SIDEBAR
»
S
I
D
E
B
A
R
«
Ransomware Risk for Smaller Companies On the Rise
Jul 28th, 2016 by aperio

The threat of ransomware attacks is on the rise in 2016. Ransomware itself has been around for decades and is constantly evolving. This presents a serious security challenge for both small and large businesses.

 

The good news is that larger companies are improving their security as they become more aware of the risk. But in an ironic twist, their improved security can be bad news for small or mid-sized businesses. With cyber criminals having less success with large targets, they are switching to companies with smaller security budgets and less experience protecting themselves from attacks.

 

Ransomware History Highlights

 

  • 1989 – AIDS Trojan (a.k.a. PC Cyborg). This “generation one” ransomware was fairly easy to overcome as it simple cryptography and tools were quickly developed to decrypt affected files.
  • 2006
    • Archiveus Trojan. This was the first ransomware to use RSA encryption. It encrypted all items in the MyDocuments directory. Victims were required to buy items from an online pharmacy in order to receive a password to regain access to their files.
    • GPcode Trojan. This spread via an email attachment which appeared to be a job application. It also used a more sophisticated encryption method.
  • 2007 – WinLock. This did not use encryption. Instead, it locked out users while displaying pornographic images. It required users to send a $10 premium-rate SMS in order to receive a code to unlock their computers.
  • 2008 – GPcode.AK virus. This was a variant of the GPcode trojan and used even more sophisticated encryption.

 

Explosive Growth of Ransomware

 

From 2012 until the present, there has been an explosion in the growth of ransomware. This was due in part to the use of anonymous payment services, which made collecting payments from victims much simpler for ransomware creators. Symantecs Internet Security Threat Report from April 2016 show the alarmingly rapid increase in ransomware discoveries:

 

  • 2012 – Reveton.
  • 2013 – Urausy, Kovter, Nymaim, Cryptowall, Browlock.
  • 2014 – Linkup, Slocker, CTB-Locker/Citron, Synolocker, Onion, TorrentLocker, Zerolocker, Coinvault, Virlock.
  • 2015 – Cryptolocker2015, Symplocker, TeslaCrypt, BandarChor, Cryptvault, Tox, Troldesh, Pacman, Pclock, Threat Finder, Hidden Tear, ORX-Locker, Dumb, Encryptor RaaS, CryptoApp, LockDroid, LowLevel404, CryptInfinite, Unix.Ransomcrypt, Radamant, VaultCrypt, XRTN, Mabouia OSX POC, Power Worm, DMA-Locker, Gomasom, Chimera-Locker.
  • 2016 (first quarter alone) – CryptoJocker, Nanolocker, LeChiffre, Magic, Ginx, 73v3n, Locky, Umbrecrypt, Hydracrypt, Vipasana, Hi Buddy, Job Cryptor, PayCrypt, and KeRanger.

 

How Can Smaller Companies Protect Themselves?

 

Since ransomware often blocks your access to your files, one of the best ways to protect your company is to make sure all of your data is properly and regularly backed up. At least one version of your backed up data will need to be stored in a system that is isolated from the rest of your systems. You don’t want your backups to be affected by the ransomware too!

 

You also need to make certain that your security patches and updates are deployed as soon as possible as these updates often involve security improvements to protect your company from known threats.

 

For companies without the same level of security resources available to them as larger companies, it’s also worthwhile to consider making use of companies such as AperioIT. We offer virtual CIO (Chief Information Officer) services, where we help you plan your IT strategy and budget.

No Comments »
Aligning IT to fit your Business Objective
Dec 14th, 2015 by aperio

IT has emerged as a central business function for many organizations in the recent years, and this holds true regardless of the industry that an organization caters to. Having said that, irrespective of the huge part that IT plays in reducing costs, standardizing processes, enhancing productivity and improving workflow and communications, its role in business planning is subservient to a large extent.

It is high time that establishments stop looking at IT as a mere implementation tool which does not have any role in shaping an organization’s business strategy. Today, technological developments pave the way for many business opportunities and IT can play a proactive and larger role in developing the long term business strategy of organizations.

Given below are some tips that would help your organization align its IT with its business objectives:

Understand your business and the nature of your organization

Unless you understand the nature of your business and how it fits into the sector and economy, it is very difficult to come up with a serious IT plan that would actually work. You can start by gathering important information such as organization charts, roles and responsibilities and associated markets and products. Needless to mention, you must also possess a crystal clear understanding of your customers and their persona. Also, you must take time to analyze the structure and cultural ethos of your organization. Once you have a map of your corporate model and how it fits into the larger picture, you can start planning for the future. At this stage, it is also crucial that you start documenting all IT assets and applications.

Identify and understand the relationship between your core business and your IT assets

Understand your business’ value chain and analyze its major components. You must have an in depth understanding of the factors that drive your business as these key scaling factors play a crucial role in planning IT strategy and alignment. At this stage, you must also duly collate information about internal as well as external factors.

Determine and set the change agenda

While setting the agenda, you must research and analyse your strategy several times; not only that, you must also ensure that there is a perfect balance between the cost, value and precedence of the IT estate and then identify the impact and implications of the IT alignment plan. Of course, you must also identify requirements, prioritize time frames and functionality, model and test the strategy well in advance to ensure that the final outcome is lucrative.

Once you have all the necessary information, chart out an IT plan that has business drive and is not extremely technology-eccentric

The most difficult hurdle that many organizations face while aligning IT with its business objectives is that most IT strategies lack business drive and are too technology-eccentric. This strategic variance can be counter-productive and can lead to overtly intricate IT infrastructures that are difficult to sustain and modify. In order to avoid such obstacles, it is recommended that organizations invest in strategic partnerships with IT Managed Service Providers who specialize in aligning IT with business objectives.

No Comments »
SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa