AMD fixes dozens of Windows 10 graphics driver security bugs
Void Balaur hackers-for-hire sell stolen mailboxes and private data
Russian ‘King of Fraud’ sentenced to 10 years for Methbot scheme
Windows 10 App Installer abused in BazarLoader malware attacks
The Week in Ransomware – November 12th 2021 – Targeting REvil
Microsoft Intune bug forces Samsung devices into non-compliant state
QBot returns for a new wave of infections using Squirrelwaffle
FTC shares ransomware defense tips for small US businesses
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
FTC shares ransomware defense tips for small US businesses
The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors’ attempts to exploit vulnerabilities using social engineering or exploits targeting technology.
The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.
“One key protective step is to set up offline, off-site, encrypted backups of information essential to your business,” the FTC said. “This isn’t something to save for a slow day at the office. Your IT team should immerse themselves in the latest advice from CISA and other authoritative experts.”
The second step, addressing the employees’ exploitable human nature, is to train their staff to recognize the tricks ransomware operators use to infiltrate their target’s network, including phishing messages that deliver malware designed to deploy backdoors on infected systems.
Attackers will also drop and install malware on victims’ devices via malicious online ads (also known as malvertising) or infected sites under their control designed to exploit browser vulnerabilities.
As such, employees should avoid potentially risky sites and, as much as possible, only visit websites vetted by their companies’ IT staff.
“In addition, educate your staff on the folly of using the same password on different platforms, and consider the many benefits of multi-factor authentication,” the US government agency added.
Businesses hit by a ransomware attack should limit the damage by isolating compromised devices from the rest of the network, report the attack to the authorities (e.g., the local FBI office), and notify their customers if any data was stolen before the systems were encrypted.
The FTC also provides a detailed guide with all the steps businesses have to take to respond to a ransomware attack effectively.
This guide also includes a template notification letter for notifying impacted people whose names and Social Security numbers were stolen in ransomware attacks.
The FTC has also shared a shortlist of commonsense steps in a previous advisory published last year which would help businesses reduce the risk posed by ransomware attacks:
Last month, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has revealed the actual scale of financial losses suffered by ransomware targets lately by linking almost $5.2 billion in outgoing BTC transactions to ransomware payments.
FinCEN’s analysis is derived from Suspicious Activity Reports (SARs) linked to ransomware incidents and filed by US financial institutions this year, between January 2021 and June 2021, as required by the Bank Secrecy Act.
Microsoft: Iran-linked hackers target US defense tech companies
The Week in Ransomware – November 12th 2021 – Targeting REvil
Magniber ransomware gang now exploits Internet Explorer flaws in attacks
New bill sets ransomware attack response rules for US financial orgs
US Senate Passes Bill in Response to Rampant Ransomware, CyberAttacks
Not a member yet? Register Now
Costco discloses data breach after finding credit card skimmer
Microsoft: New security updates trigger Windows Server auth issues
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

All Log4j, logback bugs we know so far and why you MUST ditch 2.15

TellYouThePass ransomware revived in Linux, Windows Log4j attacksGoogle Calendar now lets you…

Hackers infect random WordPress plugins to steal credit cards

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…

Hackers use in-house Zoho ServiceDesk exploit to drop webshells

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

North Korean cyberspies target govt officials with custom malware

US, UK warn of Iranian hackers exploiting Microsoft Exchange, FortinetRussian ransomware gangs…