CyberheistNews Vol 6 #47 New Survey: It Takes 33 Hours To Recover From A Ransomware Infection

CyberHeist News CyberheistNews Vol 6 #47
New Survey: It Takes 33 Hours To Recover From A Ransomware Infection
Stu Sjouwerman

Here is some fabulous ammo for more IT security budget.

In a new Vanson Bourne survey of 500 cybersecurity decision makers sponsored by SentinelOne, 48 percent said their organizations had been hit by at least one ransomware attack in the last 12 months, with the average victim hit six times.

Of those respondents whose organization has suffered a ransomware attack in the last 12 months, just over eight in ten (81%) report that the ransomware attacker gained access to their organization’s network through phishing via email or social media network.

Half (50%) report that the attacker gained access through a drive-by-download caused by clicking on a compromised website, and four in ten (40%) state that it was through an infection via a computer that was part of a botnet.

Practically all of them (94%) stated that there was an impact on their organization as a result of these ransomware attacks. The most common impacts are increased spending on IT security (67%), and change of IT security strategy to focus on mitigation (52%).

44% Say Antivirus Is Dead But 85% Still Run It

Over five in ten (54%) of those surveyed agree that their organization has lost faith in traditional cyber security and over four in ten (44%) also agree that antivirus is dead. Despite this, the majority (85%) of respondents’ organizations install antivirus on all company owned static devices.

Just under two thirds (65%) of respondents agree that traditional cyber security techniques cannot protect them from the next generation of malware like ransomware attacks. Over seven in ten (71%) agree that they need a new solution to protect organizations from ransomware.

Fewer than half (45%) of respondents whose organization has suffered a ransomware attack in the last 12 months report that the attacker was able to encrypt some files/data, but their organization was able to decrypt them.

Moreover, around a quarter state that the attacker was unable to successfully encrypt any files/data (27%), or that the attacker was able to encrypt some files/data, but a back-up was held and respondents’ organizations were able to replace the encrypted files (25%).

On average, this replacement process took 33 employee hours.

Of the respondents whose organization has suffered a ransomware attack in the last 12 months, employee information (42%), financial data (41%) and customer information (40%) were types of data most likely to have been affected by these attacks.

Only 54% Notified Law Enforcement

Just over six in ten (61%) respondents state that upon suffering a ransomware attack, they did or would notify the CEO/board. Around half of respondents did/would notify law enforcement (54%) and lawyers (50%), but only 38% did/would notify customers. Here is the full report with all results:

Numbers like this make it clear as daylight that you need to step your users through new-school security awareness training as ransomware mitigation step number one.

The choice is simple. Two options:

A) Spend an average of 33 hours restoring a backup which is a major pain in the neck.

B) Spend less than one hour to upload your users, schedule training and then phish your users which is a lot of fun. (Ask our 7,000 customers.)

Your choice.

Q4 is the time of year to get budget for this and a PO cut, so that you can do your baseline test and start the new year with an effective awareness program that your employees are going to love.

You know what comes out of the mouth of your users after they stepped through the training? "Wow, I did not know it was that dangerous on the internet, how do I share this with my family?" And we are happy to say that we have that covered.

Get a quote now. Find out how affordable this is for your organization and be pleasantly surprised:

Ransomware Roundup November 2016

Crysis decryption keys posted

The decryption keys of the Crysis ransomware were posted on Pastebin, which allows victims to decrypt their hijacked files without paying. Crysis was notorious for spreading through attacks on the Windows Remote Desktop Protocol, using brute force attacks.

Why the keys were released is also unknown, but it may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them. Kaspersky recently added the decryption keys to their ransom-decryption tool and the BleepingComputer site explained how to get your files back.

Blog post with much more background, screenshots and links:

Why Senior Managers Are The Most Dangerous Negligent Insiders

Excellent infographic at CSO: "If you really want to move the needle on data security in your organization, start at the top." This is ever so true.

"Hardly a day goes by that there isn't news of another vulnerability, another attack, another patch — and often the biggest, baddest of its kind. You'd think we'd all be on hyper alert, but that is far from the case.

Instead, pleas for compliance with data security basics fall on deaf ears. Here's why: employees, including senior managers and business owners, don't assume personal responsibility for security.

Consider this: 43 percent of C-level executives say negligent insiders are the greatest risk to sensitive data in their organizations, according to data cited in this infographic compiled by the University of Alabama at Birmingham’s Online Master of Science in Management Information Systems program.

Yet, senior managers are twice as likely workers overall to take files with them after leaving a job. And 58 percent of senior managers (compared to 25 percent of all workers) have accidentally sent sensitive information to the wrong person." Check out the numbers and shiver:

Poll: Sex Or Cybersecurity? 40 Percent Of Americans Pick Abstinence If It Means They Won’t Be Hacked

In light of the recent AdultFriendFinder hack, The Washington Times reported something hilarious. "Nearly four in ten Americans would rather be abstinent for a year than risk being hacked, according to the results of survey published Thursday.

Harris Poll interviewed more than 2,000 adults last month on the topic of cybersecurity, and found Americans aren’t entirely unwilling to skip a years’ worth of sex if it means keeping their internet account and private information protected from hackers.

Broken down by gender, 44 percent of women said they’d skip sex for a year in exchange for some digital peace of mind, compared to 34 percent of men. With regards to the millennial generation, meanwhile, pollsters said 43 percent similarly agreed to sacrifice sex in exchange for their online safety.

With high-profile data breaches and cyberattacks making headlines on a routine basis — evidenced most by the reported compromise this week of the AdultFriendFinder website and more than 412 million of its users — it’s hardly surprising that a significant percentage of Americans are willing to make privacy a priority.

But while the study suggests a good chunk of respondents are willing to make all sorts sacrifices for the sake of security — 41 percent said they’d forego their favorite food for a month in lieu of having to reset the passwords for all of their internet accounts — the same poll revealed Americans don’t treat their passwords and log-in credentials with the protection they should." More:

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"True happiness comes from the joy of deeds well done, the zest of creating things new."- Antoine de Saint-Exupéry - Writer (1900 - 1944)

"Happiness lies in the joy of achievement and the thrill of creative effort."
- Franklin D. Roosevelt

Thanks for reading CyberheistNews

Security News
Pretty Much Every Phishing Email Today Has Ransomware

Read this article about how every phishing email received today is a ransomware threat on IT Pro Portal:

Ransomware has become so popular that pretty much every phishing email that gets sent nowadays contains that form of malware. This statement comes from PhishMe Inc, provider of human phishing defense solutions. In its latest report, it says that 97.25 per cent of all phishing emails sent during Q3 of 2016 contained ransomware, up from 92 per cent in Q1. Read the full article here:

Passwords Are Still Important, Even If You Use Multi-Factor Authentication

Bob Covello blogged at Graham Cluley's site: "Just because you have two factor authentication doesn’t mean you can afford to be sloppy with password security.

Multi-factor authentication is steadily becoming a more mainstream login protection mechanism, with it being adopted for use in many organizations as well as many popular websites such as Twitter, Facebook, Gmail and Amazon.

The use of multi-factor authentication or any other type of two-step verification (2SV) adds an additional layer of security to your login process. This is an excellent way to further protect your information.

In some cases, it could be surmised that the use of multi-factor authentication negates the need to use a strong password since the attackers would not have access to that secondary “something you have” vehicle that completes your login process.

Unfortunately, the need for strong passwords is still important – even when using multi-factor authentication.

Security researcher Beau Bullock at Black Hills Information Security recently discovered a flaw in Microsoft’s Outlook Web Access and Office 365 that bypasses multi-factor authentication, enabling a full search of mailboxes with the knowledge of only a person’s username and password.

You can read the technical description of the exploit if you're interested in more information, or watch this 6:53 video demonstration at YouTube. Scary:

This Social Engineering Attack Starts With A Fake Customer-Service Call

Michael Kan at CSO reported on a TrustWave blog post with some troublesome news: "Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments.

The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as 1 billion dollars from various banks."

Brian Hussey, Trustwave’s global director of incident response, said that the bad guys are preying on the hospitality industry calling their customer service and pretending to be a customer who can’t access their online reservation system.

To infect the workstations with their malware, the hackers send an email to the customer service agent with an attached Word document claiming it has their reservation information. However, the Word doc is infected and when the support rep opens it up, it downloads malware to their workstation. According to Trustwave, most endpoint security software fails to detect the malware used in these hacks, not so surprising because antivirus is not that hard to circumvent.

The hackers are very persistent, Hussey said. “They’ll stay on the line with the customer service rep until they open up the attachment,” he said. “They have excellent English.” “Once this malware finds what it wants, it can steal every single credit card that passes through your servers,” Hussey said. “For a large restaurant chain, that can be a million customers over a period of time.”

These bad guys have excellent social engineering skills. They research their targets on LinkedIn and find out the names of company department heads and drop those names during the call. The ultimate goal of the Carbarnak malware is to get into point-of-sale machines and steal all the credit card records.

In their blog post, TrustWave outlined the technical details of the malware and other indicators that you can use to find out if your network has been compromised.

You definitely want to step all your customer service staff through new-school security awareness training so that they do not fall for social engineering attacks like this. Blog post with links and example screenshot:

New Phishing Category: Controversial/NSFW *Offensive Language*

We get thousands of real phishing emails in, reported to us by customers using the complimentary KnowBe4 Phish Alert Button which by the way now also works for Gmail:

On a daily basis, these reported phishing emails get analyzed by the KnowBe4 Lab team, and recently they have identified a disconcerting trend: cyber criminals are increasingly starting to use shocking/rude/aggressive emails to conduct their social engineering attacks.

We decided to provide the option for our customers to also conduct this type of controversial simulated phishing attacks, so they can inoculate their employees against this emerging method, at the customer's discretion of course.

We created a new phishing template category: "Controversial/NSFW*Offensive Language*" with real de-fanged phishing attacks that are available for tests. We are very aware that this category may not be an option for many customers and will not fit their corporate culture, but we would be remiss in not providing this category for the customers that decide to go this route.

We wanted to alert you about this, so that you do not include the "controversial" category by mistake in a campaign, because these templates likely contain offensive language. For customers where this is a fit with their culture, we recommend to start with a 2-Star template and then slowly move it up from there. Here is how it looks currently:

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews