This client had recently begun onboarding Thrive’s IRR service, a decision that proved invaluable during the incident. During the onboarding process, they installed the Binalyze agent—our advanced digital forensics and incident response solution—on their endpoints. This proactive step ensured that when the ransomware event occurred, they were ready to utilize the powerful tools and expertise provided by their dedicated team of Thrive experts.

The ransomware incident was promptly reported to Thrive and escalated to our Cybersecurity Incident Response Team (CIRT). Thanks to the pre-installed Binalyze agents, the Thrive team was able to initiate a compromise assessment immediately. Within minutes, they were analyzing network activity and gathering critical data to understand the scope and scale of the attack.

By the time CIRT members joined the first call with the customer, they weren’t just discussing what they planned to do; they were reporting what they’d already accomplished.

Within hours of the initial report, the Thrive team triaged 84 systems, including the client’s Microsoft 365 environment. Thrive provided the customer with a detailed report identifying:

• Point of Intrusion: Where and how the attackers gained access
• Scale of Impact: The accounts and systems that were compromised during the attack

This rapid turnaround was achieved despite the client not yet subscribing to other Thrive SOC security services.
To ensure accuracy and transparency, the customer’s cybersecurity insurance company engaged a third-party forensics firm to review Thrive’s findings. The firm validated the accuracy of the assessment, confirming both the thoroughness and precision of Thrive’s work.

This independent confirmation saved the customer substantial time, allowing them to focus their energy on critical remediation and recovery tasks instead of second-guessing the initial analysis.
While no organization wants to face a ransomware event, this case demonstrated the critical value of Thrive’s new IRR service. From immediate action to validated findings, Thrive’s SOC delivered peace of mind and actionable intelligence when it mattered most.

This success story underscores the importance of preparedness and the benefits of partnering with a dedicated team of experts like Thrive. Whether it’s through robust endpoint protection, expert incident response, or ongoing cybersecurity support, Thrive is dedicated to keeping organizations secure—even in the most challenging moments. Contact Thrive today to learn more about our IRR service and how we can support your business in building resilience against cyber threats.

The post Swift Action, Seamless Resolution: How Thrive Successfully Responded to Ransomware Event appeared first on Thrive.

As attacks increase in volume and intricacy, executives are reprioritizing their security efforts. Of those surveyed, 91% expect increased security budgets in the coming year to invest in technologies and services that further safeguard their networks from a potential attack. As budgets are adjusted to better address the largest concerns, it’s imperative we understand ransomware and its effect on the protection of our data.

We have pulled the top 3 key insights from the report, detailing how ransomware interacts with our digitized society and what you can do to mitigate the risk that comes with it. 

• Concerns vs. Preparedness

One of the most striking findings from the survey is the stark disconnect between organizations’ concerns about ransomware and their perceived level of preparedness. Over 80% of respondents expressed “very” or “extreme” concern about ransomware, yet an almost equal number, 78%, believed they were “very” or “extremely” prepared to defend against such attacks. This discrepancy marks a significant red flag.

Despite organizations’ confidence in their readiness, a staggering 50% of respondents admitted to falling victim to ransomware attacks in the previous year. This raises critical questions about the effectiveness of their preparations. It’s evident that many organizations need to reevaluate and potentially bolster their cybersecurity strategies. 

• The Growing Sophistication of Ransomware

Ransomware attacks have been around for decades, but their threat level continues to rise. Financially-motivated cybercrime accounted for a significant portion (74%) of incidents in 2022, with 82% of these crimes involving ransomware or malicious scripts. While year-over-year growth in ransomware attacks slowed in 2022 compared to the previous year, the frequency of attacks is still increasing.

One reason for this increase is the maturation of Ransomware-as-a-Service (RaaS) operations. These operations have become more selective, targeting organizations capable of providing larger payouts. Cybercriminals are spending more time conducting reconnaissance to identify lucrative targets, leading to higher ransom demands.

As a result, 50% of respondents said that adopting advanced technologies powered by artificial intelligence (AI) and machine learning (ML) ranked among their top three priorities. Investing in advanced technologies like AI and ML for faster threat detection is paramount in this rapidly escalating situation. Additionally, Internet-of-Things (IoT) security and next-generation firewalls (NGFWs) are areas where organizations plan to increase their investments.

• Where Technology Can Help: Integration and Consolidation

Enhancing security strategies is vital, but the manner in which it is accomplished holds equal significance. As discussed in the report, simply adding tools to an already overloaded toolbox is insufficient in mitigating an organization’s vulnerability to ransomware attacks. An increasing proportion of those surveyed (45%) say they have resorted to a blend of security platforms and individual point products, while 36% continue to buy standalone “best-of-breed” solutions. Consequently, security teams find themselves managing individual products deployed over time and struggling with the challenge of making these components function cohesively. Such manual procedures can impede a security team’s capacity to access crucial data promptly and respond effectively when faced with a ransomware incident.

As a result, those who reported adopting a “best-of-breed” approach were the most susceptible (67%) to falling victim to ransomware attacks, whereas those who streamlined their vendor portfolio by consolidating onto a small number of platforms, supplemented by point products, were the least vulnerable (37%). As findings like these continue, organizations are increasingly opting to reduce the array of individual point products in favor of a more streamlined approach. The survey findings underscored this shift, with 99% of respondents emphasizing the effectiveness of integrated solutions or a comprehensive platform in their efforts to thwart ransomware attacks. With the overall organization, its people, and the technology behind this process, the alignment of these players leads to the most effective defense against ransomware. 

To enhance their security posture, organizations should focus on investing in advanced integrated technologies, strengthening incident response plans, and prioritizing employee cybersecurity awareness training. Only by addressing the multifaceted challenges of ransomware attacks, including people and processes, can organizations effectively protect themselves in this increasingly hostile digital landscape. Contact Thrive to up your security and bolster your confidence in data protection against ransomware.

The post Top 3 Insights from the Fortinet Ransomware Global Research Report appeared first on Thrive.

Let’s get right into it. Here are some of the most famous internet and telephone scams that you must have heard of:

The CRA Scam:

This is a very common scam in Canada, especially during tax season. You might receive calls or emails that may seem to be from the Canada Revenue Agency (CRA). You might be told that you owe taxes or that you are in trouble with the tax department and that you must make payments or give out your credit card or banking information. Sometimes they might even send you links to fake websites that might look exactly like the real CRA website. It is best to just hang up on the call or delete these emails. The real CRA will never call, email, or text you asking for this kind of information.

The Prize / Lottery Scams:

In these types of scams, you might get a phone call or email saying that you have won a prize, such as cash, a car, an iPhone or a vacation. The scammer will tell you that you need to make a payment to collect your prize, and they might ask for your credit card or banking information. You obviously won’t receive the prize that you were promised but now the scammer can make charges on your credit card, or worse drain your bank account. Once you lose the money, you probably will not get it back.

The Nigerian Prince / Emergency / “Grandparent” Scams:

In these types of scams, the scammers pretend to be close friends or relatives in trouble. A very common one is when the scammer pretends to be a long-lost relative who is a Nigerian prince who needs your help to save his life or to move large sums of money internationally. This scam is so popular and successful at reeling in victims that it’s earned the name, ‘cat fishing.’ They might ask you to send money because of an accident, an injury, an arrest, or a robbery. And just like with all the other scams, this is likely just a way for scammers to get access to your bank account. They often target seniors but anyone of any age can be the victim of these kind of scams.

Other examples include phishing, social media account hacking, fake cryptocurrency, fake charities, fake lotteries, fake surveys, fake kidnapping, fake tech support, fake free stuff, identity theft, and the list goes on and on!

Now that we’ve talked about how hackers commonly target individuals and employees, let’s discuss what you could do to prevent yourself from falling for their tactics. Here are some ways you can ensure that you, your data, and your systems are protected:

1. Adopt a strong Password Management strategy:

It is always advised to use strong, unique, and difficult-to-guess passwords for all your accounts and devices to ensure your data is protected across all different systems. We understand that it can be hard to remember numerous unique alphanumeric combinations (which aren’t a combination of your dog’s name and your birth date) for different accounts and devices, that’s why we recommend using a reliable password manager service. A secure password manager can automate the process of creating, encrypting, and storing individual passwords so that you don’t have to remember dozens of them at all times. Also, don’t forget to keep updating these passwords now and then as another precautionary measure.

2. Utilize Multi-factor Authentication features:

Using a multi-step verification/ authentication process while logging into your accounts and devices adds another layer of security to your data protection strategy. Using a reliable authenticator app or using built-in application-based unique one-time-passwords (OTP) through email, text messages or calls are very helpful in this process. They are used to add another layer of protection to prevent access in case hackers somehow gain access to your passwords.

3. Do NOT click on links or attachments from unknown email addresses:

It only takes ONE wrong click to download viruses or give hackers access to your entire computer system. So, if you receive suspicious emails with links or attachments, don’t click on them unless you’re sure they are from reliable sources.

Thrive provides superior protection against ransomware, viruses, malware, spear phishing, email DDOS and undesirable emails. Our Fully Managed Anti-Virus and Anti-Spam Services are just what you need to strengthen your multi-platform threat prevention strategy.

4. Look for the ‘S’ in https:

Continuing with the above-listed point, another good indicator of a potential problem is if you receive a URL in an email without the ‘S’ after the http in the link. The ‘S’ literally stands for ‘secure’ and indicates that the website has an SSL (Secure Socket Layer) certificate. You should always hover your mouse over any link to see its true destination and if you can’t see the ‘S’, you definitely should NOT click on the URL.

5. Invest in Cybersecurity Awareness Training programs:

The National Security Agency reports that over 90% of cyber-attacks are preventable with basic Cybersecurity Awareness Training. So, by just taking a cybersecurity awareness course and keeping in mind all the points listed in this article, you might already be a few steps ahead of those cyber-criminals and save yourself from serious issues and huge losses!

No matter how large or small a business is, it’s a target for cybercriminals. That’s because it can only take a single unwitting click on a phishing link to grant criminals access to everything on a given network and, in some cases, beyond. It’s also why security awareness training and phishing simulations are essential for organizations who want to transform end users from the weakest link in the security chain, into a truly resilient first line of cyber defense.

Thrive’s Cybersecurity Awareness Training provides the continuous, relevant, and measurable testing and education that businesses need to minimize risky user behaviors and resulting security incidents.

6. Schedule regular Data Backups:

Thrive’s Backup as a Service (BaaS) solutions provide Complete Data Protection for VMware, Hyper-V and Physical Systems among other things.

World Backup Day falls on March 31st every year, the day before April Fools Day, which is perfect timing to make sure all your regular data backups are scheduled are running properly across all devices and platforms. The “I’ll do it tomorrow” approach on World Backup Day could land you in some serious trouble in case you get fooled the very next day on April Fools’ Day!

7. Have a Disaster Recovery Plan ready:

No matter the size, location, or industry, organizations need to take the time to put together a well-thought-out and practical strategy for implementing DR best practices and scheduled maintenance.

Organizations should have an easy-to-understand step-by-step guide on what to do in a data emergency so that employees, partners, and vendors understand their roles, responsibilities, and the resources available to them before, during and after crisis strikes.

We hope you can now better understand how common and dangerous cyber threats, hacking, viruses, malware, ransomware and other cyber attacks are. However, more than 90% of these incidents are preventable with the right kind of Cybersecurity Awareness Training.

If you spend some time learning more about how these cyber-attacks work, how hackers and scammers approach people, what kind of tactics they use, and how you can deal with them, you can prevent cyber attacks and protect yourself from becoming one of their victims.

The World Wide Web is an incredible source of information, innovation, and entertainment! Have fun with it, and keep learning new things, all while staying vigilant and safe on the internet!

Have any questions? Contact Us to learn more about all our services!

Happy April Fools’ Day! We promise we won’t fool you though!

The post Cybersecurity Awareness: 7 Tips For The April Fool In All Of Us appeared first on Thrive.

What is Ransomware?

Ransomware is a form of malicious software — malware — that encrypts documents on a PC, server, or even across a network. Victims can often only regain access to their encrypted files and systems by paying a ransom, typically in Bitcoin, to the criminals behind the ransomware.

A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes if vital files and documents (think spreadsheets and invoices) are suddenly encrypted and inaccessible.

What do the numbers say?

• Ransomware attacks rose 350% worldwide from 2016 to 2017 (Dimension Data, 2018)
• 48% of IT consultants reported an increase in ransomware-related support inquiries from customers across 22 different industries during 2016-2017(Intermedia, 2017)
• 25% of cyber insurance claims in 2017 were related to ransomware (AIG, 2018)
• Total losses due to WannaCry ransomware are forecasted to reach $4 billion (Cyence, 2017)
• 72% of businesses hit by ransomware lost access to data for at least two days; 32% lost access for five days or more (Intermedia, 2017)

How can you protect yourself from Ransomware and secure your cloud backup from ransomware?

Ransomware can find its way even around today’s sophisticated malware protection. The best approach to security is multi-layered and requires vigilance from both IT professionals and their end users. Here’s how you can secure your cloud backup from ransomware:

• Always keep backups. Data can’t be recovered if it isn’t backed up. Have a strategy in place that covers every user, device, and file.
• Lock down administrative rights. Don’t give users administration rights, even on their machines, unless it’s necessary.
• Stay up to date. Keep systems and apps current with the latest patches to avoid exploits that rely on outdated code.
• Keep every endpoint protected. Gateway protection can’t help when users insert a rogue USB stick. Make sure every endpoint has complete, current security.
• If an email looks suspicious, it probably is. Teach users to trash emails that look like spam. Better yet, show them how to inspect email headers if they’re unsure of the sender.
• Don’t open attachments. Unless your users are absolutely, positively sure that they recognize both the sender and the file, it’s better to leave attachments alone. If they do open attachments, they should never enable macros or executables. Suggest other ways to share documents that require authentication and have built-in virus scanning.

Veeam Insider Protection

At Thrive, our primary focus is protecting businesses’ data from any cyber threat or environment. Recently, cybercriminals have been becoming more sophisticated and learning to target backups as well as primary systems. Being in the business of offering total data protection, it was clear something had to be created to avoid such threats. As a Veeam Platinum Cloud Provider, Thrive can now provide an additional new solution to keep your data safe.

With the release of Backup & Replication 9.5 Update 3, Veeam introduced the concept of a Recycle Bin for customers sending offsite cloud backups using Veeam Cloud Connect. Coined Insider Protection, the solution enables a deleted backup protection option. This adds a new level of data security for cloud-based backups in the case of a malicious user gaining access to your backups or in the case of accidental deletion by an administrator.

Secure your cloud backup from Ransomware with Veeam and Thrive

Ransomware is not going away anytime soon. It is an evolving attack scheme that cybercriminals are pouncing on to gain a quick buck. For IT administrators, ensuring the lines of defense are strong against cyber threats and accidental deletions is key to creating a solid business continuity plan. Learn how you can improve your threat management with Veeam’s Insider Protection by contacting us now.

The post Secure Your Cloud Backup from Ransomware appeared first on Thrive.