Virulent new strains of ransomware continue to spread leaving many IT departments caught with their backups down
(Tampa Bay, FL) May 6, 2015--KnowBe4, host of the world’s most popular integrated Security Awareness Training and Simulated Phishing platform, cautioned IT managers to stay on top of the latest surge in phishing attacks lest they lead to ransomware infections. New CryptoLocker variants are still on the loose encrypting local drives, mapped drives on file servers and one strain focuses on video gaming files. Ransomware is now even being localized for Asia with the new Crypt010ocker variant which translates its menu screens according to the victim’s IP address. One of the latest versions of the Koler mobile ransomware targets the Canadian market and locks up screens with fake government warnings and demands a ransom to return functionality.
According to KnowBe4 CEO Stu Sjouwerman, “Users can become complacent or can be tricked by social engineering into clicking on a malicious link buried in a spear phishing email or being redirected to a bad site and clicking on something they shouldn’t. IT departments may believe their anti-virus has them covered but the average window of exposure is 17.5 hours before a signature that blocks the phishing attack becomes available. And surprisingly often backups turn out not to work or it takes days to restore a system. Today, an essential additional security layer is to to train your users to become part of your human firewall.”
Recent research sponsored by KnowBe4 shows email phishing attacks are now the number one source of data breaches with human error at the bottom of it all. A recent study sponsored by KnowBe4 shows 67% of respondents say malware has successfully penetrated their corporate networks through email with web surfing a close second at 63%. Another 23% say malware has infiltrated their networks but they still don’t know how. The latest Verizon report shows that approximately 23% of recipients click on a phishing email and most of that occurs within the first hour of receipt. Recovering from such a tactic, even if backup works, can take hours or days.
And the cyber criminals won’t discriminate, being so bold as to capture and encrypt the files of many local police departments who are often overworked, understaffed and without a large IT budget. From Maine to Tewksbury, Massachusetts and larger areas like Chicago suburb Midlothian, police departments are being shaken down to for ransoms from $300 to $600 or face critical data loss as an alternative.
Sjouwerman added, “Businesses that do not train their staff report annual losses of four times greater than those who do. It is much less expensive to train your staff with an effective program like the Kevin Mitnick Security Awareness Training than suffer the consequences of a data breach and loss of customer confidence. “
Sjouwerman advises:
1. The rule "Patch Early, Patch Often" still applies, but these days, better to "Patch Now" all workstations for both OS fixes and popular third party apps that are part of your standard image rolled out to end-users. A product like Secunia can scan for all unpatched third party apps.
2. Make sure your Backup/Restore procedures are in place. Regularly TEST, TEST, TEST if your restore function actually works. The latter is often overlooked.
3. End users need to be stepped through effective security awareness training so that they are on their toes with security top of mind when they go through their email or browse the web.
For more information visit: www.KnowBe4.com
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. KnowBe4 services over 1,200 organizations in a variety of industries, including highly-regulated fields such as healthcare, finance, energy, government and insurance and is experiencing explosive yearly growth of 300%. Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.”
About Kevin Mitnick
Kevin Mitnick, ‘the World’s Most Famous Hacker’, is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecom devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and keynote speaker and has authored four books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC as its Chief Hacking Officer.