In the IT security field, “Ransomware” is a word that has kept popping up more and more frequently over the past few years. Ransomware is any piece of software that blocks access to a computer system or its essential services until a certain amount of money is paid. Although mainly targeted at individuals, businesses and other organisations are also at risk from Ransomware attacks. Ransomware attacks targeting Sri Lankans are known to have increased as well. What should you do to prevent your systems from being held at ransom? We have compiled a list of 8 things you should do to ensure that your data and your money are safely where they should be.
- Prepare incident handling procedures and policies
- Educate and exercise the procedures.
The detection of a malware infection would be identified mainly from three sources in an organization. They are Users, IT staff and the security tools such as antivirus/anti-spyware in- stalled in the systems. The indications would vary based on the type of malware. While the security tools would provide specific details on their identification, the users would observe abnormal host and network activities. As soon as the detection happens, it should be reported to the responsible party within the organization(Preferably the information security team). Based on the report, the information security team should validate the report and should categorize the malware to identify the level of priority. This is based on the:
The, Training Division of LK Domain Registry is conducting various type of training programs in Sri Lankan schools, universities, educational institutes, government departments, private institutes, etc. island-wide. The main objective is to develop, increase and support for the ICT literacy development among the Sri Lankan community while focusing on the school/university students. The local content development using Sinhala/Tamil unicode, web development using content management systems, safe internet, networking, and internet technologies are some of the mainly
Computer users have had to contend with the threat posed by malware since quite early in the computer age. Infected floppy discs became carriers of viruses and worms. With the advent of the world wide web executable files were transmitted through e-mail and files placed on websites , and thus infiltrated into users’ systems. However these attacks were not very difficult for IT savvy users and computer professionals to avert. Such dangerous types of files could be filtered out from e-mail and network gateways while allowing files considered safe such as Microsoft office documents.
Despite much efforts to educate them, phishing, which is a cybercriminal masquerading as a legitimate party to extract confidential information, is one of the pitfalls that unsuspecting computer users continue to get trapped by . Such attacks may extract very sensitive information such as passwords and credit card numbers.
Out of the blue you receive an email informing you about a large sum of money that is trapped in a foreign bank account a wealthy politician has died leaving a large sum of money. The sender is asking your help to transfer the money out of the country. You will receive a huge reward as well. The sender asks you to give them your bank account details to transfer the money then asks you to pay transfer fee/tax to transfer money out of the country. This fee may start with a small amount but will increase. The criminal will make up new fees that is necessary to be paid to receive your reward. It does not matter how much you pay, you will never receive your reward. This is a “scam” a type of social engineering and this particular scam is commonly known as “419 scam” an advanced fee fraud.
Internet and the computer has become an essential part of our lives and both makes our lives much easier but not without a price to pay; the threat from the Cyberspace. Over the past ten years criminals have been moving from stealing physical goods to stealing important personal information, this includes important personal information such as credit card details. In modern times this is equivalent to mugging. Cyber crimes that are previously unheard of are emerging and the crimes that were already there are increasing by staggering numbers. The main reason is the increase in the use of Cyberspace.
With the explosive growth of websites and web applications there has been a corresponding growth in the threats they are subject to. Cybercrime activities include access to unauthorized information, identity theft and major banking and credit card frauds. Risks from insecure websites have become an increasingly important issue especially with the growth of Personal Cloud and Vendor Relationship Management communities. While there is no one best checklist of vulnerabilities the OWASP 10 list items which are described below is a good way to start . If you are a head of IT, or even a CEO, the following will give some tough questions for you to ask your web administrator and evaluate how secure your website is depending on his answers.