18 minute read
CONTENTS The Business of Business
A Hostage Situation: Are You A Victim or Hero? By Ryan Rindlisbacher
When one thinks of being held hostage or having a ransom demanded for the safe return of some person or valuables, it typically involves some intimate setting. The police are going to follow the suitcase full of unmarked bills and arrest the perpetrators when they attempt to retrieve it; or some government agency sets up camp in your living room waiting for the phone to ring so they can trace the call and locate the criminals across town. All that goes out the window when it comes to ransomware.
Advertisement
In the case of ransomware, the cyber bad guys are not down the road watching your home or business with binoculars, in fact they do not even know who you are. They do not contact you by phone or even email, but you are held ransom. Someone has taken control of your files, often very important and personal files, and there appears to be very little you can do about it. Pictures of a child’s wedding, tax records, customer lists, financial records—all being held trying to motivate you to pay up or live with the files being permanently gone.
One technological advancement that has empowered ransomware to flourish is the invention of Bitcoin. It used to be quite difficult for ransomware creators to collect their bounty. They were forced to have people mail them prepaid visa cards or gift cards. This caused a lot of latency between being infected and getting your data back, assuming you were willing to pay. But around 2008, when Bitcoin was coming into its own, that all changed. The anonymity and speed of Bitcoin transfers make it the perfect method of payment for ransomware thieves. As attacks increase, we are seeing more and more government regulations on Bitcoin, with ransomware as the justification. Bitcoin’s role in ransomware could prove to be detrimental to its anonymous model.
Ransomware is the nastiest (and most lucrative) form of “malicious software,” better known by its contracted name: malware. The people creating malware are well funded. Just one ransomware campaign yielded $325 million USD [1]. The FBI estimates that ransomware generated $209,000,000 USD in the first three months of 2016 and is now over a one-billion-dollar a year crime. With these potential profits, ransomware is not going away.
A survey published last year indicates that cyber-attacks are growing in frequency. With an increase of 40 percent year over year 2 . The survey continued with an astounding 80 percent of executives and cybersecurity experts reporting they had experienced some kind of cybersecurity breach in the past. Can you imagine the public outrage if 80 percent of Americans had been broken into or burglarized! Living in that kind of fear is unfathomable. With over 4,000+ attacks per day, or just under 1.5 million attacks per year in the United States alone, it is not a question of if you will be attacked, but when…but luckily you get to decide how badly it will affect you.
THEY’VE GOT THEIR EYE ON YOU
Running a small business is difficult. Finding the right employees, creating and expanding brand recognition and trying to keep costs down are just a few of the
challenges. Often small businesses lack the knowledge, the funds and the manpower to adequately protect themselves against the inundation of malware. Throw on cyberattacks that can sneak up and threaten the solvency of a business without any warning, and a profitable year suddenly becomes painful and embarrassing as you try to explain to customers why you lost your company’s history. With large firms struggling to stay ahead of cyber criminals and e-extortionists, it should come as no surprise that small businesses are falling prey to their shenanigans. In fact, 43 percent of cyberattacks specifically target small businesses 2 . Large companies and even the United States federal government, with their almost limitless means and resources are struggling to find answers to thwart off malware. Therefore, it is impractical to expect small businesses to be able to adequately defend themselves against such attacks. Microsoft and other operating system designers have tried to enhance security to slow down or stop this barrage and have had varying levels of success. Thus far, there has been no silver bullet. With 89.4 percent of America’s companies being classified as small businesses 3 , nearly 90 percent of the businesses that drive the U.S. economy are
in need of help in defending themselves against an endless barrage of attacks.
Further unsettling is the very government that is designed to help defend against attacks, helping to promote peace, safety and prosperity, has recently said, “Ransomware is that good,” Joseph Bonavolonta, the assistant special agent in charge of the FBI’s CYBER and Counterintelligence Program, told Boston’s Cyber Security Summit. “To be honest, we often advise people just to pay the ransom” 4 . Special Agent Bonavolonta created quite the uproar when he disclosed that there is just not much anyone can do when they have been compromised. You pay up or you run the risk of losing all your precious files. Once you are ransomed, all you have are three options: 1-restore from backups, 2-pay the ransom, or 3-learn to do without.
WHY YOU SHOULD CARE
Attacks are getting smarter and more dangerous. Besides simple files, like pictures, MS Word documents, MS Excel files, etc., various ransomware strains are now seeking out database files and, in some cases, it will even terminate the database process to ensure it can encrypt the files that were in use. They can now effectively attack and encrypt Microsoft Access, Microsoft Visual FoxPro, Microsoft SQL Server, Oracle and MySQL files among other types.
Besides changing their target market, some are trying to expand into portable devices. Typically, ransomware is designed to attack desktop and server computers, but some ransomware strains have been developed to attack cell phones, changing the phone’s unlock pin. They then require a ransom to obtain the new pin. Locking people out of mobile devices could prove to be very financially lucrative since so many people do not backup the photos they have on their cell phones.
OPTIONS
What options do you have if you are hit by ransomware? Basically, just three. Option 1—Restore from a backup. This option is by far the best of the three. With the cost of portable drives (a.k.a. thumb drives, flash drives, USB drives, etc.) being about the price of a cup of coffee, there is no reason to not have a backup of your data. Keep it on your key chain and copy files before you leave the office a couple of times a week. Other backup options, like Google Backup & Sync (formally called Google Drive), Dropbox and Microsoft OneDrive are just a few common options from those available. These services copy your files onto a cloud server potentially keeping them safe in case your office becomes infected. Obviously larger, more expensive backup solutions also exist. With all the different options available, there really is no excuse to not back up your valuable data and files.
Option 2—Pay the ransom. The ransom price varies with some as low as several hundred dollars to as much as $15,000 USD. More often than not, this requires payment through Bitcoin. While many people have taken this route successfully, there are documented cases where the files were never released after the ransom was paid. Remember, criminals are not typically known for upholding their end of an agreement.
But in the majority of cases, the files are released. You must also remember that the criminals have had access to their computers after the files are released and may have left other viruses lurking. Taking good backups (now that you have your files back) and resetting all the computers, including the server(s), back to factory defaults is highly advisable, but also adds to the costs. Option 3—Learn to do without. This is painful. An ounce of prevention (see option 1) is worth more than a pound of cure in this scenario. On principle alone, option 2 should be avoided, but only you can determine the value of the files. Since the e-thugs do not release single files, you have to be prepared to lose all files across your entire network. While often much cheaper than option 2, forgoing all files and starting over also comes with a steep cost.
Possible Option 4-Don’t be a victim in the first place. This option is easier said than done and requires a proactive approach. Company trainings on proper electronic etiquette must be given on a regular basis. Teaching employees how to identify questionable emails and websites or how to open attachments in a protected sandbox goes a long way in avoiding ransomware. But these skills must be refreshed often so new employees don’t miss out. Frequent training also acts as a great reminder to people who have heard it before. In short, if the email looks even a little suspicious, do not click on it! If the attachment is a .rar file or a .zip file, be even more skeptical. Avoid websites that have a questionable reputation.
CONCLUSION
Ransomware, the cancer of software, is growing by leaps and bounds. It is generating impressive income, year over year. Stopping ransomware has proven to be very difficult as it is finding new and creative means of distribution. There is just not much anyone can do once they have been compromised. You pay up or you run the risk of losing all your precious files. Backups can be worth their weight in gold; or should I say, their weight in Bitcoin. But even better is to be prepared! Just being cautious, careful, and thoughtful can save a lot of time, money, and frustration.
7,313x4,625_floor saw_MC570.pdf 1 13.07.2018 10:10:10
Ryan Rindlisbacher is a Ph.D candidate in Computer Science, and holds a Master’s degree in Business Administration and a Bachelor’s degree in Information Technology. He is the managing partner of CSDA member CentalPoint Solutions, LLC based in Herriman, Utah. Ryan can be reached at 801-478-6822 or rhr@cenpoint.com.
References 1 Samani, R. (in press). Ensure your data is not taken hostage: Ransomware remediation strategies for businesses in Oman. Business Today. Retrieved from http://www.businesstoday.co.om/Issues/ Investing-in-health/Ensure-Your-Data-is-Not-TakenHostage-Ransomware-Remediation-Strategies-forBusinesses-in-Oman 2 Selznick, L., & Lamacchia, C. (2018). Cybersecurity liability: How technically savvy can we expect small business owners to be? Journal of Business & Technology Law, 13(2), 2017-253 3 Facts & Data on Small Business and Entrepreneurship. (2017). Retrieved 11/09/2017, from http://sbecouncil.org/about-us/facts-and-data/ 4 Heater, B. (2016). May. PC Magazine, 109-118. Retrieved from http://eds.b.ebscohost.com.proxy1. ncu.edu/eds/detail/detail?vid=0&sid=bf37b4e0- 3171-41d8-be50-51b603127276%40sessionmgr10 2&bdata=JnNpdGU9ZWRzLWxpdmU%3d#AN=114 755999&db=a9h
MID-RANGE
SERVICE SAW MC 570
+ 57 hp Tier 4 Final Motor + Rear Pivot + 4 Speed Gearbox + Up to 42“ Blade
LISSMAC Corporation 356 Hudson River Road, Waterford, NY Phone +1 518 326 9094, sales@lissmac-corporation.com www.lissmac-usa.com
MEET BROKK 70 THE NEW MINI SUPER HERO
See you at World of Concrete 2020 at booth C4547.
Packed with demolition power, faster than ever and extremely compact. The BROKK 70 is the perfect solution for safe and eff icient demolition in very confi ned spaces.
Precision Demolition Solves Time-Sensitive Problem at Energy Plant
CSDA Contractor Generates Solution in Less Than Three Weeks
First Energy’s Springdale Generating Facility in Springdale Township, PA just outside Pittsburgh, is a natural gas facility which generates power for more than half a million homes in the area. Since 2015, renovations have been underway for the generating units which began service in 2003.
As part of the renovation, a concrete foundation pad was installed to support a 150-foot high tension pole. Due to the plant’s proximity to the Allegheny River, the ground is very soft around the facility, so the construction engineer for General Contractor (GC) M. Betters Construction required that the pad be built in layers.
The top layer of the pad was 6.5 feet in diameter and 2-feet, 3-inches tall. This was the base for the pole to stand on. The middle layer is a tall foundation, measuring 12 feet by 12 feet by 4-feet, 3-inches tall. The bottom layer consists of eight 80-foot micro piles into bedrock, 9 5/8 inches in diameter. After the pad was installed, it was discovered that the top layer of concrete never achieved compressive strength. The top layer would have to be removed and replaced without damaging the steel reinforcing and anchor bolts that ran all the way through the base and foundation, or the other two layers of concrete and reinforcement.
In September of 2019, CSDA member Matcon Diamond of Pittsburgh, PA was asked by the GC for input on how to remove and replace the top layer of the pad in a way that wouldn’t impact the reinforcing steel, the two anchor bolts or the rest of the structure. The intent was that once the bad concrete was removed, forms could be set and the concrete replaced without having to touch the anchor bolts, which were already aligned to receive the high tension pole. Additionally, engineers thought it would be prudent to limit the amount and degree of percussive demolition to mitigate any damage to the 12-square-foot slab and micro pilings. Various solutions were discussed with the GC, two of which were dismissed in short order. One of those suggestions was that laborers could use 30# rivet buster hammers to pulverize the top layer. However, that percussive demolition could damage the bolts and be prohibitively costly and time consuming. Hydrodemolition with handheld devices was also quickly dismissed as no hydrodemolition company could guarantee the cost or time it would take to remove all the concrete.
Matcon suggested that they make a horizontal cut with a hand saw 4 inches below elevation from the top of the slab (anticipating that they would cut off no more than 1 inch of reinforcing bars) to a depth of 4 inches. The horizontal cut would be deep enough to expose the reinforcing steel, but not so deep that the anchor bolts would be scored. The next step was to snap the ring piece of concrete off to confirm the location of the vertical reinforcing bars. Next, the Matcon team set a wall saw Matcon was tasked with removing the top layer of the foundation without damaging the lower two layers of concrete and reinforcement, as well as keeping the anchor bolts in place without being damaged.
up on top of the 12 square-foot slab and made 13 vertical cuts to a depth of 27 inches, making sure to align the cuts to protect the anchor bolts and the recently exposed reinforcing steel. Next, they used a chainsaw to chase the cut lines on the outside of the slab where the wall saw blade could not reach. This would achieve full depth cuts at those areas, 26 “finished cuts”. Then, with small percussive hammers (no greater than 30#), operators chipped apart the remaining concrete to the interface of the 12-foot foundation and the newly removed top. Finally, Matcon drilled 12 holes 5/8-inches in diameter to a depth of 12 inches into the foundation for the installation of vertical reinforcing bars. The original plan called for a keyway where the first two layers met. Matcon made it clear to all parties that if the concrete in the keyway was removed, the integrity of the keyway would be questionable. On their advice, the engineers decided to forego the keyway and instead employ 12 vertical reinforcing bars to address any later question or possibility of horizontal sheer. Two days after their demolition plan was approved, September 9, Matcon got to work. They performed 13 wall saw cuts to depth of 2-feet, 3-inches with a Pentruder wall saw with
A laborer clears the surrounding stone away from the foundation to enable the chain saw operator to complete the cuts the outside perimeter to full depth.
blades from Diamond Products and K2 Diamond; 26 chain saw cuts to a depth of 2-feet, 3-inches with a Pentruder chain saw using Max Cut brand chains and 12 hammer drilled holes to depth of 12 inches. Matcon completed their part of the work one week after work commenced, and on September 18 the job was successfully concluded.
With Matcon’s timely response and the diligence of the GC, the total impact to the job was less than a two-week delay. The concrete was replaced shortly thereafter and this time it achieved the required strength.
Matcon Operations Manager Dan Matesic said, “I personally met with the GC on site to see what we could come up with to put this mess to bed. We were chosen for this job because of our history together and our knowledge of and experience with this kind of specialty demolition. The GC told us they were very happy with the results and glad to have been able to show their customer, First Energy, that despite the issues that do indeed sometimes unfortunately result in the course of the construction business, there is no problem that can’t be solved.”
Matcon Diamond showed that seemingly impossible setbacks and problems can often be successfully repaired or tackled with diamond cutting techniques using experienced and professional CSDA contractors. Another happy customer!
REVIEW AND COMMENT ON THIS ARTICLE AT: WWW.CONCRETEOPENINGS.COM
COMPANY PROFILE Matcon Diamond, Inc. is located in Pittsburgh, PA and has been in business since 1985. They have been CSDA members since 1987. Matcon has approximately 20 trucks and 50 employees. They offer a full range of sawing drilling and removal services, along with roadway joint sawing and sealing and concrete replacement. Matcon is a 2017 Concrete Openings Awards winner. RESOURCES General Contractor M. Betters Construction CSDA Cutting Contractor Matcon Diamond Dan Matesic Phone: 412-481-0280 Email: matcon@matcondiamond.com Methods Used Wall Sawing, Hand Sawing, Chain Sawing
GET MORE DONE
ICS is the choice of concrete cutting professionals who seek high-performing, high-quality tools to get more done safely.
ICS along with Merit and Pentruder work to set the standard as a premium provider of industrial cutting solutions. From power cutters and diamond chain to wire, wall, and floor saws, you can expect the best from ICS.
CALL TO ORDER: 800.321.1240 FOR ICS AND PENTRUDER PRODUCTS
Booth O31174
Agreat year is coming to a close, and I would like to use this moment to reflect. In April, I was elected IACDS President. Following Julie White as President will be a difficult challenge. We had a great Bauma, with a very successful Diamond Award Ceremony. The entries were amazing, and we received so many submissions, that it was hard to choose just one winner!
I just came back from India, where the Indian Demolition Association (IDA) has established their own association. I am very grateful and feel honored that I was invited and had the opportunity to represent the IACDS and share our values and work. We are proud that the IDA has applied for membership for the IACDS, please help me in welcoming them! We also welcome back the Austrian association for concrete cutting and drilling (VBS). Twenty-four years ago, VBS was one of the founding members of this association, along with CSDA. Having our silver anniversary next year, I am very proud to have them back as members.
IACDS’ silver anniversary will be celebrated on March 25th and 26th, as part of Bebosa. There will be a dinner March 25 and general assembly on March 26, so, mark the date! Bebosa is a very popular German trade show, which is held every 3 years in Willingen. This will bring international guests from all over the world to Bebosa and underline the importance of
MICHAEL FINDEIS IACDS President
the successful model of the fair. Come and see for yourself. You will find out that this opportunity will be a perfect event to network and exchange with wonderful people from all over the world.
Have a wonderful Christmas time and holiday season.
DITEQ Channel
@diteqcorporation
