Call (716) 373-4467

 

What is Ransomware?

Ransomware is a type of malware that encrypts data on a computer or network into an unreadable format until a sum of money, or ransom, is paid.

 

How does Ransomware Work?

When run, ransomware will scan the file storage disk for files to encrypt – typically documents, spreadsheets, etc. The files are encrypted with a key that only the attackers know, thus preventing your access to the files. Then, threat actors hold you files hostage, demanding a ransom to be paid for you to get your access back.

 

How do Hackers Sneak into an Environment?

Hackers are stealthy and can sneak in using many different approaches. Here are a few of the most popular ways that hackers gain access:

  • Phishing: This is when a threat actor tricks someone into handling over their sensitive, personal information, such as a credit card or Social Security number. The victim believe they’re handing over their information to a trustworthy resource when in reality, they’re giving their information to threat actors.
  • Public-Facing Vulnerabilities: Threat actors scour the internet looking for systems with known vulnerabilities. Then, they exploit them to gain access to the environment.
  • Drive-By Downloads: This is when someone navigated to a malicious webpage and unknowingly downloads malicious code to their computer – all by visiting the webpage.
  • Purchased Access: There’s a marketplace for everything these days, and cyberattacks are no exception. The dark web is a treasure trove of hackers for hire and deployable ransomware for download.

 

Ransomware Prevention

  1. Keep your computer updated and patched.
  2. Verify, then trust.
  3. Make sure your connection to a site is secure before submitting any personal information.
  4. Stay up-to-date on the latest cybersecurity education.

 

Ransomware Detection

Prevention is only part of the puzzle. Some attacks are virtually impossible to prevent. It all comes down to fast detection and response times, which help you combat tomorrow’s threats that may not be detectable today.

The most efficient way to detect ransomware is to leverage the tools in your security stay. 

Secure your business with a cybersecurity platform that secure your business and detects hackers. To protect our managed clients, we deploy a suite of cybersecurity tools that are backed by a 24/7 Threat Operations Center that worked to protect your assets and evict malicious actors.

Reach out to Databranch today at 716-373-4467 x115 or [email protected] to learn more.

You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time. What about your trash can sitting outside? Is it a treasure trove for an identity thief trolling the neighborhood at night?

Many everyday objects can lead to identity theft. They often get overlooked because people focus on their computers and cloud accounts. It’s important to have strong passwords and use antivirus on your PC. But you also need to be wary of other ways that hackers and thieves can get to your personal data.

Here are six common things that criminals can use to steal your information.

 

Old Smart Phones

People replace their smartphones about every two and a half years. That’s a lot of old phones laying around containing personal data.

Just think of all the information our mobile phones hold. We have synced connections with cloud services. Phones also hold banking apps, business apps, and personal health apps. These are all nicely stored on one small device.

As chip technology has advanced, smartphones have been able to hold more “stuff.” This means documents and spreadsheets can now be easily stored on them. Along with reams of photos and videos.

A cybercriminal could easily strike data theft gold by finding an old smartphone. Make sure that your company is properly cleaning any old work phones by erasing all data. You should also dispose of them properly. You shouldn’t just throw electronics away like normal garbage.

 

Wireless Printers

Most printers are wireless these days, this means they are part of your home or work network. Printing from another room is convenient, but the fact that your printer connects to the internet can leave your data at risk.

Printers can store sensitive documents, such as tax paperwork or contracts. Most people don’t think about printers when putting data security protections in place. This leaves them open to a hack. When this happens, a hacker can get data from the printer and they could also leverage it to breach other devices on the same network.

Protect printers by ensuring you keep their firmware updated. Always install updates as soon as possible and you should also turn it off when you don’t need it. When it’s off it’s not accessible by a hacker. 

How does your company handle patching their devices? If you don’t know, chances are it’s performed nearly enough. All Databranch Comprehensive Care and Foundation Security clients have scheduled automatic patching and Windows updates on their devices. Visit us here to learn more about how we can help take this off your IT plate.

 

USB Sticks

Did you ever run across a USB stick laying around? Perhaps you thought you scored a free removable storage device. Or you are a good Samaritan and want to try to return it to the rightful owner. But first, you need to see what’s on it to find them.

You should never plug a USB device of unknown origin into your computer. This is an old trick in the hacker’s book. They plant malware on these sticks and then leave them around as bait. As soon as you plug it into your device, it can infect it.

 

Old Hard Drives

When you are disposing of an old computer or old removable drive, make sure it’s clean. Just deleting your files isn’t enough. Computer hard drives can have other personal data stored in system and program files.

Plus, if you’re still logged into a browser, a lot of your personal data could be at risk. Browsers store passwords, credit cards, visit history, and more.

Need help disposing of your old office devices? Reach out to Databranch today for assistance, we can help clean your computer to make it safe for disposal, donation, or reuse.

 

Trash Can

Identity theft criminals aren’t only online. Thieves are known to sort through trash in search of documents containing personal information. Be careful what your employees throw out in the trash.

It’s not unusual for garbage to enable identity theft. It can include voided checks, old bank statements, and insurance paperwork. Any of these items could have the information thieves need to commit fraud or pose as you.

A shredder can be your best friend in this case. Your company should shred any documents that contain personal information, for yourself and your clients. Do this before you throw them out. This extra step could save you from a costly incident.

 

IoT Devices

Smart lightbulb, thermostats, and security cameras… all toys that hackers love. Even Mattel’s Hello Barbie was found to enable the theft of personal information and a hacker could also use its microphone to spy on families.

These futuristic gadgets make life easier and can be found in many offices. Owners might think they’re cool, but they might also forget to consider their data security. After all, it’s just a smart printer. But that often means they can be easier to hack, so cybercriminals will zero in on these IoT devices knowing they aren’t going to be as hard to breach.

You should be wary of any new internet-connected devices you bring into your office. Install all firmware updates and do your homework to see if a data breach has involved the toy. 

 

Schedule an IT Security Audit

Don’t let the thought of identity theft keep you up at night. Contact us today at 716-373-4467 x115 or [email protected] to schedule a chat about IT security audit. Databranch also offers Dark Web Monitoring where we scan the dark web based on your domain and find all accounts that have been involved in a breach. Request a free Dark Web scan below to get started.

 

Article used with permission from The Technology Press.

 

There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life that can have costly consequences for individuals. Hackers can steal identities, compromise bank accounts and even sell your credentials on the dark web.

Cybercriminals breach about 4,800 websites every month with form jacking code. It has become all too common to hear of a large hotel chain or social media company exposing customer data.

Hackers can breach your personal information and passwords without you knowing it. The time from breach to notification of the breach can be lengthy. One example is the data breach of CafePress which is a popular online retailer that prints personalized items.

CafePress suffered a data breach in February 2019. That breach exposed millions of names and addresses, security questions, and more. Hackers also breached social security numbers that weren’t encrypted.

As mentioned, the breach happened in February. But many consumers weren’t notified until late summer. The FTC recently took action against the company due to its careless security practices.

The point is that months or years can go by without you knowing about compromised data. Unless you happen to look at the right website, you may not even realize it. Those breached password features in browsers are helpful, but what if you have other information beyond a password compromised?

It’s best to protect yourself with some knowledge. We’ll help by listing several recent breaches. If you’ve interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout.

Recent Breaches of Personal Information That May Impact You

Microsoft Customer Data Breach

On October 19, 2022, Microsoft announced a breach that exposed customer data. A misconfigured server was to blame and the breach exposed certain business transaction data. It’s thought that this breach could have affected more than 65,000 entities worldwide.

2.5 Million Records Exposed in a Student Loan Breach

Did you get a student loan from EdFinancial and the Oklahoma Student Loan Authority (OSLA)? If so, you could be in trouble. The organizations notified impacted individuals by letter in July 2022.

The personal information at risk included:

  • Social security numbers
  • Email addresses
  • Home addresses
  • Phone numbers

The breach compromised the data of over 2.5 million loan recipients.

U-Haul Data Breach of 2.2 Million Individuals’ Data

Large rental firm U-Haul is a household name. It also just had a major data breach. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022.

The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company.

Neopets Breach May Have Compromised 69 Million Accounts

You wouldn’t suspect a cute site like Neopets to be a cybersecurity risk. But users of the platform got a rude awakening due to a breach of the service. An estimated 69 million accounts may have had emails and passwords leaked.

The full stolen Neopet database and copy of the source code were being offered for sale for about $94,500.

One Employee Computer Causes a Marriott Breach

Hotel giant Marriott suffered another breach in July 2022. It blamed a single unsecured employee computer. About 300-400 individuals had data leaked. This data included credit card numbers and other confidential information.

Unfortunately, the company shows a pattern of poor cybersecurity. Within the last four years, it has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there.

Shield Health Care Group Exposes Up to 2 Million Records

In March of 2022, Shield Health Care Group detected a breach. This Massachusetts-based company found that hackers breached up to 2 million customer records. This includes medical records, social security numbers, and other sensitive personal data.

Flagstar Bank Takes 6 Months to Identify Individuals Affected in a Breach

In December of 2021, Flagstar Bank suffered a breach. It wasn’t until 6 months later that it identified the individuals affected. And the impact was large. It included exposed social security numbers. The hack impacted about 1.5 million customers.

8.2 million Current and Former Customers of Block Compromised

Block was formerly known as Square, a popular payment processing platform. It announced in April of 2022 that it was breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed. 

About 8.2 million current and former customers had their data exposed.

Crypto.com Breach Nets Hackers Over $30 Million

Cryptocurrency may be hot at the moment, but it’s very susceptible to cyberattacks. In January 2022, over 483 users had their Crypto.com wallets breached.

The criminals made it past two-factor authentication, which is usually quite effective. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.

 

Are Your Credentials Out There?

Contact Databranch today at 716-373-4467 x 115 or [email protected] to learn more about protecting your personal data from a breach. We can help your business implement Multi-Factor Authentication or set you up with our Dark Web monitoring services. Visit out website here to learn more.

 

Article used with permission from The Technology Press.

Administrative Privileges AI AI algorithms AI in Cybersecurity Annual Security Training Anti-Virus Artificial Intelligence Authenticator App Backup and Recovery Backup Redundancy BCDR BEC breach prevention Breach Prevention Platform Breaches business continuity Business Email Compromise Business Email Compromises Business Phone System Business Software BYOD Call Directory Cisco Cloud Accounts Cloud Data Backup Cloud Infrastructure Cloud Security Cloud Solutions Compliance Comprehensive Cybersecurity Compromised Credentials computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Defenses Cyber Insurance cyber liability insurance Cyber Risk Management Cyberattacks Cyberinsurance cybersecurity Cybersecurity Awareness month Cybersecurity Breach Cybersecurity Culture Cybersecurity Strategy Cybersecurity Training Cybersecurity Webinar Dark Web Dark Web Monitoring Data Backup Data Backup and Recovery Data Backup Solution Data Breach Data Breaches Data Governance Data Management Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Data Restoration Data Security deepfake Deepfakes Defense in Depth Denial of Service Device Security Disaster Recover Disaster Recovery DNS Filtering doug wilson employee cybersecurity training Endpoint Detection and Response field technician Foundation Security Gift Card Scams Hackers Hosted VoIP Hybrid work i.t. service provider Identity Theft incident response plan Incident Response Planning Insider Threats Internet Explorer Internet of Things Intrusion Detection Intrusion Prevention IoT Devices IT Budgeting IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services IT Support Juice Jacking Local Admin local admin privileges Lost Devices M365 malware Managed Clients Managed Detection and Response Managed IT managed service provider managed services Manages Services MDR MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication Network Monitoring Network Security Network Testing New Computer NIST Framework Offboarding Office 365 Outlook Outsourced IT password management Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery point objective Recovery Time Calculator Recovery time objective Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Risk Tolerance Rock-It VoIP RPO RTO RTO Costs SaaS SaaS Backup Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key Security Scans SLAM Method Smishing SMS Social Engineering Social Media Security Software-as-a-Service Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Management Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Vulnerability Management Warning Signs Webinar Windows 8.1 Work Computers World Backup Day zero trust policy