Defeating ransomware with cloud to cloud backup

Malware Removal

Malware Removal (& Ransomware off course)

The information technology industry has for some time now recognized the need for Malware and Ransomware protection, in the form of tools, software, best-practices, and backup. Malware removal – in particular is recently becoming a hot topic with IT pros.

Malware RemovalAnti-virus software firms, and anti-Ransomware detection & removal institutions have long sought to counter this threat to business continuity, in a joint effort to protect, and defend by cyber security methodology.

Surprisingly, in an out of the blue announcement the FBI releases what appears to be a free ‘do-it-yourself’ solution for companies attached by a vicious Ransom virus – GandCrab: “FBI Releases Master Decryption Keys for GandCrab Ransomware.

 Apparently, the FBI has shared this with multiple European agencies in an effort to combat an ultra threatening virus, which makes this a 1st in cyber anti-crime global cooperation.

The full code & story is shared here: www.bleepingcomputer.com 

 

What is GandCrab?

GandCrab operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute the malware to affiliates in exchange for 40% of the ransoms. GandCrab was first observed in January 2018 infecting South Korean companies, but GandCrab campaigns quickly expanded globally to include US victims in early 2018, impacting at least 8 critical infrastructure sectors. As a result, GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.”

Its never too late!

Alternatively, some CIOs conduct preemptive measures to recover from such disasters, by backing up on alternate data centers, such as Amazon AWS (which differ from their business solutions data centers on Azure or Google), and gain the ability to restore from any point in time, any user or their whole MS exchange data, into a new cloud solution installation.

It makes sense to backup on cloud, and for the initial 14 days its completely free to fully try out the capabilities of a backup & restore solution such as CloudAlly.com provides.

ransomware-protection

What is Ransomware?

Many IT managers, CIOs worry about Malware, and such Ransomware attacks, and as such ransomware protection, is at the top of our mind in the ultimate search for data protection, and business continuity.

Ransomware Protection – So what is ransomware?
Ransomware ProtectionQuoting directly from Wikipedia; “Ransomware is a type of malware from cryptographic that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptographic viral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to de-crypt them.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm”, traveled automatically between computers without user interaction.”

When did it begin?

Its commonly acknowledged to have started at about 2012, with a multitude of internet scams increasing globally.  The statistics are clear: About 181.5 million ransomware attacks took place in the first six months of 2018.  The previous year 2017 we say 229% less in terms of attacks.  As early as in 2014 anti-virus companies such as Norton, and McAfee published data demonstrating that they had seen more than twice the number of samples of ransomware  in one quarter, than they did in the same exact period in in 2013.  McAfee advised that CryptoLocker was particularly successful, procuring an estimated US $3 million before it was taken down by authorities, and same for CryptoWall which was dealt with by the US FBI.

ransomware protection

Read more

Office 365 Malware Protection

Malware Protection For Office 365

Malware Protection For Office 365Malware Protect:

Concerned about the safety of your data in Office 365? Sure, the program has built-in malware designed to protect emails and documents automatically from malware. Specifically, malware protection in Office 365 has innate filtering capacities designed to protect your data from malicious attacks. But is the native Office 365 antivirus enough to protect all your users’ data from attack?

 

Malware Threats

First, let’s take a step back and talk about the increasing sophistication of virus attack. Malware is a huge problem today, with a host of novel attacks originating in countries around the world. For example, Iran has an increasing degree of state-sponsored hacking, including stealing information and mounting tens of thousands of malware attacks on computers across the Middle East. Malware attacks are getting more and more sophisticated, and as hackers increase in complexity, it can be difficult to stay ahead.

Innate Office 365 Features

The Office 365 malware detection response can react to many types of attacks. Office 365’s built-in malware protection features include:

ATP Safe Links

One of the most effective native protective features in Office 365 is the Advanced Threat Protection (ATP) protection. ATP lets you set preferences and policies for individuals and groups to ensure your workplace is protected from malware. One of the most effective of the ATP programs is the safe links feature, which stops users from clicking on virus-filled hyperlinks.

Office 365 Backup

Safe links works by filtering documents and emails that include hyperlinks through Exchange Online Protection, which includes signature-based malware protection, filters, and IP and envelope filters. Then, if a user clicks on a hyperlink either in an email or a document, safe link determines if the website is safe before redirecting a user to it.

This is where your personalization of ATP safe links comes in. You can set up a list of custom blocked URLs, either for everyone at the company or only certain users, and, if a user tries to click on a hyperlink in this list, he or she will be blocked from accessing the website.

SharePoint Online Malware Protection

Office 365 and SharePoint Online both use a virus detection engine that scans files for viruses when they are uploaded. If a virus is found by the engine, the infected file is flagged so it cannot be downloaded again. Later, if another user tries to download the infected file from SharePoint Online, he or she is warned that a virus has been detected. If they choose, then, they can download the file and clean it using their personal virus software.

Malware Analysis

If you’re concerned that a file may be infected with a virus, Microsoft offers a service that lets you upload a file to see if it is infected. The submission portal will scan your file to let you know if your file is normal or if it is a threat.

Third-Party Office 365 Protection

Because of the increasingly multi-national sophistication of malware attacks, the malware protection in Office 365 is effective, but unlikely to protect you from all types of malware threats. Some of the limited malware protection capabilities of Office 365 include its inability to scan for malware in real time and its failure to differentiate between graymail and spam. These limitations have already spurred some businesses to turn to non-native security programs to better protect their Office 365 data.

Microsoft also recommends that you back up your Office 365 in case your emails or documents are corrupted by a malware attack. CloudAlly’s Office 365 Exchange Backup automatically backs up your mail, calendar, contacts, and tasks daily so if you encounter malicious activity, you’ll still be able to recover the information you need.

How to Recover Missing G Suite Files

It’s always frustrating to loose a file, but as a G Suite administrator, recovering and restoring missing files and emails is basic part of your job. Users may restore their data for up to 30 days or until it’s permanently deleted, whichever comes first. However, if they permanently delete a file or email, it’s probably up to you to restore it. How to Recover Missing G Suite Files?


What this article is about:


Of course G Suite has limitations on the restore such as the time limit of 25 days to restore permanently deleted files back to the user who created them, but it does provide basic restore functions including:

  • A date range search to locate deleted items
  • Verify restoration via inbox or Google Drive check
  • Restore data to a team drive
  • Restore a deleted team drive
  • Restore data for up to 10 users at once

Restoring Deleted Files

To restore either Gmail messages or deleted Google drive files start by signing into your Google administration console. From here you can restore information to an individual user or multiple users at a time.

Single User Restoration

For single user restoration, after you have logged into the administration console, navigate to the Users panel.

  1. Locate the user and click on their name to open the account page.
  2. Once on the users account page, click the More icon and select Restore Data.
  3. Indicate the date range for the data you wish to restore. Restoration is only possible within the last 25 days.
  4. Choose the type of data you wish to restore either Drive or Gmail. An error message appears if you do not select a data type.
  5. Click Restore Data.

Once restored, you can navigate to the user’s inbox or Google Drive to verify restoration occurred.

Multiple User Restoration

As G Suite administrator you may restore files to multiple users. As with a single user restoration, you must first log in to the administration console.

  1. Navigate to the Users panel.
  2. Put a checkmark in the box to the left of each user whose data you wish to restore. You may only restore up to 10 users at a time.
  3. On the toolbar, click the More icon and select Restore Data.
  4. Select the date range for the data you wish to restore. This field only covers the previous 25 days.
  5. Choose the data type you wish to restore, either Drive or Gmail. Leaving this criteria blank results in an error message.
  6. Click Restore Data.

You can now verify if restoration was successful.

Why You Need A Complete Backup and Recovery Solution

Google restore functions are limited to approximately 30 days, so your business is at risk if data has been deleted or corrupted without detection for more than 1 month. You can protect your data and eliminate this risk by using CloudAlly’s automated daily backup service for G suite including the ability to recover or export data from any point-in-time.

Admins can drill down through date snapshots or use the granular search function to quickly locate and restore data to the original user or even to another user if needed. Data can be exported in Outlook compatible .PST for onsite use, and mailboxes can be archived as needed when off-boarding employees… Start to backup your G Suite with a Free 14 day trial.


Now that you know how to restore G Suite missing files, you might want to have a look at what we created for you…

L20-Get-Our-Quick-Guide-To-G-Suite-Backup-squared

How to maintain G Suite security settings ?

Setting G Suite Security Settings

If maintaining security is not at the forefront of your business model, then you are opening yourself up to hackers and data loss. G Suite offers security features to help protect your employees’ accounts and maintain your company’s data integrity. This blog post will explain how to maintain: G suite security settings.


What this article is about:


View User Settings

As a G Suite administrator, you can access user security settings to ensure password strength is up to code and turn on two-step verification security protocols. To do this, you must first log into your administrator account and access the administrator console.

  1. Click users.
  2. On the user’s screen, you can verify the status of two-step verification enrollment. If you do not see a column listed for the two-step verification, click the more icon and choose select columns to expand your screen to include any missing options.
  3. Select the user whose security settings you wish to check.
  4. Click Security. Again, if security is not an option, select show more to find the missing section.

Two-step verification

If the user has enabled the two-step verification, the backup verification codes are accessible by clicking show backup verification codes. Google suggests all G Suite users utilize the two-step verification process for maximum security. As an administrator, you can disable this feature if an employee no longer has access to the mobile number they used to set up their security.

To begin the two-step verification initiation process log into your administration console and select set up two-step verification for your domain. At this point, you should notify all your users of your new security protocol and include instructions on how they can finish setting up their enrollment.

All users must opt into the two-step verification themselves regardless of company policy. After they choose to opt-in, users need to navigate to the two-step verification page to set up their codes. Once on the two-step verification page, select Get Started.

  1. Enter the email and password associated with the G Suite user account.
  2. Click the start set up button.
  3. When prompted, enter a mobile phone number in which to send a text message containing a six-digit verification code.
  4. Verify the phone number by entering the six digit code which you received.
  5. Choose to add the current computer as a trusted device. If the machine used to set up the two-step verification is and not your regular computer, do not select “trust this ”
  6. Confirm that you want to use two-step verification.

Unless the computer is a trusted device, each time your user logs in they will be required to enter the six-digit verification code. Mobile devices using Gmail and Google calendar may require app passwords in addition to their verification code. The app password is entered once and remains the same until the user updates their login information.

Password Strength – G Suite Security Settings

As the G Suite administrator, you can help protect your users’ accounts by monitoring and managing the length and strength of their passwords. Setting a length requirement prevents users from creating short passwords which are easy to hack. Start by logging into your G Suite administration console.

  1. On the dashboard navigate to security and then basic settings. If the security option is not visible on your panel, select more controls to browse to the security features.
  2. In the section labeled password strength, enter a minimum and maximum length the user passwords must abide. For example, must be between eight and 20 characters.
  3. Click save.

Also in the security section of the G Suite administration dashboard, you can monitor how secure user passwords are. Navigate to the password monitoring area of the security section. From here you can view a graph showing the overall strength of your users’ passwords. This bar graph will change over time depending common passwords that are known to be vulnerable and your password length requirements.

Keeping your G Suite user accounts secure is your best line of defense against hackers and data loss. It is also a good idea to back up all G Suite user information. CloudAlly offers an affordable backup service for all your G Suite accounts. You’re welcome to sign up for a free trial at and test it!


Now that you know more about how to maintain your G Suite security settings, you might want to have a look at what we created for you…

L7-G-Suite-DataSheet-squared

Moving from Cloud-First to Cloud-Only

Planning on moving from Cloud-First to Cloud-Only ?

Recent article in IT Pro Portal describes how SMBs can Benefit from shifting to the Cloud.

The cloud is no longer an emerging technology market. In fact, 80% of the Fortune 500 is on the Microsoft Cloud, and Gartner expects that by 2019, more than 30% of the 100 largest vendors’ new software investments will have shifted from cloud-first to cloud-only. Unfortunately, adoption of the cloud hasn’t been as fast for small- to medium-sized businesses (SMBs).

Only 64% of SMBs currently use a cloud-based software, according to a survey by BCSG. The good news is that 88% indicate they are considering using at least one cloud app in the next 2-3 years. Early adopters characterize the current market. So, what’s holding the rest back?  Read More

CloudAlly own CEO interview in IT Pro Portal quoted as saying: “Worry about data loss is one of the biggest barriers I run across when it comes to cloud adoption,” says Avi Katz, CEO of CloudAlly, an all-in-one cloud-to-cloud data backup and recovery solution for Microsoft Office 365, Exchange, OneDrive, SharePoint, G Suite, Salesforce, and Box.com. “

Its time to backup your cloud based solutions, starting with Office 365 and G Suite.