee clicked on a malicious website or link, training your employees is a smart move. A good way to start this training is to create an employee manual that includes security guidelines they must follow. For ongoing training, you can keep them up-to-date on the latest security threats through email updates and regular meetings. Once you feel confident that your employees are up-to-speed and your security practices are updated, you can try hiring ethical hackers to test your systems and try to break through your security. This will let you know if there are any security holes you missed.

Calling in a security specialist

However, if all of this sounds far too much to bother with, consider outsourcing your security to a service provider that specializes in digital security. This can oftentimes save valuable time and money in the long run. Best of all, this can provide peace of mind, knowing that you have a security specialist watching over your business.

If you’re feeling overwhelmed and unsure where to start with your business’s security, we’re happy to help perform a thorough audit and provide you the digital security solution you need to keep your business protected. Security worries don’t have to keep you up at night, and we can help you implement the measures that will protect your business from disastrous security problems.

Published with permission from TechAdvisory.org. Source.

/by

Chimera ransomware’s scary tactics

Female hand giving a bribe to businessman - closeup shotThe threat of being infected by malicious software is part and parcel of spending time on the internet, and no sooner have the antivirus and security software programs released an update or new patch than cyber criminals are scrambling for ways to circumvent them. In addition, as end users become savvier to the tricks and scams used to steal our data, money or identities, new tactics are employed to try and fool us. And that includes Chimera, a new strain of ransomware which has recently been uncovered.

Business is booming in the world of cyber crime, and scammers, extortionists, phishers and hackers are constantly on the lookout for new ways to exploit our fears and naivety in order to boost their bank accounts, steal our data, or simply cause us mayhem for their own twisted pleasure. One of worst types of malware for playing with our emotions – and therefore increasing the likelihood of us capitulating to its demands – is ransomware. If you don’t know how this program works, read on for an introduction.

If your computer has been infected by ransomware, the first sign that something is wrong is normally discovering that you are unable to open one or more of your files. That’s because the malware encrypts them, rendering them completely inaccessible. The next thing you see will be a ‘ransom note’, either in the form of an email or a notice that appears directly on your screen. You will be told that if you want to see your files again you will need to pay a sum of money. After making payment you will (allegedly) be sent a code that will allow you to decrypt your files.

Some types of ransomware up the fear factor even further by pretending that the FBI, CIA or other national law enforcement or government agency is behind the ‘kidnapping’. You will be told that your files are being held hostage because you have downloaded pirated software or files, or visited an illegal or illicit website – such as those depicting extreme pornography or threatening national security. Regardless of whether or not you are guilty of any of the above – be it a visit to an x-rated website, or downloading a pirated copy of the latest episode of The Walking Dead, your first instinct is probably to panic. The thought of no longer having access to any of our information, files or data is enough to make most of us break out into a cold sweat. If you haven’t backed up, everything from your vacation pictures to your company’s data could be lost for good.

The problem for ransomware creators, however, is that many users have wisened up to their tactics, and are refusing to pay, instead calling in an IT specialist to try and restore their encrypted files. This has left cyber criminals needing to find a way to boost ‘trade’. And that is where Chimera comes in. Christened by the Anti-Botnet Advisory Centre – a part of Germany’s Association of the Internet Industry – unlike previous forms of ransomware, which were indiscriminate when choosing their victims, this latest threat primarily targets businesses.

An employee will receive an email, purporting to be an application for a job within your firm, or some kind of corporate deal. This email will include a link ostensibly to the applicant’s resume or to details of the offer, but will in fact go to an infected file stored in Dropbox. Chimera then infects the user’s computer and encrypts any local files. Once the PC has been rebooted, the ransom note will be displayed on the desktop. Payment is usually set at around $680 USD, which must be paid in Bitcoins. And in order to further scare the victim into paying, the note will also state that failure to make payment will result in the user’s files being published online.

If there is a slight silver lining to the Chimera cloud, it is that the Anti-Botnet Advisory Centre has not found any proof that files have been published – at least not yet. In fact, it is still unknown whether the ransomware does actually take the encrypted files or if it is just an empty threat. Regardless, it is still a threat which could easily convince many users to pay the ransom. And should Chimera make good on its threats, the ramifications for a business are huge – and that’s without taking into consideration the nightmare of having your files encrypted in the first place. With Chimera targeting businesses of all sizes, and random employees within the business at that, isn’t it time you took another good look at your organization’s security posture?

Contact us today and talk to one of our security experts. We’ll be more than happy to help ensure that your small or medium-sized business isn’t taken hostage by Chimera or any other type of ransomware.

Published with permission from TechAdvisory.org. Source.

/by