November News:


On The CalendarNovember at The Fulcrum Group Hello, November!  As we approach the holiday season, we wanted to share our holiday hours with you: The Fulcrum Group will be closed Thursday and Friday of Thanksgiving Week. Over Christmas, we'll be closed half-day on Christmas Eve and all day Christmas Day.  Returning to business-as-usual on Thursday, December 26th and for the New Year, we'll be closed New Year's Day. Another good reminder, as the holidays approach - it's important to remain vigilant with cybersecurity best practices.  Last month, we shared a TON of great cybersecurity tips and hints on our blog.  Browse them again here - and share with a colleague! We'll let you know about any additional upcoming special events through our social media pages, which we'll update on our Events page as they occur. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us. If you're new to our newsletter and you'd like to subscribe, let us know.
How To Protect Yourself Against RansomwareHow To Protect Against Ransomware What is ransomware? Ransomware is a type of malware cybercriminals use to infect computers and encrypt computer files until a ransom is paid.  After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.  If the cybercriminal’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, cyber criminals will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government (and Fulcrum Group) does not recommend paying ransomware demands. How does ransomware work? Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.  Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the cybercriminal may provide a cryptographic key that the victim can use to unlock the files, making them accessible. How is ransomware delivered? Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware. What can I do to protect my data and networks?
  • Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
  • Store your backups separately. Contact The Fulcrum Group for information on backup solutions that will help protect you against ransomware attacks.
  • Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and cybercriminal techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.
What can I do to prevent ransomware infections?
  • Update and patch your computer. Ensure your applications and operating systems (OSs) have been updated with the latest patches. Vulnerable applications and OSs are the target of most ransomware attacks.
  • Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization's helpdesk, search the internet for the sender organization’s website or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g., .com instead of .net). The Fulcrum Group’s Webroot DNS Protection protects you against malicious websites, and is included at no extra cost in our SPOT Managed IT Services program.
  • Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
  • Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it.
  • Verify email senders. If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly. Do not click on any links in the email. If possible, use a previous (legitimate) email to ensure the contact information you have for the sender is authentic before you contact them.
  • Inform yourself. Keep yourself informed about recent cybersecurity threats and up to date on ransomware techniques. You can find information about known phishing attacks on the Anti-Phishing Working Group website. You may also want to sign up for CISA product notifications, which will alert you when a new Alert, Analysis Report, Bulletin, Current Activity, or Tip has been published.
  • Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious network traffic.
How do I respond to a ransomware infection?
  • If your organization has a Cybersecurity Incident Response Plan, follow that plan.  If not, take the steps below.
  • Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless.
  • Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
  • Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
What do I do if my computer is infected with ransomware?
  • Home users: immediately contact your local FBI office or local U.S. Secret Service office to request assistance.
  • Organizations: immediately report ransomware incidents to your IT helpdesk or security office.
  • All users: change all system passwords once the ransomware has been removed. You can submit ransomware files to CISA for analysis via https://www.malware.us-cert.gov/MalwareSubmission/pages/submission.jsf.
We've shared some great cybersecurity hints on our blog recently.  Check them out.
How To Protect Your Backups Against RansomwareHow To Protect Backups Against Ransomware Why do I need to Protect My Backups? Cybercriminals have grown in sophistication over the last few years, and have also gotten smarter.  It is quite common for cybercriminals to attempt to disable backups or even encrypt the backups, making them useless for recovery after a ransomware infection.  Ransomware will also often delete Shadow Copy backups and/or disable System Restore in Windows. How do I Protect My Backups?
  • Have a separate set of credentials for backup services, and restrict all other accounts from accessing the backup storage and software.
  • Isolate your backups by sending a copy off-site to your preferred cloud provider.
  • Keep multiple copies local and offsite – follow the 3-2-1 rule for backups.  The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
  • Regularly test your backups – not only restore just a few files, but restore entire servers in a test environment.
  • Take storage snapshots on your Storage Area Network (SAN) if you have a SAN.
  • Monitor for ransomware and other malicious activity.

November 2019 Security Awareness Newsletter

Click here for November's Security Awareness Newsletter!

Cybersecurity SPOTlight: What is a BEC Attack? BEC stands for business email compromise and is defined by the FBI as a “sophisticated scam targeting organizations working with foreign suppliers and organizations that regularly perform wire transfer payments.”  - Basically, a scam that compromises companies by attempting to gain (and abuse) the trust of the target (victim). For different types of BEC attacks, how they work and what to do, check out this month's edition of our Security Awareness Newsletter!  As always, feel free to reach out to us with questions.
Vistage Executive News - 3 Things That Will Boost Your Team's CommunicationVistage Executive News How do you think the rapport among your team stacks up?  Do you provide lots of opportunities for staff to connect with each other, ways for employees to offer constructive feedback, and communicate your company's visions and goals regularly? A few ways we do this at Fulcrum Group include providing regular opportunities for getting together - both during the workday with fun lunches like our annual Queso and Chili Cookoffs - and after hours for some general hang-time. We also have a regularly occurring opportunity for all employees to offer useful, honest feedback in survey form, and we discuss, openly and often, our quarterly and annual goals and company vision at monthly team meetings. Inspired to boost your team's communication, or have any great ideas to share?  Shout us out on your social media or on our Facebook page and check out this helpful article. .
Fulcrum Group Did You KnowDid You Know...? Backup Management To Prevent Ransomware Did you know… Fulcrum Group SPOT Managed IT Services includes basic cybersecurity services and management of backups to protect you against ransomware?  Reach out to us for more info!