Monthly Archives: January 2020

Ryuk Ransomware

Ryuk Ransomware

How to Protect Your Organization from Ransomware Attacks

Ryuk Ransomware is a type of ransomware that targets businesses and corporate environments. Ryuk enters victims’ systems and encrypts their data. The attackers demand payments via Bitcoin cryptocurrency and instructs victims to deposit the ransom into a specific Bitcoin wallet to decrypt their information. A Russian hacker group named Wizard Spider has been responsible for the execution of Ryuk since August 2018. Since Ryuk’s appearance in 2018, threat actors have netted over 708.50 Bitcoins across more than 52 transactions, totaling over $3.7 million.

How does Ryuk work?

The malware enters a system when a victim clicks on a phishing email or clicks a pop up ad with Ryuk embedded in it. A dropper is triggered, which examines the system’s architecture. The dropper then writes an executable that corresponds to the system, which begins the encryption process. Ryuk is preconfigured to inject malicious code into 40 processes and 180 services including antivirus tools, databases, and back ups.

How can I protect my organization from Ryuk?

Ryuk can be detrimental to any business or organization. Although prevention is key, it is important to know what steps to take in the event that your network is compromised.

1. Compose Annual Employee Security Training

Employees are often the weakest link to information security, so it is crucial that they are educated on cyber attack methods and risks. They should be able to identify phishing emails and trained to avoid advertisements and illegitimate websites on their work machine.

2. Implement a Well- Written Disaster Recovery Plan and Business Continuity Plan

In the event that your organization is attacked, you should have procedures in place to continue with business processes. A necessary item to include in these plans are data back- up processes; where the back up data is stored and how to retrieve it. Another important step is prioritizing all your assets that are imperative to business functions.

3. Continuously Update

It is crucial to frequently update your anti- virus software, firewalls, and operating systems to prevent an attacker from exploiting any security holes. Run routine security scans on all machines and perform regular Security Risk Assessments. Additionally, check that your Disaster Recovery Plan is updated frequently and working.

The Importance of IT Security Policies

The Importance of IT Security Policies

IT security policies are necessary in organizations as they define who has responsibility of what information within the company. Policies are the baseline of all procedures and should be maintained regularly.

Why Do Organizations Need Security Policies?

IT security policies outline rules for user and IT personnel behavior. These policies also identify consequences for not adhering to them. Policies are also crucial in ensuring compliance with regulations such as NIST and HIPAA. Policies should define risks within the organization and provide guidelines on how to reduce these risks. They should be modified to fit the company’s need.

Writing an Effective IT Security Policy

  1. Conduct a Security Risk Assessment to identify all your critical assets, vulnerabilities, and controls in your company. Use this assessment to determine ways to reduce or eliminate these risks.
  2. Determine the scope of the policy including who the policy will address and what assets will be covered.
  3. Ensure your policy is written to be easily understood by employees and enforced by management. Employees need to be explicitly aware of the consequences of not complying with the policy. These policies will help with the development of procedures, so it is important to write the policies clearly.
  4. Update your policies at least once a year to keep them up to date with your company’s procedures and security concerns.

Common IT Security Policies:

  • Access Authorization
  • Acceptable Use
  • Breach Notification
  • Change Management
  • Data Backup Plan
  • Employee Screening
  • Employee Training
  • Encryption and Decryption
  • Media Security
  • Network Security
  • Password Management
  • Secure Development
  • Security Incident Response
  • Vendor Management
  • Vulnerability Management

The need for certain IT security policies is dependent on the company data itself. For example, if a company handles customer health data, they should consider implementing a HIPAA Acceptable Use Policy.

Is Your Password Secure?

Is Your Password Secure?

Tips for Creating a Strong Password

Passwords can be an inconvenience to remember, especially when you have dozens of applications and accounts to log into everyday. However, with the increase in phishing and ransomware attacks, passwords can be the main line of defense when securing your data. Once an attacker knows your password, your personal data and your company’s data may be at risk. Employees are often the weakest link of any organization’s information security, so it is important to ensure that you and your employees follow these tips. These steps should be outlined in a strong, detailed password policy.

1. Use a longer password with a mix of letters, numbers, and symbols.

Making passwords more complex can hinder the possibility of an attacker guessing the password. Using an easy password such as NYClover can be strengthened by adding numbers and symbols. For example, the password N3wY0rkC!tyL0v3r is more secure.

2. Never use a word or phrase that is easy to guess or contains personal information.

Using personal information such as your middle name or birthday can be risky, especially when it is found on your social media. Using full words or phrases in your passwords may also make them easy to guess. See the list of 1000 most used passwords and avoid using them.

3. DO NOT use the same password for all your accounts.

Using the same password for all your accounts can be dangerous. By doing so, an attacker may be able to access all of your accounts with just one password.

4. Never write down your passwords on paper.

Writing down your passwords can make you a target for shoulder surfing. Passwords managers, such as LastPass, should be used to remember your passwords and should also have a strong master password.

5. Use Multifactor Authentication (MFA).

Using MFA can help secure your account just incase your password is compromised. MFA can be a one time code sent to your phone or email. Google allows users to set up MFA manually.

6. Change your passwords consistently.

Passwords should be changed on a regular basis, just in case your current password gets compromised. Many applications require users to change passwords after 90 days or X increment, while others may just recommend changing your password after a certain period of time. Best practice is to change your password on a consistent basis, preferably 90 days or less.

How to Prevent Phishing Attacks Against Your Organization

How to Prevent Phishing Attacks Against Your Organization

What is a Phishing Attack?

In recent news, several large companies including Microsoft and Facebook have been affected by phishing attacks. Phishing is a type of cybercrime that happens when an attacker poses as a legitimate company or website in order to divulge sensitive information from the victim. This can be the victim’s social security number, credit card number, or login credentials. Phishing attacks can take place over the phone, instant messaging, or email. Phishing differs from other cybercrimes as it requires human interaction; attackers target end- users rather than the actual computer systems. These attacks can be damaging to a company; however, they can be prevented.

How Does a Phishing Attack Work?

A common example of phishing occurs when a company employee receives an email prompting them to change their company password. This email usually includes a link that brings the victim to a legitimate looking website. Here, the victim inputs their credentials. The attacker now has the victim’s login information and access to the company network. After gaining access to the company network, the attacker may be able retrieve confidential information to hold as Ransomware or find other security holes to exploit.

How Can I Prevent a Phishing Attack?

1. Use Web and Email Filters

Applying web and email filters can help filter out spam content from legitimate content. See examples of web filters.

2. Compose New Hire and Annual Security Training for Employees

Many times, attackers can bypass web or email filters, so it is vital to provide comprehensive security trainings to employees. Educate employees on the different methods attackers may use and the consequences phishing attacks may have on the company. Send a fake phishing email to employees to familiarize them with illegitimate emails and webpages. Train them on ways to identify a phishing email. Also, have a well- written Acceptable Use Policy and Security Awareness Policy.

3. Stay Updated

It is crucial to frequently update your anti- virus software, firewalls, and operating systems to prevent an attacker from exploiting any security holes. Run routine security scans on all machines and perform regular Security Risk Assessments. Additionally, check that your Disaster Recovery Plan is updated frequently and working.

4. Review Company Website and Information

Phishing attacks require the attacker to research the company such as employee names and contact information. Attackers may also look into the vendors the company uses such as types of machines and operating systems. Ensure that accessibility to employee and vendor information is limited.

5. Be In the Know

Be aware of new cybercrime cases and vulnerabilities in the news, blogs, and security bulletins. Often, security cannot keep up with attacks, so it is important to be alert of new types of attacks. Websites such as The Cyber Wire post daily security briefings.

Prevention is Key

Recovering from cybercrime can be rigorous and exhausting, so having preventive measures in place is the most practical solution. By combining technical controls with security awareness, you can mitigate the risk of a phishing attack against your company.