Posts

Malware Removal

Malware Removal (& Ransomware off course)

The information technology industry has for some time now recognized the need for Malware and Ransomware protection, in the form of tools, software, best-practices, and backup. Malware removal – in particular is recently becoming a hot topic with IT pros.

Malware RemovalAnti-virus software firms, and anti-Ransomware detection & removal institutions have long sought to counter this threat to business continuity, in a joint effort to protect, and defend by cyber security methodology.

Surprisingly, in an out of the blue announcement the FBI releases what appears to be a free ‘do-it-yourself’ solution for companies attached by a vicious Ransom virus – GandCrab: “FBI Releases Master Decryption Keys for GandCrab Ransomware.

 Apparently, the FBI has shared this with multiple European agencies in an effort to combat an ultra threatening virus, which makes this a 1st in cyber anti-crime global cooperation.

The full code & story is shared here: www.bleepingcomputer.com 

 

What is GandCrab?

GandCrab operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute the malware to affiliates in exchange for 40% of the ransoms. GandCrab was first observed in January 2018 infecting South Korean companies, but GandCrab campaigns quickly expanded globally to include US victims in early 2018, impacting at least 8 critical infrastructure sectors. As a result, GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.”

Its never too late!

Alternatively, some CIOs conduct preemptive measures to recover from such disasters, by backing up on alternate data centers, such as Amazon AWS (which differ from their business solutions data centers on Azure or Google), and gain the ability to restore from any point in time, any user or their whole MS exchange data, into a new cloud solution installation.

It makes sense to backup on cloud, and for the initial 14 days its completely free to fully try out the capabilities of a backup & restore solution such as CloudAlly.com provides.

Malware Restore

Malware Watch – Restoring from a Malware Incident

Malware Restore – IT managers are often faced with information technology incidents which alter their work environment, and affect their on-going operations, causing them to take measures which restore daily business activity.

Such incidents (where malware restore is necessary) are often ex-organisational and pose a serious concern for business continuity.

Malware activity is such an incident, but what is Malware?  The classic Wikipedia description of Malware is: ” Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target’s computer and can take the form of executable code, scripts, active content, and other software. ”

Malware Restore

In a recent real incident a US Florida town decided to pay malicious hackers $600,000 (£475,000) to get its computers working again.  Malicious hackers managed to break into this US town’s computers, and insert a Malware code, which enabled them to disable IT operations until the ransom was paid.

In this case payment was made by Bitcoin, 65 Bitcons, in return for a return to normal IT operations.  This story was recently reported by the BBC Florida town pays $600,000 virus ransom.

It might seem so but this is not an isolated event, news & media organisations such as Associated Press have reported that in 2018, 1,493 such ransomware attacks occurred, resulting in an estimated payout of $3.6m for hackers.

Cyber security firms are a proven resource for trying to stop such incidents before they happen, but more and more its become recognized that 3rd party cloud to cloud backup is an effective recourse to restore data in main business solutions such as Office 365 email exchange, G Suite, Salesforce.com, etc.  Companies which backup their cloud business solutions, are able to restore their data, and setup IT operations again (on a new IT environment), avoiding ransom payments to hackers who wish to disrupt their business and gain from such activity.

Data Protection – Malware Restore

In order to enable a point-in-time restore, its obviously necessary to start by activating a backup for the selected business solution.  Click Here to download our why backup eGuide.

If you’ve experienced such a Malware incidents, and want to learn more about backup, email us.

 

 

 

 

Malware Protection & Attacks

How to Protect Oneself from Malware Attacks

Protecting your company data is the most critical task your IT department has. This team of specialists works tirelessly to keep out intruders only to have their coworkers inadvertently let them differently. While your business may have many safeguards in place to catch and clean up these mistakes, there are ways to prevent malware attacks before they happen. Protecting oneself from malware attacks? How?


What this article is about:


Additional Layers of Security

You may think your employees are the most vigilant in the world, and they may very well be. However, without a layered security system in place, cyberattacks can still break through. Your business needs an extensive security suite of antivirus, firewalls, and antimalware software to help keep out unwanted visitors.

Using Updates and Plugins

One of the easiest ways for a hacker to attack your infrastructure is through holes in your company’s software. Whether it is the operating system, internet browsers, or mobile devices, keeping titles up to date is one of the most important things you can do to protect corporate data.

Browsers, operating systems, and plugins often receive regular security patches from their manufacturers. It is easy for you to push them off and let them wait until a more convenient time for your employees. However, by doing so, you are cracking a door for intruders to exploit. Once the updates roll out, act immediately to ensure the best coverage. Immediate action is doubly true for mobile devices which often get up off due to low storage or battery power.

On web browsers, ensure all employees enable the click-to-play plugin. Many attackers use the ads to install their viruses on to unsuspecting computers. These ads autoplay and often found on well-known sites. The click-to-play plugin stops Java or Flash ads from running, unless the user clicks on them, helping to reduce the chance of accidental infection.

Safe Browsing

Companies often restrict their employees online browsing abilities. However, even sites that your business has deemed okay for workers to visit need to be used with caution. Employees should do the following every time they go on the internet:

  • Log out of websites when finished: It does not matter if it is a social media site you regularly use to update information for the company or a banking site you use to check your balance during lunch, always log out. Hackers with the right skills can use your browser’s cookies to gain access to places you remained logged into.
  • Use Secure Connections: Sites with padlocks to the left of the URL provide a secure connection between your system and the website server. This added encryption helps to protect against intrusions in the data stream.
  • Strong Passwords: Don’t use passwords that are easy to guess such as birthdates, pets’ names, or anniversaries. Passwords should contain upper and lower cases letters as well as numbers and special characters. For optimal protection, you need a different password for each site you log into.

Other Important Tips

Most employees defer to their local IT department in the event of a computer malfunction. It is the best practice because you know that the gurus of IT are going to clean the system without infecting it further. However, for employees who work from home, having access to the local IT department might not be a feasible option. These workers are more likely to be taken in by fake tech support numbers that may appear on the screen when their system gets infected. Corporations can help by making sure all employees, home-based and onsite, have access to the correct contact for software and hardware support.

Also, educate your workers on phishing and spoofing scams that may appear in their inboxes. It is essential that you remind them never to call the institution the message is from to verify authenticity before using links. Learning how to spot phony messages can protect both your company and individual workers from data loss.

Malware attacks can happen to any business, big or small. Taking steps to protect your infrastructure and training your employees on safe practices can curtail any malicious intrusions. Even the most secure systems can still be successfully attacked, so in addition to education and layered security, you should also backup your data. CloudAlly offers complete backup and recovery solutions for Office 365, SharePoint/OneDrive, G Suite, Dropbox, Box and Salesforce, allowing you to quickly recover data in the event of a malware attack. Start to backup your data and your account with a Free 14 day trial.


Now that you know more about malware protection and attacks, you might want to have a look at what we created for you…

L2-Discover-Disaster-Recovery-Best-Practices-for-Business-Continuity

Protect Your Data: The Difference Between Malware, Adware, and Spyware

Short for malicious software, malware comes in many varieties of forms. Viruses and worms, named because of their ability to quickly spread through your system by digging in deep and making copies of themselves, are probably two of the best-known malware types, which is why malware protection is needed.

Malware vs Ransomware

Another well-known malware is the Trojan which infects your computer secretly, coming in through a perceived safe link or website. Like viruses, this malware infects your computer sometimes to the point of having to reset the entire system.

Malware began with the dawn of the internet. In the past, software creators of this nature were a few high school computer gurus blowing off steam and playing pranks on unsuspecting visitors. However, criminals who are looking for ways to make easy money engineer today’s malicious software.

Some ways malware infects your computer are:

  • Visiting an infected website
  • Clicking on an infected pop-up
  • Opening an unknown, infected email attachment
  • Visiting an infected link sent via email
  • Downloading files off the internet without running an antivirus scan on them first

A new virus, known as ransomware, locks users out of their systems entirely. Once locked out the infected party must either pay the infector a fee to resume use of their computer or completely reset the drive, a complete reset results in loss of all data and applications that were not initially on the unit at the time of purchase. Failure to pay the ransom results in the same damage.

Adware

Adware is slightly different. While benign in comparison to other malware, this software can still be an annoying leech on your computer’s resources.

Companies across the globe use Adware to track your movements online and display ads that are relevant to your browsing experience. In most cases, adware will not do any damage to your computer nor will it steal personal information. It is merely a tool used by marketing consultants to put relevant ads where you see them.

In most cases, adware works with your knowledge. Most sites alert you to the fact they are collecting information about your interests for this purpose. However, on occasion, sites install this software without your knowledge. When this happens, the benign software has crossed into malware territory and leaves you vulnerable to further attacks.

Programmers sometimes use adware to fund their program development. They bundle ads with free software and deactivate the advertisements once the user purchases or registers the title. Use of ads is standard practice for free mobile applications.

Adware is tricky to remove. As most titles are only marketing tools, antivirus software sometimes overlooks these programs.

Spyware

A type of malware, spyware is far more insidious than most other types. While viruses and trojans are problematic and can shut down your system, spyware tracks your every move. Each keystroke and mouse click is then relayed back to a third-party without your knowledge.

The big problem with spyware is the fact it is hard to detect. Anti-virus software may be able to stop installation or remove already installed versions. However, if your anti-virus does not have an anti-spyware bundled with, it may overlook these programs.

Spyware can infect your computer many ways. In some cases, it is installed by visiting an infected website or opening an infected link or attachment sent via email. Most spyware comes from downloading software from file-sharing sites. Hackers who put free movies or music files on these websites bundle their spyware alongside so you do not know it is downloading.

Indicators that your system has a spyware infection include:

  • Searches redirect you to a different search engine
  • Random error messages during routine operations that previously worked
  • Unidentifiable or new icons appearing on the taskbar

Spyware allows the third-party owner not only to see what you are doing, but gain access to your usernames, passwords, and bank and credit card account numbers.

What You Can Do to Protect Yourself – Malware Protection !

Companies often have several layers of protection to keep malicious files out using firewalls and anti-virus software. However, from time to time, an email or website can get through the company shielding allowing malicious software through.

The first step for both large and small businesses is to educate employees on the different methods a malware, spyware, or adware infection occurs. Employees need to know how to spot a suspicious email and whom to contact within IT to prevent future attacks.

In addition to education, your company should have backup redundancies in place to protect sensitive data. Having a backup of essential files allows IT technicians to reset infected computers without worrying about losing information.

Storing files locally is one option. However, the local backups must be kept off the internal network to prevent potential corruption or infection from malicious attacks. The use of cloud storage helps protect documents while keeping them off local network which could potentially be damaged through a single computer infection. When choosing a cloud service provider, check for their security protocol to ensure the safety of your data from hackers who may use rants somewhere to attack your company in this manner.

It is also a good idea to back up your backups. If you store items locally, you should also store them in the cloud. Cloud providers should also be backed up using services such as offered by CloudAlly. Our service allows you to backup files stored in OneDrive, Box, and Google Drive. It also enables you to backup sensitive emails for those using G Suite or Office 365.

Education, protective software, and backups are essential to protecting your company from malicious attacks.