What Do I Do if I have CryptoWall or CryptoLocker?

I am surprised how many people are still calling with CryptoLocker problems.   I have gotten three calls in the past two days from people who have had infected/encrypted Cryptolocker files for as long as three months and they are just now dealing with the issue.  At this point in time I am not even sure paying the ransom will work for victims as the CryptoLocker network was taken down a couple of months ago by international law enforcement and with CryptoWall users only have 30 days to comply with the ransom demands.

So what options do you have if you are like these recent callers?

What Do I Do if I have CryptoWall or CryptoLocker?2014-10-13T21:22:18-07:00

HIPAA business associate agreement consultations could be unlawful

Here is a controversial article written recently by Kevin McDonald for TechTarget. ------------------------------------------------------------------------------------------------------------------------------------- Under federal law, the Health Information Portability and Accountability Act (HIPAA) Privacy Rule extends to a class of business entities (i.e., health plans, health care clearinghouses and [...]

HIPAA business associate agreement consultations could be unlawful2020-04-29T22:44:01-07:00

Is Antivirus Software Really Dead?

I am curious what Dye’s definition is for "cyber-attack?" One this is for sure, the motivation of hackers and malware has changed dramatically over the years. The threats are new and different today. Going back in history most malware was related to someone wanting cyber fame, making a political statement or just plain mischievousness. Now with the advent of ransomware, spam mailing bots and

Is Antivirus Software Really Dead?2017-11-13T07:30:06-08:00

Exploring the risky business of cyber insurance and IT services contracts

In my time as a security consultant and managed services provider, I've seen some questionable behavior and attitudes. Prime among them is the common belief in the business community that indemnity offered by cyber insurance and contracts replaces prudent actions [...]

Exploring the risky business of cyber insurance and IT services contracts2020-04-29T22:43:11-07:00

Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?

The best source of information covering this requirement comes from NIST, the National Institute for Standards and Technology.  They have a set of documents that are the standards for many requirements.  There is nothing specific in the NIST guidelines about the end of life for Windows XP, however, the need to provide Flaw Remediation is clear and that is what the X, Office 2003 and Exchange 2003 support requirements fall under.

 For example, NIST Special Publication (SP) 800-531 requires the SI-2, Flaw Remediation security control, which includes installing...

Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?2024-04-21T19:43:10-07:00

Schnuck’s Might Be in Big Security and Insurance Trouble, Can the Same Be in Store for Your Firm?

Is it better to insure than secure?  Maybe not.  You better dust off those old insurance policies that most of us look at all too infrequently.  Schnucks has been notified by their insurance carrier that they don’t plan to cover them for the lawsuits.

The problem that likely exists with your current insurance policy is that they were designed and sold in a pre-Internet era.  Data is not considered....

Schnuck’s Might Be in Big Security and Insurance Trouble, Can the Same Be in Store for Your Firm?2023-08-10T23:36:44-07:00

Is China Attacking Your Business?

Last week President Obama issued another executive order regarding cyber security.  He followed up in his State of the Union speech by talking about foreign actors trying to sabotage our critical national infrastructure and private companies.   The use of executive [...]

Is China Attacking Your Business?2013-02-20T02:06:57-08:00

Beware Of How You Answer Audit Or Assessment Questions

If you are regulated under any of the myriad government and industry regulations from ITAR, FIPS, CLETS and PCI, to HIPAA and Red flags, the process of responding to security, integrity, and availability verification is not a simple exercise. It is more than answering questions in the positive. Polices, procedures and declarations of compliance are contracts with your company, partners, clients and government regulatory bodies. What do I mean?

Beware Of How You Answer Audit Or Assessment Questions2011-04-01T04:20:00-07:00

What Can We Learn From The Disaster In Japan?

Disasters are a horrible thing. We can only hope to never have our lives and loved ones involved first hand. But disasters do happen and almost all of us will experience the pain and misery ourselves at different points in our lives. The key is to mitigate the loss and pain through careful preparation. During a disaster our first concern will be for the safety and protection of those closest to us. Once that is secured, we will all begin the transition back to normal life and work.

I have had many tell me that in a disaster they are not going to care about their servers and the PCs at the office. That is true however, at some point, normal life must return. So how do you do that? You must have a disaster recovery plan in place. It must have several components:

What Can We Learn From The Disaster In Japan?2011-03-15T00:58:00-07:00