What Your Company Needs to Know About Ransomware – Security
The Threat of Ransomware:
How to Keep Your Business Safe
Tech experts say your next quarterly conference call could produce an unusual action item:
extortion. If recent events are any indication, there’s a hefty ransom coming for many corporations
– specifically, for IT professionals and their networks. And not paying could result in the loss of
valuable files and data. The reason? A rising form of malware called ransomware.
Ransomware restricts access to a user’s data and then extorts money from the user in exchange for
the access. Chameleon by design, ransomware can take many forms, all corrupted and infectious:
attachments, advertisements, emails, webpages.
Its ability to shape-shift means that even Internet-savvy companies and individuals are vulnerable.
Of late, popular peer-to-peer file-sharing service BitTorrent, and even Adobe’s ubiquitous Flash
platform, have been infected by ransoming cybercriminals. What’s more, on March 7, 2016, ransomware
infected its first set of Apple computers.
Ransomware – until that day in March
– did its damage mostly on Microsoft machines. But this ransomware strain,
dubbed “KeRanger,” was downloaded on Macs over 6,000 times. Said the Palo Alto Threat Intelligence
Director of the Mac malware, “This is the first one in the wild.”
This incident is wild. And it eerily confirms what many businesses are coming to know: no one, and
nothing, is safe. No organization, no machine, no operating system, no network. The ransomware
hackers are evolving alarmingly quickly. Ransomware itself looms and lies in wait, threateningly.
Today’s businesses – even Apple – are mostly powerless to stop it.
According to McAfee, there were more than 4 million unique types of ransomware on the market at the
end of Q2 2015, which on its own saw 1.2 million new instances of ransomware.
Extortion – Coding – Customer Service
The unfortunate genius behind ransomware that targets and attacks your business.
Understanding the Threat
At times called cryptware or cryptoware, ransomware first reared its ugly head in 2005. As malware
goes, it’s hardly a newcomer. What’s new, though, and improving constantly, is its sophistication.
Ransomware differs from your garden- variety malware in a few startling ways:
• Professionally written code
• A professional messaging interface
• Multiple levels of encryption
Ransomware is “a strange hybrid”: equal parts extortion, coding and customer service. The
unfortunate genius behind ransomware is that, in most cases, victims can only recover their
compromised data by isolating and removing the source of
the infection, and then restoring from backups. If files aren’t backed up, or if the backups are
also corrupted, then victims have no recourse. They have to pay the ransom.
The other strain of evolution in the development of ransomware is the target. Until recently,
ransomware masterminds largely targeted individuals. But now they’ve found that it’s far more
lucrative to target businesses. They’re targeting servers and cloud drives in order to encrypt as
many important files as possible – and demanding payment in Bitcoin in exchange for unlocking the
Such a scenario can be devastating to a company. From April 2014 to June 2015, 992 victims had
$18 million in losses to just one form of ransomware – Cryptowall – and even that estimate is on
the low end, since many victims simply do not report their attacks, or will simply abandon their files.
The figure also doesn’t include any of the ancillary losses businesses incur due to
ransomware, such as
• Decline in productivity
• Strain on IT
• Breach of proprietary data
In February 2016, a hospital in Los Angeles was attacked; the ransomware locked down some of its
critical systems. The hospital, scrambling, incapacitated, reverted to paper patient registration
and medical records.
Some emergency care patients were diverted to other hospitals. In an instant, ransomware set
Hollywood Presbyterian Medical Center back two decades. And the attackers extorted a pretty penny:
40 Bitcoin, or roughly $17,000.
The Threat is Growing
The hospital incident, according to leading tech website Ars Technica, “appears to be part of a
trend of increasingly targeted ransomware attacks against businesses and larger institutions.” The
spread of ransomware has also caught the FBI’s eye; their Internet Crime Complaint Center has
issued an alert warning businesses about it.
Interestingly, most businesses stay mum about their attacks. Many fear that going public could
actually encourage cybercriminals. The thought is, perhaps the fruits of ransomware’s success are just what
some aspiring hackers don’t need to see.
And then, from the same Ars Technica article, there is this: “There are an increasing number of
targets on organizational networks that could be disrupted by crypto-ransomware
– including Internet of Things devices running common embedded operating systems.”
That’s not good, because ransomware already has the proven ability to wreck a given company’s
database and encrypt shared network files – even if they aren’t mapped. Some
organizations, too, are further at risk because of how mobile modern employees are. That’s a
problem, because ransomware is no stranger to Android phones; increasingly
malevolent strains are resetting users’ PINs and forcing factory resets.
The capper to all this? There is no easy solution, no magical potion or panacea. Even careful
employees at secure companies can’t entirely avoid the cause of these corruptions. We can’t all
prevent en masse what we’re all programmed to do: make mistakes.
In fact, what the FBI says about ransomware – probably with a deep sigh – sums up the resigned
acceptance of the status quo: “use antivirus software and keep them updated.”
Well, okay, sure. We can do that. We’re all mostly doing that. But can’t we do anything else?
Ransomware is not unique. That is, though ransomware behaves uniquely, the human and IT systems a
business would need to prevent a ransomware attack are the same systems the same business would
need to prevent any other malware attack.
To prevent malware attacks, your business needs a multi-layered security infrastructure:
• User training; according to IBM, 95 percent of all cybersecurity incidents involve human error
• Constant monitoring; even with training, human error is inevitable, so continuous updating of
malware protection, firewalls, etc., will minimize the impact
• BYOD policy; bring-your-own-device and mobile-friendly workplaces
are particularly vulnerable to ransomware, so a thorough and proactive protection plan can help
• Security Operations Center (SOC) services; security threats can arise at any time of the day or
night, and if your IT services partner has an SOC, then you can be confident that threats will be
monitored and responded to in real-time
Read more about each facet below.
If an employee is sent a suspicious link or attachment in an email, there is an 11 percent chance
that they will click it, according to the Visual Media Alliance. If it is sent to 10 employees, the
chance that one of them will click it is greater than 90 percent. What’s
more, around 50 percent of those who receive such an email, and click on the link or attachment,
will do so within the first hour after they have received it.
What this means is, employees need to know what they’re up against. And they need to know how they
• Train employees on computer and network security, such as
• How to recognize phishing emails
• How to create strong passwords
• How to avoid dangerous applications
• How (and when) to safely share company information
• Additional best practices, like not downloading files from untrusted sources or opening
attachments in unsolicited emails
• Outline clear security policies for employees and vendors, such as
• Open attachments, or click on links in emails, from only trusted sources
• Use public Wi-Fi only if you are also using a VPN
• Always use the most recent version of your browser and operating system
Many IT professionals will tell you: training, though essential, is rarely enough. Human error is
inevitable, and that’s why businesses must be
prepared for a security breach: what to say, what to do, what to know. Here’s how to spot
weaknesses and establish tried-and-true failsafes.
• Update antivirus software routinely—and use a firewall
• Back up the data on the network regularly
• Use GPO to prevent users from opening executables
• Limit admin access on user accounts
• Monitor all applications with access to data
• Create specific access controls so that the number of people who
can access (and infect) the network is limited
• Collect detailed logs of day-to-day, and suspicious, system activity
• Maintain security patches
When Home Depot’s point-of-sale system was hacked, they were allegedly installing a belated
security patch that would have protected them completely.
You can’t prepare for what you’re not aware of – namely, rogue devices accessing your network. To
many employees, their mobile devices are essential to their productivity. And it’s not uncommon for
them to access their company email basically every hour they’re awake. Checking in from home on an
iPad, from the subway on a smartphone, from the airplane on
a laptop – this behavior is becoming increasingly everyday.
That’s understandable, of course, even reasonable. But it also presents security hazards.
and planning for them, is vital. Here are a few tips.
• Set administrative rights on popular company programs to prevent unauthorized installations
• Create a detailed data breach response plan
• Maintain, and train staff to ensure, compliance with the plan
These three layers – training, monitoring, planning – share a theme: don’t let your guard down. To
avoid owing a literal ransom, your business needs regular scans for vulnerabilities, automated
patching and documented policies and procedures.
A recent study by HP found that 97% of employee-owned devices contain privacy issues, and 75% lack
adequate data encryption.
• Security Operations Center monitoring
• Firewall management
Choosing the Right MSP
This type of protection requires foundational malware experience and a comprehensive security plan.
In a ransomware attack, for example, automated patching and multiple backups are crucial steps to
take. They’re the difference between close calls and catastrophic data losses.
If your business lacks these in-house resources, All Covered can provide them
– along with leading industry expertise and comprehension. Such security comprehension is rare; at
All Covered, we offer a unique, expansive and exhaustive security suite. We mark every box on a
company’s security checklist.
From start to finish, choosing All Covered bolsters your security, delivering the proactive
monitoring of a managed service provider (MSP) – plus the prevention and protection of a managed
security services provider (MSSP).
This dual capability means we outproduce our competitors twofold, because we’re not only a partner
in security alerts. We identify, and we mitigate, any issues in performance or infrastructure.
Documentation, implementation, monitoring, response and correction – it’s an end-to-end security
platform. All Covered is an always-watching, never-wavering, nose-to-tail partner in security.
What we offer – an all-in-one MSP and MSSP – hinges on a powerful engine: our security operations
center, or SOC. A dedicated team monitoring your security 24/7. A single point of contact for
anything that might threaten your data. Our capabilities cover:
• Cloud services
• Vulnerability Management
All Covered also provides services that help clients meet the compliance requirements of their
respective industries. It’s tangible proof of our belief that thorough documentation –
mandated, and followed, and acted on repeatedly – is the backbone of smart security policy.
Finally, our Cloud Services SOCs are also SOC2-compliant, which mandates that we document and
follow each of our policies. It is shining industry recognition that we at All Covered are leaders
in pivotal cloud computing areas:
First, we document your business’s requirements and objectives and inventory your technology. Based
on the data we collect, we customize a Technology Business Plan. Once the plan has been approved,
then we get to work.
What We Offer
One of the most important parts of a security plan is protecting your messaging. Spam, phishing
scams, viruses, worms—the dreaded ransomware—each one attacks and bombards your business’s email
servers relentlessly. All Covered can provide inbound and outbound email protection, which will
block more than 99 percent of spam.
If your business moves confidential data via email, an encryption program is paramount. Encryption
is even more useful when it comes to industry or government regulations such as HIPAA, GLBA, PCI
DSS or EU PPD. All Covered knows encryption. Our messaging solutions protect against viruses,
malware and email interruptions, while protecting your valuable business data through encryption.
Automated Filtering and Patching Automated deployment, plus continuous scanning and malware
cleaning, quickly detects, prevents and destroys malware. And our DNS
filtering adds another layer. It can block threats by malicious domains, URLs
or IPs. Unlike pure proxies, it contains botnet callbacks from infected devices over physical
servers, virtual servers, PCs and laptops.
At All Covered, we also offer web content filtering: category-based filtering, whitelists and
blacklists, and control over users’ access to specific blocked categories. With this offering, your
business can better manage unauthorized, unproductive Internet use.
And our patching program keeps servers, workstations and remote computers up-to-date with the
latest security and software services. It can
• Automate network scans, external and internal, for security patches and critical exposures
• Monitor and maintain comprehensive patch compliance
• Test periodically for security vulnerabilities
Since new threats are discovered almost daily, these scans ensure that your network stays healthy.
Email and Web Content
Your Business – The Bottom Line – System & File Backup – Support – Patch Management
Once we collaborate with your organization on a plan, develop it and implement it, the last steps
are maintenance and review.
At All Covered, we protect your business – completely – with the following resources:
• Managed backup and recovery for physical servers, virtual servers, PCs and laptops
• Email and data archival and security
• Support for industry and regulatory compliance
• A secure, private cloud data center, hosted in the U.S., that is SSAE 16 SOC 2 compliant
These cloud solutions are second to none. They span system and file
backup, patch management, remote monitoring, event log tracking and technical support. Each cloud
server has a dedicated firewall, allocated RAM, disk space and bandwidth, so your business can rest
assured – your data will be online and available every minute of every day.
At All Covered, we practice exactly what we preach. We reduce your investment in hardware and
software while increasing your server uptime. Tangibly and empirically, choosing All Covered to
protect your networks saves you what you value most: time and money.
Monitoring – Event Log Tracking
Take Our Quiz
When it comes to malware vulnerability, some businesses are better protected than others.
Start with a simple quiz to check if your IT systems are vulnerable.
1. Does your business keep multiple backups on a secure server?
2. Have your employees been actively trained in how to spot a phishing email?
3. Does your business have firewalls in place to prevent malware from spreading?
4. Does your business receive automated anti-virus updates?
5. Does your company’s IT policy extend to employee-owned devices?
6. Are you able to remote-wipe devices in the event that they’re lost or stolen?
7. Does your MSSP have a security operations center?
8. Does your business have documented processes in place in the event of a malware infection?
9. Does your business have automated patching, including third-party patching?
10. Does your business get regular IT vulnerability assessments?
If you answered “Yes” to 9 or 10 of these questions, your overall business security appears to be
in good shape. An assessment is still recommended to make sure you have covered all
If you answered “Yes” to 7 or 8 of these questions, your overall business security may be
insufficient and needs further evaluation. An assessment is highly recommended to find areas
If you answered “Yes” to 6 or less of these questions, your overall business security is inadequate
and needs immediate attention. An assessment is very highly recommended to find areas of