7 Best practices for implementing a robust identity and access management strategy

An identity and access management (IAM) strategy comprises policies and procedures on how an organization manages the identities and access permissions of its users. This strategy typically covers key areas such as how users are onboarded, how their identities are verified, what permissions they need to access different systems, and how access permissions are managed over time.

Here are some best practices to help your organization develop a secure and efficient IAM strategy.

1. Rethink your onboarding processes

Onboarding is the process of integrating new people into an organization and providing them with the resources and information they need in their roles. Traditional onboarding focuses primarily on employees within an organization. But with the ever-expanding reach of today’s cyberthreats, organizations must tailor onboarding procedures for not only employees but also clients and third parties.

In addition, organizations should consider automating onboarding and offboarding processes to save resources and time. IAM software can automate the tasks of creating and provisioning user accounts, assigning permissions, and revoking access when users leave the organization.

2. Implement strong authentication and authorization mechanisms

By requiring users to prove their identity in multiple ways and restricting their access to the resources they need, organizations can make it much more difficult for attackers to gain access to their systems. One of the best ways to do this is to implement authentication mechanisms, such as multifactor authentication (MFA). MFA requires users to verify their identity through two or more authentication methods, adding an extra layer of security beyond just passwords.

Similarly, authorization, especially through role-based access control, or RBAC, ensures that users have precisely the permissions they need for their roles. This principle of least privilege minimizes the potential damage from unauthorized access and is fundamental to an effective IAM strategy.

3. Reduce privileged accounts

The rationale behind minimizing the number of privileged accounts is clear: the more accounts with direct access to sensitive information, the higher the potential risk if one of those accounts is compromised. Each privileged account represents a potential entry point for cyberthreats. Therefore, by reducing these accounts to only those absolutely necessary and implementing strong access controls and monitoring, organizations significantly reduce their vulnerability to cyberattacks and data breaches.

4. Adopt a zero trust approach to security

Implementing a zero trust security model means assuming that no user, device, or application is trusted by default. This entails verifying each user and device that attempts to access systems and resources.

A zero trust approach is a more secure approach than traditional security models that rely on perimeter defenses, such as firewalls, to protect internal networks from external threats. By implementing zero trust, organizations are better positioned to identify and mitigate potential security risks, even if those risks originate from within their own network.

5. Use single sign-on (SSO) solutions

SSO enables users to authenticate once, granting them access to multiple platforms without the need for repetitive logins. It not only simplifies the user experience but also cuts down time spent on managing multiple credentials.

But not just any SSO solution will do; organizations must find one that seamlessly integrates with existing systems and applications, ensuring a smooth transition and maximizing the efficiency of the authentication process.

6. Regularly monitor and audit access

Conducting regular access reviews and audits further ensures that unauthorized access or policy violations are immediately spotted. This allows organizations to promptly rectify security breaches or policy noncompliance.

7. Shift your security focus toward user identity management

Many of today’s cyberthreats target the weakest links: user identities and service accounts. This is why it may be necessary for organizations to change their focus from network security to user identity management.

By prioritizing identity protection, businesses fortify the core access points, minimizing the risk of unauthorized access and insider threats. This shift allows for targeted security measures that align with modern challenges and bolsters organizations’ overall security.

Safeguard your valuable assets and data by rethinking and reinforcing your IAM strategy. Consult NetWize’s IT experts for recommendations on secure technologies for your business. Request a FREE consultation today.

7 Common cybersecurity misconceptions you shouldn’t fall for

Cybersecurity is the armor of any modern business, protecting their data against the rapid onslaught of digital threats. However, misconceptions about cyber defense can leave organizations vulnerable to unforeseen dangers. We break down the common myths that can compromise your security posture, and provide ways of improving business resilience in the face of evolving cyberthreats.

1. Security software does the job

While software solutions like anti-malware programs, endpoint security systems, and firewalls are crucial for cybersecurity, they’re just one piece of the larger puzzle. They add to your existing IT infrastructure but are ultimately unable to influence the overall underlying design or configuration.

To strengthen your business’s cybersecurity, it’s important to go beyond software and apply strategies such as cybersecurity training, zero trust access controls, data backups, strong password policies, and multifactor authentication.

2. Cybersecurity is your IT team’s responsibility

Although IT departments are responsible for ensuring that strong cybersecurity tools and frameworks are put in place, cybersecurity should be everyone’s responsibility.

Statistics from Verizon’s 2022 Data Breach Investigation Report reveal that a whopping 82% of all breaches trace back to the “human element,” which include stolen credentials, misuse, phishing attacks, or human error.

Such findings highlight how cybersecurity must be a shared responsibility across departments and company roles, with all workers doing their part in staying vigilant, well informed, and proactive in recognizing and mitigating online threats.

3. Cybersecurity is a one-and-done strategy

A prevalent misconception is viewing cybersecurity as a set-and-forget strategy. In reality, the digital world is in constant flux, with new threats emerging each day, and today’s defenses may be completely obsolete by tomorrow.

Cybersecurity should therefore be seen as an iterative process that demands regular review and upgrades to defend against the latest threats.

With hackers becoming more sophisticated, organizations must continually educate their teams, update security protocols, and invest in the latest technologies. Effective strategies are akin to maintaining a fortress — walls need reinforcement, and defenses must adapt.

4. Cybercriminals only target large organizations

The larger the business, the larger the target — though this doesn’t mean small businesses are untouchable.

In fact, hackers may be particularly drawn to smaller companies. One reason for this is that small businesses may lack the budget and expertise to fully secure their operations, making them more susceptible to far more sophisticated attacks.

Secondly, many modern attacks are automated and scaled for efficiency, allowing cybercriminals to cast a wide net and target businesses of all sizes. Small companies, with their limited defenses, can be particularly vulnerable to these indiscriminate threats.

5. Compliance leads to sufficient protection

While compliance is undeniably crucial, it shouldn’t be viewed as the end goal for cybersecurity. Rather, organizations should consider it a foundational stepping stone. Achieving comprehensive protection will require additional strategies, such as adopting a risk-based approach and tailoring your security measures to your business’s unique vulnerabilities.

You must also review your existing security framework to make sure they’re still effective at protecting your business. Periodic security assessments can help with this, as they identify any flaws in your current framework and help guide improvements, ensuring your protection evolves with the threat landscape.

Additionally, it’s worth nurturing a culture of cybersecurity awareness across all levels of your organization. Provide ongoing training, promote best practices, and emphasize the critical role of security among employees and leadership alike.

6. Cyberattacks are an external threat

While hackers and cybercriminals are a common cause of breaches, those within your organization can also pose an equal or even greater threat to its security. These insider threats can exploit their access to sensitive information and systems, potentially causing substantial harm.

To protect your business against these rogue insiders, it’s important to equip staff with cybersecurity knowledge and how to recognize and report potential issues. It may also be worth limiting access to critical information, granting it only to those with genuine needs. This will help reduce the risk of accidental or intentional security breaches.

7. Cybersecurity is too expensive

Though effective cybersecurity does have its costs, it’s essential to consider the alternative. IBM’s Cost of a Data Breach Report for 2022 revealed a shocking global average cost of USD4.35 million for a data breach. This cost encompasses not only financial losses but also damage to reputation, lost customer trust, and legal ramifications.

Investing in cybersecurity isn’t an expense — it’s a strategic decision to safeguard your organization from potentially catastrophic consequences. The price of prevention pales in comparison to the exorbitant cost of a data breach, making cybersecurity a sound and necessary investment for businesses of all sizes.

Enhance your cybersecurity strategy with NetWize. Reach out to our experts today and bolster your defenses against current and emerging cyberthreats.

Zero trust security: Why companies need it for a hybrid work setup

If your company has a hybrid work setup, it’s critical that you implement zero trust security measures. Zero trust is a comprehensive approach to security that assumes no inherent trust, regardless of location or network boundaries.

Here’s what you need to know about zero trust security and why it’s vital for hybrid work environments.

What is a zero trust security framework?

Unlike traditional perimeter-based security, zero trust doesn’t presume that all users with access credentials are authorized to be in the network and can be trusted with all company data and resources. Instead, zero trust security operates on the principle “never trust, always verify.” This means it reduces risk and tightens digital safety by verifying identities, analyzing behavior, and granting access to resources based on specific user roles.

A key component of the zero trust approach to security is the use of multifactor authentication (MFA). MFA requires users to provide more than one proof of identity, such as PIN codes and biometrics, during the login process for systems or applications. This additional layer of verification makes it significantly more challenging for unauthorized individuals to breach security.

Implementing zero trust security also typically involves the use of microsegmentation. Microsegmentation technology can help prevent attackers from gaining access to larger parts of the network by breaking down larger networks into smaller segments with limited access privileges.

By incorporating MFA and adhering to other fundamental principles of the zero trust security framework, your business can establish a robust defense system that safeguards your sensitive assets. Even President Biden has set a goal for federal agencies to implement zero trust security in line with his Executive Order on Improving the Nation’s Cybersecurity.

Why is a zero trust security framework vital in a hybrid work environment?

In a hybrid work environment, there are several cyber risks that can be best prevented with a zero trust framework, including the following:

Data breaches: Data breaches can be especially damaging in a hybrid work environment. This is because remote workers often have access to sensitive data, and they may not be using the same security measures as employees who are working in the office.

Phishing attacks: Phishing attacks can be used to steal sensitive information, such as passwords and credit card numbers. In a hybrid work environment, remote workers may be more likely to fall victim to phishing attacks because they may be less familiar with the security measures that are in place at their company. This is especially true in the case of new employees who may not have spent a lot of time in the office and have not received adequate information security training.

Malware: Malware is a type of software that can be used to damage or disable computer systems. It can be spread through a variety of ways: as email attachments, via malicious websites, and through USB drives. In a hybrid work environment, remote workers may be more likely to be exposed to malware because they may be using personal devices to connect to the company network.

Zero-day attacks: Zero-day attacks are those that exploit vulnerabilities in software that the software vendor is not immediately aware of. Zero-day attacks can be very difficult to defend against, and they can be especially damaging in a hybrid work environment because remote workers may not be using the latest security patches. While zero trust security cannot completely prevent zero-day attacks, it can help to mitigate the risk. That’s because with a zero trust security framework, organizations can make it more difficult for attackers to gain access to systems and data, even if such attackers are able to exploit a zero-day vulnerability.

With zero trust security, companies can mitigate these cyber risks and maintain a secure IT infrastructure that accommodates the needs of a remote workforce and ensures that sensitive data remains safe and secure.

To set up zero trust effectively and efficiently, partner with a managed IT services provider (MSP) like NetWize. Our experts have the knowledge, experience, and resources to navigate the complexities of zero trust implementation, tailor it to your organization’s specific needs, and provide ongoing monitoring and support.

Related reading: 7 Cloud security best practices to protect your data

By working with an MSP, you can confidently establish a robust zero trust framework that protects your hybrid work environment and enables your organization to operate securely. Call us today.

7 Cloud security best practices to protect your data

If you’re one of many organizations that have fully adopted cloud computing, your need to implement strong cloud security measures has become more critical than ever. Cloud security ensures that data and applications hosted in the cloud are protected from cyberthreats. And the potential risks associated with using cloud services are simply too great and wide-ranging to ignore. According to IBM’s Cost of a Data Breach Report 2022, 45% of breaches are cloud-based.

As you store more sensitive information in the cloud, your risk of data loss or exposure increases, which is why it’s essential to understand the best measures and strategies to safeguard data in the cloud.

How can you protect against cloud security threats?

The goal of most cyberattacks today is to disrupt the normal flow of activities and operations in your system. To prevent these threats from compromising your environment, you need to implement the following security measures:

1. Develop a backup and disaster recovery strategy

A backup and disaster recovery (BDR) strategy is a crucial element of cloud security, as it provides the necessary protection against unexpected outages or other disasters that can cause costly downtime and data loss. Without a BDR plan in place, your organization is at risk of losing all of your data in the cloud, which could have a severe financial impact. Your BDR strategy should be well documented and regularly tested to ensure that it won’t fail in case of an actual disaster.

2. Implement strong authentication methods

Implementing two-factor authentication (2FA) or multifactor authentication (MFA) can help ensure that only authorized users are able to access sensitive data and applications in your cloud services and applications. 2FA and MFA add an additional layer of protection for your cloud environment, helping to prevent malicious actors from infiltrating accounts and systems.

3. Leverage encryption technologies

Encryption protects data stored in the cloud by making it unreadable and inaccessible without the necessary keys or passwords. As such, it’s an essential component of any cloud security strategy, keeping malicious actors from gaining unauthorized access to sensitive information.

Cloud encryption can be used in a variety of ways, including in transit (during data transfer) and at rest (while the data is stored). Your organization should also consider using key management solutions to ensure that encryption keys are properly managed and stored securely.

4. Enforce access controls

Role-based access control (RBAC) is a security mechanism that restricts access to data or applications based on a user’s role or job function within an organization. By doing so, RBAC helps prevent data breaches and insider threats. It also helps to simplify the management of access control by providing a centralized system for assigning and revoking access rights to certain resources.

5. Revisit and update cloud security policies

Cloud security policies should be regularly reviewed and updated to ensure that they reflect the current state of a company’s IT environment. It also pays to implement automated tools for monitoring policy compliance and alerting teams when changes are needed. This is one way to guarantee that cloud security policies remain effective and in line with best practices.

6. Monitor user activity for suspicious behavior

Monitoring user activity for suspicious behavior allows organizations to identify and address potential threats and malicious actors before they can cause significant damage.

7. Deploy endpoint security solutions

Endpoint security solutions offer advanced protection against hackers, malware, ransomware, and other malicious threats that target your systems. They provide an extra layer of defense by creating a secure perimeter around endpoints, such as PCs and mobile devices.

By following these steps, you can protect your data and applications from various cyberthreats while ensuring a secure cloud environment. Consult NetWize’s team of cybersecurity professionals on how to fortify your cloud environment. Get in touch with us today.

Securing Identities from Phishing – A Financial Sector Perspective

Discussing phishing and communications fraud is often a confusing experience, a territory filled with buzzwords and distorted news of incidents at major corporations. Getting to the facts underneath the clutter requires understanding that elements of both the “how” and the “why” of cybercriminal methods, have value.

Setting the Stage

Let’s define some terminology first: phishing refers to fraudulent attempts to obtain sensitive information by impersonating a trustworthy entity in electronic communication. The entity being impersonated can be a private organization, a government division, or a specific person. Phishing can happen via any form of electronic communication including phone calls, SMS text messages, email, instant messaging, social networks, or customer-interactive websites. Email is the most common phishing vector, and according to research groups like IBM’s X-Threat division, the volume of phishing email has been steadily growing for each of the last five years. An average corporate user account will receive between 15 and 20 malicious emails per month.

The goal of a phishing campaign is to gain sensitive information which is not otherwise publicly accessible, leading to direct or indirect monetary gain for cybercriminals. Phishing’s fundamental technique is social engineering: psychological manipulation of people into performing actions that divulge information, thus bypassing physical and digital security mechanisms. Therefore, user awareness is the best defense against phishing: human beings are the targets, and human preparation can halt even the most advanced phishing campaign.

Phishing is becoming more sophisticated and multi-dimensional with time. While some phishing attempts seek to complete only one action such as getting a user to click on a malicious link, the real money lies in performing layered attacks that have a sequence of objectives. Additionally, the subset of attacks known as spear phishing are increasingly effective at triggering a response from targeted users. Instead of a generic phish communication sent to thousands of recipients, spear phishing crafts content to be contextually relevant to a single organization or even a single person.

Financial professionals are particularly lucrative targets for advanced phishing campaigns. There is a wide variety of content available about phishing in general, but little guidance specifically tailored to the threat landscape of finance. By analyzing in detail, both the methods and goals of finance-specific spear phishing campaigns, CPAs and other finance professionals can enhance their ability to resist these attacks. In this arena knowledge operates like a vaccine, inoculating against the risk and severity of future bad events.

Phishing Methods and Goals

Method 1: fake login portals

This phishing method has an attacker create a web site which seeks to very closely mimic the “look and feel” of a login page for a corporate software asset. The page layout, fonts, branding, and color scheme will all be identical to the legitimate login page, but the URL of the website will not be correct, instead belonging to a domain the attacker controls. The rapid adoption of software-as-a-service application delivery in corporate environments is the primary contributing factor to the growth of this phishing method; users are conditioned to think of credentials entry on websites as a normal daily activity. Hoping the user does not notice the change in URL, an attacker steals the username and password entered on the page for their own use. Examples of frequently-mimicked login portals include Microsoft Office 365, SalesForce, and Dropbox.

Credential theft is already a serious security issue in and of itself because it allows an attacker to move laterally within an organization across systems where those credentials are valid. Once an attacker has access to working login credentials of a corporate user, they can begin sending electronic communications directly as that user, increasing the degree of trust that further victims will afford to the phishing attempts. One particularly dangerous variant is conversation hijacking: an attacker replies to an existing email thread instead of delivering a new email. The degree of skepticism a user applies toward a reply to a preexisting conversation is lower by default, and attackers seek to exploit that implicit trust to deliver further malicious content.

Method 2: VIP impersonation

Commonly known as “business email compromise” or “CEO fraud”, this attack method works by having the attacker impersonate someone of hierarchical importance and authority: a CEO, CFO, controller, or in-house legal counsel. When crafted correctly, the electronic communication will appear to be from the legitimate account for that person of authority. It may include timely details like their location out of office or reference discussions with clients, details that attackers can gather from social media networks, press releases, or corporate data exploration using compromised credentials. Common examples of requested actions are to complete wire transfers of large sums of money to a bank account or to send copies of tax documents. The power of this attack method lies in the ability to create artificial urgency for the target to take the action desired by the attacker. This can happen either by negative reinforcement, placing an immediate deadline on the action, or by positive reinforcement, invoking a friendly and disarming sense of trust and dependency.

Method 3: malicious attachments

Some classics never go out of style: malicious file attachments are defacto of phishing methods. Attachments sent to phish finance professionals often take the shape of invoices, forms to electronically sign via software like DocuSign, or Microsoft Office documents with embedded macros and instructions on the first page of the document to override macro security warnings. All these attachments make good choices because they mimic the normal daily workflow of finance professionals; the attacker is hoping to trick the target into acting on autopilot and not performing a critical examination of the attachment before opening the file.

The attachment, once opened, can deliver any number of malicious software payloads to the target’s computer. One dangerous example is a class of malware called banking trojans which seek out stored login information to financial institutions and send them to the attacker to use for fraudulent wire transfers or credit card purchases. Ransomware is another famous malware class, locking a company out of their own files until a ransom payment is delivered in exchange for the decryption key held by the attacker. However, the largest recent source of growth in illicit profits for cybercriminals is corporate espionage. Once they use malware to exfiltrate data from corporate networks the attackers can sell that data to competitor companies or use that data to make predictive stock trades based on insider secrets. Never underestimate the power contained in a general ledger, let alone a recently approved merger proposal or confidential intellectual property.

Method 4: impersonation of regulatory agencies

A phishing attempt using this method would proport to be from the IRS, the SEC, an auditor like Deloitte or KPMG, or from a law firm. The phishing communication will make a call to action toward the targeted finance professional, requiring them to review a document or send a data set in a reply. The goal of regulatory impersonation is to steal information, either by intimidating a targeted user into replying or by making the user believe the impersonated actor already has the information and just needs a confirmation copy. This technique becomes particularly dangerous when the attack is targeting a CPA preparing tax returns and asking for either information on specific individuals or access to practitioner databases. The attacker often intends to use the stolen information to file fraudulent tax returns and collect tax refunds, an outcome which requires considerable time commitment to remediate. The IRS requests that financial professionals who receive phishing emails related to taxes forward those emails to phishing@irs.gov for analysis.

Mitigation

Despite the growing sophistication of phishing methods, the situation is far from hopeless. There are effective mitigation tools available to finance professionals that require nothing more than the use of critical thinking and changes in personal behavior. One of the best tools to detect phishing is to look for a tone mismatch between the email content and its alleged sender. This is a bidirectional consideration: an email with a highly informal greeting and an overabundance of slang is suspicious if sent on behalf of a professional organization, as is an email filled with unnaturally formal language when sent by an individual considered a close compatriot. Attachments should always be treated with suspicion because almost any type of file can be used to deliver malware. The use of security software to scan electronic communications and block the delivery of malware in attachments acts in compliment with user preparedness, creating better defense in depth against phishing.

Another powerful phishing detection tool is domain auditing: by comparing the text of a web address or portion of an email address after the @ symbol to the known correct text for the person or institution the attacker is attempting to impersonate, an alert user can find the text does not match and reject the phishing attempt. This auditing needs to be highly precise because attackers often use the smallest possible change to a domain, different by just a one letter or a single added punctuation mark. The best tool of all to halt phishing is to verify the requested action with the alleged sender prior to acting via a different interactive, real time communication method. The result of a phone call, a video conference, or an in-person visit with the alleged sender will reveal the truth: they did not send the request, and the phishing attempt ends unsuccessfully.

Stay safe out there.

JR Maycock is a 12-year IT veteran with a background spanning corporate, freelance,
And K-12 education environments. His areas of expertise include identity management, behavioral security, systems architecture, and exploring the alignment of technology with business strategy. JR currently holds the position of Business Technology Architect at NetWize in Salt Lake City, UT. He is reachable at jrmaycock@netwize.com.

WannaCry Update: More Details about the Ransomware Attack

It has been ten days since the WannaCry ransomware attack was unleashed. It has infected nearly 300,000 devices in 150 countries. During that time, many large organizations—including hospitals, banks, and telecom companies—were brought to a halt when their data was encrypted. The yet-to-be identified attackers had received just under $110,000 in ransom at the time this article was published. Despite the initial chaos, details have emerged about how the attack happened, who may be behind it, and other malicious attacks using comparable techniques.

WannaCry: What We Know So Far

It is now believed that Windows 7 users were the hardest hit by WannaCry, which counters initial reports that stated Windows XP users were the most widely affected. In fact, the version of Windows 7 that suffered the brunt of the attack is the x64 Edition, an operating system widely deployed by large organizations. It is unclear whether enterprises are less likely to stay up-to-date with their security patches, or if there are other explanations for the nature of this vulnerability.

Another rumor states that most systems became infected following the distribution of spam emails. However, it has been proven more recently that the malware began by scanning the internet for devices with open Server Message Block (SMB) ports. It then used a modified version of the security exploit “EternalBlue”, an exploit initially developed by the National Security Agency, to install WannaCry on vulnerable machines. Once installed, WannaCry propagated across networks, infecting connected devices, and encrypting more and more user data as it grew.

Who is Behind the WannaCry Attack?

EternalBlue was initially developed by the NSA, only to be leaked by the hacker group known as The Shadow Brokers, along with a number of other weaponized software exploits on April 14, 2017. The connection between The Shadow Brokers and the group that created WannaCry remains unclear.

Cybersecurity company Kaspersky Lab has pointed out similarities between the code used for WannaCry, and code that was used for attacks carried out by hackers known as the Lazarus Group. The Lazarus Group, which has ties to North Korea, is believed to have carried out the cyberattack against Sony Pictures in 2014, as well as a bank heist in Bangladesh in 2016. North Korea is denying involvement in those attacks, as well as WannaCry.

Shared code between an early, Feb 2017 Wannacry cryptor and a Lazarus group backdoor from 2015 found by @neelmehta from Google. pic.twitter.com/hmRhCSusbR

— Costin Raiu (@craiu) May 15, 2017

New Malware on the Prowl

All of the recent attention on WannaCry has brought to light new threats that are doing damage via the same security exploits that were originally developed by the NSA. One in particular, “EternalRocks”, is malware that makes use of seven of the weaponized exploits The Shadow Brokers have leaked, which is five more than WannaCry used.

Another malware, “Adylkuzz”, has also been spreading using similar security exploits as WannaCry. Although it hasn’t received the same amount of attention that WannaCry generated, it is thought to have been at work longer, and to have done even more damage in the time since its release. Similar to WannaCry’s reliance on the cryptocurrency Bitcoin, Adylkuzz profits from its use of a digital currency called Monero.

Trust the Experts

In March 2017, Microsoft announced the security patch that prevents the SMB vulnerability enabling the latest wave of attacks. At that time, NetWize made sure its customers were protected by implementing the requisite security update. We are also available for consultation regarding user best practices for optimal security. We always make sure our customers are protected with up-to-date anti-virus protection, and a reliable data backup and disaster recovery process. Ask us about Sophos Intercept-X, and its capabilities for protecting against any type of ransomeware attack.

If you have any questions or concerns regarding recent malware attacks, or cybersecurity in general, please call NetWize at (801) 747-3200, option 1.

WannaCry Ransomware: Learn More About the Attack

A new ransomware attack is infecting hundreds of thousands of devices all over the globe. Starting May 12, the ongoing attack uses malicious software called “WannaCry” (also “WannaCrypt” or “Wanna Decryptor”), which locks users out of their computers, and then demands a ransom for restoring the encrypted files. Ransom demands range from $300 to $600, and are to be paid via bitcoin to one of three designated wallets. It is currently unclear whether the unidentified attackers have unlocked files for the users that have made a ransom payment. As of the morning of May 16, ransom payments had reached over $70,000. In 2013, a comparable ransomeware called CryptoWalker was posted to the internet. The attack pulled in an estimated $30 million in its first 100 days.

The the likelihood that the particular vulnerability enabling the spread of WannaCry will affect customers of NetWize is very low. Thanks to the commitment of our engineers to ensuring our customers’ safety, we made the security patch needed to protect against WannaCry shortly after Microsoft’s recommendation. We also offer advice for best practices that reduce a user’s vulnerability. In addition, we always make sure our customers’ antivirus is up-to-date, and that a reliable data backup and disaster recovery process is in place.

[vimeo 217574866 w=640 h=360]

To learn more about the outbreak as it unfolds, check out Wikipedia, and technical support website Bleeping Computer.

As always, if you have any concerns regarding this recent ransomware attack, please call NetWize at (801) 747-3200, option 1.

Is fileless malware a threat to you?

Browsers leak sensitive info to hackers

Predicting cyber-threats in 2017