As you are likely aware from our previous updates, security breaches and malware are increasing year over year. The pandemic caused virtual attacks to surge even more, with Microsoft noting at the start of the pandemic that attacks increased eleven times over (https://www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercriminals-behaved-during-the-outbreak/).
One particular type of attack is known as ransomware. In these situations, a hacker uses malware to encrypt someone else’s files, then demands a ransom to restore the data. For businesses that store client or patient information in particular, ransomware can be devastating.
If anyone here has their own servers, we highly recommend contacting your server provider to see what security measures they have in place and ensure you have backups of all your files.
On Matador’s front, we regularly monitor plugins and perform updates, as plugins can be the biggest source of vulnerabilities. In order to provide even more of a safe-guard, we are setting up another server on Amazon Web Services, and for a fee of $450 to cover the labor, can make a copy of your site and have it installed there as well. That way, if either your original server or the Amazon server is attacked, you’ll have a full backup prepared.
Wayne asked me to pass along some information regarding ransomware attacks. He attended a seminar recently and wanted me to alert you all to 5 key takeaways. If you’re not familiar with ransomware, it’s essentially where a third party (generally overseas) hacks into your database and holds all of your information hostage. If you Google “ransomware attacks” you’ll find lots of information online. With the rise in the use of cryptocurrency such as Bitcoin, these attacks are becoming rampant. Below my signature are some links. Here are the takeaways:
1) Make sure your client files have daily backups through your IT vendor that are on non-local servers such as external hard drives. You may want to confirm this with the vendor.
2) Change your passwords frequently.
3) Be very careful with email attachments. Don’t open them.
4) Update your firewalls.
5) If you get attacked, don’t try to negotiate the claim yourself. There are services who handle this.
Regarding your website, we are communicating with WP Engine, AWS, and the other hosting entities to confirm their internal strategies for fighting an attack. More to come on this.
If you have questions, feel free to reach out to Wayne directly at firstname.lastname@example.org