A virus-carrying email will contain a legitimate-looking invoice or purchase receipt. The only way to distinguish that this is not a legitimate email is by carefully examining the email address from which the message was sent.
The address will not be the same as the original address it copies, whether it is the address of a private person, company or corporation, but will closely resemble it. Only a small change will differentiate an original address from a fake one. In the case of the same e-mail address, the reliability of the content of the message can be examined. It is important to verify the reliability of the sender's address, the content and the nature of the request for action, along with technological backup of the information security controls.

What is the degree of responsibility of the human factor - the employees, in introducing a ransomware virus into the organization?

80% The cyber attacks that take place are caused by human error on the part of system users. That is, an active action such as clicking on a link, downloading a file or entering a website that contains a virus.
However, the ransomware also knows how to enter through open loopholes in the computer systems, without the direct intervention of system users.

Although today there is not a large amount of such loopholes, it is important to take this into account. In general, since the level of sophistication with which the viruses attack is so high today, one must be careful not to make accusations against the employees.

Is it possible to learn to avoid being infected with viruses?

Definitely possible and desirable. There are various methods of instilling habits of maintaining information security in the business, among other things through awareness training that is highly recommended. We know that most employees in businesses are not aware of the nature of the online world today, do not adhere to information security procedures and are not aware of the critical role they have in protecting the business .

Therefore, it is very important to convey the message of strictness and caution to their consciousness. Of course, the systems must be protected using information security solutions with several layers and hardnesses. Through prevention, identification, eradication, monitoring and control, it will be possible to catch the attackers. It can be done, but you should remember that you are never resilient.

Is it possible to decrypt the ransomware once an organization has already been infected?

In most cases no. There are types of ransom that can be used to open their encryption, but they are very few.

The encryption of the ransom virus is very complex, and in the vast majority of cases, the window of time in which the ransom has to be paid is short, what's more, the need of the business owners to return and function as quickly as possible - does not allow the opening of the encryption in that time window.

Shouldn't you just pay the ransom?

First of all, we will explain that the cyber attackers' demand comes in the form of a message that is left on the victim's computer. The notice details the amount he must pay, the details of the account he must transfer the funds to, and the time window he has to do so. As it were, the cybercriminals promise that once the stated amount is transferred, the encryption on the information will be released and the business or person can return to normal.

The problem is that in reality this is not something that should be trusted, and this is for several reasons: first, all the amounts requested may be very high and sometimes even reach tens of thousands of dollars. The problem is that in the end these are criminals, so their credibility is questionable. Today it is possible to get confused and think that this is a legitimate company - with a customer service center, graphic design for the ransom notices and all.

The bottom line is that these are criminals, if they don't want to release the files, they can't be forced to do so. Indeed, studies show that one out of five "customers" who pay the ransom - do not receive the code to open the encryption on their information.

There are quite a few free programs on the market today that promise to protect against a ransomware virus. Can they be trusted?

We test almost every new software that comes to the market and simulate its attack using all the viruses known on the market, from simple and average viruses to the most sophisticated and advanced ones. In our experience, the free protection software does not hold up, even against the simpler viruses.

In addition, it is worth remembering that viruses are constantly changing and improving, so there is no point in compromising and relying on software that can only withstand today's average attack, because even if it can protect against a specific virus, tomorrow it will no longer provide proper protection against a more advanced variation of that virus.

Not only are the programs themselves ineffective in most cases, they may also cause damage themselves. Sometimes the protection software itself can suddenly stop an important system of the organization, and it will be impossible to contact the companies that produce the software, since it is free software without support. In addition, the free programs also do not offer a convenient central management interface. If the business has more than ten computers, it already needs a quality management interface.

So the bottom line is, it's ineffective to rely on free protection software. This wastes time and may cause direct or indirect damage to the organization. Therefore, the preference is to choose software that you invest in - both in terms of the product and in terms of service and warranty. Anything free can sometimes be very expensive, all the more so when it comes to the heart of the organization - its information systems.

If it is a small business or a home user, is there any point in using free software?

When it comes to home use it is better than nothing. But if it is a business, it is strongly recommended not to choose free software, which can do more harm than good. In the vast majority of cases, paid software is preferable.

What is recommended for very small companies to do in terms of protection and preparation for cyber attacks? Isn't it enough to just back up all the organization's data and information on the hard disk at the end of each day?

In general, in order to be prepared for any scenario and not only in the cyber world, backup is the first thing to take care of. In extreme cases of various types of disasters, a business whose data is not backed up in a safe place may lose it completely.

Regarding the ransomware virus - there is no doubt that quality backups are the first thing to take care of. At the same time, it is a mistake to rely only on backups and not provide additional protections for the business's information system. First, due to the fact that the business was hit by a ransomware virus, the recovery time can be very long.

For example, a business of 30 computers that have all been encrypted, needs to restore a very large amount of data to the servers, and this can take days of work, at best. Add to that the need to format each of the computers and reinstall everything on it; It can take days and weeks. Also, there are cases where the type of damage that the viruses cause is not the encryption of the business's information, but the use of the business's secrets for extortion purposes.

Therefore, although a proper backup is necessary for any business, it is not the only thing that needs to be done. Just as a business located in a problematic neighborhood knows that it must install bars, alarms and additional protection systems, so we need to understand that today's cyber world is a particularly problematic neighborhood, and we must prepare accordingly.

The information was brought by Alon Zucker, CEO SOPHTIX 

The post שאלות ותשובות בנושא וירוס כופר appeared first on genie שירותי מחשוב לעסקים.

None of us wants to fall victim to a hacker attack on our personal computer. Such an attack can have many consequences, from disabling the computer's function, through rummaging through personal photos and documents, to stealing passwords that lead to information
Really sensitive, such as: entering the private email, the personal account in social networks and our bank account and credit card information. Unpleasant to say the least. However, in the days when, apart from the home computer, we walk around the house and outside with the smartphone and sometimes even with one tablet or another, we are exposed every moment to such an attack, and it seems that the appetite of hackers from Israel and abroad is growing over time.

So what can still be done to minimize the possibility that someone somewhere could break into our computer and steal valuable information from it? It turns out that there are quite a few actions and measures, most of them very simple by the way, that each of us can take, in order to defend against these risks.

First and foremost - the operating system. Whether it is the operating system from Microsoft or Mac OS, it must be updated. Most of the updates for the operating systems are security updates designed to close discovered "loopholes" and therefore their installation is critical. It must be remembered that the operating systems are the platform for all the information on the computer and hence their great importance in its security. In addition to an up-to-date operating system, it is highly recommended to activate the "firewall" application built into the system in order to block unwanted communications with questionable parties on the network.

A wireless internet network at home, at work or in the shopping mall, definitely improves the surfing experience but can be a real danger if it is not properly protected. The home network must be secured with a strong password (we will expand on it later). This way you will not only prevent others from "surfing" on your account, but you will also prevent access to all the shared information on your home network. When you are out of the house, prefer surfing through secure networks, or alternatively, always remember that surfing on public networks that are open to everyone, increases the potential for stealing information from you many times over, be careful.

The importance of the strength of the login passwords for your email and social networks is critical. A password that is considered too easy to decipher, such as a sequence of ascending numbers, the word password, date of birth, etc., is like handing over all your personal information on a platter of money to anyone of any kind. Don't bother choosing the password. Try to make it as difficult as possible to identify it. It is desirable to have both letters and numbers in it, and it is highly recommended to change the password at least two to three times a year, and of course in any case where there is a suspicion of any attempt to break into your account.

Browsing social networking sites is similar in many ways to wandering in a large public place. Thus, when you are approached by a foreign party whom you do not know, it is advisable to behave with suspicion and not rush to give personal information about you, at least until you are completely sure of the purity of his intentions. This way you will also maintain your personal security, never confirm receipt and opening of a file sent from someone you do not know for sure. Any message sent to you by email or on social media from an unknown party requires your vigilance. Suspicion is not a bad word here, it is recommended to be careful.

The post טיפים להגנה על המחשב מפני האקרים appeared first on genie שירותי מחשוב לעסקים.

Aren't you worried about your identity being stolen? What about the time and money you invested in your computer? Another thing that your computer can get from such hacks is a virus, which can cause the memory on your hard disk to be erased and all the information on it to be lost. Your computer will be an easy target if you don't have any protection system, for example firewall. Your unprotected computer will eventually become a computer infected with a virus, and a computer infected with a virus is its discipline - destruction.

In order to avoid the terrible and destructive effects of a virus on your computer, you must install a protection system. First of all, make sure it exists fire wall (FireWall) on your computer and that it is indeed installed. The firewall can examine the material entering the computer from the Internet and make sure that the incoming input is not destructive or may provide unwanted files on your computer. If the firewall detects that the incoming material is harmful, it will immediately block it. The firewall should be the first component of your computer protection plan.

The next step will be to invest in a good anti-virus software that can filter a second time all incoming input to your computer in case the firewall failed to block it. In many cases, hackers break into the computer of people you know, and use the computer as a clone, which means they falsify their image, and at that moment they become the owner of the computer so that as soon as they talk to someone on the network through your computer, the user on the other end will think they are talking to the owner of the computer. Think for a moment about this type of invasion. This is a tool for the hacker. The hacker will be able to make this computer do whatever he wants, including hacking email, various bank accounts and even other computer systems.

You can provide protection against this issue by synchronizing your antivirus with each message in your email inbox. Do not open files sent to you, unless you know the name of the sender and you expect these files. Hackers usually send deadly viruses via email that can cause destruction to your computer and in many cases also help the hacker take control of your computer. Stop them immediately, by not opening the sent file and deleting the entire message immediately. The antivirus software is significant in protecting your computer and should be updated with the network frequently.

Spyware and other spyware are a very common thing lately among hackers, and this is what they use to steal identities and spy to know everything about their victims. These spyware programs, their job is to wander around your hard disk and collect information that the sender wants to know. This malicious software may cause your system to run slowly and even give away all personal information from your private computer.

Anti-spyware programs are usually provided by various antivirus manufacturers and are highly recommended for installation as an additional step in your computer's protection program. It absolutely requires that you have an organized and strong protection system on your computer, especially today in the evolving computer age that unfortunately many people abuse it. The Internet is a home for dishonest people who will be interested in ridding you of all the information that is important to you in order to satisfy their personal profits. Protect yourself from these people, and start the process of protecting your computer now!

Successfully.

Interested in more information? Business firewall - information security - cloud services - computing solutions - watch our video

The post האם המחשב שלך באמת מאובטח? appeared first on genie שירותי מחשוב לעסקים.

Alon Zucker is an information security expert and the CEO of SOPHTIX, which focuses on cyber protection - one of the leading and most innovative companies in Israel in the field of information security. We took Alon for an interview in which we tried to understand how to deal with the biggest cyber threat to the business world today - the ransomware virus, which marks the threatening direction that the cyber world is moving towards - viruses that are more sophisticated and cruel than ever before, with an ever-increasing volume of attacks.

So first of all - what is the ransomware virus?
The ransomware virus is actually a malware that encrypts the organization's files, as soon as it encrypts them - the organization or the computer owner has no ability to access its files. Starting with emails, office files, databases and including CRM, ERP or other financial systems. In other words the ransomware can encrypt the entire business. As soon as the customer has no access to his files - the business is disabled. There are cases when the virus is a hit in the wing, for example if only one folder was encrypted, it can be restored in half a day and nothing happened. But there are cases where all the business information is encrypted and then even if it has a backup, everything still needs to be restored. For the purpose of the example, if the business has 50 computers, you need to format each computer and reinstall everything on it. Businesses get to a point where they can't work for weeks and the result can be fatal, even if they had a backup.

Ransomware Attacks Focus More on Business?
There are cyber attacks against users of all types and sizes. Starting from a private person who mainly keeps photos of his children and ending with huge organizations with information systems worth hundreds of millions of dollars. It can be said in general that the cybercriminals use the ransomware mainly against small and medium-sized businesses, since they are usually the weak link, when it is likely that they will be more vulnerable in terms of information security than large businesses, which invest huge budgets in protecting their information systems.

In general, it can be said that just as any business, of any size, is exposed to physical hacking or embezzlement, so is the cyber issue. The crime scene just moved there. If we were once afraid of hacks in which money, equipment or information would be stolen - today it happens at the cyber level. The difference is that today the threat is much more serious, for two reasons. First - today there are ways of camouflage to achieve anonymity, and it is difficult for all bodies to find out who you are and where you come from, so that if in the past criminals would avoid certain crimes for fear of being caught, today anonymity on the Internet gives criminals a mask and the possibility of remaining "in the shadows", secondly - today a cyber criminal does not You have to be a skilled hacker to be an attacker, there are professional hackers who create malware and sell it as products on the darknet. Thus, people without an extensive technical background can participate in crime, and a large mass of attackers regularly enters the field.

Where do most cyber attacks come from?
Most of the operations are carried out in Russia, but also in Africa and China. An interesting issue to think about in this context is why the local government officials do not perform more actions in order to locate and block malicious activity in their territory.

Why is it so difficult to track down the source of the hacks and catch the criminals?
Because many times the hacking happens by hacking into a chain of "host" computers in different countries. The attack can come originally from Africa, and from there hack into China, from China hack into Iran and from there hack into the victim's computer and implant the ransomware virus in it. To trace back the entire chain and find out who is at the end is an almost impossible task.
Beyond that, there are also tools that enable anonymity that help them, such as the Darknet. The Darknet is a general term for networks that are "dressed" on existing networks and access to them is with certain software, and Tor is one of the popular Darknet networks, among its capabilities is its masking capability, which does not allow the discovery of the IP address of the surfer. Using the column is legitimate, but the criminals exploit it for illegitimate activities.

How do you get infected with a ransomware virus?
The most common method is via e-mail. This is an e-mail message, which tries to be legitimate in appearance, and is attached to it, for example, a fake invoice or a link. The email is addressed directly to a specific person and will often come disguised as an email from large companies, such as Amazon or DHL. In more sophisticated cases, which I will expand on later, they may also come from recipients that the "victim" knows directly - company colleagues and the like.

The recipient, in his innocence, opens the link or the attached file and gets infected with the virus. Viruses can also penetrate a computer by browsing a website that looks completely normal, but it actually carries a virus that as soon as a surfer enters it - the virus penetrates his computer. Other methods that a virus can penetrate are through a flash drive that someone inserted into one of the computers, or through a smartphone that has been infected with a virus, and the virus can pass from it to the computer. Could be through someone who connected remotely to help, could be a supplier of the CRM or ERP or other software. Every connection interface, network or local, is an attack vector.

The more sophisticated attacks use the technique of "social engineering", which is a form of fraud. At this level you can find software that scans social networks, for example LinkedIn of a certain company. These programs can target one of the employees in the organization and send emails to the other employees in the organization supposedly on his behalf, with content and titles that match his role in the organization. In these cases - the chance that no one will open a legitimate looking email coming from one of his colleagues is very low.

In conclusion, the technological world we live in today is full of loopholes, and even though we must try to plug all the holes as best we can, new holes and loopholes will always be found. So The paradigm through which organizations are approached to protect must change. You have to start thinking like the attackers, and stop the attacks at an earlier stage of their development. You need to change your attitude.

The post להבין את וירוס הכופר appeared first on genie שירותי מחשוב לעסקים.

In most cases, in such a situation, an additional video will no longer be necessary; The scam is revealed, followed by the financial demand and the threat to publish the video, if the victim refuses to pay the extortion fee.
Along with the statement that the blackmail method is simple, I must say that it has also been refined and become more "invested". Until recently, more than half of the ransom calls were quite identical calls, threatening to publish sexual content of the victim, when in some cases, the victim heard intimate general details about him from the attacker, and assumed that one or another video of his past was indeed in the possession of the attacker, but in reality, they did not exist at all Such videos! The attacker's working assumption was that some of the victims would disregard and reject the threat, while another part would panic, surrender and pay...

The police instructions not to address these messages, encouraged the attackers to switch to threats of sexual content with "meat", literally. Now the pressure on the victim is great, and hence his tendency to lose his temper and make more mistakes, apart from the series of mistakes he made when he was tempted from the beginning to believe that the attacker is indeed who he claims to be.

What to do? The best solution was not to do it in the first place, not to be tempted, and then no problems would arise either. And the step is taken, and despite the pressure, I say from my experience that still, and in any case, it is not recommended to give in to the extortionists' demands; Not because they are unable to carry out their threat, but for the simple reason that there is no guarantee that they will keep their word and not ask for additional funds. This has happened countless times and will happen again in the future. Attackers know how to detect pressure from a victim and may well take advantage of the situation to their advantage for extortion or more extortions. It is important to contact and complain to the police, report this to the content platforms where the sensitive content was published and ask for it to be removed.

And again, the best solution is prevention and taking precautions. It's worth remembering: as long as you haven't met the party with whom you talked, and as long as you don't have real and certain details and means of identification about him, he is a potential suspect for extorting information from you.
You should be careful now not to pay the price later, literally...

The post משאירים את הסחיטה לפירות appeared first on genie שירותי מחשוב לעסקים.