Ransomware is dominating the headlines so far in 2016. The number and severity of ransomware attacks has been increasing. Recent ransomware attacks against school districts, healthcare providers, state and local governments, and enterprises illustrate that criminals have shifted away from targeting just consumers, and instead are focusing on companies who will pay higher ransoms.
Consider the following recent high-profile attack, and you’ll start to get an idea of how dangerous and nimble ransomware can be.
Hollywood Presbyterian Hospital – Using phishing to trick an unsuspecting employee, attackers seized the hospital’s entire IT system, stalled critical healthcare related communications and extorted $17,000 in ransom.
Companies and individuals who have been paying the ransoms have enabled the criminals that create these malicious programs, to ramp up development and make the attacks more sophisticated. Apple OS X – Typically thought of as less vulnerable to viruses and malware, still ransomware hackers are now successfully targeting OS X systems through sophisticated phishing emails that use malware to encrypt the data and render it inaccessible until a ransom is paid.
The Federal Bureau of Investigation (FBI) reports seeing a dramatic increase of these type of cyber-attacks paired with increasingly higher ransom requests. If the first quarter of this year is any indicator, we’ll see the number of ransomware incidents surpass last year’s record, which totaled 2,453 reported incidents and approximately $24.1 million in ransom paid by victims.
So how do I help Minimize Risk?
- Monitored Backups–The most common advice to recover from an attack by ransomware relies largely on whether a good backup policy is employed for your data and entire system backups. Store backups in an offline environment because many ransomware variants will try to encrypt data on connected network shares and removable drives. If possible, use a hybrid backup solution that keeps copies of your data locally and in the cloud. This way if one of your backups is compromised you will have a greater chance of success in restoring your data.
- Layered Security–Having a layered approach to security should be taken seriously for repelling ransomware. The best way to protect against a virus is to have defenses to ensure you never receive any viruses in the first place. Deploy a layered approach utilizing technologies such as anti-virus, web filtering and firewalls. Apply access controls, including file, directory, and network share permissions to limit the exposure of non-administrator users to sensitive data.
- Stay Updated–Frequently update anti-virus and anti-malware with the latest signatures and perform regular scans. Create an application whitelist, allowing only specific programs to run on a computer.
- Request Support–If you have questions, do not be afraid to call your IT department or vendor. They will be able to help you try to minimize the damage and get started on data recovery.
Kyvon would like to invite you to join us at the Business & Community Fair on Wednesday, May 29th 2013 3:30pm. The event will be held at Rockwood Summit High School – 1780 Hawkins Road – Fenton, MO 63026 and is free to the public. We are located at booth #49. For more information please visit http://www.fentonmochamber.com. Hope to see you there!
Creating Your Spam Titan Account:
Server Link: http://spam1.kyvon.com
The first day that Spam Titan is set up, you will receive your first Quarantine email which will allow you to set up your account. This email will contain everything that has been blocked due to it being considered Spam, Banned Attachment, or Blacklisted.
At the bottom of this email you will see:
Click on the link that says “click here”
By clicking that link, you’ ll be taken to a webpage that looks like this:
Once here, and it’s your first time using this page, click on Forget your Password?
You’re then taken to a page that looks like this:
Enter your email address and click send. When the new email arrives, it will be from Email@yourdomain.com
On the password assistance screen, click the back button, then put in your email address and new password generated from the list.
When you log in, it will look like this:
There are three tabs across the top left navigation: Settings, Filter Rules, and Quarantine.
You are instantly taken to the Quarantine tab.
From here you can:
Select the type of messages you would like to view from the Message Type drop down
Select a custom date range to view
Enter an individual sender when you’re searching for a particular email
Customize the number of messages you would like to see
Put them in order by spam score or date
From the settings tab, you have two options:
Change Password and Quarantine Report Settings
Enter the password that was provided to you in the email from Spam Titan, then enter your new password and confirm it.
From this screen, you can:
Select the language you would like your quarantine reports
Select when you would like your quarantine reports (this is currently set to Weekday)
Select what you would like included in your quarantine report
All quarantined items
New items since last report only
From the Filter Rules tab, you have two options:
User Blacklist and User Whitelist
From this screen you can:
Blacklist an entire domain
Blacklist an individual sender
From this screen you can:
- Whitelist an entire domain
- Whitelist an individual sender
If you have any questions concerning Spam Titan, please contact Kyvon Customer Support at: 877-710-7993 or email us at firstname.lastname@example.org
3. Click on “Add Account”
4. Select “Microsoft Exchange”
5. Fill in
– Email Address ex. email@example.com
6. Click Next
7. Next screen fill in.
– Server: he.kyvon.com
– domain: LEAVE BLANK
– Username: your full email address “firstname.lastname@example.org”
8. Click Next
Maintenance Window Start Date & Time: October 12th, 2012 11:30 PM CT
Maintenance Window End Date & Time: October 13th, 2012 1:30 AM CT
Impact on Customers: Maximum of 15 minutes downtime
Scope of Work:
XIOLINK and Kyvon will be working in cooperation on an
emergency router configuration change. It is necessary to temporarily take
down upstream connectivity in order to complete this maintenance.
We apologize for the short notice, but this configuration must be completed
as soon as possible.
During this window, a maximum of 15 minutes of network interruption may be
experienced. Though the potential for extended downtime exists, XIOLINK and
Kyvon have carefully designed a plan for implementation of
the new configuration, and will do everything to ensure that you and your
customers feel as little impact as possible. No changes to any customer
equipment will be necessary.
Duration: 2 Hours
Please feel free to contact us with any questions or comments via our online
support form or via phone at 314-544-0011.
In our efforts to constantly improve and maintain our infrastructure, Kyvon will be completing scheduled maintenance and upgrades in our data centers. To view a list of scheduled Maintenance Windows and status updates, visit our Network Issues page.
Maintenance Window Start Date & Time: 10/3/2012 2:30AM CST
Maintenance Window End Date & Time: 10/3/2012 3:00AM CST
Impact on Customers: No impact to customers.
Data Centers: 710 N Tucker. St. Louis / 1111 Olive St. Louis
Scope of Work: In our efforts to constantly improve and maintain all of our infrastructure, we will be adding a new fiber path between the St. Louis data centers. Although the potential for downtime exists, we have carefully designed a maintenance plan, and will do everything to ensure that you and your customers feel no impact. No changes to customer equipment will be necessary.
Duration: 30 Minutes
Please feel free to contact us with any questions or comments via our online support form or via phone at 314-544-0011.
Please note: Routine Data Center Maintenance is scheduled every Wednesday evening. Please check the Network Issues Page for exact Maintenance Window times.
Kyvon Support Team.