If you use Wi-Fi on your iOS device, get this security update

The tech giant says there is a new cyber threat, but has taken steps to thwart the attack.  According to the reports, “Apple has now issued a critical security patch for all iOS devices and for Mac computers against a potential hack that could come remotely via Wi-Fi.”

The virus is being considered a potentially serious threat, so the company is urging users to install the updates to protect their devices.

The latest cyber threat is also a risk to Android device users, but Google has taken steps as well to block the virus.

“The vulnerability also has the potential to attack Android devices, but Google issued its own security patch earlier this month.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8

Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.

In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8 — all of them operating systems for which it no longer provides mainstream support.

Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.

The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.

Computers infected with WannaCry will have their data encrypted, and display a ransom note demanding $300 or $600 in bitcoin to free the files.

Fortunately, Windows 10 customers were not targeted in Friday’s attack. In March, Microsoft patched the vulnerability that the ransomware exploits — but only for newer Windows systems. That’s left older Windows machines, or those users who failed to patch newer machines, vulnerable to Friday’s attack.

Researchers originally believed the ransomware was spread through attachments in email phishing campaigns. That no longer appears to be the case.

Infection attempts from the WannaCry ransomware.

Once a vulnerable PC becomes infected, the computer will attempt to spread to other machines over the local network as well as over the internet. The ransomware will specifically scan for unpatched machines that have the Server Message Block vulnerability exposed.

Businesses can prevent this by disabling the Server Message Block protocol in vulnerable PCs. They can also use a firewall to block unrecognized internet traffic from accessing the networking ports the Server Message Block uses.

Fortunately, Friday’s ransomware attack may have been contained. A security researcher who goes by the name MalwareTech has activated a sort of kill-switch in WannaCry that stops it from spreading.

As a result, over 100,000 new infections were prevented, according to U.K.’s National Cyber Security Centre. But experts also warn that WannaCry’s developers may be working on other versions that won’t be easy to disable.

“It’s very important everyone understands that all they (the hackers) need to do is change some code and start again. Patch your systems now!” MalwareTech tweeted.

Unfortunately, the kill-switch’s activation will provide no relief to existing victims. The ransomware will persist on systems already infected.

Friday’s ransomware attack appears to have spread mainly in Europe and Asia, with Russia among those nations hardest hit, according to security researchers.

Security experts are advising victims to wait before paying the ransom. It’s possible that researchers will develop a free solution that can remove the infection.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Ransom is the top motivation behind cyber attacks, according to a report from Radware, and IT professionals are most concerned about data loss. Here’s what you need to know.

Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to Radware’s, Global Application and Network Security Report 2016-2017.

Data loss topped the list of IT professionals’ cyber attack concerns, the report found, with 27% of tech leaders reporting this as their greatest worry. It was followed by service outage (19%), reputation loss (16%), and customer or partner loss (9%).

Malware or bot attacks hit half of all organizations surveyed in the last year. One reason for the pervasive attacks? The Internet of Things (IoT). Some 55% of respondents reported that IoT ecosystems had complicated their cybersecurity detection measures, as they create more vulnerabilities.

Ransomware attacks in particular continue to increase rapidly: 41% of respondents reported that ransom was the top motivator behind the cyber attacks they experienced in 2016. Meanwhile, 27% of respondents cited insider threats, 26% said political hacktivism, and 26% said competition.

While large-scale DDoS attacks dominated the headlines of 2016, this report found that only 4% of all attacks were more than 50 Gbps, while more than 83% of DDoS attacks reported were under 1 Gbps.

“One thing is clear: Money is the top motivator in the threat landscape today,” said Carl Herberger, vice president of security solutions at Radware, in a press release. “Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data.”

Despite the growth in attacks, some 40% of organizations reported that they do not have an incident response plan in place, the survey found.

The report listed five cybersecurity predictions for 2017:

1. IoT will become an even larger risk. The Mirai IoT Botnet code is available to the public, making it more likely that cyber criminals of all experience levels are already strengthening their capabilities. “In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets,” the press release stated. “IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.”

2. Ransomware attacks will continue to grow. These attacks will target phones, laptops, and company computers, and will likely take aim at healthcare devices such as defibrillators in the future, the press release stated.

3. Permanent Denial of Service (PDoS) attacks on data centers and IoT operations will rise. PDoS attacks, sometimes called “phlashing,” damage a system to the degree that it requires hardware replacement or reinstallation. These attacks are not new, but Radware predicts they are likely to become more pervasive in 2017 with the plethora of personal devices on the market.

4. Telephony DoS (TDoS) will become more sophisticated. These attacks, which cut off communications in a crisis, “could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life,” the press release stated.

5. Public transportation system attacks will rise. As cars, trains, and planes become more automated, they also become more vulnerable to hackers, Radware stated.

You help your business avoid ransomware attacks and other cyber threats by keeping software up to date, backing up all information every day to a secure, offsite location, segmenting your network, performing penetration testing, and training staff on cyber security practices.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Where do you draw the line on personal privacy? The right options are different for everyone. This guide shows the privacy settings that will help you to create the right balance of privacy and convenience in Windows 10.

Over the past year, We’ve read countless “privacy guides” for Windows 10. Most are well-intentioned, but they invariably take a simplistic approach to privacy: Just turn off every switch in the Privacy section of the Settings app.

If you do that, you’re not understanding the privacy landscape, which encompasses far more than just those settings. You’re also missing some important additional steps.

Windows 10 is a mix of software and services. With every session, a Windows 10 device exchanges a great deal of information with Microsoft’s servers. That’s neither unusual nor alarming. Microsoft’s chief rivals, Google and Apple, are also blending services into their software, with the goal of making your life easier and making that software more reliable.

So are other tech companies that you don’t think of as software companies: Amazon, with the Echo. Tesla, with its self-updating, software-driven cars. Your thermostat and your home security system.

There’s something profoundly satisfying about a service that anticipates your every move, reminding you when to leave for an appointment to arrive on time, or to pick up flowers for your anniversary tomorrow. Your digital personal assistant, whether it’s Siri or Cortana or Alexa or Google, needs to be able to see your calendar and contacts to make that magic happen.

But when that sort of personal attention goes too far, it “crosses the creepy line,” to use a phrase that Eric Schmidt probably regrets uttering when he was Google’s CEO.

The thing about that line is that it’s drawn in a different place for everyone. There are people who are thrilled at the idea that their PC or mobile device is so familiar with their actions that it can anticipate what they’ll do next. I know others who would like to build a virtual Faraday cage around their computing hardware so that none of their personal details can escape.

Both of those viewpoints, and everything in between, are perfectly valid. That’s why the software and services we use are loaded with switches and dials designed to help you take control of their potential privacy impact.

In this post, We’ll walk you through the big privacy questions for Windows 10, with enough context to help you decide which settings are right for you.

Note that this guide assumes you are using Windows 10 on a personal PC or one in your small business. If you are in an enterprise setting, or if you are in a regulated industry, you should seek professional assistance to ensure that you’re meeting proper standards.

Let’s start with the part of your PC that has the biggest impact on your personal privacy.

THE NETWORK

No one knows more about your online identity than your Internet service provider. Every packet you send or receive from anywhere online goes through their servers. When you travel and connect to Wi-Fi networks that are under the control of others, the owners of those networks can see every connection you make and can intercept their contents.

Regardless of the platform you use, that’s why it’s important you use encrypted connections for any kind of sensitive communications. Using a virtual private network whenever possible is an excellent best practice.

Windows 10 does offer one obscure option that can help protect third parties from tracking your movements based on your connections to Wi-Fi networks. (Note that this feature requires support from your Wi-Fi adapter, so if you don’t see this option, the most likely explanation is that your hardware doesn’t support it.) Under Settings > Network & Internet > Wi-Fi, turn the Use random hardware addresses setting to On.

That step keeps third parties from matching your Wi-Fi adapter’s hardware address with your personal information, making it more difficult to track your location.

THE BROWSER

Countless third-party ad networks and analytics companies use cookies and other tracking technology to record your movements around the web and to correlate your online activities with your offline identity.

The result is a digital fingerprint that can be extraordinarily detailed and, unfortunately, outside of your ability to change.

To limit the amount of information that those ad and analytics companies know about you from your web browsing, consider third-party anti-tracking software such as Abine’s Blur, which is available for every web browser except Microsoft Edge. (That lack of solid support for add-ons is one reason I can’t yet recommend Edge as a full-time browser for most Windows 10 users.)

Another privacy product worth considering is Ghostery, although some are suspicious of this browser extension because of its uncomfortably close ties to the online advertising industry.

Ad-blocking software can also provide some privacy protection as a side-effect of performing its basic function. Here, too, watch out for close ties between some ad-blocking add-ins and the third-party trackers they supposedly protect you from.

Note that none of these steps is unique to Windows 10. Anti-tracking software is typically a browser add-in and works with most popular browsers.

THE OPERATING SYSTEM

With those two big, platform-independent factors out of the way, we can now turn to Windows 10 itself. When you use a Windows 10 device, it is capable of sharing the following types of information with Microsoft’s servers:

Your location

Windows 10 can determine your location to help with actions like automatically setting your current time zone. It can also record a location history on a per-device basis. Go to Settings > Privacy > Location to control the following:

• Location on/off?Use the master switch at the top of this page to disable all location features for all users of the current device.
• Location service on/off?If location is on for Windows, you can still turn it off for your user account here.
• General location?This allows you to set a city, zip code, or region so that apps can deliver relevant content.
• Default location?Click Set default to open the Maps app and specify the location you want Windows to use when a more precise location is not available.
• Location history?Click Clear to erase the saved history for a Windows 10 device.

If location is on, a list at the bottom of the Settings > Privacy > Location page allows you to disable access to that data on a per-app basis.

Your input

If you enable Cortana, Windows 10 uploads some info from your devices, such as your calendar, contacts, and location and browsing history, so that Cortana can make personalized recommendations. If you don’t want any accounts on your PC to use Cortana, follow the steps in this article to disable the feature completely: Turn off Cortana completely.

Windows 10 uses some feedback from the way you type, write, and speak to improve performance for you and as a way to improve the overall platform. This isn’t keystroke logging; rather, the operating system uses a very small amount of information. A separate feature uses your speech and writing history to make better suggestions in Windows and Cortana.

You can control this collection with two sets of controls:

Under Settings > Privacy > General, click Info about how I write and turn it off so that your typos aren’t used to improve things like the built-in spell checker.

Under Settings > Privacy > Speech, inking, & typing, under the Getting to know you heading, click Stop getting to know me to turn off personalization.

To clear previously saved information associated with your Microsoft account, click the first link under the Manage cloud info heading. That takes you to this Bing Personalization page, which includes this prominent button:

Click Clear to remove that saved information from the cloud.

Files and settings

When you sign in with a Microsoft account, you have the option to save files to the cloud using OneDrive. Windows 10 also syncs some settings to OneDrive, allowing you to have the same desktop background, saved passwords, and other personalized settings when you sign in with that account on multiple PCs.

If you use a local account, of course, none of your settings are synced. If you use a Microsoft account, you can turn off syncing completely or remove certain settings from the sync list by going to Settings > Accounts > Sync Your Settings.

OneDrive is an opt-in service. If you don’t sign in, it does nothing. You can’t save files to OneDrive accidentally, and no files are uploaded without your explicit permission, which you can revoke any time. To disable OneDrive for all users on your PC, follow these instructions: Shut down OneDrive completely.

Telemetry

Microsoft, like all modern software companies, uses feedback from its installed base to identify problems and improve performance. In Windows 10, this feedback mechanism produces diagnostics data (aka telemetry) that is uploaded to Microsoft at regular intervals. The data is anonymized and is not used to create a profile of you.

The default telemetry setting for all consumer and small business versions of Windows 10 is Full, which means that the uploaded data also includes details (also anonymized) about app usage. If you are concerned about possible inadvertent leakage of personal information, I recommend that you go to Settings > Privacy > Feedback & diagnostics and change the Diagnostic and usage data setting to Basic.

THE APPS

Although the number of subcategories under the Privacy heading in Settings seems daunting, most of them govern access to your information by Windows Store apps. That set of apps includes those that are preinstalled (Mail, Calendar, Groove Music, Photos, and so on) as well as those you acquire from the Store.

Most of the categories offer a single on-off switch at the top, which you can use to disable all access to that feature by all apps. If you leave the feature enabled, you can use a list of apps at the bottom of the page to enable or disable access on a per-app basis.

This capability works the same with the following categories: Camera, Microphone, Notifications, Account Info, Call History, and Radios. The Other Devices category lets apps automatically share and sync info with wireless devices that aren’t explicitly paired with your PC. Use the Background Apps category to specify which apps are allowed to work in the background.

If Location is enabled, you have the option to disable location access on a per-app basis and to disable Geofencing.

The Contacts, Calendar, Email, and Messaging categories allow you to control which apps can have access to these features. If you want to share content from an app using email or messaging, this option has to be on for that app. Note that Mail and Calendar, People, and Phone always have access to your contacts; Mail and Calendar are always allowed to access and send email and always have access to your calendar.

Finally, one horribly misunderstood setting is available under Settings > Privacy > General. Advertising ID controls whether Microsoft serves personalized ads to ad-supported apps. If you turn this option off, you still get ads, but they’re not personalized. In any case, your information is not shared with advertisers.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Looking to put more pep in your PC’s step? These surprisingly cheap PC upgrades and accessories do the trick without breaking the bank.

Hillary Clinton’s use of a private email server when she served as US secretary of state has been a major issue for the 2016 presidential candidate. Here are the six most critical facts about it.

The FBI recently wrapped up its investigation into Hillary Clinton’s use of a personal email server while she was serving as secretary of state. FBI director James Comey called the actions “extremely careless,” but recommended that no charges be brought against Clinton.

She is now the presumptive Democratic nominee for the upcoming presidential election in November, and her actions relative to the email server have become a hot-button issue among her opponents. The situation, however, is nuanced; and there are a lot of details to understand about the scenario. Here are the most important facts.

1. What happened?

While serving as secretary of state under President Barack Obama, Hillary Clinton used multiple private email servers to communicate regarding government business, according to the State Department. Additionally, it was revealed that Clinton never had a government (.gov) email address while she was serving in her post—we’ll talk about which email address she used in a moment—and her aides did not take any actions to preserve the emails sent through her personal account. This prompted an investigation by the FBI to determine if Clinton intentionally put classified information at risk.

2. Why does it matter?

Clinton handed over 30,000 emails to the State Department, of which 110 contained classified information at the time they either were sent or received, according to the FBI’s findings. During the investigation, though, Clinton asserted that none of the emails she sent or received were classified at the time. The biggest implication has been the potential threat to national security. While the contents of the emails have not fully been released, if they had contained sensitive information it could have possibly fallen into the wrong hands. As noted by the New York Times, Comey said it was “possible” that enemy foreign governments had accessed Clinton’s personal email account.

The second biggest implication is that of transparency. The Federal Records Act requires that all communication in certain branches of government be recorded on government servers, and it forbids the use of a personal email account for government business, unless those emails are then copied and archived. However, there are a lot of technicalities involved, and there is evidence that other government officials had violated the act. As Alex Howardwrote for the Sunlight Foundation, there is also evidence that Clinton tried to control the discoverability of the emails under the Freedom of Information Act (FOIA), which could set a precedent for limiting public access to government records. It is also believed that Clinton deleted 31,000 emails deemed personal in nature before turning the emails over to the State Department.

3. When did it start?

When she was appointed secretary of state in 2009, Clinton began using the email address hdr22@clintonmail.com, tied to a personal server. Clinton’s personal email server was first discovered in 2012, by a House committee investigating the attack on the American Consulate in Benghazi. In 2013, hacker Guccifer claimed to have accessed Clinton’s personal email account and released emails that were allegedly related to the Benghazi attack.

The next year, in the summer of 2015, the State Department began asking Clinton for her emails correspondence, and she responded by delivering boxes containing more than 30,000 printed emails. In early 2015, the New York Times reported that Clinton had been using her personal email exclusively, and never had a government email address. A federal watchdog group issued an 83-page report condemning the “systemic weaknesses” of Clinton’s email practices in May. On Tuesday, the FBI concluded its investigation and recommended against any charges.

4. What tech was used

When Clinton was running for president in 2008, she had a private server installed at her home in Chappaqua, New York. The domains clintonemail.com, wjcoffice.com, and presidentclinton.com, which were registered to a man named Eric Hoteham, all pointed to that server. In 2013, a Denver-based IT company called Platte River Networks was hired to manage the server, but wasn’t cleared to work with classified information. The company executivesreceived death threats for taking on the contract. It was later discovered that multiple private servers were used for Clinton’s email.

Clinton used a BlackBerry phone to communicate during her tenure as secretary of state, including sending and receiving emails through her private server in New York. The State Department expressed concern about the security of the device. Clinton had requested the NSA provide a strengthened BlackBerry, similar to the one used by President Obama. But, her request was denied. Instead, the NSA requested that Clinton use a secure Windows Phone known as the Sectera Edge, but she opted to continue using her personal BlackBerry.

5. Will she be prosecuted?

Right now, it’s too early to tell whether or not Clinton will be charged for her use of private email servers. While Comey’s recommendation that no charges be brought will likely weigh in the decision, it is ultimately up to the US Department of Justice to make the call. However, a recent Politico analysis of multiple, similar cases spanning the past 20 years, seem to point to an indictment being “highly unlikely.” According to a former senior FBI official quoted in the analysis, the Justice Department tends to avoid prosecution in cases that are not “clear-cut.”

6. What can businesses and IT leaders learn?

The first lesson that IT can learn from this situation is that transparency is critical, at all levels in your business. This isn’t to say that the CEO should be broadcasting his or her emails to all employees every week, but steps should be taken to ensure that information can be accessed if need be. As part of adigital leak protection program, security expert John Pironti said that organizations need to know if users are using a personal email account to conduct business.

“This behavior is often a violation of acceptable use policies and can expose an organization’s sensitive information to unsecured systems and e-mail accounts,” Pironti said. “Without this visibility an organization may not be aware that their intellectual property, customer data, or sensitive data assets are not being protected appropriately and they also may be in violation of contractual agreements with their clients regarding the security of their data as well as regulatory requirements.”

The second takeaway for IT is that policies should be enforced from the top down. Sure, a CXO may get their support tickets expedited, but that doesn’t mean that exceptions should be made that could compromise the security or integrity of the organization for the sake of comfort or convenience. Leaders should model the policies that are in place to showcase the importance of adhering to them, especially regarding security and privacy policies.

Finally, the importance of records management should not be overlooked. In Clinton’s case, since multiple servers were used, the FBI had to piece together “millions of email fragments” before they could look into them. Proper labeling and management of all records will make for a more cohesive environment and assist in accountability.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

As ransomware increasingly targets healthcare organizations, schools and government agencies, security experts offer advice to help IT leaders prepare and protect.

Nigerian princes are no longer the only menaces lurking in an employee’s inbox. For healthcare organizations, schools, government agencies and many businesses, ransomware attacks—an especially sinister type of malware delivered through spear phishing emails that locks up valuable data assets and demands a ransom to release them—are a rapidly-growing security threat.

“We’re currently seeing a massive explosion in innovation in the types of ransomware and the ways it’s getting into organizations,” says Rick McElroy, security strategist for cyber security company Carbon Black Enterprise Response. “It’s a big business, and the return on investment to attackers is there—it’s going to get worse.”

While ransomware has existed for years, 2015 saw a spike in activity. The FBI received 2,453 complaints, with losses of over $1.6 million, up from 1,402 complaints the year before, according to annual reports from the bureau’s Internet Crime Complaint Center. And the numbers are only growing in 2016, the FBIreports.

“The Dark Web and Bitcoin allow almost anyone to sell stolen data without identification—cyber criminals understand they can make easy cash without the risk of being jailed,” says Ilia Kolochenko, CEO of web security company High-Tech Bridge. And hackers—most of which are located in developing countries—are growing more sophisticated, even developing downloadable ransomware toolkits for less-experienced hackers to deploy, according to the 2016 Institute for Critical Infrastructure Technology Ransomware Report.

“The days of grammatically incorrect, mass spam phishing attacks are pretty much over,” says James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology, and co-author of the report. Hackers can now check a victim’s social media accounts, and create a fake email address pretending to be a friend or contact in order to get them to click on an infected link or attachment. “It’s much more targeted, and will exploit a particular vulnerability in a device, application, server or software,” Scott adds.

A typical ransom demand is $300, according to a report from security firm Symantec.

Health threats

The healthcare sector is highly targeted by hacker attacks, due to antiquated or misconfigured computer security systems and the amount of sensitive data they hold, says David DeSanto, director of projects and threat researcher at Spirent Communications.

The large number of employees at most hospitals also makes cyber security safety training difficult, DeSanto says. Experts commonly see attacks occur through spear phishing—targeted emails with attachments with names such as “updated patient list,” “billing codes” or other typical hospital communications that employees may click on if not warned.

In 2015, over 230 healthcare breaches impacted the records of 500-plus individuals, according to data from the U.S. Department of Health and Human Services Office for Civil Rights.

A February ransomware attack launched against Hollywood Presbyterian Medical Center in southern California locked access to certain computer systems and left staff unable to communicate electronically for 10 days. The hospital paid a $17,000 ransom in bitcoin to the cybercriminals, says CEO Alan Stefanek.

Following security best practices can help healthcare organizations protect themselves. “The best way is to make regular backups of all systems and critical data so that you can restore back to a known good state prior to the ransomware being on the system,” DeSanto says.

Without security best practices, healthcare organizations may be left with few options to retrieve information. In these cases, healthcare organizations may choose to pay the ransomware fee. Some make enough money that paying the ransom for a few infected computers is low compared to the cost of maintaining the infrastructure to protect these attacks, DeSanto adds.

Schools and businesses

Hackers are gaining traction and using new methods across other industry verticals as well. In 2014, a large European financial services company (whose name was not disclosed) discovered with the help of High-Tech Bridge that a hacker placed a back door between a web application and a data set.

For six months, the hacker encrypted all information before it was stored in a database, undetected by company staffers. Then, they removed the encryption key, crashing the application, and demanded $50,000 to restore access to the database.

However, the company did not end up paying, thanks to mistakes made by the hackers, Kolochenko says.

Other victims are not as lucky, says Engin Kirda, professor of computer science at Northeastern University. “If the ransomware hacker does the encryption well, once the data is encrypted it’s nearly impossible to decrypt,” he adds.

Such was the case for South Carolina’s Horry County School District this February, when hackers froze networks for 42,000 students and thousands of staff. District technology director Charles Hucks tried to shut down the system, but within minutes, the attackers immobilized 60 percent of Horry County’s computers. The district paid $8,500 in Bitcoin to unlock their systems.

Tips for IT leaders

To prevent a ransomware attack, experts say IT and information security leaders should do the following:

1. Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
2. Keep all software up to date, including operating systems and applications.
3. Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
4. Back up all information to a secure, offsite location.
5. Segment your network: Don’t place all data on one file share accessed by everyone in the company.
6. Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
7. Develop a communication strategy to inform employees if a virus reaches the company network.
8. Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.
9. Perform a threat analysis in communication with vendors to go over the cyber security throughout the lifecycle of a particular device or application.
10. Instruct information security teams to perform penetration testing to find any vulnerabilities.

Mitigating an attack

If your company is hacked with ransomware, you can explore the free ransomware response kit for a suite of tools that can help. Experts also recommend the following to moderate an attack:

• Research if similar malware has been investigated by other IT teams, and if it is possible to decrypt it on your own. About 30 percent of encrypted data can be decrypted without paying a ransom, Kolochenko of High-Tech Bridge says.
• Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network.
• Decide whether or not to make an official investigation, or pay the ransom and take it as a lesson learned.

“There is always going to be a new, more hyper-evolved variant of ransomware delivered along a new vector that exploits a newly-found vulnerability within a common-use application,” Scott of ICIT says. “But there are so many technologies out there that offer security—you just have to use them.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

Web browsers don’t like the security and stability problems that come with Flash.

Another popular web browser has had it with Adobe Flash.

Mozilla said this week that it plans to gradually wean its Firefox web browser from Adobe’s ADBE -1.07% multimedia player. In August, Firefox will no longer support “certain Flash content” that it deems “not essential to the user experience,” although Mozilla did not specify what type of Flash content it was referring to.

Mozilla will still support “legacy Flash content” for an unspecified time, but the company urged websites that use Flash or Microsoft MSFT -0.25% Silverlight, another multimedia web player similar to Flash, for their videos or online games to adopt newer “HTML technologies as soon as possible.”

In May, Google GOOG -0.59% detailed its plans to end support of Flash for its Chrome web browser, and it hopes to completely rid itself of Flash advertisements by the beginning of 2017.

Google, like Adobe, is urging website operators to switch to the HTML5 coding language to display multimedia like video on their sites.

Flash is notoriously buggy and prone to many security vulnerabilities. Firefox believes that by ending support for Flash, its users will see “enhanced security, improved battery life, faster page load, and better browser responsiveness.”

Still, Mozilla is not totally cutting ties with Adobe. Mozilla said it would “continue to work closely with Adobe to deliver the best possible Flash experience for our users” as it phases the multimedia player out, and said that an engineering partnership between the two companies has improved some performance and stability in Firefox when it displays Flash content.

Last summer, Facebook’s FB -0.27% chief security officer Alex Stamos urged Adobe via Twitter to disable Flash because of its security vulnerabilities.

In April, Adobe issued an emergency update to Flash after security researchers found a flaw that allowed hackers to distribute so-called ransomware to owners of Microsoft Windows personal computers. Ransomware is basically a form of malware that lets hackers block people from accessing their computer or related computer networks so that a hacker can demand payment in return for access.

In 2010, legendary Apple AAPL -1.32% CEO Steve Jobs wrote a 1,700 word essay on Flash and why Apple’s problems with the multimedia player, which he claimed hurt the “reliability and security of our iPhones, iPods and iPads.”