Cathy Livingstone, co-owner at Bryley Systems, models the latest military gear

Cathy attended an employer-recruiting event at the Worcester, MA Armory, first posing with this HumVee, and then demonstrating her mettle by gearing up with body armor, backpack, helmet, and rifle, which collectively can weigh 100 lbs.

Michael Carlson, Bryley Systems’ Chief Technology Officer, surpasses 20 years of service

DSCN0527Mike Carlson celebrates his 20th year as Chief Technology Officer at Bryley Systems Inc., an award-winning, Managed IT Services firm based in Hudson, MA.  Mr. Carlson has extensive knowledge in both local and wide-area network design and implementation.  He is a Microsoft Certified Technical Specialist (MCTS), a VMware Technical Solutions Professional (VTSP), and a Citrix Certified Administrator (CCA).

Since 1987, Mike is the fourth Bryley Systems team member to be recognized for over 20 years of service.

Bryley Basics: Critical steps before opening an unknown attachment or a link

Since Ransomware and other malware often travel as attachments or web-links, Anna Darlagiannis, Manager of Client Relationships, offers these tips:

1. Don’t open an email or attachment or click on a link within an email if you don’t know who sent it to you….period!

2. Check and see who the email was actually sent to.

If the email was sent to a distribution list, then be especially vigilant before opening it.  For example, hackers can assume that a company’s accounts payable distribution email address is accountspayable@companydomain.com or any other variations such as AP@companydomain.com or accounts-payable@companydomain.com.  Hackers recognize that accounts payable departments anticipate attachments marked “invoice” or “PO” or other related keyword(s) and will name the attachment accordingly.  Furthermore, distribution lists are typically posted on a company’s website making these email addresses public knowledge and easy targets.

Tip:  Setup rules within Outlook to have emails that are sent to a distribution list automatically move into a specified folder(s).  This will make it easier to know exactly what email address was used to send you the email.

NOTE:  It is NOT safe to assume that all email attachments and/or links sent to your personal email address are safe to open.

3. Check who sent you the email.

Hackers can spoof a name, but they can’t spoof an email address.  The email may be marked with a familiar name, prompting you to open the email and/or attachment/link, but if you pay close attention to the actual email address, you may be surprised.  (Unfamiliar email addresses should never be opened.)  For example, your boss’s name is John Smith and his email address is JSmith@companydomain.com.  You receive an email that is marked “From: John Smith” and assume this came from your boss.  You go to open the email and find an attachment.  At this point, you must also look at the actual email address before opening the attachment.  If the email address isn’t JSmith@companydomain.com, then delete it and/or block the domain with your SPAM filter immediately and make everyone in the organization aware of what is going on.

If the email address is correct, but the attachment/link/signature/way that the person writes an email looks suspicious, be cautious, call the person that sent you the email (do not email in case the email address is compromised) and ask if what they sent you was in fact legitimate.

4. Scan the attachment with your anti-virus program before opening.

Take the attachment from the email and drag it to your desktop.  From there, right click on the attachment and then scan it using your anti-virus program.  Be sure to update the anti-virus program prior to scanning it, to ensure that you have the latest updates applied to the anti-virus program.

Unfortunately, this approach isn’t full proof.  An anti-virus program may not recognize all viruses, especially if they are newly created viruses.

My final words on Ransomware (at least until next month)

Gavin Livingstone, Bryley Systems Inc.

Ransomware continues to grow at a rapid pace:

  • The FBI received over 2,400 Ransomware complaints in 2015
  • There was a 30% increase in Ransomware cases in Q1-20161
  • Ransomware infections in April 2016 more than doubled2

The most-popular variants and their distribution methods:

  • CryptoWall – Distributed through ZIP attachments on email files
  • Locky – Spreads through MS Office macros or JavaScript files
  • Samas – Propagates on vulnerable web servers

Why it is so attractive to cyber-criminals:

  • There is a direct path to immediate payment from the recipient (versus other, riskier, cyber-crime methods that require selling something, i.e.: credit-card information, to unknown parties that might be law enforcement)
  • It is easily spread through phishing (and now, vulnerable web servers)
  • The technology is constantly improving
  • Anyone and everyone is a target

The impact3:

  • Temporary or permanent loss of sensitive files and information
  • Significant disruption to daily operations during recovery
  • Financial impact to restore (or re-enter) encrypted files
  • Possible harm to the organization’s reputation

A few of the best defenses:

  • Backup your files at least daily and store these backups at a remote location3
  • Keep anti-virus/anti-malware software and operating systems up-to-date
  • Do not click on Web-links on an email or a website
  • Whitelist desired applications; blacklist all others
  • Restrict end-user access and permissions

1Please see “Q1 2016 saw a Record High for Ransomware” by Larry Loeb of Security Intelligence on May 24, 2016.

2Please visit “April 2016 was the Worst Month for Ransomware on Record in the US” by GoldSparrow in Computer Security articles at Enigma Software.

3Go to “Ransomware and Recent Variants” published by the US Computer Emergency Readiness Team (US-CERT) on March 31, 2016.

4Visit “More Ransomware – Jeez I’m getting sick of this topic!” in the May 2016 edition of Bryley Information and Tips (BITs).