THE THREE BEST RANSOMWARE SAFEGUARDS

6WELCOME TO THE COURSEOUR STORY

Our Background: We are

a spin off from an IT

company near Atlanta,

GA. Our roots are in

supporting small business

over the last 20 years.

These basic safeguards

are the low hanging fruit

of cybersecurity. They

provide the most risk

reduction for the least

cost.

Our Message: The basic

safeguards quite simple,

we explain them in plain

English.

7TODAY’S AGENDA

Ransomware

Background

& Case

Studies

01

Targeted

Phishing is

your highest

risk

02

Safeguard #1

Email

security filters

03

Safeguard #2

Training &

Simulations

04

Safeguard #3

Encryption

Proof Backup

05

8THE COMMON BREACH TIMELINE

01

Phishing Attack:

Embedded

Images,

Embedded

Links, &

Attachments

02

[Seconds]

Hacker Entry

03

[Minutes]

Hacker

Persistence

04

[Minutes]

Command &

Control

05

[Days / Weeks]

Island Hopping

06

The Final Step is

Encryption

9

NO INDUSTRY IS SAFE FROM RANSOMWAREWHICH INDUSTRIES HAVE YOU SEEN VICTIMIZED BY RANSOMWARE?

Education 11%

Real Estate 15%

Retail 15%

Construction/Manufacturing

38%

Agriculture/Design 10%

Consumer 10%

Finance/Insurance 10%

Government 8%

Legal

11%

Non-profit 20%

Travel/Transportation 10%

Professional Services 35%

Healthcare 25%

10VALUING THE CROWN JEWELS

What is your data

privacy worth?

What if it were

leaked?

What is access to

your data and

computer system

worth?

What is your data

worth? What it

were lost?

11

COST OF DOWNTIME SIGNIFICANTLY

OUTWEIGHS RANSOM REQUESTED

Average

Ransom

Average Cost

of Downtime$4,300

$46,800

The cost of

downtime is 10x

higher than the

ransom

requested (per

incident)

RANSOMWARECASE STUDIES

The tale of two cities

RANSOMWARE CASE STUDIESCITY OF BALTIMORE

14SUMMARY OF CITY OF BALTIMORE HACK

City of Baltimore was hit by

ransomware called “RobbinHood”

in May 2019

All servers, with the exception of

some essential services were

taken offline

Hackers demanded 13 bitcoin

(approximately $76,280 at the

time) in exchange for the keys

SOURCES

https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack

15SUMMARY OF CITY OF BALTIMORE HACK

Hackers stated that if demand

wasn’t met in four days, the price

would increase, and within ten

days, data would be lost.

Property transfers could not be

completed.

SOURCES

https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack

16SUMMARY OF CITY OF BALTIMORE HACK, CONT.

Some servers were not properly

patched

Citizens could not properly pay

money owed to the city

City estimated that the cost of the

attack may be $18.2M

City refused to pay ransom.

Exact source of attack has not

been publicly disclosed

City did not have cyber insurance

policy

SOURCEShttps://www.nytimes.com/2019/05/31/us/nsa-baltimore-ransomware.html , https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/ransomware-attack-

will-cost-baltimore-18-million.aspx , https://www.vox.com/recode/2019/5/21/18634505/baltimore-ransom-robbinhood-mayor-jack-young-hackers ,

https://wtop.com/baltimore/2019/10/baltimore-to-buy-20m-in-cyber-insurance-months-after-attack/

RANSOMWARE CASE STUDIESRIVIERA BEACH, FL

18SUMMARY OF RIVIERA BEACH HACK

Riviera Beach suffered a hack on

May 29, 2019

A police department employee

opened an email that contained

malicious code.

The malicious code infected the

rest of the city’s IT systems.

Encrypted computers “controlled

everything from phones to email, water

utility pump stations, employee

paychecks, traffic citations and possibly

— the city would not disclose it — police

investigation documents.”

SOURCEShttps://en.wikipedia.org/wiki/Riviera_Beach,_Florida , https://www.cnet.com/news/another-florida-city-pays-hackers-over-

ransomware-attack/ , https://www.palmbeachpost.com/news/20190705/riviera-beach-pays-ransom-gets-computers-back

19SUMMARY OF RIVIERA BEACH HACK

The population of Riviera Beach is

about 35,000 people.

The hackers demanded a

$600,000 ransom.

The city’s insurance policy paid the

ransom.

Access to the data was restored.

SOURCEShttps://en.wikipedia.org/wiki/Riviera_Beach,_Florida , https://www.cnet.com/news/another-florida-city-pays-hackers-over-

ransomware-attack/ , https://www.palmbeachpost.com/news/20190705/riviera-beach-pays-ransom-gets-computers-back

THE UNTOLD STORY OF THE THIRD CITYANYWHERE, USA

21THE UNTOLD STORY OF THE THIRD CITY

The phishing attack never reached

an inbox. It was filtered by the

email security filter.

Or ransomware occurred! . . . But vital

services were restored within 2 hours and

everyone went back to work. The story

didn’t even make a news cycle.

Or the email reached an inbox for a

few employees. The employees

reported it as phishing rather than

clicking on it.

TARGETED PHISHING IS YOUR HIGHEST RISK

23TARGETED PHISHING IS YOUR HIGHEST RISK

Targeted Phishing, Spear

Phishing, or CEO Fraud is much

more dangerous and much more

effective than general phishing.

The first-time people see these

high skilled attacks it is often too

late.

POLL QUESTION #1

Would your coworkers recognize

this as a phishing attack?

SOURCES

https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html

SAFEGUARD #1: EMAIL SECURITY FILTERS

28EMAIL SECURITY FILTERS

Is a great first line of defense

against phishing.

Uses pattern-matching, AI, or

machine learning to try to

automatically detect spam and

phishing attempts.

Will block some, but not all bad

emails.

Can block an email entirely or quarantine

it for further (safer) review.

AN EMAIL SECURITY FILTER

29EMAIL SECURITY FILTERS, CONT.

30EMAIL SECURITY FILTERS, CONT.

PHISHING TRAINING/SIMULATIONS

34PHISHING TRAINING/SIMULATIONS

Phishing training can reduce click

rates from 30-40% to 5% or less

Helps educate users on how to

identify and avoid phishing emails

Even after training, after 3 months

of no awareness training and no

simulations, most people revert

back to their old click habits

35PHISHING TRAINING/SIMULATIONS

Hovering over the link before

clicking

Determine if a URL domain is

legitimate

Verifying by phone if unsure

How to report phishing

SOME ITEMS THAT MAY BE COVERED IN PHISHING TRAINING:

36EXAMPLE RISK REDUCTION REPORT

37PHISHING SIMULATION/TRAINING

Email users need ongoing

awareness. Industry results show

click behavior returns after 3

months of no training.

Email users feel more empowered

and helpful reporting phishing

attempts.

Results often start above 30% for

click rate and often end lower than

5%.

POLL QUESTION #2

Do frequent phishing attacks land

in your inbox?

PROTECTING YOUR BACKUP FROM ENCRYPTION

40PROTECTING YOUR BACKUP FROM ENCRYPTION, CONT.BACKUP/DISASTER RECOVERY HAS THREE COMPONENTS

OFFSITE IMAGEDISCONNECTED

PROTECTING YOURBACKUP FROMENCRYPTION, CONT.

OFFSITE

Offsite backups protect from local

events, flood, sprinkler

malfunction, etc.

POLL QUESTION #3

Does your organization still have

an onsite backup?

Yes, it is onsite.

No, we are safer with offsite.

I am not sure.

PROTECTING YOURBACKUP FROMENCRYPTION, CONT.

DISCONNECTED

Disconnected means a

ransomware encryption will not

encrypt the backup.

PROTECTING YOURBACKUP FROMENCRYPTION, CONT.

IMAGE

An image backup backs up the entire

operating system. It is not just a

copy of the data. An image backup

can spin up in a few minutes and

users can be connected within the

first hour.

If you have an image backup, be

sure to restore/test it often.

45PROTECTING YOUR BACKUP FROM ENCRYPTION, CONT.A COUPLE OF COST EXAMPLES

EMAIL SECURITY FILTERS TRAINING/SIMULATIONSOFFSITE, DISCONNECTED,

IMAGE BACKUP

12 USER CPA FIRM, 1 ON-

PREMISE SERVER$60/month $36/month $175/month

40 USER MANUFACTURING

COMPANY, 5 ON-PREMISE

SERVERS

$200/month $120/month $900/month

PHONE

404-565-4327

EMAIL

brad@getphishing.com

WEB

www.Getphishing.com

10% OFF

FOREVER

COUPON

MYCPE2020

THANK YOU