The Latest IT Solutions to Combat Network Security Risks

Network security is a key element in every organization’s IT infrastructure. The terrifying series of data breaches that affected the world’s largest organizations like Target, Home Depot, and Anthem means that it is time to take your organization’s IT solutions to the next level.

Using the latest IT solutions makes it easier to deal with security threats, which are getting more frequent and more severe. Network security and risk team leaders need to equip themselves with these latest technologies if they want to define and maintain an effective risk management plan.

Cloud Access Security Brokers (CASBs)

A cloud access security broker is a software that acts as a guard. It allows organizations to use both their on-premises infrastructure and cloud-based infrastructure to enforce security policies while the cloud-based resources are being used. This is in response to the extensive use of software as a service (SaaS) by many enterprises.

SaaS apps provide insufficient security options, which can be frustrating for security teams. CASB IT solutions were created to fill the many gaps present in cloud services. CASBs are a chief information security officer’s (CISO) newest weapon to make infrastructure as a service (IaaS) and platform as a service (PaaS) safe for an organization.

Endpoint Detection and Response (EDR)

An effective network security management program detects potential breaches and reacts to the threat quickly. To make this possible, the CISO needs endpoint detection and response applications. EDRs are IT solutions that record events and store them in a database. They use machine learning techniques, behavior analytics, and indicators of compromise (IOC) to constantly search for data breaches, allowing the system to deal with potential attacks before they happen.

User and Entity Behavior Analytics (UEBA)

User and entity behavior analytics analyzes user behavior to monitor security around endpoints, applications, and networks. They use big data such as Apache Hadoop to detect anomalies which could be signals of potential threats. Some UEBA app vendors include Microsoft ATA, Veriato, Preempt, and Darktrace.

Micro-segmentation and Flow Visibility

Once an enterprise system has been attacked, the invaders can move to other systems. To prevent this, micro-segmentation IT solutions are put in place. They make communication flows visible for easy monitoring. Flow patterns can be understood easily using the visualization tool, which also makes policy setting and deviation monitoring effortless.

Deception Technologies

These are IT solutions that are made to thwart a breach by disrupting the attacker’s tools and processes, thereby delaying his activities or stopping the attack altogether. Deception technologies create fake resources, such as cookies, systems, and shares. Once an attack to these fake vulnerabilities is detected, the security team can then take measures to stop the attack.

In 2015, security breaches were up 38% more than in 2014, according to the 2016 Price Waterhouse Coopers Global State of Information Security Survey. The results showed that 91% of enterprises follow a risk-based cybersecurity plan, 69% use cloud-based security solutions, and 59% use big data in their network security efforts.

For your peace of mind, don’t deny your organization these latest IT solutions for combating network security threats. Give IT Authorities a call to see how your network security plan holds up.

4 signs you’re a victim of ransomware

…and the 3 steps you need to take next

The word ransomware conjures images of kidnappers and ransom notes. But that doesn’t quite capture the reality of PC ransomware. In fact, “it’s not always obvious when ransomware is the problem,” says Mike Cobb, director of engineering at data recovery and digital forensics firm DriveSavers.

For example, when ransomware affects a server and the storage connected to it, “the remote user trying to access the shared volume will not have seen the ransom note and the files will no longer open up properly. It will look like corruption to the users and until the system admin looks at the server to see the ransom note all users can be chasing their tails.”

1. A splash screen blocks access

The most obvious sign that you’re infected with ransomware is a splash screen upon startup that prevents you from using the computer and provides instructions on how to pay the ransom to restore access.

If you encounter a screen like this, you’re likely a victim of lock screen ransomware.

2. Files that won’t open

If you are unable to open individual files on your machine and get an error message like one of these, you might be a victim of encryption ransomware:

Windows: “Windows can’t open this file… To open this file, Windows needs to know what program you want to use to open it. Windows can go online to look it up automatically, or you can manually select from a list of programs that are installed on your computer.”

Mac: “There is no application set to open the document… Search the App Store for an application that can open this document, or choose an existing application on your computer.”

3. Odd or missing file extensions

Those letters after the dot at the end of a file name are the file extension. They let your computer know what type of file it needs to read. Common file extensions include .doc, .exe, .pdf and .jpeg.

Files encrypted by ransomware often have extensions that end with something like .crypted or .cryptor. Many times, these files are missing file extensions altogether. In all of these instances, the Finder will display a blank icon for the file type.

4. You’ve received instructions for paying the ransom

If your computer has been infected with ransomware, the hacker responsible will have left payment instructions for you. Remember, the hacker wants you to read these files because their ultimate goal is to get paid, so the files should be somewhat easy for you to find.

Look for .txt or .html files that begin with an underscore (_) followed by clear language in all caps, such as “_OPEN ME”, “_DECRYPT YOUR FILES” or “_YOUR FILES HAVE BEEN ENCRYPTED.” There will be at least one instruction file located in every folder that contains data that has been encrypted by the ransomware.

I’ve got ransomware. Now what do I do?

Cobb emphasizes that you shouldn’t open the instruction files unless you intend to pay the ransom. But the question of whether or not to pay is itself controversial.

Many experts say this should be a last resort, while others, like, Trend Micro’s Christopher Budd say you should never pay a ransom. “Remember, you’re dealing with criminals,” writes Budd in a blog post. “There’s no guarantee you’ll actually get all your files back.”

Here are the three steps Budd says you should follow instead of paying the ransom:

  • Turn off your computer and disconnect it from the internet.
  • Restore from backup if you’ve got one.
  • If that doesn’t work, you can visit Trend Micro’s ransomware resource page for additional help.

This story, “4 signs you’re a victim of ransomware”  by Amy Bennett was originally published by CSO.

Ten CyberSecurity Tips for Small Businesses

Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats. Here are ten key cybersecurity tips for businesses to protect themselves:

1. Train employees in security principles

Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

2. Protect information, computers and networks from cyber attacks

Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

3. Provide firewall security for your Internet connection

A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.

4. Create a mobile device action plan

Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

5. Make backup copies of important business data and information

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.

6. Control physical access to your computers and create user accounts for each employee

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

7. Secure your Wi-Fi networks

If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

8. Employ best practices on payment cards

Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

9. Limit employee access to data and information, limit authority to install software

Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Passwords and authentication

Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.

The FCC’s CyberSecurity Hub at www.fcc.gov/cyberforsmallbiz has more information, including links to free and low-cost security tools.

How does the Florida Information Protection Act of 2014 affect your business?

The internet has forever changed the way people shop for goods and services. Websites are the new shop windows, and we can order anything from pizza to tickets for a play from the comfort of our sofas. This means that every day millions of dollars are being sent electronically around the nation, and information such as credit card numbers, their expiry dates and a vast amount of personal data is stored on servers all over the world. Doctors and clinics even store patients’ health records electronically, and it is vital that customers feel confident this data is being protected.

After all, this information is worth a great deal of money to criminals and malicious hackers. With your social security details or driver’s license number, a criminal can steal your identity, clear out your bank account, and cause a great deal of damage to your identity. Intel estimates the likely annual cost to the global economy from cybercrime is more than $400 billion and growing.

Your customers need to be able to trust you with their vital data, and you need to do everything you can to keep it safe. Many states are bringing in legislation to ensure that the protection of customer data. One of the most important stipulations of such laws is that businesses must notify customers when data has been breached, so that they can take appropriate action to protect themselves.

Few would deny that consumers have a right to be informed when data is lost or stolen. Mandatory notification ensures customers discover which organizations have poor data breach records. Such laws also encourage businesses to improve their data handling practices at all levels and to protect themselves from cybercrime.

The Florida Information Protection Act of 2014 (“FIPA”) became effective on July 1, 2014. This obligates businesses and government entities that keep and use the data of individuals to take measures to protect it, and to provide notice of any IT breaches.

This law means that Florida now has some of the strictest breach notification statutes in the nation.

How does it affect you as a business owner?

What FIPA requires:

  • Personal information is defined as customers’ names in combination with health insurance, medical or financial information, and includes online account information.
  • A business has a 30-day notice period in which it must warn affected customers of a data breach.
  • Third-party agents of covered entities that have a breach must notify the covered entity no later than ten days after the discovery of the breach.
  • A business must notify the Florida Department of Legal Affairs within 30 days if more than 500 Florida residents are affected by the breach.
  • Businesses and state agencies have to take measures (encryption for example) to protect data and ensure records are disposed of via shredding, erasing or modification so that they are undecipherable.
  • Any failure to provide customers with notice of a breach is liable for a civil penalty for each breach of up to $1,000 per day for the first 30 days, and $50,000 for each subsequent 30-day period for up to 180 days. State governmental entities are subject to notification requirements rather than civil penalties.
  • Any violations of FIPA are treated as deceptive trade practices.

Failure to follow these FIPA regulations, you could end up in legal hot water for negligence,  breach of contract, unjust enrichment, and restitution, and breach of fiduciary duty to sue for damages caused by data breaches.

FIPA for health care agencies

Due to the very personal nature of information healthcare providers and clinics hold about their patients, data breaches are treated very seriously. As such there are already relevant federal laws in place, such as the Health Insurance Portability and Accountability Act (HIPAA). HIPAA-covered businesses such as doctors and dentists are already familiar with the concepts of appropriately encrypting personal information and de-identifying personal information. However, under FIPA, if you want to avoid sending notice of a potential breach, you are required to consult with a law enforcement agency to determine whether information has been compromised.

Securing a business does involve costs, of course, but not protecting your organization appropriately could cost you your clients, your reputation and maybe even your entire business. You need to put in place a breach response plan and assess your internal compliance, to ensure you are capable of meeting the new, shortened response times required by FIPA.

How to comply with FIPA

If you have not already, you need to update all of your policies and procedures to address areas where FIPA requires you to meet additional requirements regarding breach notification and investigation. You also need to revise any agreements and staff policies to reflect new requirements such as 30- or 10-day reporting. It is also a good idea to update your policies for identifying data breaches and notifying customers and check that only proper methods are being used for the destruction of data.

Finally, review your liability policies to find out to what extent you are covered in the case of a data breach. As costs of data breaches rise, some insurers will not cover them anymore. You may need to get a separate cyber-liability policy on your insurance.

If you have any questions about the new FIPA law or about how you can improve your IT security and prevent data breaches, get in touch with the experts at IT Authorities and we can tell you more.

What is Ransomware and how do I defend against it?

What is Ransomware?

Ransomware is a category of malware that demands some form of compensation, a ransom, in return for data or functionality held hostage. For instance, ransomware might change Proxy settings in a browser to limit web use, making it difficult to find a solution to remove a computer virus. Typically, the ransomware is spread through a computer worm that enters through an email or network vulnerability. The ransomware can also encrypt a user’s personal files and documents in order to hold them hostage until the user pays the attacker and receives a key code from them releasing the hold on their computer.

Ransomware can also pretend to be an antivirus program, telling the user that their computer is infected with malware, and then directing the user to purchase the program in order to fix the issues. This rogue security software may actually even pretend to scan the user’s computer for viruses and find many issues. However, the issues will be bogus and there will be nothing to solve by paying the ransom, except the hope that maybe the attacker will remove the ransomware from the user’s machine. Because ransomware can be difficult to defeat, it is strongly advised that users create regular backups of their important data and files so that they are less vulnerable to extortion.

The most current version of ransomware is CryptoWall.3.0. It is distributed via emails with ZIP attachments with .exe files that appear to be PDF files. These fake PDF files are disguised as business communications such as purchase orders, bills, invoices or complaints. When a user double-clicks on the “PDF” it begins infecting the computer with the CryptoWall infection and installs the malware files in folders on the computer. From that point, it will scan the all of the computer’s drives, including shared network drives and removable drives. After scanning the computer, the infection will delete any Shadow Volume Copies to make sure these files can’t be used to restore the computer.

How can I defend against Ransomware?

The first and best defense against this is awareness. To reduce the risk of your computer files being encrypted you need to ensure good cyber security – this includes learning about current dangers and training all users not to open suspect emails and open dangerous downloads.

Along with educating yourself, your computer needs to be kept up to date and all vulnerabilities in the operating system and software kept ‘patched’.

We recommend you:

  • Do not download or open any unknown files that are attached to an email; they could be viruses. If you are unsure, err on the side of caution, and do not open the attached files. Important: If you must download an attached file to an email, make sure to save it and scan it for viruses before you open it.
  • Install, update and use anti-virus software
    Most forms of ransomware are detected by anti-virus programs, so it pays to have up to date software on your computer. Check that you have paid for a subscription and have downloaded the latest virus definitions.
  • Backup Everything
    It is essential that you make routine backups in case your computer cannot be cleaned, and you need to perform a system restore or rebuild. Note that CryptoLocker also targets USB drives or network shares attached to an infected computer so be careful where you store your backups.
  • Update Everything
    Check Microsoft Security Bulletins and ensure your systems are fully patched against known vulnerabilities.
  • Alert others to prevent more attacks
    Please tell colleagues, friends and family who could be impacted by a ransomware infection about ways to protect their data.

Small business owners should ensure staff are aware of this latest cyber threat and that they understand how to verify the sender of any emails with attached files and do not always open them routinely without pausing to think before clicking.

Consider limiting employee access to network drives and sensitive files. Double check that your backup process is genuinely working and cannot infect the network. Double check machines have working anti-virus software and are up to date.

What do I do if my computer is infected?

If the CryptoLocker ransomware screen appears it is important to try and limit the impact of the file encryption process:

  • Disconnect your computer from the internet immediately by removing your network cable or turning off the wireless connection
  • Disconnect any USB storage devices or network shares and turn off any cloud backup services.
  • If you have disabled the virus and cleaned up your machine, try to restore files either from your own backup process or device or using Shadow Volume Copies, available on Windows machines from XP onwards.
  • You could use System Restore if confident the infection has been cleaned up or contact IT Authorities for assistance and advice.
  • Note: there is no known way to retrieve the Cryptolocker private key without paying the ransom or decrypting the files without this key.

Utilizing a Managed Services Provider can ensure that your systems are patched and up to date. Contact  one of our experts at IT Authorities who can answer any questions and even arrange for a no obligation IT assessment for your company.

Has the daily chore of maintaining your network become a full time job?

There are few more satisfying things you can do in life than to run your own business. The process of building a company from the ground up, offering your skills and services to customers, and providing your staff with employment is highly rewarding, but it can also be extremely stressful. You’re always watching your bottom line, and worrying about cash flow.

As technology plays a bigger role in day to day business, chances are that IT has become one of your biggest expenses. The speed of technological innovation means new software and hardware is launched daily, and if you don’t keep up, you could end up losing out to competitors.

Downtime = Stress

IT can be a huge source of stress, too. When it isn’t working properly, your business faces downtime until things are fixed. And there are so many things that can go wrong with your IT that dealing with them can quickly take up time that you can’t afford to give up. Viruses, malware, drive failures, and bad internet connections all take up time that you could be using to build your business.

Managed Services to the Rescue

Stop the madness, it doesn’t have to be like this. You can hand over the stress of overseeing your IT to a Managed Service Provider (MSP) who can handle all of your tech needs.

An MSP is an outsourcing company that manages all aspects of IT on behalf of another business. So as a business owner you enjoy improved productivity and security, and more time to attend to your own business without having to worry about your network. Best of all, this work is done for a fixed monthly fee, ensuring your IT budget is both predictable and cost-effective.

The alternative is a break/fix solution, in which you call an IT company when something goes wrong. While you’re waiting for them to show up, you’re losing valuable work time. Additionally they are incented to fix the problem not find the root cause of the issue.

IT uptime = Less Stress

There are many reasons why computers start running slowly, and when they do, you’re losing money. Your staff can’t be as productive, work hours are lost and, in some cases, you end up losing clients. Your MSP’s primary job is to make sure your network is running at the best speed possible at all times. They reduce the chore of maintaining your network by monitoring your systems 24×7  and ensure they are free of spyware and viruses, and they can also apply all the necessary upgrades and patches. What’s more, as you have experts overseeing your computers, they are proactive and fix problems before they grow and cause frustrating and expensive downtime.

Reduced Staff costs = Increased Profits

When a company gets to a certain size, the daily chore of maintaining IT systems becomes a full-time job. Utilizing an expensive in-house engineer is not the best use of their time. By contacting an MSP you’ll have a whole team of people, all experts in different areas, working for you. They can supplement the work of your IT team or take over if you don’t have the budget for new employees. Additionally, as your business grows you reduce the cost and hassle of hiring new IT staff.

Enhanced Security

With an experienced MSP provider overseeing your network, you can be sure that your IT is secure and protected with updated virus protection, regularly patched hardware and monitored networks. With data breaches and compliance violations in the news every day, security has gone from a second thought to a vital part of your IT concerns. If you lose data, you could end up facing costly legal repercussions, not to mention losing customers and your hard-earned reputation. Your managed service provider can also help you put together a business continuity and disaster recovery plan so that you are up and running again quickly if your systems are breached or brought down by a failure.

If you’d like to learn more about the benefits of utilizing Managed Services, talk to one of our experts at IT Authorities? We can answer your questions and even arrange for a no obligation IT assessment for your company.

Think you are too small to be a target of a Data Breach?

It seems that data breaches are rarely out of the news these days. Last year’s high-profile Sony hack resulted in film budgets, stars’ and executives’ salaries, and some embarrassing email exchanges being made public. More recently, the media has been having a field day with the Ashley Madison hack. The website, whose slogan is “Life is short. Have an affair”, was compromised and the email addresses of millions of its users leaked, leading to reports of ruined relationships and broken marriages.

Of course, data breaches of this magnitude are always going to make for good old-fashioned, scandalous copy, but the really scary part is that if hackers can penetrate a giant corporation such as Sony, or a smaller but still supposedly highly secure company such as Ashley Madison, where does that leave the average small or medium-sized business? Don’t think that just because you only have 50 employees and you don’t store incendiary data such as the email addresses of philandering spouses you’ll be able to fly under a hacker’s radar, because you won’t.

Why small and medium-sized businesses need to worry about security too

Your organization might be small, but you are still potentially sitting on a pot of gold in the eyes of a cyber criminal. Do you take credit card payments from your customers? Do you have a database of client names, addresses, and bank details? Are you a healthcare provider who stores a mass of highly personal patient information? Just because your customers or patients aren’t Hollywood royalty or possible targets for blackmail, a cyber criminal faced with your data will still have dollar signs flashing in his eyes. After all, there are big bucks to be made from plundering your customers’ bank accounts or stealing their identities.

The aftermath of your organization’s data being breached

As a savvy business owner, the first question that may spring to mind upon discovering your data has been breached is “how much is this going to cost me?” And the bad news is that the expenses incurred by a data breach can be significant. You may be affected in ways, and by regulations, that you have never considered. Just take a look at the following money-sapping factors:

  • Compulsory forensic examination – if you accept card payments, and it is suspected that your data has been breached, regulations set by the Payment Card Industry Data Security Standard (PCI DSS) state that you must be investigated. This examination determines whether or not a breach has occurred and, if one has, how serious it is. Not only will your Point Of Sale system probably need to be shut down, but you are also responsible for hiring the examiner yourself.
  • Non-compliance penalties – if you have been breached and you are not found to be compliant with the PCI’s standards, you will be held liable. You may incur fines from both the card associations and your bank.
  • Letting your customers know – it’s not a pleasant task by any means but, if information about your clients or patients has been breached, you will need to let them know. Notification letters will need to be sent and you may well find your resources – both human and financial – severely stretched as you enter into ongoing correspondence with these quite rightly concerned individuals.
  • Customer/patient lawsuits – if any of the cards owned by your customers have been used to make fraudulent purchases, and a customer decides to sue you, you could be held liable if a court of law decides that you were negligent. In addition to this, you may be held responsible for paying the bank fees for the reissuing of compromised cards.
  • Technology upgrade – if your Point Of Sale system is found to be the source of the breach, you will want – and may even be required – to upgrade or replace it. Consider the costs involved of overhauling your software, hardware, and even servers.
  • PCI DSS compliance reassessment – finally, so that you can start accepting payment by card once more, you will need to be reassessed by an independent Qualified Security Assessor.

While that is quite some list – and one which could leave you seriously out of pocket – unfortunately that is not all you have to be worried about, for the non-financial aspects of a data breach can be equally, if not even more, devastating.

  • Damage to your reputation – your customers and patients trust you to handle both their card details and their personal information in a secure fashion. Suffering a data breach – whether the root cause was internal or external – can result in your customers’ faith in you diminishing drastically. They gave you their data. You lost it. It’s as simple as that in their eyes, and many of them will think twice about using your services or buying your products again. Also, don’t think that just because you’re a small business or practice you can sweep the news under the carpet and that – financial issues aside – it will soon be yesterday’s news, for no news travels faster than bad news. It only takes a couple of worried, or downright angry, comments on your company’s Facebook page for the news of your breach to spread like wildfire. And once the word is out, it will stay out, thanks to the internet.
  • Damage to your productivity – as we mentioned earlier, dealing with a data breach and its aftermath is a time-consuming affair. You’ll suddenly be plunged into a nightmare scenario of appeasing customers or patients, dealing with examiners, paying fines, juggling finances, and praying that your business can weather the storm. Normal operations will have to take a back seat, for you and your managers at least, while you try and contain the damage.

The good news is that you can (and should) attain compliance with your industry’s regulations, and you can prevent a data breach by implementing advanced security solutions. You may not be as high profile as Sony, but you’re well known to your customers, so don’t become the next victim of a hack attack. Talk to the experts at IT Authorities today and stop playing Russian Roulette with your livelihood.

Think twice before jailbreaking your iPhone

The malware only affects jailbroken devices, but if you get pwned, hackers can not only peek your password but also make App Store purchases without your permission.

The research team at Palo Alto networks is calling this scary new iOS malware KeyRaider. It works through the wildly popular Cydia app which makes it easier to download and manage apps on jailbroken iPhones. Once a user’s been compromised, the malware starts intercepting iTunes traffic and hijack all kinds of data. According to Palo Alto Networks, “KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.”

Weird App Store behavior is actually how the malware was first discovered. After seeing multiple reports of unauthorized App Store purchases, a student from Yangzhou University in China looked at the jailbreak tweaks the affected users had installed and notice that one tweak was uploading user data to a mysterious database. After gaining access, they found over 250,000 entries that turned out to be Apple accounts, including passwords and other credentials. Palo Alto Networks did further research and found that the tweaks were designed to help users download non-free apps and make in-app purchases without paying.

It gets worse. While it’s unnerving to realize that a hacker can buy apps with unsuspecting users account, KeyRaider can also be used to remotely lock a device and hold them for ransom. Palo Alto Networks explains:

It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered. Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Because of this functionality, some of previously used “rescue” methods are no longer effective.

This malware has infected a lot of users, but again, it only works on jailbroken phones. (Most of the affected users also appear to be located in China.) So if you haven’t jailbroken your iPhone, you should be fine. Let this serve as yet another warning that jailbreaking your phone might make it fun to change around your app icons or install bootleg apps or whatever. But it’s also a great way to expose yourself to malware. Beware.

Source: GIZMODO