SAMSAM RANSOMWARE DISRUPTS ATLANTA CITY GOVERNMENT OPERATIONS

On March 22, 2018, SamSam Ransomware infested the computers of the local government unit of the City of Atlanta. They have immediately notified citizens via their Twitter account admitting that they were experiencing “outages on various customer-facing applications”; as reported by CNN. The Mayor of Atlanta, Keisha Lance Bottoms, faced the media to explain how they were dealing with the cyberattack.

SamSam, a ransomware, has penetrated local government of Atlanta’s servers. As reported by CBS46, during the SamSam infestation, the computer monitor showed the instructions of the perpetrators who were asking them to pay 6 bitcoins for all their computers, for a total value of $51,000.00 as ransom to remove the encryption of their data. After that, a decryption software will be sent.

 Tracking SamSam Ransomware and its Damage to Atlanta Government 

As observed in the previous cyberattacks of the SamSam ransomware, a pattern has emerged showing that it is most likely focused on government institutions. Thus, the basic services to the citizens are jeopardized.

In the state of Georgia, Atlanta city has a huge population. Atlanta is reported to have a 2018 density of 1,423/km² based from the statistics of “World Population Review” which shows the impact of cyber-attacks in the government. The services to citizens are primarily affected. The public wi-fi in Hartsfield Jackson International Airport was also suspended temporarily to prevent further data privacy threats, according to AJC’s report.

Incidents of Samsam cyberattack must be strictly monitored, as it clearly knows its easiest target with the biggest impact is the government.

IS IT MAY 2018 YET? GDPR ON FULL IMPLEMENTATION SOON

Customer privacy has been a long-time concern: from ransomware attacks to illegal encryption of files to data breach. It has been over a year since the news of the implementation of General Data Protection Regulation (GDPR). Whether or not your business is located in the European Union (EU), possessing the identification of data of your customers who are EU citizens gives you the responsibility of fully complying with the GDPR because data protection is a clear issue of privacy and security.

Microsoft keeps its partners duly informed about all aspects of GDPR since they carry the brand and product line; thus they must remain faithful to its quality service. Microsoft has Office 365, Enterprise Mobility + Security, Microsoft Azure, SQL, Windows Server, and Windows that comprise a compact security-induced toolkit for the customer.

“Do-it-yourself” assessments on your customer database to check if you are fully GDPR compliant may come off as risky since you may have missed out on important details. A GDPR assessment from a registered service provider like Computer Solutions East, Inc., a Microsoft partner, is a safer choice to as a responsible data holder for your customers’ data.

As Microsoft reminds its partners, GDPR’s full blast implementation will be on May 25,2018, which means that organizations that do not comply can be penalized for not ensuring optimized privacy of customers’ information.

CLOUD TRANSFORMS THE MANAGEMENT PARADIGM

Cloud Computing technology is widely used today. Public cloud companies are emerging and competing in cloud technology markets such as: Google Cloud, Amazon Web Services, and Microsoft Azure.  Using the cloud as an off-premises data storage solution has grown over the years. It can now be utilized through the following workloads: software as a service, platform as a service, infrastructure as a service, network as a service, and many others.

From minimizing workload to faster distribution and access of data, the cloud has business processes that provide reliable help in storing data and showing data access.

Cloud computing changes the business model by simplifying methods from delivery of information to access and data transfer.

The management paradigm has been shifting because of the invention of cloud-based technology.

Management efforts can now be focused on the team rather than on business applications. The personnel management– dynamics, collaboration, synergy through team understanding– still matters more than the technical aspect of work. Managers can distribute tasks while keeping track of the workload because cloud-based applications can be monitored. An office productivity suite on the cloud like Office 365 contains the basic applications to attain business productivity values from documents, notebooks, e-mail, spreadsheets, and presentations.

The cloud’s flexibility has been utilized to expand the employee’s time through easier file-sharing methods.  Also, the team can collaborate and work remotely through the cloud. Thus, managers can adapt to the changing times that come with cloud computing and their companies’ preference to embrace the technology.

 

CSE SOLVES THREATS TO THE CLOUD

Outages can be caused by lack of security assurance, faulty software, and malfunctioning hardware. For a cloud to fully function and be maximized, these three things should be working properly.

The downtime and disruption of service has big economic implications because data is needed to keep any kind of service going, no matter what industry it may be.

It has been forecasted by the International Data Corporation (IDC) that businesses across industries such as banking, manufacturing, and retail, will invest in a cloud service. Aside from being a sound investment, there are still calculated risks that involve the cloud. Just like any technology, cloud computing is not a fail-proof invention.

Choosing the cloud solutions provider is critical because once the cloud gets compromised, it could cost billions of dollars, or even worse, trillions of dollars in damages.

A recent study was conducted by Lloyd’s and it projected that the monetary impact of a damaged cloud solutions provider was higher than revenue lost during natural disasters, such as hurricanes and tornadoes. It also discovered that 15 billion dollars’ worth of revenue could be lost in the USA during a major disruption in cloud computing services that lasts for up to six days.

In 2017, top cloud service providers experienced downtimes that lasted for hours, thus affecting their company’s reputation, as well as, the public trust on the reliability of using the cloud for their own business storage.

The cloud services of Computer Solutions East, Inc. (CSE) are backed up by Microsoft. CSE has been cited as a finalist for “NY Metro Cloud Partner of the Year” for its reliable cloud solutions and back-up data services.

Remember, business disaster recovery plans should always be on standby before a disaster occurs.

DAMAGE CONTROL: GOING BEYOND INITIAL PATCHES FOR SPECTRE AND MELTDOWN

The seasoned notorious side-channel attacks and exploits from Spectre and Meltdown can compromise the performance of computing systems including computer servers, smartphones, operating systems, as well as, the confidentiality of data.  The susceptibility of processors and chips from being exploited by side-channel attacks that disrupt computer systems have been uncovered but have yet to be completely solved.

Different sectors, such as network and security in the IT industry, have issued advisories on how their consumers can deal with the threats of Spectre and Meltdown exploits. They have also released initial patches that could serve as damage control to the possible attacks to privacy. However, as of this writing, there is no single patch that can alleviate all the damages that these exploits could cause to a device and to the user.

Furthermore, this incident pushed the chip maker giants to convene to discuss the recently uncovered susceptibility that have been alarming users.  Prevention plans are currently being worked on as the industry continues to find the most viable solution.

 The performance of affected computers has been reported to decrease in terms of speed and efficiency. One-digit percentage has been claimed to be the maximum effect on performance. Aside from that, the threat to security and privacy through the invasion of computer memory is more destructive on the user.  

The Windows Operating System by Microsoft has made updates available to lessen the further harm of these side channel attacks. Windows 10 operating system, compared to its predecessors, is the least vulnerable for this attack because of its robust capabilities and configuration.

Updates are highly recommended as immediate damage controls for these exploits.

Manage Security Service Providers can take care of updating your processor and the software updates of your company computers, as they regularly assure the maintenance and strict compliance of your computers; thus, resulting in lessened security risks and damages by Spectre and Meltdown.  

 

 

 

ON ANTICIPATING NATIONWIDE CYBERATTACKS 

Northern Atlantic Treaty Organization(NATO) countries are starting to foresee destabilizing threats that could be part of warfare tactics. Cyberspace is now considered a battleground for war by infiltrating significant data.

NATO has always been on the defensive, but they are starting to deliberate so they can be on the offensive side due to the potential detrimental harm that might happen to their member countries.

Shutting down IT systems and generating malwares are harsh forms of attack that can be done during a cyber warfare, and this could be damaging to all entities with computers in any affected country.

NATO has been monitoring the possibility of massive hacking throughout their member countries. Hackers threaten to rob NATO countries of their intellectual property via their computer systems. This includes the danger of an all-out lockdown of IT data. There have been reports that UK agents have discovered the attempted Russian cyber-attacks to some NATO member countries.

Companies in the USA must take extra precaution concerning their data since this country is part of NATO. Apart from the ongoing monitoring, a company must be prepared to any threat of data loss.  Maintaining a disaster recovery plan is one of the most effective ways that can help a business rise from a nationwide cyberattack. A managed Security Service Provider like Computer Solutions East, Inc. can completely take care of disaster recovery plans and other methods for saving your files.

BITCOIN’S FLUCTUATING VALUES POSE A THREAT TO SECURITY 

It was August this year when ransomware “WannaCry” devastated and robbed businesses by demanding ransoms to restore files that they had compromised. Businesses were helpless and followed the instructions placed on their screen: pay or lose their collateral files. They were asked to pay in cryptocurrency or digital currency known as “Bitcoin” that has been used as a means of transaction or monetary value.

The valuation of Bitcoin

On November 29, 2017, the Bitcoin’s value reached an all-time high of $11, 000 yet it dropped the next day to $9,021.85.  If Bitcoin would be continuously used as a means of currency, it would disrupt the market. As of this writing, it has now reached $12,798.78, a big leap from its less than $1,000 value last year.

Cultivating the Hacking Business

The increasing valuation of Bitcoin signifies and imposes a higher threat of being susceptible to hacking attacks. As the Bitcoins value increase, the more the hackers find it an opportune time to level up their ransomwares to gain money from this situation. They will extort on that value so that they can threaten businesses to pay for ransoms, once they have infiltrated their system.

If Bitcoin is continuously used as a means of transaction, it may threaten to disturb the financial climate due to its instability, as advised by one of the Federal Reserve governors.
Advanced Threat Protection is your 2-dollar assurance for the safety of your files compared to the risk of paying not less than $10,000.00 worth of ransom, and the risk of losing all your files that are pertinent to your business. The up-down valuation of Bitcoin will no longer be a problem when you have ensured your files’ security.

Ransomwares, “WannaCry” And “Petya”, Post Threat to Businesses Around The Globe, Including The U.S.

Ransomwares are on the rise again as “WannaCry” and “Petya” have infected companies from all over the globe including the United States. Ransomwares are worse than malwares because they do not just turn files into defective ones, but they also compromise the privacy of your company files while extorting money from you by holding those files hostage.

WannaCry infested businesses on May 12, 2017, with Europe as its primary location. Meanwhile, Petya infected the Ukraine, Russia, and the USA on June 27, 2017. These acts of cyber terrorism left the businesses in fear of losing substantial company files. In addition, it was a rapid and massive disruption of integral services for health providers, law firms, and virtual assistance.

Petya is the latest kind of cryptolocker ransomware that causes encryption of the data of companies.

When the cyber attack occurs, a message saying, “oops, your important files are encrypted”, is flashed on the screen of the device. An average ransom of $300 worth of bitcoins is demanded for the retrieval of the files that have been encrypted by both ransomwares. Victims were asked to pay in a very short span of time with the threat that the ransom would be doubled if not paid immediately.

Some U.S. companies that were affected are: Heritage Valley Health Systems in Pennyslyvania, Mondelez International Inc.’s Cadbury, Merck & Co., Inc. in New Jersey, Nuance Communications Inc., and the multi-national law firm, DLA Piper, in Massachusetts. The effects of these ransomwares not only effected the proprietors of these businesses, but it was felt by its customers as well. The needed assistance of healthcare providers like Heritage Valley Health Systems, and the privacy of testimonies from a law firm like DLA Piper were at risk when these ransomwares encrypted their systems.

For now, these ransomwares have only penetrated Windows operating systems but other operating systems could be next. Unfortunately, the prevalence of ransomwares has turned into an unfortunate business framework due to the forced transactions and extortions from the business owners who are desperate to regain their data.

How does this happen? These malwares can easily access computers when the antivirus software and the Microsoft operating system are not updated leaving them extremely vulnerable.

Amazon CEO Jeff Bezos’ Stitch in Time.

Amazon CEO Jeff Bezos wrote a memo to the company’s employees responding to the recent article that appeared in The New York Times.

The New York Times daily had recently published an article portraying Amazon as a Brutal Workplace. The article was based on interviews with current and former Amazon staffers. The article claimed that at Amazon, employees were pushed to extremes and managers showed little sympathy or empathy to workers even when they were faced with illnesses or bereavements.

According to the article published in New York Times, employees were expected to answer emails well into the night and workers crying at their desks was not an uncommon sight. One former worker says Amazon encourages a culture that prioritizes the success of the company above all else.
Taking the strings in his hands in his memo, Benzo requested employees to read the article and report the disrespectful behavior talked about in the article to Human Resources or directly to him. He mentioned “The article doesn’t describe the Amazon I know or the caring Amazonians I work with every day,” Bezos continued, “I strongly believe that anyone working in a company that really is like the one described in the NYT would be crazy to stay. I know I would leave such a company.”
Bezos also links to a rebuttal by Nick Ciubotariu, an Amazon employee, who countered the different parts of the story and alleged that the NYT article was full of ‘half-truths’ and was biased against the company.

Here’s the full memo from Jeff Bezos, as obtained by GeekWire: 

Dear Amazonians,
If you haven’t already, I encourage you to give this (very long) New York Times article a careful read:

http://www.nytimes.com/2015/08/16/technology/inside-amazon-wrestling-big-ideas-in-a-bruising-workplace.html

I also encourage you to read this very different take by a current Amazonian:

https://www.linkedin.com/pulse/amazonians-response-inside-amazon-wrestling-big-ideas-nick-ciubotariu

Here’s why I’m writing you. The NYT article prominently features anecdotes describing shockingly callous management practices, including people being treated without empathy while enduring family tragedies and serious health problems. The article doesn’t describe the Amazon I know or the caring Amazonians I work with every day. But if you know of any stories like those reported, I want you to escalate to HR. You can also email me directly at jeff@amazon.com. Even if it’s rare or isolated, our tolerance for any such lack of empathy needs to be zero.

The article goes further than reporting isolated anecdotes. It claims that our intentional approach is to create a soulless, dystopian workplace where no fun is had and no laughter heard. Again, I don’t recognize this Amazon and I very much hope you don’t, either. More broadly, I don’t think any company adopting the approach portrayed could survive, much less thrive, in today’s highly competitive tech hiring market. The people we hire here are the best of the best. You are recruited every day by other world-class companies, and you can work anywhere you want.

I strongly believe that anyone working in a company that really is like the one described in the NYT would be crazy to stay. I know I would leave such a company.

But hopefully, you don’t recognize the company described. Hopefully, you’re having fun working with a bunch of brilliant teammates, helping invent the future, and laughing along the way.

Thank you,
Jeff