Archive for category: Data Recovery

image of hurricane matthew aerial view

Hurricane Ida Data Recovery

What to do if you encounter computer storage equipment that has been damaged by water and severe flooding.

For those of you that may encounter damaged devices due to Hurricane Ida. Here are some quick DO‘s and DON’Ts for the best chances of data recovery on water damaged devices:

  • DO leave the device ‘as is’. Don’t try and clean off excess dirt or debris that may have occurred in a flood or disaster. Wiping debris from drives and media can cause greater damage to the electronic components of the device.
  • DON’T attempt to dry the water damaged drive. While it’s often your first instinct, doing so will decrease chances of recovery.
  • DO put it in a bag and help it retain moisture from water submersion. An unused sponge will help prevent further damage. As the moisture levels decrease corrosion levels and damages increase. (Think dried salt crust from ocean water)
  • DON’T power the device on.  If there is water on any of the electrical components or internals of a drive, you can ruin your customers chances of recovery forever.
  • DO let us know if your shipment containers items damaged in a natural disaster so that we can take additional precautions prior to opening the package.
  • DON’T hesitate to find out if we can help. We have the right tools and equipment to safely evaluate the chances of recovery quickly.

Please feel free to call us or use our web form for more information if any of your devices have come into contact with water.

 

Weather Emergency Data Recovery

If you’ve been following the news, you’ve probably heard that Texas went through several catastrophic emergencies back to back last week. We had record-breaking freezing temperatures that were sustained for almost a week, which doesn’t happen too often in Texas. This led to power grid failures, undriveable roads, destroyed water systems that left homes flooded or without resources, and a natural gas shortage.

This led to a slew of calls as the weather broke – people experienced power interruptions that messed up their firmware, flooding that blew out their computers, and a host of other issues that led to unexpected data loss (adding insult to injury in a terrible state-wide event).

This event came as a huge surprise to all of us, as in Texas, cold snaps tend to stay above freezing temperatures and only last a couple of days. This time, our whole state was under ice for the week.

There is only so much you can do to prevent data loss in a major emergency like this. Primarily, you’ll want to make sure your power-dependent systems are connected to a reliable backup service like Carbonite or iCloud. That way, at least you will have a relatively recent back-up of your data that won’t add to your list of challenges to overcome, or add to the growing stack of emergency expenses. Making sure that your back-ups are all paid for and connected appropriately should be part of any monthly office or home checklist you have.

Of course, there are times where despite your best efforts, these things won’t come together as planned.

So, what happens when your computer floods, or a power outage causes a system failure in your phone? What do you do?

Power Outage Data Recovery

If you’ve lost your data due to a power failure, such as rolling blackouts in a weather emergency, do not try to power your device further. You could cause further electrical issues and render your data unrecoverable.

  1. Identify whether it’s a total failure, or if a charging cable or connector cable could be the culprit. Try swapping your charging or connector cables, and change the device you’re connecting to. Once you’ve ruled out anything like that, do not attempt to power or access they device any further.
  2. Locate and assess any further electrical-related damage in the home, while you’re at it. Safety first! Focus on important data centers such as phones and computers, and anything potentially dangerous – like stoves, ovens, etc.
  3. Place the data-compromised device in two anti-static bags
  4. Contact us.

Water Damage Data Recovery

Water damage is a stranger to no one at this point, but because of that, there are certain myths surrounding what to do when you have a water damage experience – particularly, anything involving rice. Rice is popular because as a super dry ingredient, it will absorb the moisture out of a waterlogged device. What it doesn’t absorb are the sediments and particulates that came in with the water. Once you absorb that water out of the device, those particles are left behind, causing corrosion and damage to the internal components. So, what do you *really* do?

  1. Stop attempting to power up your device. This could make everything worse for you.
  2. Do NOT put your device in a bag of rice.
  3. Instead, put your device in a Ziploc bag with a damp sponge. This keeps the internal components damp instead of drying them out, which will allow a recovery technician to properly clean the particulates out of the device before removing the moisture. This way, no damage will happen from corrosion or cleaning particles off of fragile surfaces.
  4. Contact us.

For larger units with electrical-related or water damage, such as a multi-device RAID system, you are still essentially in the same boat. Do not attempt to power up the unit or dry it out, and give us a call as soon as possible. If you are an entrepreneur or work for a business, and your business insurance covers extreme weather events, call them immediately to get that lengthy process started.

As always, please don’t hesitate to reach out if you have any questions. If you have other critical tips you think are worth mentioning, let us know so we can add them!

How to Prevent Mobile Device Data Recovery

At Flashback Data, we get many calls about recovering lost data from mobile devices (phones and tablets). Phones and tablets are two of the most commonly used devices in the world today, and carry an unthinkable amount of our data – from photos and videos, to our private messages and search history. Understandably, these clients are often the most devastated clients when they call us with a significant data loss. Smartphone and tablet memory works very differently than other devices, so it surprises many people to hear that common, everyday practices are what led to their data loss.

We put together this article to detail the do’s and don’ts of mobile device data – some of these may surprise you, but we suspect there are a couple you’ve known all along (and it’s time to get with the program). Follow these tips in order to prevent a catastrophic data loss that could leave your heart or your business sidelined in a major way.

Mobile Device Do’s

1. Sign up with a cloud backup service

This is the most important recommendation on our list. Sign up with a cloud backup service that automatically updates its backup and automatically charges your operating expenses. This ensures that no matter what’s going on with your device, a very recent digital copy of your data is safe and ready to re-download. If you’re an Apple device user, you can easily use their iCloud service. For Android users, a Google backup service would be an easy fit.

We often hear that people are nervous and suspicious of cloud services, usually citing that they don’t want Google or Apple reviewing their private data, or hackers getting into their data and using it. There is a misconception around all of this that we’d like to dissolve. If you’re reading this article, it is extremely unlikely that you are a target for a data breach.

Simply put – we are not that important. Hackers and allegedly malicious employees of cloud services do not waste time on targets without a certainty of the data they’re profiting from. Think of it this way – would a robber risk breaking into a house if there’s no way to know anything of value is inside? Most all of us fall into this category when it comes to our backed up data.

Once you’ve signed up with a cloud service that meets your needs, check it monthly to make sure your bill is paid and your data is being upload properly. That way, if you’ve gotten disconnected from the service, you’ve only lost a few weeks of data at most. If you have any monthly checklists – like going through your bills, conducting expense reports, etc. – checking your backups is a great candidate to add to your monthly responsibilities.

2. Back up before any system updates

One of our most frequent data recovery questions surrounds iPhones and boot loops – a failure called Error 14. This can happen when your iPhone downloads its own system updates, but your phone is overfull with too much data. It crashes your phone, causing it to power up and down in a loop. This is an unrecoverable situation, so if your data isn’t backed up, that’s it – all of your mobile device data is gone.

It’s impossible for you to know how our phone or tablet is going to respond to a system update outside of whether or not you have enough room to download it. Most of the time, everything is fine, and after a few minutes you’re back to using our phone, but plenty of people experience data loss from system updates that were fine for everyone else. Sometimes, unfinished or disastrous system updates are released, and many people lose their data as a result.

If you are someone who takes tons of photos, and regularly has a close-to-full phone, or if you don’t know much about phone technology, we highly recommend turning off your auto-update settings to prevent something like this from happening. This will make the phone or tablet notify you when an update is going to happen in the near future, so you’ll have time to double-check your back-ups and make some space on device.

3. Keep 10 GB available on your phone

For the reasons we listed above, always make sure your mobile device has some space on it. It is often running updates and downloading data in the background that you might be unaware of, all of which runs the risk of corrupting your phone if you don’t have enough free space. Your phone may advertise that it has 128 GB of space, for example, but our techs at Flashback Data would agree that you shouldn’t fill it over 115.

4. Invest in a water and shatter-proof case

Here is an uncomfortable truth: water damage and impact damage are fully avoidable. Yep, you read it here, and we stand by it. We’re not saying we have a running tally of how many times we hear “I know I should have a waterproof case, but, my kid spilled liquid on my tablet and shorted It”… but we certainly could.

Reputable water and shatter preventative cases do run a bit pricier than your typical silicone sleeve, but $50 is nothing when it comes to our minimum mobile device recovery fee ($399) or an uninsured phone replacement (up to over a grand!).

Don’t know where to start? Here are some examples of high quality brands that make fantastic, reliable phone cases.

LifeProof 
Hitcase Shield
Aquavault 
Otterbox

Flashback Data is not affiliated with any of these brands – we’re merely showcasing examples of brands on the market that make the quality of cases you’re looking for. We are not responsible for any manufacturer issues or customer satisfaction on these products.

5. Use high quality charging and connector cables from your device manufacturer, or from a manufacturer-recommended vendor

Low quality connector cables are a huge reason that customers come to us for data recovery. Low quality cables can cause electrical shortages in your phone, rendering it unusable and potentially corrupting your data. These cheap connector cables can also corrupt your data, and they’re easy to break and tear, making a data transfer easy to interrupt (which can often lead to a phone failure). Invest in cables that are directly from your device manufacturer, or are recommended by the manufacturer.

Apple has a program in particular to certify other vendors for use on their products, called the MFI Certification. Through this process vendors can assure their consumers that their products are fully safe to use with Apple products. This sort of certification program doesn’t exist for all mobile devices, but it’s worth reading reviews to make sure your components don’t compromise your data.

Mobile Device Don’ts

1. Fill your device storage

As we mentioned above, there are tons of risks associated with filling up your phone. This doesn’t leave any room for the device to download system or application updates, take photos and videos, or run its own operating system. You may notice that your phone “stutters” – applications lock up during use or take a long time to open, apps and videos close without warning, or you find yourself having to restart your phone on a regular basis. Keeping your mobile device stuffed to its limit with data is practically begging for a memory failure.

We understand that a lot of people want all of their photos and videos in one device, ready to review and reminisce at a moment’s notice. Unfortunately, this is the most common risky behavior we see when it comes to our customers with crashed phones. We highly encourage you to embrace using a cloud service or online photo album service to store all of your picture and video archives. When you want to take a walk down memory lane, they’ll be waiting for you.

2. Put your device in rice

Putting your phone in rice is a popular, but often destructive approach to trying to reverse water damage. While technically, yes, this method will dry out your phone, but it can do so in a very harmful way that make matters worse. The way rice interacts with exposure to electronics can cause more damage than you already have, leading to corruption of your data and damage to your motherboard.

If your device has been exposed to liquid and is damaged as a result, zip it up in a bag with a slightly damp sponge, and take it to a repair shop immediately. This will allow the liquid to be extracted from the device without corroding any of the components through over-drying.

3. Take your device swimming

We’ve seen the commercials. Someone is basking in the ocean with their smartphone or enjoying drinks in a pool, taking underwater photos to commemorate their summer vacations and spring breaks. These people live seemingly worry and risk-free, drinking beer and making funny faces underwater for social media photos.

Don’t be those people.

A recurring call we receive is customers who are upset because they thought their phone was water proof, so they took it in the pool or to the beach, and now it won’t turn on. Your smart phone is never going to be “water proof”. It is water resistant. It is water resistant in clear, clean water with no currents or waves.

Pools and hot tubs are full of chemicals that aren’t meant to be exposed to electronics. The ocean is full of salt and sediments, which ruin electronic components on contact.

There are certainly reputable waterproof cases that will allow you to submerge your phones and tablets in different bodies of water, but as we all know, even the best brands do not carry a 100% success rate. We recommend being safe over sorry – do not bring your devices swimming with you.

4. Use cheap or unsanctioned accessories

Using convenience store charging cables is a sure-fire ticket to losing your data. These cheaply made cables can fray easily, or may have components that aren’t well-fit to your device.

This will lead to data transfer interruptions (which can corrupt your device), electrical shorts, and other disasters that will come at the wrong place at the wrong time.

Invest in high quality accessories to ensure the safety of your data.

5. Try to guess your PIN

If you’ve forgotten your PIN or passcode, do not try to guess it over and over. Find a way to confirm what that PIN is, or get in touch with support to find out what your options are.

Entering a password or PIN repeatedly is the fastest way to lose your data forever. Too many incorrect entries will permanently “brick” your device, making it useless and rendering your data destroyed. This is often referred to as the device being in “Disabled Mode”. It is a security feature implemented in order to make the phone as secure as possible for anyone – from politician to technology executive,

By following these easy suggestions, you’ll be a world apart from most of the customers who come to us with a mobile device data crisis. In the event you do have a crisis and need your phone or tablet data recovered, give us a call at 866.786.5700.

Cyber Security Basics

A common example of a call we receive is, “I need your help. My spouse just identified that someone has hacked into our PayPal account and is withdrawing $1,700 per month. We have contacted our bank, but they are not willing to help. We contacted PayPal, and they indicated that they have ACH number. We are afraid that they have all our other accounts, passwords, and contact information. Can you help?” Cyber security isn’t household talk yet, but people are learning about its possibilities, and the risks they take when operating in the digital world.

Common Types of Cyber Attacks

Individuals and small business owners are becoming increasingly aware of common types of Cyber Attacks, but rarely are they aware of all the different ways they can happen. These attacks can include (but aren’t limited to) locking them out of their business files, defacing their websites, or stealing money. The most common cyber security attacks are:

Malware – a specific kind of software that’s designed to cause damage, disrupt, or create access to a computer system or network.
Phishing – when a scam is set up to impersonate a reputable person or company in order to acquire personal / sensitive information directly from a user – such as passwords and credit card numbers.
Man-in-the-middle attack (MITM) – this is an intrusion that involves a third party that intercepts, monitors, and alters communications between two parties without them knowing. For example, being able to intercept chat messages with a banker.
Distributed Denial-of-Service (DDoS) – when an attacker overloads a network resource, such as a website, rendering it unusable for its intended users
SQL injection – A SQL injection is when an attacker accesses a database and alters its code in order to exploit it, such as coding it to extract private customer information from your private business records.
Zero-day exploit – This type of attack is particularly dangerous, because it happens long before the users in question are aware of the exploited vulnerability. The attack happens the same day the vulnerability is identified by the attacker, before the user is ever made aware of the specific gap in security.
DNS Tunnelling – It is one of the most damaging DNS attacks. It encodes the data of other programs or protocols in DNS queries and responses. It often includes payloads that can be added to an attacked DNS server and used to control a remote server and applications.
Business Email Compromise (BEC) – An attacker impersonates a corporate email address, impersonating an individual in order to exploit and/or manipulate the user(s).
Cryptojacking – When an attacker installs malware on a user’s device in order to mine / steal cryptocurrency without their consent.
Drive-by Attack – A drive by attack is when a malicious piece of software is downloaded to your device without your consent, and potentially, without your knowledge. You may not know this code ends up in your device at all, or you may think you’re downloading one thing, but you’re actually downloading something harmful.
Cross-site scripting (XSS) attacks – When malicious code is injected into an otherwise trustworthy website, with the intention of exploiting the users who visit that site.
Password Attack – A cyber attacker uses a host of possible passwords on a user’s security systems, hoping that one of them works (usually banking on the idea that people often repeat passwords).
Eavesdropping attack – Similar to a “man in the middle” attack, this involves an attacker “snooping” or “eavesdropping” on communications without the users’ knowledge, in an attempt to acquire sensitive information.
Al-Powered Attacks – An aggressive and targeted cyber attack that uses artificial intelligence to determine the most vulnerable security points in your system.
IoT-Based Attacks – Internet of things (IoT) is easily one of the most versatile technologies in existence today. It is the primary force behind the biggest distributed denial of services (DDoS) botnet attacks for some time. Numerous IoT device manufacturers continue to ship products that cannot be properly secured.

Unfortunately, most individuals and small business owners do not carry cybersecurity insurance, or have enough money stowed away to afford a full incident response lifecycle. This typical lifecycle includes preparation, detection & analysis, containment & eradication, and post incident activity.

These attackers usually first analyze their target (reconnaissance), then they initialize an exploitation to intrude the network. Once established, they will then start to dig into your systems. They will try to move across your network quickly, looking for further exploitable data to take advantage of. Once they find the key data to collect, they exfiltrate and exploit the information. Once they have hit this phase, they are usually in and out of your network rather quickly.

How Cyber Security Works

It is unnerving because you don’t know if your system is clean, or if they have placed spyware on your system that watches your every move. The cybersecurity industry processes consist of the following segments:

• Proactive Protection – Hardware and software to keep your systems secure
• Monitoring – Scanning logs to detect intrusions or gaps
• Consulting – Analyze your business in order to receive pointed security recommendations
• Incident Response – Analyze a security breach in order to assess damage and recovery of data or funds
• Recovery – Recover any lost data or business functions that were negatively impacted by the data breach

Cyber Attacks – What To Do

If you are locked out of your business systems, your web site has been defaced, or you have lost money, then you require Incident Response services. Understanding your networked media, passwords, roles within the network, who belongs to which user group, and the privileges each staffer is granted are all required when preparing to deal with an incident. It is important to identify patient zero, so to speak, but most of the time, that’s rather unclear at first. Detecting how the network was compromised is critical to identifying, isolating, and eradicating any harmful factors that have been left behind.

Depending upon the network, this may take several ten-hour days to several weeks. Once the threats have been identified, contained, and eradicated, then you’ll need a follow up, post-incident action recommendation to ensure that this doesn’t happen again.

If an individual or small business is not able to activate an incident response team, then the following steps are your best bet to achieve a resolution and minimize damage:

• Unplug your internet connection
• Find a Password Manager: (Last Pass, One Pass, etc….)
• Change all your passwords
• Authorize 2-Party Verification
• File a Police Report to your local authority
• File an IC3 Report to the FBI
• Run a malware & anti-virus scan
• (Stole money?) Contact your financial institutions

Unfortunately, it will be rare that the individuals causing this havoc will be caught, but following these suggestions and you will be better prepared then most and hackers usually go for the weakest target.

When we get a call like the one we discussed above, we notify them that if a hacker has their ACH number, they would usually get in and get out with as much money as possible in as little time as possible. We might even mention that there could be some sort of payment schedule to a bill they don’t remember.

On this particular example, we received a notification days later explaining that this was exactly the case. It was a loan payment that was forgotten about, but they did implement the suggestions above, and already feel safer and more informed.

If you think you’re a victim of a cyber security attack, don’t hesitate to call us at (866) 786-5700. We will consult with you to see if your suspicions are valid, and then scope out the work accordingly. We’re here for you.

iOS exploits and their impact on digital forensics

Last September, the iOS hacking community got a big surprise when a security researcher named axi0mX released a ‘game changing’ exploit called ‘checkm8’.  What makes checkm8 so unique is that unlike previous exploits, it is a Boot ROM exploit. This means that on affected devices, there is no way for Apple to patch it via software updates.

To be clear, this exploit is not a remote threat, as the physical device must be tethered to a computer. Further, it does not allow someone to bypass your PIN or Touch/FaceID. The exploit is also non-persistent.  Meaning that once the device is rebooted, the exploit is removed.

The affected devices are and iPhone and other iOS models such as iPad running Apple’s A11 chip or earlier.  Which basically means, any iOS device before and including the iPhone X. The iPhone XR, XS, 11, and Pro models are not included in this exploit.

How can this new exploit help us in digital forensics? 

The checkm8 exploit now allows us to obtain an entirely new level of device data extraction which, up to this point, was impossible. Previously, on Phones newer than the iPhone 4, we were essentially only able to get what equates to an iTunes backup of the device. In many cases, this is fine.  However, over the years Apple has made it increasingly difficult to recover deleted information from chat databases and other application data by using a vacuum-like function that cleans up databases more frequently than earlier iOS versions.

Checkm8 allows a forensics examiner to exploit the device, collect the file level decryption keys and then extract the entire active file system of the device including the keychain and other valuable data previously unattainable by earlier extraction methods. Previously, we were only able to get parts of the data which were approved to be included in iTunes backups. The aforementioned non-persistence is great because no user level data is altered, and we no longer even have to boot the device into the native iOS.

For example, below are the results from a test iPhone in our lab on which we performed two separate extractions: Advanced Logical vs Checkm8.   The first screenshot from Cellebrite Physical Analyzer shows what was retrievable via the traditional Advanced Logical extraction, about 8.5 gigabytes of data.

The next screenshot, below, shows the data which resulted from the checkm8 full file system extraction of the exact same iPhone:

The difference in readable data obtained is staggering! The full file system extraction pulled approximately 36 GB of data, vs the 8.5 GB obtained via the advanced logical method. With Chat messages alone we were only able to obtain 251 messages and 9 deleted messages via the old method. With the exploited method we recovered 3228 messages and 75 deleted messages.

Another key area is that the phone stores logs that are usually inaccessible to the users. These logs store massive amounts of data related to how a user interacts with a device as well as tons of extra location data.  There is a treasure trove of information that we are still just discovering.

Think about the implications of this extra data in a criminal investigation or traffic accident cases.

On Scene in a Water Emergency

Securing Digital Evidence in a Water Emergency

Water and electrical devices do not mix, especially if the device contains valuable data. When you’re on scene in a water emergency, the decisions you make in handling potential digital evidence can have huge impacts down the line in your department’s ability to recover evidence and use it to make a case. We’d like to share a few on-scene tips to help protect digital evidence that may be damaged by water.

How Water Damages Electronic Devices

Before we talk about what to do with a device in water, it helps to understand the two most common ways that water actually damages electronic devices.

Electrical Damage

Water is rarely pure water. It contains dissolved electrolytes, such as sodium chloride (table salt). Pure water is a very poor conductor of electricity, but when it contains ions (sodium and chloride), it can act as a good conductor of electricity. So, if this ion-filled water commonly known as tap, coastal, lake, river, or sewage water comes into contact with any electronic device in an ON state, it is going to make connections in places where there should be no connections. This can result in a large current, which in turn, damages the circuit.

Corrosion

Corrosion is another problem when water is involved with electronic devices. Corrosion happens when you have long-term exposure to water. The electrical connections within electronic devices are made of metal. When that metal comes into contact with water, it starts corroding and converting to another non-conducting compound. The additional ions that water contains can speed up this process of corrosion. If the metal connection between two parts of a circuit is sufficiently corroded, the connection is broken and the electronic device stops working.

What To Do On Scene

The decisions you make on scene in a water emergency can have significant impacts on your department’s ability to recover and analyze digital evidence for future use. We recommend the following steps to help protect the integrity of digital evidence in a water emergency:

1) Assume The Device Was Powered On

Technically, it matters whether a device is in the ON state of OFF state when disaster strikes. If the device is in its OFF state, it is very possible that it will start working as long as you dry and clean it up sufficiently before turning it on, as the dried water can no longer make any undesired connections. This can be done using rice, solvent, or other methods that will absorb or displace the water content without leaving anything to interfere with the circuit.

Unfortunately, when most disasters or accidents strike, devices found are in an unknown state. It is unknown if the device was originally in the OFF or ON state. The most conservative approach from a data recovery perspective is to assume the device was ON and has short-circuited.

2) If It’s Dry, Keep It Dry

This may sound obvious, but even a good-intentioned effort to wipe down a device with a damp cloth can do permanent damage. If a digital device has dried after a flood, storm or fire, it’s best to keep it dry. Simply get the device as it is to your digital crime lab and make sure they know it may have water damage. If there are contaminants on or inside the media, an accredited crime lab will follow specific protocols when recovering data to address any potential contaminants.

3) If It’s Wet, Keep it Wet

If the device is still wet, DON’T TRY TO DRY IT! Trying to dry a wet electronic device on scene is usually done with the best of intentions, but it’s a mistake from a data recovery perspective. As noted above, it’s not the actual water that does the damage, but the ions and contaminants in the water. If you try to dry the device you may be ensuring that those ions stay in places they shouldn’t be. The most conservative approach is to package the media with a wet towel and immediately send it to the digital crime lab.

4) If It’s Submerged, Keep It Submerged (In Distilled Water)

In a flood emergency, you may find digital devices that are completely submerged. In this situation, don’t try to dry the device. Instead, place the device in a bucket of distilled water and get it to a digital crime lab. Remember that it’s the extra ions from things like salt or other contaminants in the water that damage the device, not the water itself. Distilled water is, by definition, pure water that doesn’t contain the additional ions that can do damage.

It sounds counterintuitive to bring water to a flooded crime scene, but if you need to secure digital evidence during a flood emergency, a few gallons of distilled water could help you make the case.

If you need help recovering digital evidence that may have water damage, contact Flashback Data. We’ve worked with devices damaged by hurricanes, floods, fires and sabotage. We are the first private crime lab accredited under the same specifications as the FBI and state labs. We can help you prepare, recover, analyze and use digital evidence especially in unique and time-sensitive cases.

CALL US AT 866-786-5700 FOR A FREE CONSULTATION.

Cyber-Attack: Does it mean the end?

We’ve all the heard stories about the 200,000+ systems in 150 countries getting hacked last week. The attacks hit computers running factories, hospitals, banks, government agencies, and transport systems in countries including Russia, United States, Ukraine, Brazil, Spain, India and Japan, among others. Among those hit were Russia’s Interior Ministry, Spain’s Telefonica, FedEx Corp. in the U.S., and about 45 National Health Service organizations in the U.K.

The culprit is malware called WannaCry and seems to have spread via a type of computer malware known as a worm. Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harboring the attack code.

Once a company’s data is encrypted, a message appears demanding a fee of hundreds of dollars. If the ransom is paid in time, the information may be restored. “At the heart of this new business model for cybercrime is the fact that individuals and businesses, not retailers and banks, are the ones footing the bill for data breaches,” Josephine Wolff noted in The Atlantic.

As the worst cyber-attack in recent history, why has WannaCry has proven so vicious?  It leverages a Windows vulnerability known as EternalBlue that allegedly originated with the NSA. The exploit was dumped into the wild last month in a trove of alleged NSA tools by the Shadow Brokers hacking group. Microsoft released a patch in March, but many organizations haven’t caught up.

“The spread is immense,” says Adam Kujawa, the director of malware intelligence at Malwarebytes, which discovered the original version of WannaCry. “I’ve never seen anything before like this, It’s nuts.”

One cyber security firm estimates that costs for extortive attacks at small and medium companies cost $75 billion in expenses and lost productivity each year.

(WannaCry) Ransomware Prevention

Multiple things go wrong when infected with malware, yet It isn’t the ransom that is the expensive part of being infected.  The downtime and lost productivity increase with each passing day. Prevention of infection is the best possible way to avoid downtime. However, there is no single defense solution currently on the market that can 100% guarantee ransomware prevention. Instead, step up your data protection game to increase your front line of defense. If that still doesn’t work, Flashback Data has had limited success in recovering data on infected drives.

  • Install reputable anti-virus and firewall technology, and update both OS & software consistently.
  • Proceed with caution when opening emails; Do not click links or open email attachments you aren’t expecting; verify the source of the link or attachment first.
  • Ensure that ALL employees are trained on these email best practices – phishing scams are the #1 cause of ransomware’s success today.
  • Despite popular belief, the Cloud is NOT immune to Ransomware. Particularly within popular SaaS applications like Dropbox, Office 365 and Google Apps.

RansomWare Recovery

Like many of the leading ransomware strains today, the code is constantly being adapted to avoid detection by the leading solutions of defense available. More than 91% of IT service providers  reported ransomware infiltrating anti-virus and anti-malware software in the past 12 months and 77% report it infiltrating email and SPAM filters. The social engineering tactics cyber criminals employ to dupe their victims continue to be highly effective, and will remain so for the next few years, likely due to Increase in phishing emails/SPAM, general awareness of best practices against phishing, and the lack in cybersecurity training.

  • Don’t negotiate with e-terrorists. 42% report customers paid the ransom, 1 in 4 of whom did so and never recovered the data. This is largely why the FBI recommends victims do not pay up. But if you decide to risk paying the ransom you should know that cyber criminals will likely require you to pay using Bitcoin or another virtual currency over the Tor network, which is a software designed to make web browsing anonymous and untrackable.
  • Identify Time of Infection – Pinpoint the timing of a ransomware hit by reviewing the timestamps of changed file versions within a user’s backup archive.
  • Protect ALL users and applications – Provide better support by closing gaps in data visibility and protection, and capture every end-user file, regardless of OS platform. Educate people to NOT click links unless they can verify the source.
  • Contact Flashback Data BEFORE too much damage has been done to the device, thus increasing chances of a successful recovery. We have had success recovering data without paying ransom.