SEMA News—May 2015

INTERNET
By Joe Dysart

Ransomware

One Wrong Click and Hackers Encrypt All Your Files

IT security experts warn that there’s been a spike in the scourge of ransomware—malicious software that freezes a computer, encrypts all of its data and demands a ransom for the system’s restoration. Since February 2013, more than 600,000 victims worldwide have reportedly been infected with just one variant of the malware, CryptoWall, according to an October 2014 report released by Dell.

“This is the next generation of ransomware, and you can expect this new version to spread like wildfire,” said Stu Sjouwerman, CEO of KnowBe4, a firm that specializes in IT security awareness training for small- and medium-size businesses.

“Today’s threat actors are smarter than ever, morphing their attacks multiple times to achieve the goal of undermining existing security defenses,” agreed David Monahan, research director for Enterprise Management Associates, an IT security firm that tracks and secures against hackers targeting the trucking and logistics industry.

“Cybercrime knows no season, never sleeps and is the most profitable international crime,” added TK Keanini, CTO of IT security firm Lancope.

Essentially, cyber-crooks trigger the extortion scheme by slithering past a PC’s defenses and delivering software onto the computer that auto-encrypts every file on the hard drive. The malware also infects all of the external hard drives connected to the PC.

Generally, victims inadvertently download the software after they click on what looks like a legitimate banner ad. They can also pick up ransomware when they visit an infected website or click on an infected attachment on an e-mail, according to the Dell report.

Crooks often demand ransoms ranging from $200 to $2,000. It’s an amount that’s painful to pay but low enough for many companies to tolerate in the hopes that the ransomers will be true to their word and restore a machine once money exchanges hands, according to the Dell report.

Moreover, companies that put off paying a ransom—usually more than four to seven days—often face threats of being forced to pay even larger ransoms. In one case, a victim was forced to pay $10,000 for the release of encrypted files. All told, Dell estimates that $1.1 million in ransom was paid to thieves using just the CryptoWall variant during a six-month period in 2014.

Ironically, the advent of new digital currencies is helping promulgate the criminal activity. Ransomers often demand to be paid in Bitcoin, a web-based currency that can be easily—and anonymously—exchanged over the web.

And while ransomware is often associated with visiting sketchy areas of the web—the digital equivalent of stumbling into a bad neighborhood—the malware has also been found on some extremely high-profile websites. In October, for example, ransomware was found embedded in ads on a number highly trafficked websites that included Yahoo, Match.com and AOL, according to a report by Proofpoint, an IT security firm.

Using infected ads on those high-profile websites was a clever move, in that the thieves did not have to overcome the formidable security defenses of major websites such as Microsoft.com and Bing—or even the ad networks servicing those sites, according to the Proofpoint report. Instead, the crooks simply stole legitimate ads, infected them with ransomware payloads, and then fed those ads back into the ad networks used by the previously mentioned highly trafficked websites.

Many companies aware of the ransomware scourge and similar malware already have education programs in place that train employees how to detect and guard against the most common sources of ransomware. But the extortionists, who apparently have nothing better to do all day, are always finding ways to up the ante in the never-ending game of cat and mouse.

“For example, most people are aware that they should avoid clicking on executable files,” said KnowB4’s Sjouwerman. “However, seemingly innocuous documents such as Microsoft Word files can also be infected with malware. That’s why it’s essential for employees to be able to identify and avoid social-engineering red flags.”

Sadly, the nightmare of the takeover software is also evolving with the digital revolution. For example, newer variants of ransomware are popping up on mobile technologies, such as Android phones, according to an October report from IT security firm F-Secure. With the mobile technologies, the ransomware payload often comes in the form of apps for download, according to the F-Secure report.

Unfortunately, there is no way to completely safeguard any business against ransomware 24/7. But there are a number of deterrents that organizations can put in place, including these:

• Block executable files (such as .exe files) and compressed archives (such as .zip files) containing executable files before they reach a user’s inbox.
• Keep operating systems, browsers and browser plug-ins such as Java and Silverlight fully updated to prevent compromises resulting from exposure to ransomware. “Patch browsers as soon as possible, and keep the amount of plug-ins as low as you can,” said Sjouwerman. “This diminishes your attack surface.”
• Once infected, try disconnecting your network from the Internet. This move can sometimes temporarily neuter ransomware until it can be discovered and removed.
• Program hard drives on your computer network to prevent any unidentified user from modifying files.
• Regularly back up data with so-called “cold,” offline backup media that does not and has never been connected to the Internet. “Make regular backups and have a backup off-site as well,” said Sjouwerman. “Test your restore function regularly to make sure that your backups actually work.” Sjouwerman added that backups to locally connected, network-attached or cloud-based storage are not sufficient, since ransomware such as CryptoWall encrypts such files along with those found on your system’s primary hard drive.
• Be careful with any e-mail that comes with an attachment or link inside. “Think before you click,” said Sjouwerman. “Don’t open anything from someone unless you are expecting it. Hover over an e-mail address to make sure it’s from a valid domain, one you know and recognize.”
• Check out KnowB4’s free phishing test. Essentially, this test enables you to identify people in your employ who are prone to be duped by ransomware operators looking to sneak into your network via online ads, websites and e-mails.

You should also consider a pre-emptive employee-training service such as KnowB4. The company offers a security awareness training program designed by Kevin Mitnick, who is an internationally recognized computer security expert and has extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled operator who penetrated some of the most resilient computer systems ever developed. Today, he is renowned as an information security consultant and speaker and has authored three books, including The New York Times bestseller Ghost in the Wires.

Mitnick’s security awareness training program is interactive, web-based and includes case studies, live demonstration videos and short tests. An initial training session in the program runs 30–40 minutes.

“Our Internet security awareness training is designed to ensure that employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering and are able to apply this knowledge on the job,” Mitnick said. “This allows organizations to create a ‘human firewall’ that actively works to prevent network security breaches.”

Included in the service are regularly scheduled phishing security tests performed by KnowB4, which keep employees on their toes. Employees duped by the simulated phishing attacks can receive instant remedial training under the program. Also featured is an admin console that provides before-and-after reports featuring instant graphs detailing the training’s efficacy.

“The threat posed by malware should not be underestimated, particularly considering that employees have consistently proven to be the weak link in companies’ Internet security efforts,” Mitnick said. “In most cases, their involvement is unintentional. They unknowingly allow access to corporate networks simply because they don’t know what to watch out for.”

For more information on protecting your firm from ransomware, check out:

• “Dealing With Ransomware” Podcast: From IT Security Firm Sophos
• Proofpoint’s Report on Ransomware on Major Sites Such as Microsoft.com
• F-Secure’s Threat Report

Joe Dysart is an Internet speaker and business consultant based in Manhattan.
joe@joedysart.com
www.joedysart.com

SEMA News—May 2015

INTERNET
By Joe Dysart

Ransomware

One Wrong Click and Hackers Encrypt All Your Files

IT security experts warn that there’s been a spike in the scourge of ransomware—malicious software that freezes a computer, encrypts all of its data and demands a ransom for the system’s restoration. Since February 2013, more than 600,000 victims worldwide have reportedly been infected with just one variant of the malware, CryptoWall, according to an October 2014 report released by Dell.

“This is the next generation of ransomware, and you can expect this new version to spread like wildfire,” said Stu Sjouwerman, CEO of KnowBe4, a firm that specializes in IT security awareness training for small- and medium-size businesses.

“Today’s threat actors are smarter than ever, morphing their attacks multiple times to achieve the goal of undermining existing security defenses,” agreed David Monahan, research director for Enterprise Management Associates, an IT security firm that tracks and secures against hackers targeting the trucking and logistics industry.

“Cybercrime knows no season, never sleeps and is the most profitable international crime,” added TK Keanini, CTO of IT security firm Lancope.

Essentially, cyber-crooks trigger the extortion scheme by slithering past a PC’s defenses and delivering software onto the computer that auto-encrypts every file on the hard drive. The malware also infects all of the external hard drives connected to the PC.

Generally, victims inadvertently download the software after they click on what looks like a legitimate banner ad. They can also pick up ransomware when they visit an infected website or click on an infected attachment on an e-mail, according to the Dell report.

Crooks often demand ransoms ranging from $200 to $2,000. It’s an amount that’s painful to pay but low enough for many companies to tolerate in the hopes that the ransomers will be true to their word and restore a machine once money exchanges hands, according to the Dell report.

Moreover, companies that put off paying a ransom—usually more than four to seven days—often face threats of being forced to pay even larger ransoms. In one case, a victim was forced to pay $10,000 for the release of encrypted files. All told, Dell estimates that $1.1 million in ransom was paid to thieves using just the CryptoWall variant during a six-month period in 2014.

Ironically, the advent of new digital currencies is helping promulgate the criminal activity. Ransomers often demand to be paid in Bitcoin, a web-based currency that can be easily—and anonymously—exchanged over the web.

And while ransomware is often associated with visiting sketchy areas of the web—the digital equivalent of stumbling into a bad neighborhood—the malware has also been found on some extremely high-profile websites. In October, for example, ransomware was found embedded in ads on a number highly trafficked websites that included Yahoo, Match.com and AOL, according to a report by Proofpoint, an IT security firm.

Using infected ads on those high-profile websites was a clever move, in that the thieves did not have to overcome the formidable security defenses of major websites such as Microsoft.com and Bing—or even the ad networks servicing those sites, according to the Proofpoint report. Instead, the crooks simply stole legitimate ads, infected them with ransomware payloads, and then fed those ads back into the ad networks used by the previously mentioned highly trafficked websites.

Many companies aware of the ransomware scourge and similar malware already have education programs in place that train employees how to detect and guard against the most common sources of ransomware. But the extortionists, who apparently have nothing better to do all day, are always finding ways to up the ante in the never-ending game of cat and mouse.

“For example, most people are aware that they should avoid clicking on executable files,” said KnowB4’s Sjouwerman. “However, seemingly innocuous documents such as Microsoft Word files can also be infected with malware. That’s why it’s essential for employees to be able to identify and avoid social-engineering red flags.”

Sadly, the nightmare of the takeover software is also evolving with the digital revolution. For example, newer variants of ransomware are popping up on mobile technologies, such as Android phones, according to an October report from IT security firm F-Secure. With the mobile technologies, the ransomware payload often comes in the form of apps for download, according to the F-Secure report.

Unfortunately, there is no way to completely safeguard any business against ransomware 24/7. But there are a number of deterrents that organizations can put in place, including these:

• Block executable files (such as .exe files) and compressed archives (such as .zip files) containing executable files before they reach a user’s inbox.
• Keep operating systems, browsers and browser plug-ins such as Java and Silverlight fully updated to prevent compromises resulting from exposure to ransomware. “Patch browsers as soon as possible, and keep the amount of plug-ins as low as you can,” said Sjouwerman. “This diminishes your attack surface.”
• Once infected, try disconnecting your network from the Internet. This move can sometimes temporarily neuter ransomware until it can be discovered and removed.
• Program hard drives on your computer network to prevent any unidentified user from modifying files.
• Regularly back up data with so-called “cold,” offline backup media that does not and has never been connected to the Internet. “Make regular backups and have a backup off-site as well,” said Sjouwerman. “Test your restore function regularly to make sure that your backups actually work.” Sjouwerman added that backups to locally connected, network-attached or cloud-based storage are not sufficient, since ransomware such as CryptoWall encrypts such files along with those found on your system’s primary hard drive.
• Be careful with any e-mail that comes with an attachment or link inside. “Think before you click,” said Sjouwerman. “Don’t open anything from someone unless you are expecting it. Hover over an e-mail address to make sure it’s from a valid domain, one you know and recognize.”
• Check out KnowB4’s free phishing test. Essentially, this test enables you to identify people in your employ who are prone to be duped by ransomware operators looking to sneak into your network via online ads, websites and e-mails.

You should also consider a pre-emptive employee-training service such as KnowB4. The company offers a security awareness training program designed by Kevin Mitnick, who is an internationally recognized computer security expert and has extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled operator who penetrated some of the most resilient computer systems ever developed. Today, he is renowned as an information security consultant and speaker and has authored three books, including The New York Times bestseller Ghost in the Wires.

Mitnick’s security awareness training program is interactive, web-based and includes case studies, live demonstration videos and short tests. An initial training session in the program runs 30–40 minutes.

“Our Internet security awareness training is designed to ensure that employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering and are able to apply this knowledge on the job,” Mitnick said. “This allows organizations to create a ‘human firewall’ that actively works to prevent network security breaches.”

Included in the service are regularly scheduled phishing security tests performed by KnowB4, which keep employees on their toes. Employees duped by the simulated phishing attacks can receive instant remedial training under the program. Also featured is an admin console that provides before-and-after reports featuring instant graphs detailing the training’s efficacy.

“The threat posed by malware should not be underestimated, particularly considering that employees have consistently proven to be the weak link in companies’ Internet security efforts,” Mitnick said. “In most cases, their involvement is unintentional. They unknowingly allow access to corporate networks simply because they don’t know what to watch out for.”

For more information on protecting your firm from ransomware, check out:

• “Dealing With Ransomware” Podcast: From IT Security Firm Sophos
• Proofpoint’s Report on Ransomware on Major Sites Such as Microsoft.com
• F-Secure’s Threat Report

Joe Dysart is an Internet speaker and business consultant based in Manhattan.
joe@joedysart.com
www.joedysart.com

SEMA News—May 2015

INTERNET
By Joe Dysart

Ransomware

One Wrong Click and Hackers Encrypt All Your Files

IT security experts warn that there’s been a spike in the scourge of ransomware—malicious software that freezes a computer, encrypts all of its data and demands a ransom for the system’s restoration. Since February 2013, more than 600,000 victims worldwide have reportedly been infected with just one variant of the malware, CryptoWall, according to an October 2014 report released by Dell.

“This is the next generation of ransomware, and you can expect this new version to spread like wildfire,” said Stu Sjouwerman, CEO of KnowBe4, a firm that specializes in IT security awareness training for small- and medium-size businesses.

“Today’s threat actors are smarter than ever, morphing their attacks multiple times to achieve the goal of undermining existing security defenses,” agreed David Monahan, research director for Enterprise Management Associates, an IT security firm that tracks and secures against hackers targeting the trucking and logistics industry.

“Cybercrime knows no season, never sleeps and is the most profitable international crime,” added TK Keanini, CTO of IT security firm Lancope.

Essentially, cyber-crooks trigger the extortion scheme by slithering past a PC’s defenses and delivering software onto the computer that auto-encrypts every file on the hard drive. The malware also infects all of the external hard drives connected to the PC.

Generally, victims inadvertently download the software after they click on what looks like a legitimate banner ad. They can also pick up ransomware when they visit an infected website or click on an infected attachment on an e-mail, according to the Dell report.

Crooks often demand ransoms ranging from $200 to $2,000. It’s an amount that’s painful to pay but low enough for many companies to tolerate in the hopes that the ransomers will be true to their word and restore a machine once money exchanges hands, according to the Dell report.

Moreover, companies that put off paying a ransom—usually more than four to seven days—often face threats of being forced to pay even larger ransoms. In one case, a victim was forced to pay $10,000 for the release of encrypted files. All told, Dell estimates that $1.1 million in ransom was paid to thieves using just the CryptoWall variant during a six-month period in 2014.

Ironically, the advent of new digital currencies is helping promulgate the criminal activity. Ransomers often demand to be paid in Bitcoin, a web-based currency that can be easily—and anonymously—exchanged over the web.

And while ransomware is often associated with visiting sketchy areas of the web—the digital equivalent of stumbling into a bad neighborhood—the malware has also been found on some extremely high-profile websites. In October, for example, ransomware was found embedded in ads on a number highly trafficked websites that included Yahoo, Match.com and AOL, according to a report by Proofpoint, an IT security firm.

Using infected ads on those high-profile websites was a clever move, in that the thieves did not have to overcome the formidable security defenses of major websites such as Microsoft.com and Bing—or even the ad networks servicing those sites, according to the Proofpoint report. Instead, the crooks simply stole legitimate ads, infected them with ransomware payloads, and then fed those ads back into the ad networks used by the previously mentioned highly trafficked websites.

Many companies aware of the ransomware scourge and similar malware already have education programs in place that train employees how to detect and guard against the most common sources of ransomware. But the extortionists, who apparently have nothing better to do all day, are always finding ways to up the ante in the never-ending game of cat and mouse.

“For example, most people are aware that they should avoid clicking on executable files,” said KnowB4’s Sjouwerman. “However, seemingly innocuous documents such as Microsoft Word files can also be infected with malware. That’s why it’s essential for employees to be able to identify and avoid social-engineering red flags.”

Sadly, the nightmare of the takeover software is also evolving with the digital revolution. For example, newer variants of ransomware are popping up on mobile technologies, such as Android phones, according to an October report from IT security firm F-Secure. With the mobile technologies, the ransomware payload often comes in the form of apps for download, according to the F-Secure report.

Unfortunately, there is no way to completely safeguard any business against ransomware 24/7. But there are a number of deterrents that organizations can put in place, including these:

• Block executable files (such as .exe files) and compressed archives (such as .zip files) containing executable files before they reach a user’s inbox.
• Keep operating systems, browsers and browser plug-ins such as Java and Silverlight fully updated to prevent compromises resulting from exposure to ransomware. “Patch browsers as soon as possible, and keep the amount of plug-ins as low as you can,” said Sjouwerman. “This diminishes your attack surface.”
• Once infected, try disconnecting your network from the Internet. This move can sometimes temporarily neuter ransomware until it can be discovered and removed.
• Program hard drives on your computer network to prevent any unidentified user from modifying files.
• Regularly back up data with so-called “cold,” offline backup media that does not and has never been connected to the Internet. “Make regular backups and have a backup off-site as well,” said Sjouwerman. “Test your restore function regularly to make sure that your backups actually work.” Sjouwerman added that backups to locally connected, network-attached or cloud-based storage are not sufficient, since ransomware such as CryptoWall encrypts such files along with those found on your system’s primary hard drive.
• Be careful with any e-mail that comes with an attachment or link inside. “Think before you click,” said Sjouwerman. “Don’t open anything from someone unless you are expecting it. Hover over an e-mail address to make sure it’s from a valid domain, one you know and recognize.”
• Check out KnowB4’s free phishing test. Essentially, this test enables you to identify people in your employ who are prone to be duped by ransomware operators looking to sneak into your network via online ads, websites and e-mails.

You should also consider a pre-emptive employee-training service such as KnowB4. The company offers a security awareness training program designed by Kevin Mitnick, who is an internationally recognized computer security expert and has extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled operator who penetrated some of the most resilient computer systems ever developed. Today, he is renowned as an information security consultant and speaker and has authored three books, including The New York Times bestseller Ghost in the Wires.

Mitnick’s security awareness training program is interactive, web-based and includes case studies, live demonstration videos and short tests. An initial training session in the program runs 30–40 minutes.

“Our Internet security awareness training is designed to ensure that employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering and are able to apply this knowledge on the job,” Mitnick said. “This allows organizations to create a ‘human firewall’ that actively works to prevent network security breaches.”

Included in the service are regularly scheduled phishing security tests performed by KnowB4, which keep employees on their toes. Employees duped by the simulated phishing attacks can receive instant remedial training under the program. Also featured is an admin console that provides before-and-after reports featuring instant graphs detailing the training’s efficacy.

“The threat posed by malware should not be underestimated, particularly considering that employees have consistently proven to be the weak link in companies’ Internet security efforts,” Mitnick said. “In most cases, their involvement is unintentional. They unknowingly allow access to corporate networks simply because they don’t know what to watch out for.”

For more information on protecting your firm from ransomware, check out:

• “Dealing With Ransomware” Podcast: From IT Security Firm Sophos
• Proofpoint’s Report on Ransomware on Major Sites Such as Microsoft.com
• F-Secure’s Threat Report

Joe Dysart is an Internet speaker and business consultant based in Manhattan.
joe@joedysart.com
www.joedysart.com

SEMA News—May 2015

INTERNET
By Joe Dysart

Ransomware

One Wrong Click and Hackers Encrypt All Your Files

IT security experts warn that there’s been a spike in the scourge of ransomware—malicious software that freezes a computer, encrypts all of its data and demands a ransom for the system’s restoration. Since February 2013, more than 600,000 victims worldwide have reportedly been infected with just one variant of the malware, CryptoWall, according to an October 2014 report released by Dell.

“This is the next generation of ransomware, and you can expect this new version to spread like wildfire,” said Stu Sjouwerman, CEO of KnowBe4, a firm that specializes in IT security awareness training for small- and medium-size businesses.

“Today’s threat actors are smarter than ever, morphing their attacks multiple times to achieve the goal of undermining existing security defenses,” agreed David Monahan, research director for Enterprise Management Associates, an IT security firm that tracks and secures against hackers targeting the trucking and logistics industry.

“Cybercrime knows no season, never sleeps and is the most profitable international crime,” added TK Keanini, CTO of IT security firm Lancope.

Essentially, cyber-crooks trigger the extortion scheme by slithering past a PC’s defenses and delivering software onto the computer that auto-encrypts every file on the hard drive. The malware also infects all of the external hard drives connected to the PC.

Generally, victims inadvertently download the software after they click on what looks like a legitimate banner ad. They can also pick up ransomware when they visit an infected website or click on an infected attachment on an e-mail, according to the Dell report.

Crooks often demand ransoms ranging from $200 to $2,000. It’s an amount that’s painful to pay but low enough for many companies to tolerate in the hopes that the ransomers will be true to their word and restore a machine once money exchanges hands, according to the Dell report.

Moreover, companies that put off paying a ransom—usually more than four to seven days—often face threats of being forced to pay even larger ransoms. In one case, a victim was forced to pay $10,000 for the release of encrypted files. All told, Dell estimates that $1.1 million in ransom was paid to thieves using just the CryptoWall variant during a six-month period in 2014.

Ironically, the advent of new digital currencies is helping promulgate the criminal activity. Ransomers often demand to be paid in Bitcoin, a web-based currency that can be easily—and anonymously—exchanged over the web.

And while ransomware is often associated with visiting sketchy areas of the web—the digital equivalent of stumbling into a bad neighborhood—the malware has also been found on some extremely high-profile websites. In October, for example, ransomware was found embedded in ads on a number highly trafficked websites that included Yahoo, Match.com and AOL, according to a report by Proofpoint, an IT security firm.

Using infected ads on those high-profile websites was a clever move, in that the thieves did not have to overcome the formidable security defenses of major websites such as Microsoft.com and Bing—or even the ad networks servicing those sites, according to the Proofpoint report. Instead, the crooks simply stole legitimate ads, infected them with ransomware payloads, and then fed those ads back into the ad networks used by the previously mentioned highly trafficked websites.

Many companies aware of the ransomware scourge and similar malware already have education programs in place that train employees how to detect and guard against the most common sources of ransomware. But the extortionists, who apparently have nothing better to do all day, are always finding ways to up the ante in the never-ending game of cat and mouse.

“For example, most people are aware that they should avoid clicking on executable files,” said KnowB4’s Sjouwerman. “However, seemingly innocuous documents such as Microsoft Word files can also be infected with malware. That’s why it’s essential for employees to be able to identify and avoid social-engineering red flags.”

Sadly, the nightmare of the takeover software is also evolving with the digital revolution. For example, newer variants of ransomware are popping up on mobile technologies, such as Android phones, according to an October report from IT security firm F-Secure. With the mobile technologies, the ransomware payload often comes in the form of apps for download, according to the F-Secure report.

Unfortunately, there is no way to completely safeguard any business against ransomware 24/7. But there are a number of deterrents that organizations can put in place, including these:

• Block executable files (such as .exe files) and compressed archives (such as .zip files) containing executable files before they reach a user’s inbox.
• Keep operating systems, browsers and browser plug-ins such as Java and Silverlight fully updated to prevent compromises resulting from exposure to ransomware. “Patch browsers as soon as possible, and keep the amount of plug-ins as low as you can,” said Sjouwerman. “This diminishes your attack surface.”
• Once infected, try disconnecting your network from the Internet. This move can sometimes temporarily neuter ransomware until it can be discovered and removed.
• Program hard drives on your computer network to prevent any unidentified user from modifying files.
• Regularly back up data with so-called “cold,” offline backup media that does not and has never been connected to the Internet. “Make regular backups and have a backup off-site as well,” said Sjouwerman. “Test your restore function regularly to make sure that your backups actually work.” Sjouwerman added that backups to locally connected, network-attached or cloud-based storage are not sufficient, since ransomware such as CryptoWall encrypts such files along with those found on your system’s primary hard drive.
• Be careful with any e-mail that comes with an attachment or link inside. “Think before you click,” said Sjouwerman. “Don’t open anything from someone unless you are expecting it. Hover over an e-mail address to make sure it’s from a valid domain, one you know and recognize.”
• Check out KnowB4’s free phishing test. Essentially, this test enables you to identify people in your employ who are prone to be duped by ransomware operators looking to sneak into your network via online ads, websites and e-mails.

You should also consider a pre-emptive employee-training service such as KnowB4. The company offers a security awareness training program designed by Kevin Mitnick, who is an internationally recognized computer security expert and has extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled operator who penetrated some of the most resilient computer systems ever developed. Today, he is renowned as an information security consultant and speaker and has authored three books, including The New York Times bestseller Ghost in the Wires.

Mitnick’s security awareness training program is interactive, web-based and includes case studies, live demonstration videos and short tests. An initial training session in the program runs 30–40 minutes.

“Our Internet security awareness training is designed to ensure that employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering and are able to apply this knowledge on the job,” Mitnick said. “This allows organizations to create a ‘human firewall’ that actively works to prevent network security breaches.”

Included in the service are regularly scheduled phishing security tests performed by KnowB4, which keep employees on their toes. Employees duped by the simulated phishing attacks can receive instant remedial training under the program. Also featured is an admin console that provides before-and-after reports featuring instant graphs detailing the training’s efficacy.

“The threat posed by malware should not be underestimated, particularly considering that employees have consistently proven to be the weak link in companies’ Internet security efforts,” Mitnick said. “In most cases, their involvement is unintentional. They unknowingly allow access to corporate networks simply because they don’t know what to watch out for.”

For more information on protecting your firm from ransomware, check out:

• “Dealing With Ransomware” Podcast: From IT Security Firm Sophos
• Proofpoint’s Report on Ransomware on Major Sites Such as Microsoft.com
• F-Secure’s Threat Report

Joe Dysart is an Internet speaker and business consultant based in Manhattan.
joe@joedysart.com
www.joedysart.com

SEMA News—May 2015

2015 SEMA Membership Directory Printed and Online

The May issue of SEMA News magazine doubles as the annual SEMA Membership Directory, and SEMA encourages you to keep this copy on your desk throughout the year to use as your reference tool in locating SEMA-member companies.

The membership directory is also available online. The online membership directory is continually updated to include new SEMA members. In addition, the online version of the membership directory lists members’ staff personnel, and you can contact them via e-mail through your MySEMA account.

If you don’t already have a MySEMA account, it’s no problem. If your company is a SEMA member, just ask your company’s SEMA contact to add you to your company’s profile. The person(s) listed under “Company Contact” on the bottom right of your company’s online directory listing has the ability to add employees to your company’s record.

It’s important to register through your Company Contact to ensure that you are tied to your company’s record and will have free access to benefits such as research reports and webinar downloads. You will use your company e-mail address to access your MySEMA account.

If your company is not a SEMA member, you can still register for a MySEMA account by logging into my.SEMA.org/login and clicking on “Register Now.” While you won’t have access to free SEMA membership benefits, you will be able to access resources such as research reports and webinar downloads for a fee.

SEMA.org – Gateway to Information

Information and resources are at your fingertips at www.SEMA.org. For instance:

• Did you know that SEMA was called the “Speed Equipment Manufacturers Association” when it was formed in 1963?
• Do you want to know who is currently serving on the SEMA Board of Directors or how to reach them?
• Do you want to locate a back issue of SEMA News magazine or SEMA eNews, the association’s weekly electronic newsletter?
• Do you want to know which current legislative initiatives that could affect SEMA-member companies are on SEMA’s government affairs department’s radar?
• Do you have the financial benchmarks to learn how your company compares to industry averages?
• Are you familiar with the SEMA Education Institute (SEI) and its free content available to SEMA members?
• Do you know that SEMA has a classifieds section that lists positions available at SEMA-member companies and lists people who are looking for positions?
• Do you know which SEMA staff person to contact by department?
• Do you know that SEMA has benefit partners who provide business resources and solutions such as business insurance, shipping, credit-card payment processing, a consumer credit-card program and an online pay-per-buyer program for SEMA members?
• Do you know which councils and committees are right for you and your company?
• Do you want to know how to volunteer or get more involved in the industry?

If you visit SEMA.org, you can find answers to all these questions and much, much more.

SEMA’s Mission…

...is to help our members’ businesses succeed and prosper. Our members are the producers and marketers of specialty-equipment products and services for the automotive aftermarket.

We Will Do This By:

• Proactive leadership in our industry to help it expand domestically and worldwide.
• Delivering programs, activities and information in response to the ongoing and emerging needs of our members.
• Emphasizing education to help members focus on and achieve acceptable world-class quality standards.
• Legislative and regulatory advocacy.
• Producing the industry’s leading trade show.

SEMA has programs and services whose sole purpose is to help its member companies succeed. SEMA’s goal is to be the go-to resource for its member companies and would like more of its members to take advantage of the resources available. For a complete listing of SEMA member benefits, visit www.SEMA.org/benefits. If you want to know how SEMA can help you and your company, call the SEMA customer service team at 909-610-2030, or e-mail member@sema.org.

SEMA News—May 2015

2015 SEMA Membership Directory Printed and Online

The May issue of SEMA News magazine doubles as the annual SEMA Membership Directory, and SEMA encourages you to keep this copy on your desk throughout the year to use as your reference tool in locating SEMA-member companies.

The membership directory is also available online. The online membership directory is continually updated to include new SEMA members. In addition, the online version of the membership directory lists members’ staff personnel, and you can contact them via e-mail through your MySEMA account.

If you don’t already have a MySEMA account, it’s no problem. If your company is a SEMA member, just ask your company’s SEMA contact to add you to your company’s profile. The person(s) listed under “Company Contact” on the bottom right of your company’s online directory listing has the ability to add employees to your company’s record.

It’s important to register through your Company Contact to ensure that you are tied to your company’s record and will have free access to benefits such as research reports and webinar downloads. You will use your company e-mail address to access your MySEMA account.

If your company is not a SEMA member, you can still register for a MySEMA account by logging into my.SEMA.org/login and clicking on “Register Now.” While you won’t have access to free SEMA membership benefits, you will be able to access resources such as research reports and webinar downloads for a fee.

SEMA.org – Gateway to Information

Information and resources are at your fingertips at www.SEMA.org. For instance:

• Did you know that SEMA was called the “Speed Equipment Manufacturers Association” when it was formed in 1963?
• Do you want to know who is currently serving on the SEMA Board of Directors or how to reach them?
• Do you want to locate a back issue of SEMA News magazine or SEMA eNews, the association’s weekly electronic newsletter?
• Do you want to know which current legislative initiatives that could affect SEMA-member companies are on SEMA’s government affairs department’s radar?
• Do you have the financial benchmarks to learn how your company compares to industry averages?
• Are you familiar with the SEMA Education Institute (SEI) and its free content available to SEMA members?
• Do you know that SEMA has a classifieds section that lists positions available at SEMA-member companies and lists people who are looking for positions?
• Do you know which SEMA staff person to contact by department?
• Do you know that SEMA has benefit partners who provide business resources and solutions such as business insurance, shipping, credit-card payment processing, a consumer credit-card program and an online pay-per-buyer program for SEMA members?
• Do you know which councils and committees are right for you and your company?
• Do you want to know how to volunteer or get more involved in the industry?

If you visit SEMA.org, you can find answers to all these questions and much, much more.

SEMA’s Mission…

...is to help our members’ businesses succeed and prosper. Our members are the producers and marketers of specialty-equipment products and services for the automotive aftermarket.

We Will Do This By:

• Proactive leadership in our industry to help it expand domestically and worldwide.
• Delivering programs, activities and information in response to the ongoing and emerging needs of our members.
• Emphasizing education to help members focus on and achieve acceptable world-class quality standards.
• Legislative and regulatory advocacy.
• Producing the industry’s leading trade show.

SEMA has programs and services whose sole purpose is to help its member companies succeed. SEMA’s goal is to be the go-to resource for its member companies and would like more of its members to take advantage of the resources available. For a complete listing of SEMA member benefits, visit www.SEMA.org/benefits. If you want to know how SEMA can help you and your company, call the SEMA customer service team at 909-610-2030, or e-mail member@sema.org.

SEMA News—May 2015

2015 SEMA Membership Directory Printed and Online

The May issue of SEMA News magazine doubles as the annual SEMA Membership Directory, and SEMA encourages you to keep this copy on your desk throughout the year to use as your reference tool in locating SEMA-member companies.

The membership directory is also available online. The online membership directory is continually updated to include new SEMA members. In addition, the online version of the membership directory lists members’ staff personnel, and you can contact them via e-mail through your MySEMA account.

If you don’t already have a MySEMA account, it’s no problem. If your company is a SEMA member, just ask your company’s SEMA contact to add you to your company’s profile. The person(s) listed under “Company Contact” on the bottom right of your company’s online directory listing has the ability to add employees to your company’s record.

It’s important to register through your Company Contact to ensure that you are tied to your company’s record and will have free access to benefits such as research reports and webinar downloads. You will use your company e-mail address to access your MySEMA account.

If your company is not a SEMA member, you can still register for a MySEMA account by logging into my.SEMA.org/login and clicking on “Register Now.” While you won’t have access to free SEMA membership benefits, you will be able to access resources such as research reports and webinar downloads for a fee.

SEMA.org – Gateway to Information

Information and resources are at your fingertips at www.SEMA.org. For instance:

• Did you know that SEMA was called the “Speed Equipment Manufacturers Association” when it was formed in 1963?
• Do you want to know who is currently serving on the SEMA Board of Directors or how to reach them?
• Do you want to locate a back issue of SEMA News magazine or SEMA eNews, the association’s weekly electronic newsletter?
• Do you want to know which current legislative initiatives that could affect SEMA-member companies are on SEMA’s government affairs department’s radar?
• Do you have the financial benchmarks to learn how your company compares to industry averages?
• Are you familiar with the SEMA Education Institute (SEI) and its free content available to SEMA members?
• Do you know that SEMA has a classifieds section that lists positions available at SEMA-member companies and lists people who are looking for positions?
• Do you know which SEMA staff person to contact by department?
• Do you know that SEMA has benefit partners who provide business resources and solutions such as business insurance, shipping, credit-card payment processing, a consumer credit-card program and an online pay-per-buyer program for SEMA members?
• Do you know which councils and committees are right for you and your company?
• Do you want to know how to volunteer or get more involved in the industry?

If you visit SEMA.org, you can find answers to all these questions and much, much more.

SEMA’s Mission…

...is to help our members’ businesses succeed and prosper. Our members are the producers and marketers of specialty-equipment products and services for the automotive aftermarket.

We Will Do This By:

• Proactive leadership in our industry to help it expand domestically and worldwide.
• Delivering programs, activities and information in response to the ongoing and emerging needs of our members.
• Emphasizing education to help members focus on and achieve acceptable world-class quality standards.
• Legislative and regulatory advocacy.
• Producing the industry’s leading trade show.

SEMA has programs and services whose sole purpose is to help its member companies succeed. SEMA’s goal is to be the go-to resource for its member companies and would like more of its members to take advantage of the resources available. For a complete listing of SEMA member benefits, visit www.SEMA.org/benefits. If you want to know how SEMA can help you and your company, call the SEMA customer service team at 909-610-2030, or e-mail member@sema.org.

SEMA News—May 2015

2015 SEMA Membership Directory Printed and Online

The May issue of SEMA News magazine doubles as the annual SEMA Membership Directory, and SEMA encourages you to keep this copy on your desk throughout the year to use as your reference tool in locating SEMA-member companies.

The membership directory is also available online. The online membership directory is continually updated to include new SEMA members. In addition, the online version of the membership directory lists members’ staff personnel, and you can contact them via e-mail through your MySEMA account.

If you don’t already have a MySEMA account, it’s no problem. If your company is a SEMA member, just ask your company’s SEMA contact to add you to your company’s profile. The person(s) listed under “Company Contact” on the bottom right of your company’s online directory listing has the ability to add employees to your company’s record.

It’s important to register through your Company Contact to ensure that you are tied to your company’s record and will have free access to benefits such as research reports and webinar downloads. You will use your company e-mail address to access your MySEMA account.

If your company is not a SEMA member, you can still register for a MySEMA account by logging into my.SEMA.org/login and clicking on “Register Now.” While you won’t have access to free SEMA membership benefits, you will be able to access resources such as research reports and webinar downloads for a fee.

SEMA.org – Gateway to Information

Information and resources are at your fingertips at www.SEMA.org. For instance:

• Did you know that SEMA was called the “Speed Equipment Manufacturers Association” when it was formed in 1963?
• Do you want to know who is currently serving on the SEMA Board of Directors or how to reach them?
• Do you want to locate a back issue of SEMA News magazine or SEMA eNews, the association’s weekly electronic newsletter?
• Do you want to know which current legislative initiatives that could affect SEMA-member companies are on SEMA’s government affairs department’s radar?
• Do you have the financial benchmarks to learn how your company compares to industry averages?
• Are you familiar with the SEMA Education Institute (SEI) and its free content available to SEMA members?
• Do you know that SEMA has a classifieds section that lists positions available at SEMA-member companies and lists people who are looking for positions?
• Do you know which SEMA staff person to contact by department?
• Do you know that SEMA has benefit partners who provide business resources and solutions such as business insurance, shipping, credit-card payment processing, a consumer credit-card program and an online pay-per-buyer program for SEMA members?
• Do you know which councils and committees are right for you and your company?
• Do you want to know how to volunteer or get more involved in the industry?

If you visit SEMA.org, you can find answers to all these questions and much, much more.

SEMA’s Mission…

...is to help our members’ businesses succeed and prosper. Our members are the producers and marketers of specialty-equipment products and services for the automotive aftermarket.

We Will Do This By:

• Proactive leadership in our industry to help it expand domestically and worldwide.
• Delivering programs, activities and information in response to the ongoing and emerging needs of our members.
• Emphasizing education to help members focus on and achieve acceptable world-class quality standards.
• Legislative and regulatory advocacy.
• Producing the industry’s leading trade show.

SEMA has programs and services whose sole purpose is to help its member companies succeed. SEMA’s goal is to be the go-to resource for its member companies and would like more of its members to take advantage of the resources available. For a complete listing of SEMA member benefits, visit www.SEMA.org/benefits. If you want to know how SEMA can help you and your company, call the SEMA customer service team at 909-610-2030, or e-mail member@sema.org.

SEMA News—May 2015

2015 SEMA Membership Directory Printed and Online

The May issue of SEMA News magazine doubles as the annual SEMA Membership Directory, and SEMA encourages you to keep this copy on your desk throughout the year to use as your reference tool in locating SEMA-member companies.

The membership directory is also available online. The online membership directory is continually updated to include new SEMA members. In addition, the online version of the membership directory lists members’ staff personnel, and you can contact them via e-mail through your MySEMA account.

If you don’t already have a MySEMA account, it’s no problem. If your company is a SEMA member, just ask your company’s SEMA contact to add you to your company’s profile. The person(s) listed under “Company Contact” on the bottom right of your company’s online directory listing has the ability to add employees to your company’s record.

It’s important to register through your Company Contact to ensure that you are tied to your company’s record and will have free access to benefits such as research reports and webinar downloads. You will use your company e-mail address to access your MySEMA account.

If your company is not a SEMA member, you can still register for a MySEMA account by logging into my.SEMA.org/login and clicking on “Register Now.” While you won’t have access to free SEMA membership benefits, you will be able to access resources such as research reports and webinar downloads for a fee.

SEMA.org – Gateway to Information

Information and resources are at your fingertips at www.SEMA.org. For instance:

• Did you know that SEMA was called the “Speed Equipment Manufacturers Association” when it was formed in 1963?
• Do you want to know who is currently serving on the SEMA Board of Directors or how to reach them?
• Do you want to locate a back issue of SEMA News magazine or SEMA eNews, the association’s weekly electronic newsletter?
• Do you want to know which current legislative initiatives that could affect SEMA-member companies are on SEMA’s government affairs department’s radar?
• Do you have the financial benchmarks to learn how your company compares to industry averages?
• Are you familiar with the SEMA Education Institute (SEI) and its free content available to SEMA members?
• Do you know that SEMA has a classifieds section that lists positions available at SEMA-member companies and lists people who are looking for positions?
• Do you know which SEMA staff person to contact by department?
• Do you know that SEMA has benefit partners who provide business resources and solutions such as business insurance, shipping, credit-card payment processing, a consumer credit-card program and an online pay-per-buyer program for SEMA members?
• Do you know which councils and committees are right for you and your company?
• Do you want to know how to volunteer or get more involved in the industry?

If you visit SEMA.org, you can find answers to all these questions and much, much more.

SEMA’s Mission…

...is to help our members’ businesses succeed and prosper. Our members are the producers and marketers of specialty-equipment products and services for the automotive aftermarket.

We Will Do This By:

• Proactive leadership in our industry to help it expand domestically and worldwide.
• Delivering programs, activities and information in response to the ongoing and emerging needs of our members.
• Emphasizing education to help members focus on and achieve acceptable world-class quality standards.
• Legislative and regulatory advocacy.
• Producing the industry’s leading trade show.

SEMA has programs and services whose sole purpose is to help its member companies succeed. SEMA’s goal is to be the go-to resource for its member companies and would like more of its members to take advantage of the resources available. For a complete listing of SEMA member benefits, visit www.SEMA.org/benefits. If you want to know how SEMA can help you and your company, call the SEMA customer service team at 909-610-2030, or e-mail member@sema.org.

SEMA News—May 2015

2015 SEMA Membership Directory Printed and Online

The May issue of SEMA News magazine doubles as the annual SEMA Membership Directory, and SEMA encourages you to keep this copy on your desk throughout the year to use as your reference tool in locating SEMA-member companies.

The membership directory is also available online. The online membership directory is continually updated to include new SEMA members. In addition, the online version of the membership directory lists members’ staff personnel, and you can contact them via e-mail through your MySEMA account.

If you don’t already have a MySEMA account, it’s no problem. If your company is a SEMA member, just ask your company’s SEMA contact to add you to your company’s profile. The person(s) listed under “Company Contact” on the bottom right of your company’s online directory listing has the ability to add employees to your company’s record.

It’s important to register through your Company Contact to ensure that you are tied to your company’s record and will have free access to benefits such as research reports and webinar downloads. You will use your company e-mail address to access your MySEMA account.

If your company is not a SEMA member, you can still register for a MySEMA account by logging into my.SEMA.org/login and clicking on “Register Now.” While you won’t have access to free SEMA membership benefits, you will be able to access resources such as research reports and webinar downloads for a fee.

SEMA.org – Gateway to Information

Information and resources are at your fingertips at www.SEMA.org. For instance:

• Did you know that SEMA was called the “Speed Equipment Manufacturers Association” when it was formed in 1963?
• Do you want to know who is currently serving on the SEMA Board of Directors or how to reach them?
• Do you want to locate a back issue of SEMA News magazine or SEMA eNews, the association’s weekly electronic newsletter?
• Do you want to know which current legislative initiatives that could affect SEMA-member companies are on SEMA’s government affairs department’s radar?
• Do you have the financial benchmarks to learn how your company compares to industry averages?
• Are you familiar with the SEMA Education Institute (SEI) and its free content available to SEMA members?
• Do you know that SEMA has a classifieds section that lists positions available at SEMA-member companies and lists people who are looking for positions?
• Do you know which SEMA staff person to contact by department?
• Do you know that SEMA has benefit partners who provide business resources and solutions such as business insurance, shipping, credit-card payment processing, a consumer credit-card program and an online pay-per-buyer program for SEMA members?
• Do you know which councils and committees are right for you and your company?
• Do you want to know how to volunteer or get more involved in the industry?

If you visit SEMA.org, you can find answers to all these questions and much, much more.

SEMA’s Mission…

...is to help our members’ businesses succeed and prosper. Our members are the producers and marketers of specialty-equipment products and services for the automotive aftermarket.

We Will Do This By:

• Proactive leadership in our industry to help it expand domestically and worldwide.
• Delivering programs, activities and information in response to the ongoing and emerging needs of our members.
• Emphasizing education to help members focus on and achieve acceptable world-class quality standards.
• Legislative and regulatory advocacy.
• Producing the industry’s leading trade show.

SEMA has programs and services whose sole purpose is to help its member companies succeed. SEMA’s goal is to be the go-to resource for its member companies and would like more of its members to take advantage of the resources available. For a complete listing of SEMA member benefits, visit www.SEMA.org/benefits. If you want to know how SEMA can help you and your company, call the SEMA customer service team at 909-610-2030, or e-mail member@sema.org.