FTC Announces New Guidance on Ransomware

On November 10, 2016, the U.S. Federal Trade Commission (FTC) released new guidance for businesses and consumers on the impact of, and how to respond to ransomware.  Ransomware is a form of malicious software that infiltrates computer systems or networks and uses tools like encryption to deny access or hold data hostage until the victim pays a ransom.  Ransomware incidents have increased over the past year, including a number of high-profile attacks on health care organizations.

Business Guidance

For businesses, the FTC released Ransomware – A closer look with a companion video Defend against Ransomware.  A copy of both can be found here.

According to the FTC, if your business holds consumers’ sensitive information “you should be concerned about the threat of ransomware.”  The FTC notes it can impose “serious economic costs on businesses because it can disrupt operations or even shut down a business entirely.”

In order to defend against ransomware attacks, the FTC recommends businesses invest in prevention through:

  • Training and education: Implement education and awareness programs to train employees to exercise caution online and avoid phishing attacks.
  • Cyber hygiene:  Practice good security by implementing basic cyber hygiene principles (including updating software, and implementing new procedures for users).
  • Backups:  Backup data early and often.
  • Planning:  Plan for an attack.  Develop and test incident response and business continuity plans.

For those businesses hit with a ransomware attack, the FTC recommends organizations take the following steps:

  • Implement the continuity plan:  Have a tested incident response and business continuity plan in place.
  • Contact law enforcement:  Immediately contact law enforcement, such as a local FBI field office, if an attack is discovered.
  • Contain the attack:  Keep ransomware from spreading to networked drives by disconnecting the infected device from the network.

Consumer Guidance

For consumers, the FTC released How to defend against ransomware.  A copy of this guidance can be found here.  The FTC recommends consumers take the following steps to protect against ransomware:

  • Update your software:  Use anti-virus software and keep it up to date.  Set your operating system, web browser and security software to update automatically, and on mobile devices do it manually.
  • Think twice before clicking on links or downloading attachments or applications:  You can get ransomware from visiting a compromised site or through malicious online ads.
  • Back up files:  Back up files whenever possible, and make it part of your routine.

If you are a victim of a ransomware attack, the FTC recommends:

  • Disconnecting the infected devices from the network;
  • Restoring the infected device where possible; and
  • Contacting law enforcement.

Next Steps

If you or your organization becomes a victim of ransomware, or you are interested in developing a comprehensive prevention plan, Dentons’ Privacy and Cybersecurity Group is ready to help.

Upcoming Intel Security Webcast on McAfee Labs 2017 Threats Predictions Moderated by Intel Security CTO Raj Samani

McAfee Labs 2017 Threats Predictions

The cyberattack surface is growing faster than ever before, driven by trends and technologies like the cloud and the Internet of Things (IoT). As the digital landscape evolves, so will threats. What can we expect a year from now—or four years from now?

Prepare for the future by attending the McAfee Labs 2017 Threats Predictions webcast on December 14.  Hear from a diverse panel of Intel Security experts, moderated by Intel Security CTO Raj Samani, sharing their predictions about how threats will evolve in 2017 and beyond, as well as expected responses from legislators and the security industry.

APAC – 3:00pm AEDT REGISTER NOW.
EMEA – 3:00pm GMT / 4:00pm CET REGISTER NOW.
Americas – 2:00pm EST REGISTER NOW.

Discussion topics include:

  1. Cloud threats, regulations, and vendor response
  2. IoT threats, regulations, and vendor response
  3. Attacks on hardware, firmware, and virtual machines
  4. Ransomware attacks
  5. Threat intelligence sharing

add-heading

Be sure to follow us @IntelSecurity , @IntelSec_Biz,  @McAfee_Labs, @Raj_Samani, @ChristiaanBeek, @Jarvisj, @Matt_Rosenquist, @lyndagrindstaff@IntelSec_APAC , and @IntelSec_UK for the latest on online events.

The post Upcoming Intel Security Webcast on McAfee Labs 2017 Threats Predictions Moderated by Intel Security CTO Raj Samani appeared first on McAfee Blogs.

Acunetix Web Vulnerability Scanner v11 Released

Acunetix Web Vulnerability Scanner v11 has just been released with lots of exciting new features and tools. The biggest change is that v11 is now integrated with Vulnerability Management features to enable your organization to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. There are other...

Read the full post at darknet.org.uk