April 27, 2021 4 minutes to read ∙ 800 words

Stop Cyber-Extortionists from Stealing Your Files

By Wells H. Anderson

Every week headlines announce another data breach exposing thousands if not millions of records. While the mega-companies make the news, thousands of small businesses privately suffer from unpublished break-ins.

Every week headlines announce another data breach exposing thousands if not millions of records.

Every week headlines announce another data breach exposing thousands if not millions of records.

Getty Images

Criminals have automated their attacks, combing the web for security flaws through our Internet connections. They target our in-boxes with urgent, deceptive e-mails.

It is not enough to follow the well-publicized security practices. They are essential to prevent common viruses but are no match for ever-evolving new threats. News reports characterize almost every new attack as “highly sophisticated.” What that really means is that the crooks have found ways around the standard defenses.

Basic Defenses

You already know the basics:

  • Antivirus software continually updated to stop garden-variety viruses.
  • Firewall to lock the doors and windows of your Internet connection.
  • Common sense and impulse control to avoid clicking on oh-so-convincing links in counterfeit e-mails.
  • Education in the tricky ways that thieves entice you to CLICK HERE!
  • Prompt installation of updates to your operating system, software, web browsers, and devices.

Unfortunately, these basic defenses fail on a regular basis.

Businesses already have antivirus protection and firewalls. Cybercriminals still break in, steal files, and demand exorbitant extortion payments.

How does that happen?

The crooks study the standard defenses. They constantly probe our Windows operating systems, network devices, and websites for undiscovered and unpatched security flaws.

They change their viruses several times an hour so that standard antivirus products’ hourly updates cannot keep up. They find a hole, bust in, and steal our files.

How can we block these new attacks from stealing our client files?

Two new approaches to the problem of data breaches can fill gaps in our traditional defenses: website filtering and continuous computer monitoring.

Website Filtering

Website filtering or DNS filtering can prevent malware from “phoning home.” The Domain Name System (DNS) is essentially a collection of “phone books” for the Internet. For cybercriminals and their bots to send your files somewhere, they need to use a Domain Name or IP Address contained in the DNS.

A DNS filter watches all the incoming and outgoing traffic from your computers. It constantly updates its directory of malicious websites and IP addresses. The DNS filter can protect your files by blocking any upload intended for one of these addresses.

Attackers may be able to break into your computers but will not be able to upload your files to any of the known malicious locations.

DNS filtering is particularly effective against bots that constantly roam the Internet, testing every connected computer for vulnerabilities. They may succeed in stealing files from some compromised computers. But their initial exploits can be detected after the fact and reported to the DNS filtering companies. Once that happens, the formerly successful bot can no longer steal files from other potential victims who have DNS filtering in place.

Examples of DNS filtering services include WebTitanCisco Umbrella, and Webroot Crime Blocker. [Disclosure: Webroot Crime Blocker and Huntress (discussed below) are sold by the author’s company.]  

Continuous Computer Monitoring

Cybercriminals constantly hunt for new flaws and vulnerabilities. They invent sophisticated new ways of stealing files.

In response, cybersecurity companies have developed electronic “watchdogs” that can constantly patrol your computers, looking for anything suspicious.

These providers of endpoint detection and response (EDR) services assume that we cannot anticipate the nature of all new malware created by cybercriminals.

EDR services can continuously monitor inside each computer for unrecognized files and registry entries in the myriad places where malware can hide. They are not looking for specific virus signatures. They look for anything in a location that could be exploited by cybercriminals.

The locations monitored by EDR services contain lots of normal files and data. When something new appears, the EDR system phones home to a security operations center for analysis. If their automated review cannot confirm it is harmless, human experts analyze what was detected.

When EDR security operations centers identify potential threats in customer computer systems, reports are sent to the customers. They may have their own staff respond to the threats or use outside security services to deal with them.

Examples of EDR services include Huntress, Cybereason Defense Platform, and Falcon Platform.

Multiple Layers of Defense

As you can see, protecting your confidential client files requires more layers of defense than traditional antivirus software and firewalls. Those necessary layers have not stopped ransomware and other malware from stealing files and demanding extortion payments.

DNS filtering and EDR services are not perfect. No service is. But by adopting multiple defensive layers, you sharply reduce your risks. These additional layers are particularly effective at blocking the theft of your confidential files and data.

Download the PDF of this issue


Wells H. Anderson, JD, is a contributing technology editor of GPSolo eReport and CEO of SecureMyFirm, 952/922-1120, www.securemyfirm.com. We protect small firms from cyber-threats with affordable, multiple layers of defense.

Published in GPSolo eReport, Volume 10, Number 9, April 2021. © 2021 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association or the Solo, Small Firm and General Practice Division.