What to do when ransomware hits, another kind of ransom attack and bad Android and Apple apps
Welcome to Cyber Security Today. It’s Friday October 25th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
I was at a conference this week of the Municipal Information Systems Association of Ontario for IT security people who work for municipalities. Ransomware and what to do about it was one of the big topics, because towns and cities around the world are being victimized by this nasty malware. Experts gave this advice for organizations on what to do if you’re hit: First, don’t panic. Second, figure out which systems have been compromised. Third, unplug those systems. Fourth, don’t be quick to wipe systems because they likely will have important evidence for finding out how you were infected. That will be important for insurance, and for police.
But above all be prepared before an incident for ransomware or any malware: Appoint an emergency response team that includes company leaders as well as IT. Know how to contact them by phone, text or email round the clock. Have a room for them identified as a crisis centre. Have a list of outside help you can also call on including a professional disaster recovery firm, insurance, a lawyer and a PR consultant. This team probably will need a spare laptop, cellphone, pens and paper. You may need an independent Internet connection. Document everything you do for the insurance company and the police. Yes, call the police. Most importantly, make sure you have off-line backups of important data, and test the backup procedure to make sure restoration can be done.
More about ransomware from the conference can be found here
Ransomware works by scrambling an organization’s files, then demanding money in the form of bitcoin for the decryption key. There’s another kind of ransom scam going around this week, according to the ZDNet news service. This one has criminals launching denial of service attacks on financial companies, bombarding a web site until it shuts down. Then the attacker emails a message to the company claiming to be the Russian-based group that some cyber security firms call ‘Fancy Bear’ and demanding money or the attack will continue. That’s intimidating because Fancy Bear is blamed for cyber attacks during the 2016 U.S. election. Experts say its unlikely Fancy Bear would stoop to ransom. In fact it’s not uncommon for those launching ransom denial of service attacks to pretend to be a better-known hacking group. There are denial of service mitigation companies, who, like a sponge, absorb the flood of requests that can overwhelm web sites. But many companies that pay for these services only protect public-facing web sites and not other sites that are, for example, used only by employees. If you think your organization may be victimized — cities, towns, utilities, hospitals, senior governments and banks — consider expanding your coverage.
More bad apps have been discovered in the Google and Apple stores. Researchers at the security firm ESET identified 42 apps in Google’s Android Play store that sucker users into viewing ads. The apps, games and utilities like a video downloader, actually work. But they also force ads onto phone screens that make money for the developers. And they’re made to be hard to find and remove from handsets. Google has removed them from the Play store. However, some of them are still around in independent app stores for download.
Meanwhile, security firm Wandera says it found 17 apps in the Apple App Store infected with malware that without user knowledge opens certain web pages or clicks on links, again with the goal of generating money for developers. These are apps that pose as file managers, fitness helpers, an FM radio and others.As I’ve said before, the Google Play and Apple Stores are the safest places to download apps. But that doesn’t mean suspicious apps can’t sneak in. So before you download make sure the app is from a developer that has a good reputation. Don’t download something just because it’s new. There’s are links to a list of the bad apps in the text version of this podcast at ITWorldCanada.com.That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com.
That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.