So what is ransomware and how does it impact businesses?

So what is ransomware and how does it impact businesses?

Ransomware is a generic term for a category of malware that restricts access to a device or the file(s) on a device until a ransom is paid. It’s a method for criminals to make money by infecting the device and has become very effective at causing havoc for a business or organization that is unfortunate enough to become a victim.

Ransomware has now become a major security issue with businesses being held to ransom and in some cases paying to get their data unlocked. Numerous incidents have been cited where thousands of pounds have been paid: hospitals, charities, hairdressers have all been held to ransom. One university has suffered 21 attacks in the last year alone!

The true scale of the problem is somewhat hard to define though because, understandably, many businesses and organisations are reluctant to reveal they’ve been held to ransom because of fears about being targeted again, or losing existing or new customers.

People are held to ransom in just a few seconds

Unsuspecting victims are infected through emails impersonating customer support personnel from well-known company brands, it only takes a click and once activated, the malware encrypts files and demands payment, typically a few hundred pound within a timeframe of 48 or 72 hours.

UK National Crime Agency claimed ransomware attacks have increased in frequency and complexity, and now include public threats by the perpetrators to publish victim data online, as well as the permanent encryption of valuable data.

4 ways to protect your computers and networks against ransomware

Stay vigilant.
One of the most common methods of infecting a system is via a spearheading email with a malicious attachment or link. If you are not expecting the email, or it looks suspicious in any way, do not open it and delete it.

Back up your software and systems.
It’s really important you keep your software and operating system updated. Back-up your files regularly and don’t forget to keep your backup media disconnected from your PC. Otherwise, your backups might get encrypted as well. This also applies to storage and network drives e.g. Google Drive, Dropbox, etc.

Use the latest protection software.
We take ransomware very seriously and we provide AVG AntiVirus Business Edition which will detect and block ransomware and other malware variants from infecting your devices and servers – leaving you to focus on what matters.

Don’t pay.
If you do fall victim, do not pay. Funding these criminals only encourages them to attack other people. Research the specific infection to see if there is a decryption tool. We offer 7 of these tools for free with more on the way.

Don’t be the 1 in 3

Taking proactive steps to protect your organization from a ransomware attack is essential to the smooth running of your business—it is your livelihood, after all. Contingency and remediation planning are also crucial to business recovery and continuity, and these plans should be tested regularly.

WCR provide a range of services to help protect your business including proactive monitoring 24/7, patch management (updates for windows and important software), Anti Virus and Malware protection, onsite and cloud backups solutions. If you would like to discuss in more detail or book an Free IT Audit fill in the form to request a call back or email us on info@wcrservices.co.uk

How to Report and Prevent Spam

Most of us are familiar with email spam – colloquially known as junk mail – which involves the sending of identical unsolicited messages to a large number of recipients via email. Ever since the early days of the web, most users will have experienced some volume of spam in their email inbox. Thankfully, email clients come equipped with a spam filter, to which addresses can be added. Services like Gmail allow users to report spam, whereby reported addresses are added to a database. Having grown accustomed to using email over the past two decades, our collective awareness of what constitutes email spam is reasonably sharp.

Search engine spam

The same can’t be said with regards to our knowledge of search engine spam, or what can be done to help prevent it. Essentially, search engine spam can be loosely categorised in a similar manner to email spam – pages or content which have been created with the intention of tricking a search engine into providing inappropriate, poor quality, and misleading search results.

Of course, as the online world becomes increasingly more complex, so do too spammers methods of soliciting web users. Thankfully, there are a number of ways to deal with spam, regardless of the platform used by so-called “black hat” companies – what’s more, everyone can help to fight it. Spam prevention is particularly important as it stops unscrupulous companies from preying on web users, and helps to facilitate a fairer, more transparent on-line experience for everyone.

Whilst web giants Google are constantly updating their algorithm in order to weed out spam content, it can’t possibly be expected to recognise all search engine spam, which is where everyday web users come in – it’s now possible to notify the search engine directly in the event of coming across a page which perhaps shouldn’t rank quite as highly as it does.

Social media spam

Since the advent of social networking, spammers have taken to sites like Facebook and Twitter with the intention of flooding the sites with spam and phishing attempts. Social networking spammers tend to leave posts on users walls, company pages and even send private messages. To prevent spam from reaching you on Twitter, it’s easy enough to block accounts without having to notify anybody. Facebook users have the option to report content for any number of reasons, one of them being spam. Social media users should be aware of opening links, particularly on sites like Twitter where the URL is often abbreviated.

Comment spam/reputation spam

Blogs are a great way of spreading the word on a particular product or service, or simply for boosting the profile of a business. A well-optimised blog post can have a site effortlessly reaching for the top on Google’s results page. Encouraging readers to interact and leave comments is another way of getting people talking about a particular company, although such a system is often open for abuse. Spammers will take to blog comments sections to advertise their wares, or even to decry the company in question – this is known as reputation spam. In order to prevent such problematic posts, enabling the use of Captcha codes or holding comments until they have been approved by a moderator can help to weed out the spammers from those with a genuine interest.

SMS/text message spam

Unsolicited texts are perhaps the hardest type of spam to filter out. With SMS spam, prevention is often better than cure – avoid entering on-line competitions or filling in surveys, as your details can all too often end up in the hands of unscrupulous spammers. If spam texts are causing a major headache, the best course of action is to contact your network provider. In the age of the smartphone, it’s also wise not to click on any links contained in spam text messages to avoid malware attacks. The good news about spam texts is that they are expensive to send, and most spammers will run out of credit, even if they haven’t ran out of enthusiasm for spamming 24/7.

WCR offers a certified data erasure service by Blancco

We are pleased to now offer a Blancco data erasure service for effectively wiping desktop and laptop hard drives prior to recycling. We’ve found Blancco to be a sophisticated, high-speed process that securely erases all data, and is compliant with government regulations.

Blancco is great for small or large business environments, so whether you’ve got stand alone PCs, servers or mass storage we can assist!

Once up and running, Blancco is able to probe into locked or hidden areas in your hard drive to efficiently remove all unwanted data. Blancco’s versatility is impressive, it can handle the disabling of RAID configurations automatically and erase multiple disks simultaneously, it can also be used in multiple locations.

We understand that highly sensitive information will be your first concern but Blancco has a number of security features which protect from data leaks. You can also be 100% sure that data is not recoverable after erasure; we provide a Certificate of Erasure to download for total peace of mind.

As well as fully utilising Blancco’s range of data erasure features, our service provides detailed data reporting and comprehensive functionality testing for your hardware.

We use Blancco because they’re leading data erasure specialists and recommended by IT asset disposal professionals in many industries around the globe.

Call WCR directly to discuss our Blancco data erasure service today.

Please Read! Microsoft phone scam: don’t be a victim

I have had an increase of calls in the last few weeks from clients and friends contact me about calls they have received from Microsoft, luckily they all detected this was a scam and did not follow the instructions they were given over the phone. Please read the following information and don’t get caught out.

If you receive a phone call from a security ‘expert’ offering to fix your PC – it’s a scam. Here’s how to avoid the ‘Microsoft phone scam’, and what to do if you fear you have fallen victim to it.

Microsoft phone scam: how it works

Scammers call you, and asks for you by name. They say they are a computer security expert from Microsoft (or another legitimate tech company). The ‘security expert’ is plausible and polite, but officious. They say that your PC or laptop has been infected with malware, and that they can help you solve the problem. What happens now depends on the particular strain of scam with which you have been targeted.

Some will ask you to give them remote access to your PC or laptop, and then use the access to harness your personal data. Others get you to download malware that will do that task for you. A more straightforward scam is to simply ask for money in return for a lifetime of ‘protection’ from the malware they pretend is on your machine.

Here’s the important bit: no legitimate IT security pro is ever going to call you in this way. For one thing, they can’t tell that your PC is infected. They’ve got your name from the phone book, or any one of the thousands of marketing lists on which your details probably reside. They know nothing about your home computing set up – it’s a fishing trip to see if they can hook some low-hanging fruit (forgive the torturous mixed metaphors).

Basically, somebody is sitting in a room calling number after number hoping to find a victim. It’s not personal, but it is ultimately dangerous to your financial and technological health.

Microsoft phone scam: what to do if you are called

1. Number one: put the phone down. Get rid of the caller and move on with your life. It is not a legitimate call.

2. During your conversation, don’t provide any personal information. This is a good rule for any unsolicited call and certainly never hand over your credit card or bank details. Just don’t do it.

3. If you’ve got this far, we can only reiterate point number 1: get off the phone. But whatever you do don’t allow a stranger to guide you to a certain webpage, or instruct you to change a setting on your PC or download software.

4. If possible get the caller’s details. You should certainly report any instance of this scam to the police.

5. Finally, change any passwords and usernames that could plausibly have been compromised, and run a scan with up-to-date security software. Then ensure that your firewall and antivirus are up to date and protecting your PC.

Microsoft phone scam: what to do if you have been a victim

First of all don’t beat yourself up. This could happen to anyone (and does). First of all, you need to change all the personal data that you can change. As much as you might like to you can’t change your date of birth, and changing your name and address seems extreme. You can change all your passwords and usernames, starting with your main email account and any bank and credit card logins. Also, contact your bank to ask them to be on the look out for anything dodgy.

Again, use up-to-date security software to scan and cleanse your PC, and if the scammer did get you to do something to your PC using System Restore to roll back the settings is always a good idea. And tell the police. If you have lost money, it’s possible your credit card company or contents insurance will cover the loss.

For a free remote security check-up on your PC call WCR today this applies to Home & Business Users, we will make sure your up to date and protected and give you peace of mind.