Skip to main content
search
0
All Posts By

Solutions IT

Jul 07
ransomware

Ransomware

By Commercial, Company, General

Your how-to guide for protecting yourself against malware.

With the advent of information technology and the internet, came an almost limitless potential for technological advancement and improvements in efficiency in business. Unfortunately, there are two sides to every story. Rapid advancements in technology and how we use the internet have also been accompanied by a host of dangers any internet user would do well to be wary of. This includes malware such as ransomware. Read on to find out some useful tips on how to protect yourself against this malware and limit the risk of losing access to your data.

 

 

What is ransomware?

Malware is a type of software that is specifically designed to get access to or damage your data without your knowledge. Ransomware, in particular, is a type of malware that prevents users from accessing data, by either locking the system’s screen or files. In order to regain access, a ransom has to be paid.

 

More modern versions of ransomware, collectively classified as crypto-ransomware, encrypt certain files, forcing users to make online payments in order to get a decrypt key and restore access to their system.

 

The consequences of becoming a victim of crypto-ransomware and not having the necessary safeguards and mitigation strategies in place are significant. Where small businesses are concerned, such an attack could mean the end of your business.

 

 

Protecting yourself

All is not lost and there are precautions every user can take to limit their exposure to this malware.

 

  • Use and implement proven multi-vector endpoint security

Your first line of defence is the security system you have in place. It is critical that it offers multidimensional protection and prevention against malware, quickly recognising external threats and any suspicious behaviour. A next-generation endpoint security solution is recommended, offering protection beyond file-based threats.

 

  • Prepare for the worst case scenario with robust backup

While next-generation endpoint security is important for your system’s security regime, it is not completely fail-proof and can still fall prey to crypto-ransomware infections. Ensuring you have comprehensive backup together with a business continuity plan that will allow you restore data and minimise business downtime. This entails more than just your standard backing up to an external drive. It should include back up that is located in at least three different locations:

 

  • Main storage area (file server)
  • Local disk backup
  • Mirrors in a cloud business continuity service

 

  • Keep Windows updated

While occasionally tedious, keeping Windows up to date will ensure that a number of infections are instantly ruled out. In addition, you can reduce workload by putting in place a patching routine – a security fundamental.

 

  • Keep all plug-ins up to date

Keeping all third party plug-ins updated to their latest build lessens the likelihood of being exploited by ransomware.

 

  • Use a modern browser with an ad blocking plugin

Modern browsers like Chrome and Firefox are constantly being updated to offer more robust protection. They also give the option to add plug-ins that will make you more secure. Even simply having a pop-up blocker running can offer some protection.

 

  • Disable autorun

Autorun is convenient, however, it is helps malware spread across a corporate environment. Disabling autorun as a policy will bolster your system’s security.

 

  • Disable Windows Scripting Host

VBS are Microsoft scripts used by malware authors to either disrupt an environment or run a process that will download more advanced malware. Disable them completely by disabling the Windows Scripting Host engine.

 

  • Have users run as limited users and NOT admins

This is critical because some current ransomware threats are capable of browsing and encrypting data on any mapped drives that an end user has access to. Therefore restricting the user permissions for the share or the underlying file system of a mapped drive will limit ransomware’s scope for encryption.

 

  • Show hidden file extensions

One way ransomware like CryptoLocker and others frequently arrive is in a file named with the extension ‘.PDF.EXE’ or something similar. If full file extensions are visible such files will be easier to spot and remove accordingly.

 

Coping with infections

Don’t worry if your organisation has unfortunately already been infected. Take the following steps to limit the damage done to your systems:

 

  1. Isolate the PC(s) immediately to stop further infection.
  2. Do not begin re-imaging process until the infection is categorised.
  3. Contact the endpoint security vendor’s support staff to assist you with completely removing the infection.
  4. Check if user data was encrypted as soon as possible.
  5. Alert other employees if this was a targeted attack, or about the threat vector, if appropriate.

 

We hope you have found this brief guide useful and will adopt some of these precautions and general tips to protect yourself and your business from online extortion.

 

Solutions I.T. has been providing Western Australian organisations with a comprehensive range IT solutions since 1999. Our strict adherence to industry best practice, ensures our clients are granted access to the most effective solutions available. For premium IT services, the best-fit technology and excellent customer support, contact our friendly team today.

Nov 10

Solutions IT acquires T4 Technology

By Apple No Comments

Solutions IT, an established WA based System Integration company is delighted to announce the acquisition of T4 Technology.

 

Solutions IT will absorb all of T4 Technology existing business and services providing a seamless transition for existing customers, suppliers and partners.

 

“The investment is part of Solutions IT strategy for further growth and to position the company as a leading supplier of IT services and solutions across Western Australia” Solutions IT CEO, Justin Cantrill said.

 

With local offices in Bunbury and Albany the acquisition allows the company to further strengthen its position as a leading supplier across the South West.

 

About T4 Technology

From humble beginnings in 2003 operating out of a in a small office in Denmark, T4 Technology has grown to be a leading I.T company in the South West providing I.T advice, sales and integration services to a wide scope of clientele .

 

In 2004 the first T4 Technology store opened in Albany and was also the only AppleCentre outside of Perth. T4 successfully tendered to be involved of the Department of Education Panel of Integrators and therefore opened another service office opened Bunbury in 2008 as a result. By 2012 T4 had expanded its Bunbury operation to open a second store to provide retail, workshop and onsite services.

 

About Solutions IT

Solutions IT has been servicing schools, government departments and small-medium businesses since 1989. Looking after customers from Warmun to Esperance, the purchase of T4 will allow Solutions I.T. to offer more localised support and services to our region. Solutions IT, along with existing T4 staff look forward to leveraging their experiences and partnerships to bring greater solutions and services to customers across the region.

Nov 05

Held Ransom By A Trojan Cryptolocker?

By Education, General

At 4pm on a Friday afternoon, St Simon Peter Primary School identified files on their Office Server that were encrypted.  From what was seen in the text files, it seemed that some of the server files were infected by a Cryptolocker and to unencrypt them, the user had to pay a ransom.  Shortly afterwards files on a second server was also identified as being encrypted.

 

What was on the servers? Only the most important school data!! The admin system:MAZE, confidential documents and admin documents had all been affected. Both servers were critical to the day to day running of the school so it was imperative that  the situation was remedied quickly.The school called us immediately.

 

As soon as we understood the issue, we advised them to shut down all servers and immediately unplug the network attached storage device used for their backups.  Soon after one of our technicians attended the school to retrieve the backups for testing.

Over the weekend we worked to test the files and identified that they were in fact encrypted by one of two newer Trojans: TeslaCrypt. Processes were put in place to remotely test each workstation for the presence of the Trojan and to log all suspicious activity. We were able to track down and identify the source workstation and user account enabling us to fully remove the Trojan.

 

On Monday morning we visited the school to test that the Trojan was contained.  Soon after all staff in the administration area were able to use their workstations with access to email and internet.  By lunch time all staff were able to log onto their computers. Data was restored from backup to the two affected servers resulting in full functionality being restored by the end of the day.

We performed a full health check and settings remain in place to prevent similar Trojans from executing.

Things you need to know about some of these new Trojans:

 

  • McAfee and other traditional virus scanners do not appear to detect it
  • It encrypts all files such as documents, photos, spreadsheets, databases, etc with military grade encryption which is virtually impossible to break
  • It demands a ransom to retrieve the encryption key and get back your files
  • The price of the ransom increases as time goes on
  • Paying the ransom to receive a decryption key does not always result in files being decrypted
  • It encrypts all files on local drives but also any mapped network drive (servers etc) and any USB device attached
  • It deletes volume shadow copies preventing easy rollback to previous versions of files
  • It will encrypt any backup files it finds so any backups living on an usb drive etc
  • A full health check of your network is highly recommended to help prevention
Close Menu