Ransomware: how to know where it was sent in your company!
Ransomwareis big in the news these days, but what is it exactly?
A ransomwareis a malicious softwarethathijacksyour data.To do so,theransomwareencrypts the dataand then asksthe ownertosend moneyin exchange forthe key that will allow you todecrypt your files.
Your users receive an email. They download the attachment (ZIP) out of habit, and then, everything goes wrong! Here you are with encrypted files everywhere and you do not know who is the origin of the infection!
Let’s see how AUDIT4MAIL is going to help you find out in just a few clicks who received the ransomware in your company.
Go to the Helpdesk module, in the “e-mails” section. You use the search module by e-mail address, by subject, by date, depending on the information you have gathered so far on the ransomware.
Once you have identified the suspicious e-mail, you can visualize already some key information:
– Date and time the e-mail was first received in the company
– List of the people who received it internally
By right-clicking of the external e-mail address, sender of the ransomware, a menu is displayed that allows you to go further in the analysis.
Then click on “go to dashboard”
This dashboard, filtered on the suspicious e-mail address, is going to give you many details on the activity of the ransomware within the organisation. For exemple the total number of infested internal e-mail addresses, and the list of the employees who received the ransomware in their inboxes.
The relations graph
Through the relations graph you get a visual representation of the ransomware’s activity in the company. It’s easy to share with management and the various heads of departments.
AUDIT4MAILis a messaging intelligence tool. The dedicated module for IT and administrators provides many useful information about the e-mail system.
It is a realsupport for your helpdeskwithdifferentvisualisationsof yourmessaging infrastructure.
With AUDIT4MAIL your IT can:
– Check the evolution of the email’s server volumetry (number, size, attachments, …)
– Anticipate the servers / network bottlenecks.
– Collect metrics before changing the messaging system.
– Check the volumetric evolution by email users.
– Detect of Internal spammers.
– Measure the adoption of new communication tools (chat, CSR, document sharing).
– Observe the distribution of the devices used. On premise client, web email, smartphone.
– Improve the customer service and the helpdesk processes.
– Enable the billing of the internal email service.
Did you find this tutorial useful? There are many applications of AUDIT4MAIL which are still to be unveiled, please check again our website, or why don’t you subscribe to our newsletter so that you don’t lose any new article?
Our team can support you in many IT security projects. Let’s schedule a live demo and learn more about your challenges.
As in any change management projects, one cannot force the adoption of a new application from the users. Brioche Pasquier knows it well, and has therefore cared precisely for the measurement of the adoption in order to run a smooth and successful migration.
Brioche Pasquier is a synonym for traditional French family breakfast. It is a company with steady growth in its 14 manufacturing plants all based in France. Initially famous for the “Brioches” (French pastry), the groups has since then diversified (luxury cakes, crackers, etc…) through numerous acquisitions.
Key figures 2016
Turnover: 658 mln € per year
production sites: 14 plants in France and 4 abroad.
Groupe Pasquier employs 3200 people throughout the world. When the company decided – as part of a global change management programme – to implement a new collaborative tool to limit the use of e-mails, the first necessity was to get the state of the art of the mailboxes usage and size in order to dimension correctly the new collaborative communication tool.
With the dashboard from audit4mail it was very easy to visualize the volumes of e-mails sent to the outside, compared to within the employees as well, that share of exchanges was to be migrated to the new internal chat and it was very important for Brioche Pasquier to monitor the usage over time in order to measure the level of adoption.
Albert Coeffard, Head of IT systems at Brioche Pasquier, can confirm the adequacy of the audit4mail solution with the expectation from the company: “We have chosen audit4mail as we found it really easy to use. The tool was proven to be reliable, with good flexibility of the settings and the possibility to create your own specific analysis. And to be honest we placed our trust in the move4ideas team : experienced engineers with good reactivity and ability to foresee evolutions of the platform close to the customers’ needs.”
move4ideas has worked for 5 years already to be a partner of choice for IT departments of large accounts both national and international, on large scale projects such as e-mail system migration and other change management projects, as well customer relationships (for helpdesk and sales teas), and more recently has introduced a module for HR and the measurement of work – life balance.
Founded in 1968 in La Roche-Sur-Yon (Vendée, on the west coast of France), Groupe Atlantic is an industrial group specialized in heating solutions and in continuous growth. Structured in 6 branches, Groupe Atlantic remains true to its roots and continues to design, develop and manufacture most of its products (heaters, radiators, air conditioners) in France.
2016 Key Figures
turnover : 1.3 mln €
Production sites : 16 factories of which 13 are located in France.
Prepare the migration of the email system Lotus Notes to Microsoft office 365
There are many email migration software tools available on the market. Problem with these is that they only deal with the pure migration from old mailbox system to new mailbox system.
The preparation phase or so called pre-migration is usually not included in these tools.
What you need to do during the pre-migration:
Collect data on users and mailboxes
Check and correct the data collected.
Qualify the users and mailboxes to migrate
Create “slots” and how to make them available for the migration.
Development of a custom application to collect the data from the email system. Use of audit4mail to analyse the messaging flows
Nicolas Chauvière, Head of communication systems at groupe Atlantic, tells us about the added value audit4mail has brought to the success of the email system migration project.
Better knowledge about the mailboxes to migrate
“audit4mail gives us a precise state of the art of the messaging usage within the group. Our IT managers can cross the data and consolidate their knowledge with the information collected by the application.”
A financial optimisation
« Groupe Atlantic has experienced a strong growth in the past years. Numerous acquisitions have led us to develop the enterprise messaging. With audit4mail we have been able to identify the mailboxes no longer used. These have not been migrated to office 365 therefore savings on migration tool licences and Microsoft subscription costs have been possible.”
A better user adoption
« We had a large number of mailboxes to migrate, for that reason we couldn’t go for a “one shot” migration. The audit4mail custom application enabled us to constitute groups of mailboxes organized by department or by project, based on the e-mail relationships. The period of co-existence of the 2 e-mail systems has run smoothly. “
CEO email Fraud: audit4mail helps you highlight information.
Transfer order scams have caused over $2.3 billion in damage since 2013, and claimed victims in every U.S. state and in at least 79 countries (figures); at least 17,642 victims (mainly companies) have suffered their disastrous consequences. Some have lost all, or at least part, of their cash flow. And in serious cases, it ended in the windup of the company.
A wire transfer is a financial transaction from one account to another. Once a wire transfer order is accepted by the banking system, it cannot be canceled: it’s irrevocable.
The scam attempt consists in getting a corporate collaborator to execute a transfer order for a seemingly good cause. But, in reality, it’s all for the benefit of a crook. There are two ways they can get in touch with your company: by phone and by email.
By providing the means to conduct a careful analysis of email data, AUDIT4MAIL helps companies avoid getting duped by these clever con artists.
Listed below are the variations these types of scams can take (this list is not exhaustive), how to protect yourself from them, and how AUDIT4MAIL can help you:
The “fake president” scam
In this scenario, a scammer poses as a company executive and tries to convince one of your employees, by email, to perform an urgent and confidential transfer to an account (often based abroad). To do this, the scammer is simply using information about the company and its leaders that they’ve either gathered from the internet or culled from previous telephone conversations with the company.
How to protect yourself:
• Verify the identity of the caller by contacting him again, this time using safe, common details (e.g. those from the corporate directory and not those supplied by the caller), or simply by consulting the “My timeline” interface on AUDIT4MAIL—you won’t regret it.
• Check the email address: Sometimes scammers use addresses that closely resemble the real thing.
For example, they’ll use email@example.com instead of firstname.lastname@example.org. AUDIT4MAIL provides you with an at-a-glance indication if your contact truly is your daily operations partner.
AUDIT4MAIL will automatically distinguish between the two emails by comparing email addresses. You can therefore avoid fraud—and then notify the authorities!
The internal emails (in green) in normal interactions:
The email address of the person trying to steal an identity (in blue):
• Notify your superiors: a well-intentioned person would not ask you to hide information from your managers.
• Respect the separation of powers:
-If you possess the rights to make significant payments alone, you are at risk. Talk to your manager about this (no one should have all three powers of: transfer, entry, and validation for payment).
-The means of authentication and signatures are personal: never entrust them to a colleague, and refuse if a colleague shares theirs with you.
-The separation of roles doesn’t only protect the company, it also protects you.
The “bank details” scam
A scammer leads one to believe there has been a change of bank details of a lessor, a vendor, or any other creditor of the company, for the next rent payment (or any other type of bill). This may seem like a normal pattern in business activity, possibly due to a management consolidation at a group level, a new bank, etc. The scammer then sends back the new bank details by e-mail, the message possessing characteristics very similar to those from the usual contact (e-mail, mail header, etc.).
How to protect yourself:
• Verify the identity of the caller by contacting them again using safe, common details (e.g. those in the corporate directory and not those provided by the caller) during any details change request (email, telephone number, etc.) or when providing new bank account details. Be sure to check AUDIT4MAIL’s “Account panorama” interface in order to verify the caller’s email. And while you’re at it, consider contacting another person from the company to validate the information.
• Use 2 channels for accounts residing abroad (for example, verify identity by both email and telephone number).
•Be suspicious if the new account is located abroad
The ISO country code is found in the first 2 letters of the IBAN, and the 5th and 6th letters of the BIC.
• Cyprus: CY17002001280000001200527600 – BIC: ABKLCY2N
• US: US7630046001290029721519546 -BIC: ABCDUS1N
• FR: FR7630046001290029721519546 -BIC: ABCDFR3N
• Cover your customers’ and suppliers’ bases against computer intrusions.
• Write to your customers to educate about the proper protocol and encourage them to follow the rules.
The “computer” scam
In this scenario, the scammer poses as a technician from the targeted company’s bank’s connectivity service and tries to convince the employee to execute “transfer tests.” They may also impersonate one of the company’s IT service providers and request the installation of software with the secret intent of recovering security information or hacking the company’s computer network.
How to protect yourself:
• Contact your bank’s business manager using the usual contact information in order to verify the identity of any person claiming to be part of their team.
• Refuse remote logins on your PC from any person whose identity is unverified: do not go to a suspect Internet address, do not click on suspicious links, etc.
• Do not perform tests requested by a technician: Do not add third-party accounts and do not commit to transactions or discounts. Never do a transfer test with a higher value than $1, even if it comes from your initiative.
• Never share personal codes with anyone (e.g. numbers generated by your wireless reader, passwords, PIN codes, etc.).
• Protect both your computer network and your PC against intrusions and malware.
In case of fraudulent transfer or suspicion:
1- Warn your hierarchy
2- Contact your bank
3- Contact the police
How Audit4mail can help:
AUDIT4MAIL helps you distinguish your employees’ and partners’ emails from those of scammers via a quick-and-easy interface.