ABSTRACT - Peters & Associates · 2020-01-22 · Each infected computer can also act as a botnet to...

ABSTRACT Ransomware attacks are evolving and becoming more and more complicated. This guide will review the current state of ransomware to help you understand how companies are profiled for attacks, what you can do to prevent an attack, and what to do if you become a victim.

RANSOMWARE

Limit the Risk

Peters.com Ransomware Guide – Limit the Risk 1 | P a g e

Table of Contents About Peters & Associates ........................................................................................................................ 2

Who we are ............................................................................................................................................. 2

About the Author ...................................................................................................................................... 2

Contact Us ................................................................................................................................................. 2

Introduction ................................................................................................................................................. 3

What is Ransomware? ................................................................................................................................ 4

How is Ransomware Spread? ................................................................................................................ 4

Characteristics of Ransomware ............................................................................................................. 6

Features of Ransomware ....................................................................................................................... 6

Top Known Types of Ransomware and What They Do3 ........................................................................ 7

Payments for Ransomware ........................................................................................................................ 9

Should you pay the ransom? ................................................................................................................ 9

What are the benefits of paying? ......................................................................................................... 9

What are the risks? ................................................................................................................................. 9

Didn’t have a good restore copy and have to pay the ransom? ...................................................... 9

What Do Hackers Want from Me? ......................................................................................................... 10

The Evolution of Cybercrimes ............................................................................................................. 11

Ransom Negotiation ............................................................................................................................ 11

The Focus ............................................................................................................................................... 11

New Targets and Threats ..................................................................................................................... 11

Latest Ransomware – March 2017 ..................................................................................................... 13

Prevention .................................................................................................................................................. 15

Infected with Ransomware – Next Steps ............................................................................................... 19

Don’t have a good backup file? .......................................................................................................... 19

Testimonials about our Support Services .......................................................................................... 21

Not sure where to start? ...................................................................................................................... 22

References ................................................................................................................................................. 23


About Peters & Associates Who we are The key to solving problems is to listen closely and ask the right questions. At Peters & Associates, we listen first.

We’ve been successfully partnering with our clients this way for over three decades - solving challenges and building bridges to a better future with secure, scalable IT solutions aligned with your business needs and goals.

Our resources are skilled and certified in network, systems, and cloud services, including:

CompTIA A+/Network/Server, VMWare Certified (VCP), Apple (ACTS), MCP, MCPD, MCSE, MCSA, MCTS, ACCP, CCNA, CCDA, CIOSSS, CQFS, CVPNS, CCP, CCNP, CCA, MCDBA, MCTTP-DBA, NTSP, NSA, CISM, CISA, CRISC, ITIL, and NIST.

About the Author

Galaxia Martin is the Director of Support Services responsible for support and security services operations within the support desk. Galaxia has worked in the IT industry for over 15 years in financial, accounting, and software development businesses. She has designed and led organizational innovations as well as optimized and increased growth within support operations. She understands the

complexity of business operations and has experience with aligning business initiatives with cost reduction solutions. As an Information Technology expert, Galaxia continues to research and study the latest technology, cyber risks, and industry trends to help educate her clients. Galaxia has a Master’s degree in Information Systems with additional studies in marketing and arts.

Contact Us Peters & Associates 1801 S. Meyers Rd., Suite 120 Oakbrook Terrace, IL 60181 630.832.0075 Ι www.peters.com For more information: [email protected]


Introduction Ransomware is not going away and, in fact, is changing day by day, hour by hour, and minute by minute. What can you do to avoid the risk? There are several methods, actions, and opinions on proactive measures you can take, but the reality is that it is not if you will be affected, but when. Imagine that you live in an area where natural disasters are common; there are specific activities you would do to prepare for that specific type of disaster, right? It’s the same when we (as good cybercrime fighters) tell you the types of risks out there and what methods can help you reduce your risk. It’s all about being prepared. You have something valuable to cybercriminals - we all do. Cybercrime is no longer just about putting skimmers on ATMs or trying to steal your mail from your mailbox. It has literally gone “pro,” meaning cybercriminals are using more sophisticated technology to get your data. The internet has gone wild in terms of cybercrime, so we all must take responsibility to protect ourselves against it on a regular basis. This Ransomware Guide will help you understand what ransomware is, how to protect yourself, and the trends that are occurring. Remember this is a guide - not an end-all-be-all to ending ransomware. The fact is that ransomware will evolve and so will our methods to prevent it. So, let’s get started on learning more about the present state of ransomware and how we can help you become a rock star cybercriminal fighter!


What is Ransomware? Ransomware is a form of cyberattack used to obtain your data and gain payment. There are a few more common types or families that we will share with you in this guide. Ransomware predominantly uses the AES algorithm to encrypt files, though some use alternative methods as well. The standard ransomware rate is $500 per incident, but that is expected to double or triple as many organizations keep paying the demands.

How is Ransomware Spread? Ransomware is spread through the distribution of malicious files. Typically, this is done through social engineering, and studies have shown that about 42.6% is done through email. Most people assume that hackers are specifically targeting their company’s data for something like WikiLeaks. This is NOT the focus for most hackers - the main reason they want access to your environment is to lock down your data and have you pay them ransom money.

1


The most common ways a hacker can access your network are the following:2

1. Phishing – good old social engineering at its best The most common way to access your network is through your employees, and hackers are getting smarter about how to target them. Some are using common tools like LinkedIn to connect and then send them hyperlinks to malicious websites, while others are still using standard phishing emails. The new trend for these attacks is encrypted emails. Cybercriminals can send an encrypted message that appears to be from a legitimate contact (they do their research) and when your employee unencrypts it the malicious activity begins.

2. Buffer Overflow

Another way to access your network is through your website forms. Yes, they can basically hack your website forms to steal data, cause damage, or access your network.

3. Password Hacking

Still using default passwords for your computer, modem, or Wi-Fi router? Well, sorry to tell you the hackers can get them. Most of the default passwords for any hardware are available to even the most amateur of hackers. So make sure you change your default passwords and continue to change them regularly.

4. Downloading Free Software Anything free is good, right? Not! Cybercriminals make fake free software websites and downloads so you can be lured to them, download their malicious files and, in the end, make them some money.

5. Fault Injection Cyber hackers basically infiltrate your software’s code and implant their own to see if they can crash the system. Two examples would be a cyber hacker using a database query that could erase database content or typing in a web URL that delivers a worm into your network.


Characteristics of Ransomware There are two distinct types of ransomware: Locker Ransomware or Crypto Ransomware.

• Locker Ransomware locks the computer or device3 • Crypto Ransomware prevents access to files or data through encryption3

Features of Ransomware • Unbreakable encryption - you can’t decrypt the files on your own. Either cybercriminal fighters

have found a solution you can leverage or you are at the mercy of the cybercriminal to decrypt your files for you.

• It can encrypt all types of files – documents, pictures, videos, audio files, game files, etc.

• It messes with your files names, making it hard to know which files were affected.

• It will add a different extension to your files – sometimes this helps cybercrime fighters to know what type of ransomware you have.

• Ransomware commonly provides an image or message to inform you that you are infected and special instructions to pay them.

• Payment is always requested in a cryptocurrency.

• Each infected computer can also act as a botnet to infect other PCs in the network or infect other PCs not even on your network.

• Encrypting your data is not all it wants to do; it frequently extracts your data (such as usernames, passwords, email addresses, etc.) and sends it back to the cybercriminals for later use.

• If ransom is paid, the cybercriminal will provide a decryptor code.


Top Known Types of Ransomware and What They Do4 1. CryptoLocker, also known as the “Police Virus,” has been around for over a decade and

continues be on the rise. CryptoLocker uses social engineering techniques to trick the user into running it. This could be an email from an address similar to what your organization uses requesting that a file be reviewed; commonly this is sent in a ZIP file format. Once you download the file, it begins to hide in your system in the user’s profile under AppData/LocalAppData. It will then make a registry key to ensure it runs every time the computer starts up. Once it is finished encrypting your files, you will see a popup demanding ransom.

2. Locky is typically spread via an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption.

3. CryptoWall takes your data hostage using an asymmetric encryption, where the decryption key is different from the encryption key and is not stored next to the encrypted data. Basically, this forces the victims to pay the thief a ransom for the decryption key to unlock the data.

4. Crysis can encrypt files on fixed, removable, and network drives and uses strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.

5. zCrypt tries to spread as a virus and can be found on USB sticks. It can detect important directories and encrypt files that are changed. It scrambles files first to make recovery impossible.

6. Powerware is aimed at businesses using Microsoft Word and the Powershell scripting interface. This ransomware’s innovation is that after trying to enable macros it hooks into the Powershell to download a malicious script. Without writing files to the system it makes it very hard to track and recover.

7. Petya will overwrite the Mast Boot Record causing the blue screen of death and crash. When the user reboots, instead of seeing the blue screen you will see a nice skull and cross bones splash screen requesting payment. Basically, this one holds your entire system hostage making recovery impossible.


8. Cerber targets cloud-based Office365 and uses phishing campaigns. It recently evolved by terminating processes in databases and creating random extensions to existing files. You will also get a Readme.hta note with instructions for payment of the ransom. Since this has evolved, it is a bit harder to fix without a restore.

9. CTB-Locker is delivered through spam campaigns, where the email message pretends to be related to a fax message that needs your immediate attention. When the email is opened, you are asked to download a ZIP file attachment. The process proceeds to encrypt your data and then you receive a ransom payment note.

10. Jigsaw targets Office365 users and the infection is typically within an email campaign. Once you are infected, the cyber hackers play an audio file that says you need to pay up and gives instructions on how to make payment. If you fail to deliver, not only has it already started encrypting your data, it will progressively delete your files until the money is paid or your files are gone. Oh, and you have a fixed timeframe without any extensions.

11. KeRanger is not widely distributed at this point, but its focus was on Mac OS X applications. Mac OS has been known to be virus free for many years and the KeRanger is the first fully functioning ransomware designed to lock Mac OS X applications. Its form of attack is through users who downloaded version 2.90 of Transmission. This ransomware not only encrypts files, but also attempts to encrypt the user’s Time Machine backup to prevent additional data recovery methods.

12. LeChiffre enters the PC via a malicious download or by cybecriminals scanning the network, gaining access, and manually running the virus in your environment. Once it enters, LeChiffre will start encrypting files before changing their extension from .txt, for example, to .txt.LeChiffre. The cyber hackers promise to decrypt all the files in return for bitcoin.

13. TeslaCrypt is distributed via the Angler exploit kit and targets Adobe vulnerabilities. TeslaCrypt installs itself in the Microsoft temp folder.

14. Hydracrypt and Umbrecrypt are in the same family and both mysteriously disappeared in June 2016. They basically encrypt your files and ask for ransom.

15. RAA is delivered as a .js file that uses crypto-js to embed in your system. It deletes Windows Shadow Copy Service and even drops the Pony password stealer to hunt for credentials. It is easy to spot since it is a JavaScript attachment.

16. TorrentLocker encrypts files and additionally collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/network.

17. ZCryptor is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and infecting external drives and flash drives so it can be distributed to other computers.


Payments for Ransomware Bitcoin, PaySafeCard, Monero, and Ukash are forms of payment used by cyber bullies because they are a secure way for them to receive money without getting caught. Should you pay the ransom? Asking yourself this question is like putting your trust in a known thief to hold your wallet and not take your money. These are cybercriminals that steal your information and sell it on the black market. They are not going to give you your files back. Maybe some victims have been lucky and received their files back after paying the ransom, but here is the reality - there is no guarantee. What are the benefits of paying?

1. You may get your data back quicker than if you do not pay them. 2. It may cost less to pay the ransom than going through your organization’s restore process

from backups. 3. You get the experience of what it is like to pay a cybercriminal.

What are the risks? 1. You lose money and still don’t get your data back. 2. You are encouraging the cybercriminals to continue to attack you later. 3. Your data was compromised even if you paid, so you have a risk regardless.

Didn’t have a good restore copy and have to pay the ransom? Here are some tips if you MUST pay the cybercriminal:

1. Set up the form of payment – this takes quite some time (days to weeks), so start right away because your ransomware clock is ticking.

2. Use a prepaid card.


3. Enroll in a credit monitoring service.

4. Create a new email address to communicate with them and pay them - DO NOT use your real information EVER!

5. Work with a MSSP or MSP to help you pay the ransom. These providers usually have a cryptocurrency or two already set up.

What Do Hackers Want from Me? Sure, they want to make money and exploit your data. However, there are several other things that a cyber hacker wants from you and your environment. Here is a simple breakdown:

1. They want to find a way to get into your network. They will try to get in through exploits, weak passwords, patch vulnerabilities, your end users, and spoofing.

2. They want to stay in your network.

• They want to learn everything about you and your company.

• They want to know who you are friends with, who you network with, what your schedule is like at work, and how you communicate to others via email or chat.

• They want to be familiar with your environment to understand your operations and the trends.

3. They want your money and a lot of it.

• Sometimes a quick ransomware will do the job.

• Sometimes a spoofing scam to wire hundreds of thousands of dollars over a period of 90 days or longer will do the job.


The Evolution of Cybercrimes Ransomware is a business, and what do businesses have to do to continue to remain in business? Develop new products or services to increase revenue. So, what does that mean for ransomware? That means it isn’t going away any time soon, so every business and consumer needs to keep up with the latest trends and threats to protect themselves from it.

Ransom Negotiation Cybercriminals are willing to negotiate the price now.

• With over one billion dollars in revenue from cybercrimes last year, the criminals now have a heart to negotiate a better deal for you. Why are they doing this? The average ransom price is going to go up, so they have to ensure that you can still afford to pay them.

• Paying the ransom is only going to cause the business model to prosper, so if the business model continues to be successful then ransom will go up year after year and the threats will continue to increase.

The Focus Cyber hackers will try to get ransomware in your environment through any means possible. If they are successful with a $500 or $1000 ransom, then they will be pleased. However, if they are bored or are focused on building their revenue, they will take their time and do more research about you, your business, your vendor contacts, your friends, and your family to trick you into installing more ransomware. New Targets and Threats Per Botnet Payout Cybercriminals can now push out botnets with ransomware. What does that mean? It means cybercriminals are hiring junior cybercriminals whose only skill is pushing out a Botnet. There is no longer urgency to get the smartest and brightest criminals to get your data. The junior cybercriminals get payment based on the number of successful botnet deployments in your environment. It’s called Ransomware as a Service – catchy isn’t?


Public Works and Manufacturing

• Let’s use the example of water treatment facilities – ransomware can focus on these facilities and force a demand of payment. If not received, they can slowly increase the chlorine levels in your community’s water supply.

• Do you have equipment used for measuring, counting, or doing anything analytical on your network? Well guess what? They can change your formula for your product ingredients or even terminate the power to your facility until you pay them ransom.

Dentist and Healthcare Providers

• Cybercriminals are working hard to get your attention. They are doing this by sending you records from a provider known to you or an X-ray from one of your client’s doctors. They are educating themselves on who you do business with to trick you into getting infected.


Latest Ransomware – March 2017

Another malware has recently hit the market that is impossible to decrypt, but cyber hackers are putting a nice spin on it. This ransomware is called the Kirk ransomware with a Spock decryptor. Why is this ransomware different? Well, not just is it Star Trek-themed, but the payment demands are in Monero. Let’s talk about the Kirk Ransomware first Kirk Ransomware was discovered by an Avast malware researcher. It is still unknown how the ransomware is being distributed. All files infected will have the extension .Kirked, and once infected you will receive an ASCII art image of Spock and Captain James T. Kirk on your screen that states “Oh no! The Kirk ransomware has encrypted your files!” This ransomware encrypted popular files (625 file extensions to be exact), plus an additional 441 extension mostly to do with games. It is rare that a ransomware will target game extensions on their victims’ machines. Payment is typically 50 Monero ($2,350 USD) within 48 hours, 200 Monero within 8 – 14 days ($4,700 USD), 500 Monero 15 – 30 days ($11,750 USD)5, and after 30 days your decryption key is deleted automatically and your data is forever toast! If you get this ransomware on your machine and plan on paying for it, do not delete the pwd file as that has the encrypted version of your decryption key. Sometimes cyber hackers send you a decryption code and direct you to a file to unencrypt your data. This ransomware involves your partnership with the cyber hacker. If you want to pay this one out to the cybercriminals, you must send the cyber hacker the pwd file so they can decrypt your data for you. You should have an email address that isn’t traceable to you and you should also verify if there was sensitive data that they encrypted. No one knows yet what this pwd file is used for later, if anything, since this is so new to the cyber hacker world. What is Monero - Cryptocurrency? Monero provides complete transaction privacy for electronic cash. Bitcoin, along with other cryptocurrencies, is entirely traceable. Any casual observer can actually read through the bitcoin blockchain for any transaction. This observer can also find the exact amount that was transacted along with the sender’s address and recipient’s address. Monero is for any private transaction. The same observer we discussed above has no means to uncover the origin, destination, or amount that was transacted. Monero transactions are completely private and untraceable. They were built to not ever be traced.


Monero will most likely soon become cyber hackers’ payment method of choice. Bitcoin has had too much attention and cyber hackers always change their behavior – what a surprise! They need to always be ahead of the curve, so if bitcoin is traceable and cyber hackers have been caught using it, they will move on to the next fad – Monero. There are many things that cybercriminals are focusing on this year, so it would be naive to think you are not at risk. Each year, as cybercrime revenue increases, there are going to be new threats evolving and emerging. We recommend that you start learning now about cybercrimes and how they can affect you so that you can proactively prepare your environment. As we said earlier, the question is no longer if you get ransomware, but when. Even if you are protected as much as possible you can never guarantee that it will stop cybercrimes from occurring. It is important to have a strategy for your environment if you have breach or get infected with ransomware.


Prevention Ransomware can be time consuming, alarming and, quite honestly, scary. Your files get stolen and held for ransom and can be deleted if you don’t pay up. There are some tools available to decrypt the ransomware, but there are a ton of different ransomware types out there so it is hard to know which to use when. There are ways to prepare your system to avoid and aid in the attempt of an infection. Here are some easy tips to start you on this ransomware prevention rollercoaster:

1. Security Awareness Training Security Awareness Training is important for all organizations, regardless of the types of data in their environment or if they are bound by compliance regulations. This program explains the employee’s role in Information Security and ensures that your users know the latest trends, tricks, and scams. The goal is to educate them so that they become a defense mechanism within your organization. Technology alone will be unable to solve the problem entirely as many risks for security breaches are controlled by the individual.

2. Social Engineering. Be aware of:

• Phishing your end users

• Vishing your end users - receiving random phone calls from outside of your network to obtain an end user’s credentials

3. Physical Security (policies for resource usage)

• Do not leave your work computer or mobile devices in your car unattended

• Store your work computer and mobile devices in a secure location

4. Hardware Assets Lifecycle Policy

Tracking your hardware is important. There are a few main stages in your hardware assets’ lifecycle: hardware request, procurement, installation, deployment, use, storage, end of warranty or maintenance, retirements, and disposal.


5. User Access Control

• Leverage tools to help manage this

• Limit user activities on the device to work purposes only (i.e., no online shopping or gaming)

• Forbid transferring data on a USB drive from home

6. Authentication • Require complex passwords

• Implement two factor authentication

• Use password manager software

7. Network Connections • Avoid allowing Bluetooth connections if possible

• Remind users to never use public Wi-Fi networks

• Require remote users to have home Wi-Fi networks secured and managed properly

• WPA2 Encryption should be set

• Router password should be complex and default username should be changed to a unique identifier

8. Anti-Virus and Anti-Malware Solution You should always have both anti-malware software and a firewall to help you identify threats or suspicious behavior. It is not best practice to buy just any anti-malware software. You need to do some research and find out which ones are updated most often and are the leaders in aiding with development of resolving newly released threats.

9. Backup Solution

• It is important to back up your data and test the restore process. You shouldn’t rely on Windows systems backups or a drive connected to your machine that has backup files, because cybercriminals are aware of this and are starting to attack those preventative measures. It is good to have a cloud-to-cloud service, appliance-to-cloud service, or an on-premise storage unit like a SAN, or tape drives, etc., for backups. Backups are the single biggest factor that will defeat some ransomware.

• Backup end user data regularly or create a policy that forbids saving anything locally

10. System Maintenance • Exploits in your software are a mecca for cybercriminals who create ransoms

specifically for many vulnerabilities in your software. If the software vendor is keeping up on their end of the deal by ensuring that the program is safe, you should ensure that you are updating your software to keep your organization safe.


• Don’t forget to patch workstations, laptops, tablets, and mobile devices. • New releases of software exist not only because they include additional features,

but most likely because some exploits in the application have been filled. If you have mobile apps on your phone that are requesting an update, you should update them.

• Limit what software is allowed on an end user’s machine

11. Data Encryption – You should have a policy in place for when anyone in your organization

transfers data from point A to point B when outside of the network. Your organization should use encryption methods. You should also consider encryption methods for data that is inside of your network.

12. Next Generation Firewall and Web Filtering

• A next-generation firewall (NG) can detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level.

• Web Content Filtering - limit the types of web pages that are allowed in your environment. If end users are surfing the internet you should educate them on suspicious web sites/links.

13. Security Information and Event Management Software (SIEM) A SIEM can help close the gaps and offer additional visibility for your Infrastructure. It will provide pro-active alerts of potential threats lurking outside of your network and reactive alerts for data breaches occurring or elevating in your network.

Example: Virus is in your network, SIEM will alert the Security Operations Team, next event servers CPU is spiking, then firewall is showing excessive data transfers. If you wanted to see all this data occurring at once from a simple virus intrusion, you would have to have a dedicated team reviewing logs from these devices at once and conducting event correlation. A SIEM software combines all the logs and presents it into one view to assistance in a faster response time to avoid the data breach or intrusion all together.

Other tips for prevention:

1. Show hidden file-extensions If you re-enable the ability to see the full file-extension, this feature will allow you to spot suspicious files more easily since ransomware likes to hide.

2. Filter EXEs in email . If you don’t have an email gateway scanner, you might want to consider it. You can prevent a lot of malicious files from entering your organization through email. You would want to filter by .EXE files and deny the mails sent or you can deny mails sent with files that have two extensions (the last one being executable “*. EXE*”)


3. Disable files running from AppData/LocalAppData folders .

You can create rules within Windows or with Intrusion Prevention Software to not allow files running from AppData/LocalAppData folders.

4. Disable macros in Microsoft Office files

By disabling macros in Office files, you deactivate the use of the scripting language that is known to be used by Locky ransomware.

5. Disable RDP Remote Desktop Protocol (RDP) is often the main source of getting into your network by Cryptolocker, so disabling it if you do not need it will help prevent another avenue of access to your environment.


Infected with Ransomware – Next Steps

You’ve been infected and you need to act quickly to save your data. 1. Disconnect from WiFi or unplug from the network immediately. .

You must be off the network so the infection does not spread to other machines or directories.

2. Use System Restore or a Backup Solution to get back to a known clean state. Recover your system if possible to the last good known state. Be careful though because some ransomwares now infect shadow files from the System Restore, so it is best to restore from a non-local backup method.

Don’t have a good backup file? 1. Set the BIOS clock back.

This is used to trick the cybercriminal about when your payment is due, figuring that you have 72 hours to deliver. This will buy you time and allow you to reduce the price you pay, assuming they will be knocking within that 72 hours to collect their payment. This allows you time to get some research in and resolve the infection.

2. Download a bootable anti-virus from a different clean computer and put it on a disc or an external drive.

3. Boot into Safe Mode.

4. Connect the external drive or run the disc.

5. Run the scan and wait for results.

6. If a virus is found, delete it. If a virus is not found, you probably should reimage your computer anyway to be safe, although unfortunately you will most likely lose everything unless your organization has Sandboxing tools available to test your files.

7. Restart and do procedure again to verify. Unfortunately, the files that are encrypted will be lost unless there is an encryption tool. You can do research on a clean computer to see the type of virus that the anti-virus found and verify if there is not a decryption tool available from a reputable source.


Our Solutions Peters & Associates has services and solutions for all the items discussed in the Prevention section. PULSE Assure is our security fabric which offers several layers of security prevention and protection such as Security Advisory Services, Security Endpoint Monitoring (SIEM as a Service), Server or VM System Hardening at its extreme, User Behavior Monitoring, Security Awareness Training, and Social Engineering Evaluation.


PULSE Support is our Support Services which offers several layers of support to help you focus on your core business instead of IT. We have services such as 24x7 Support, Endpoint Device Monitoring, System & Network Maintenance (Patching, Managed Firewall, Server Management), End User Management/Workstation Management, and Backup Management.

Testimonials about our Support Services

• “The Peters team members are personable and easy to talk to. They are very responsive to our support needs and always glad to help us.”

• “The cloud solution combined with the IT support services agreements with Peters has enabled us to improve overall I.T. reliability while cutting overall costs about 40%.”

• “The Support is excellent, we have a great response time, and they deliver everything they say we will as expected.”

• “A key vendor with their business and indispensable.”

• “On the ball, all the time and it's always a great experience. Saved our bacon many times.”


Not sure where to start? We hope that you have learned a lot of information from our Ransomware Guide. We understand is hard to know where to start since security is very complex. Peters & Associates can help your organization with the next steps to take to improve your security. Take our 10-minute Security Assessment, and we will send you a free personalized report of our findings that focuses on the specific risks relative to your business’ security processes, people, and technology. If you are interested in learning more about our Support and Security Services, contact us at [email protected] for a complimentary consultation.

http://www.peters.com/security-assessment/

http://www.peters.com/security-assessment/

mailto:[email protected]


References 1Datto, www.datto.com

4Datto, http://www.datto.com/uk/blog/are-you-familiar-with-these-common-types-of-ransomware & ComputerworldUK, http://www.computerworlduk.com/galleries/security/worst-10-ransomware-attacks-2016-we-name-internets-nastiest-extortion-malware-3641916/

3ESecurityPlanet, http://www.esecurityplanet.com/malware/types-of-ransomware.html

Eweek, http://www.eweek.com/security/ransomware-becoming-bigger-threat-for-businesses-critical-infrastructure-2.html

Knowbe4, https://blog.knowbe4.com/scam-of-the-week-locked-pdf-phishing-attack

5Networkworld, http://www.networkworld.com/article/3182415/security/star-trek-themed-kirk-ransomware-has-spock-decryptor-demands-ransom-be-paid-in-monero.html

Ransomware Definition, https://en.wikipedia.org/wiki/Ransomware

SC ManagineUK, https://www.scmagazineuk.com/ransomware-could-dentists-and-gps-be-the-next-victims/article/637938/

2Techinasia, https://www.techinasia.com/talk/5-common-ways-hackers-gain-access

TechTarget, http://searchsecurity.techtarget.com/news/450412918/Ransomware-threat-continues-to-evolve-defense-needs-to-catch-up

Techrepublic, http://www.techrepublic.com/article/rsa-conference-new-ransomware-could-poison-your-towns-water-supply-if-you-dont-pay-up/

Date post:	17-Mar-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

ABSTRACT - Peters & Associates · 2020-01-22 · Each infected computer can also act as a botnet to...

Documents