What we do for you ?

Eliminate malicious software

The majority of hacks are perpetrated to use your computer's resources for illegal purposes. By exploiting vulnerabilities in your system, hackers gain access to distribute copyrighted material, perform DDoS attacks on other computers, or hack other systems. In some cases, hackers install ransomware that encrypts your files and demands a ransom for decryption. Regardless of the purpose, if your systems are used without your permission, it is imperative to clean them quickly. During the electronic discovery process, SafeComs detects and eliminates all tools left behind by hackers.

Identify the source of the attack

When analyzing a compromised system, SafeComs extracts useful information about attackers' actions by examining logs, registries, databases, settings, etc. Whether an outside attacker compromised your systems, an inside employee engaged in nefarious activities, or malware infected the machine, SafeComs provides detailed insights.

Find evidence of 'unauthorized' activities

SafeComs searches for, obtains, secures, and processes any electronic evidence regarding unauthorized activities on your systems. They report on files or data stolen, added, copied, removed, or sent outside your company's firewall during the breach.

Preserve Digital Evidence

Preserving digital evidence is crucial for legal proceedings. SafeComs ensures that all collected data is handled with the utmost care, maintaining its integrity for potential use in court. This includes creating forensic images of compromised systems and documenting every step taken during the investigation.

Comprehensive Incident Reporting

After the forensic analysis, SafeComs provides a comprehensive incident report detailing the findings, including the nature of the breach, the data compromised, and the methods used by the attackers. This report is essential for understanding the scope of the breach and for taking corrective measures to prevent future incidents.

Customized Security Recommendations

Based on the forensic analysis, SafeComs offers customized security recommendations tailored to your organization's specific needs. These recommendations help to strengthen your security posture and mitigate the risk of future breaches.

Continuous Monitoring and Support  

SafeComs provides ongoing monitoring and support to ensure that your systems remain secure. They offer continuous threat assessments and updates to your security measures, keeping your organization protected against evolving threats.

Training and Awareness Programs

Educating your employees about security best practices is vital for preventing future breaches. SafeComs offers training and awareness programs to help your staff recognize potential threats and respond appropriately.  

Call us if you suspect you have been hit by malware

The quicker you react, the faster you will recover, with less damage.


Contact us
Loss of Data Identity Theft Ransomware Other Malware I got hit! now what? We selected Sophos 

Loss of Data

What was critical:  

What was critical was Absence of recent backup .

A high executive traveling to an urgent meeting overseas had lots of work and preparation before the trip, leaving no time for a manual backup. The laptop was left in a taxi or stolen at the hotel, and there was no recent data to recover.

Lesson:

Always have a recent backup  of your critical data, it MUST be automated  (or you will fail to do it), must be remote  (or data would be lost in case of theft or fire), must be encrypted  (too easy to steal a tape or drive), and have a  HISTORY. A copy on a disk is  NOT  a backup.

Why data loss?

DATA loss can happen in multiple ways, with the most popular issues are:

A Hard Drive can stop working at any time, based on shock, vibration or manufacturing defect.

    • ​Hard Drive malfunction
    • Computer loss or theft
    • Virus infection
    • Malware attack
    • Ransomware 
    • Human error
    • Natural disaster

It is important to prepare for the loss of Data, and it should be normal procedure.

In fact, every hard drive, due to the mechanical elements, will wear out or suffer from mishandling. Data backup with clear history is the only valid method for recovering from such damage.

Identity Theft

What was critical?

What was critical was a  lack of internal procedure.

A hacker managed to infiltrate an email system and observed activity until they identify a purchase process. They immediately build fakes websites to communicate between companies and eventually managed to redirect a payment to a foreign bank account.  

Lesson:

Never modify a procedure based on email alone, make sure you have multiple ways to acknowledge an important change like bank account, new email address for Director, official person in charge.

The highest risk of Identity theft are:

    • email phishing - where instruction will drive an employee to disclose confidential information, either about himself or the system/passwords he uses or the processes in place in his company.
    • Social Engineering - when an employee is convinced to disclose his credentials to a pseudo colleague, calling from the IT department

This kind of attack is only relying on employee gullibility. Most companies do not have a real security training or an awareness program, and employees are usually launched in their position with little or no explanations of the risks.

SafeComs offers  awareness training sessions  to get your employee risk aware and consult on  company procedures and policies . 

Ransomware

Why was critical?

What was critacal was the Absence of procedure and of recent backup.

An employee received an unusual email contesting a payment with attached information but clicking on the link failed to open. The employee passed the mail to another accounting employee to check if they can open it, they end up suggesting that the file was corrupt and ignored the incident.

3 days later, all files on both computers and the peripherals attached + the online backup drive were encrypted and a message requesting a ransom appeared on the screen, together with a clear procedure to purchase bit coins and transfer them to a specific account. The Accountant just lost all data that he was using to close the fiscal year and report to the board for the consolidation of country data.

Lesson:

Always have a recent backup of your critical data, from an automated process, encrypted, remote, with significant history (min 30 days).

    • Ransomware is a kind of Virus or Worm that propagates through emails. It can also be found in copies of pirated software and is now also distributed through file sharing and software updates. 
    • The Ransomware elements are usually extremely small to allow distribution via all forms of communication, including  PDFs . As soon as the first bytes of the trap is downloaded, the malware will communicate back home to download the rest of the program to encrypt the data, meaning the algorithm and the asymmetric keys to perform the encryption and the instruction to organise the payment of the ransom. 
black and white computer keyboard
The virus or worm will sit dormant on your computer for a while collecting data to encrypt your file and when ready will hit you with a ransom. 

Other Malware

Occasionally you meet people who are not really concerned about the security of a PC at home and will happily use illegal software without any consideration for the risk they are taking or maybe pushing on others... They are worms and trojan magnets.

Spammers and Criminal do not use their own cars or guns to attack a bank, instead they will search for isolated PCs with weak or no security and will infect them with a trojan. As a result they now have one more machine at hand in their "BotNet" (meaning a network of thousands robots ready to answer to their master) for when they need to perform some hacking exploit, penetrate an account, request ransomware to be paid, launch a massive attach against their specific target, etc...

This is how you can easily find yourself in the middle of a forensic investigation where a bank and the law enforcement officers are attempting to source the criminal who managed to access their main database and syphon a large sum of money from their clients accounts.
You might have a hard time explaining why your computer was involved in such an attack, and you will end up also having to justify the illegal software they have found on your computer.

I got hit! now what?

What was critical?

What was critical was absence of protection, procedure and backup.

It can take time to know what went wrong and how the hacker got inside your systems, but basically you can expect a human factor to be the cause more than a technology glitch.

Unless you are the CIA or an organisation holding very high level secrets, hackers will not specifically target you, but instead you will appear as a result of a large network operation, targeting easily guessed passwords, gullible employees, simple phishing exploits, or a trojan was imported from installing some pirated software.

Lesson:

Make sure you have a  security policy  in place, that your staff are aware of important  procedure  when handling ordering and payments, and that regularly run  awarenesstraining . You can subscribe online on SafeComs awareness training. 

What you should do now will greatly depend on what hit you, but basically, there are a few steps that are common to all issues:
Disclose the information internally

Immediately inform the management and the security team. This is the best way to prevent the issue from spreading, and also the only one to immediately kick start the recovery procedure.

It will also help share the information on what happened, how it happened when it is known, and what should be done to prevent it from happening again.

Isolate the elements that were hit. 

Disconnect from the network and cut all access to the system until a security expert can look into it.

Check associated or connected peripherals

Verify if anyone else was hit at the same time and request a check of each element connected on the same network to be performed.

Reset all passwords

On all accounts accessed by the compromised device, but also on any other service where you might have used a similar password.

Call in a forensic expert

Request a test on all services you have access to and all connected devices, attempt to find the root cause of the hack.

Assess damage and kick start recovery procedure

You will now value the time you spent creating this recovery policy, backup in multiple locations, firewalls segregating departments of your infrastructures and all other security measures that were taken.

Document the Incident

Make sure that a serious root cause analysis is performed and that information is disclosed amongst other employees to prevent future recurrence of this type of incident.

You will gain greater knowledge and staff commitment if you share the details of the incident without blaming anyone.

If you want to evaluate your Risk Position,

Call us to request the free visit of one of our experts.

Contact us

We selected Sophos 

as our partner for the best End Point Security Protection
Security made simple
 
 

We have selected Sophos as our partner for the best Endpoint Security Protection. Sophos combines endpoint security with pattern and traffic analysis to react immediately to abnormal behavior.

Sophos offers protection against phishing, ransomware, penetration attempts, trojans, worms, viruses, and other intrusions. Watch this short presentation of Sophos' approach.

Worried About Emailing, WiFi, Internet Security?

Security is serious, but it doesn't mean it can't be engaging.

 
 
Email Protection

Ensure your emails are protected with advanced filtering and threat detection to prevent phishing and other email-based attacks. 

 
 
Securing a Wifi

Protect your wireless networks with robust encryption and access controls to prevent unauthorized access and data breaches.


Internet Security 

  Implement comprehensive internet security measures, including firewalls, anti-malware, and real-time monitoring to safeguard your online activities.

Start with the customer – find out what they want and give it to them.

Would you like more information
about a product?

Visit next Contact us