Posts

Malware Removal

Malware Removal (& Ransomware off course)

The information technology industry has for some time now recognized the need for Malware and Ransomware protection, in the form of tools, software, best-practices, and backup. Malware removal – in particular is recently becoming a hot topic with IT pros.

Malware RemovalAnti-virus software firms, and anti-Ransomware detection & removal institutions have long sought to counter this threat to business continuity, in a joint effort to protect, and defend by cyber security methodology.

Surprisingly, in an out of the blue announcement the FBI releases what appears to be a free ‘do-it-yourself’ solution for companies attached by a vicious Ransom virus – GandCrab: “FBI Releases Master Decryption Keys for GandCrab Ransomware.

 Apparently, the FBI has shared this with multiple European agencies in an effort to combat an ultra threatening virus, which makes this a 1st in cyber anti-crime global cooperation.

The full code & story is shared here: www.bleepingcomputer.com 

 

What is GandCrab?

GandCrab operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute the malware to affiliates in exchange for 40% of the ransoms. GandCrab was first observed in January 2018 infecting South Korean companies, but GandCrab campaigns quickly expanded globally to include US victims in early 2018, impacting at least 8 critical infrastructure sectors. As a result, GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.”

Its never too late!

Alternatively, some CIOs conduct preemptive measures to recover from such disasters, by backing up on alternate data centers, such as Amazon AWS (which differ from their business solutions data centers on Azure or Google), and gain the ability to restore from any point in time, any user or their whole MS exchange data, into a new cloud solution installation.

It makes sense to backup on cloud, and for the initial 14 days its completely free to fully try out the capabilities of a backup & restore solution such as CloudAlly.com provides.

ransomware-protection

What is Ransomware?

Many IT managers, CIOs worry about Malware, and such Ransomware attacks, and as such ransomware protection, is at the top of our mind in the ultimate search for data protection, and business continuity.

Ransomware Protection – So what is ransomware?
Ransomware ProtectionQuoting directly from Wikipedia; “Ransomware is a type of malware from cryptographic that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptographic viral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to de-crypt them.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm”, traveled automatically between computers without user interaction.”

When did it begin?

Its commonly acknowledged to have started at about 2012, with a multitude of internet scams increasing globally.  The statistics are clear: About 181.5 million ransomware attacks took place in the first six months of 2018.  The previous year 2017 we say 229% less in terms of attacks.  As early as in 2014 anti-virus companies such as Norton, and McAfee published data demonstrating that they had seen more than twice the number of samples of ransomware  in one quarter, than they did in the same exact period in in 2013.  McAfee advised that CryptoLocker was particularly successful, procuring an estimated US $3 million before it was taken down by authorities, and same for CryptoWall which was dealt with by the US FBI.

ransomware protection

Read more

Malware Restore

Malware Watch – Restoring from a Malware Incident

Malware Restore – IT managers are often faced with information technology incidents which alter their work environment, and affect their on-going operations, causing them to take measures which restore daily business activity.

Such incidents (where malware restore is necessary) are often ex-organisational and pose a serious concern for business continuity.

Malware activity is such an incident, but what is Malware?  The classic Wikipedia description of Malware is: ” Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target’s computer and can take the form of executable code, scripts, active content, and other software. ”

Malware Restore

In a recent real incident a US Florida town decided to pay malicious hackers $600,000 (£475,000) to get its computers working again.  Malicious hackers managed to break into this US town’s computers, and insert a Malware code, which enabled them to disable IT operations until the ransom was paid.

In this case payment was made by Bitcoin, 65 Bitcons, in return for a return to normal IT operations.  This story was recently reported by the BBC Florida town pays $600,000 virus ransom.

It might seem so but this is not an isolated event, news & media organisations such as Associated Press have reported that in 2018, 1,493 such ransomware attacks occurred, resulting in an estimated payout of $3.6m for hackers.

Cyber security firms are a proven resource for trying to stop such incidents before they happen, but more and more its become recognized that 3rd party cloud to cloud backup is an effective recourse to restore data in main business solutions such as Office 365 email exchange, G Suite, Salesforce.com, etc.  Companies which backup their cloud business solutions, are able to restore their data, and setup IT operations again (on a new IT environment), avoiding ransom payments to hackers who wish to disrupt their business and gain from such activity.

Data Protection – Malware Restore

In order to enable a point-in-time restore, its obviously necessary to start by activating a backup for the selected business solution.  Click Here to download our why backup eGuide.

If you’ve experienced such a Malware incidents, and want to learn more about backup, email us.

 

 

 

 

Office 365 Malware Protection

Malware Protection For Office 365

Malware Protection For Office 365Malware Protect:

Concerned about the safety of your data in Office 365? Sure, the program has built-in malware designed to protect emails and documents automatically from malware. Specifically, malware protection in Office 365 has innate filtering capacities designed to protect your data from malicious attacks. But is the native Office 365 antivirus enough to protect all your users’ data from attack?

 

Malware Threats

First, let’s take a step back and talk about the increasing sophistication of virus attack. Malware is a huge problem today, with a host of novel attacks originating in countries around the world. For example, Iran has an increasing degree of state-sponsored hacking, including stealing information and mounting tens of thousands of malware attacks on computers across the Middle East. Malware attacks are getting more and more sophisticated, and as hackers increase in complexity, it can be difficult to stay ahead.

Innate Office 365 Features

The Office 365 malware detection response can react to many types of attacks. Office 365’s built-in malware protection features include:

ATP Safe Links

One of the most effective native protective features in Office 365 is the Advanced Threat Protection (ATP) protection. ATP lets you set preferences and policies for individuals and groups to ensure your workplace is protected from malware. One of the most effective of the ATP programs is the safe links feature, which stops users from clicking on virus-filled hyperlinks.

Office 365 Backup

Safe links works by filtering documents and emails that include hyperlinks through Exchange Online Protection, which includes signature-based malware protection, filters, and IP and envelope filters. Then, if a user clicks on a hyperlink either in an email or a document, safe link determines if the website is safe before redirecting a user to it.

This is where your personalization of ATP safe links comes in. You can set up a list of custom blocked URLs, either for everyone at the company or only certain users, and, if a user tries to click on a hyperlink in this list, he or she will be blocked from accessing the website.

SharePoint Online Malware Protection

Office 365 and SharePoint Online both use a virus detection engine that scans files for viruses when they are uploaded. If a virus is found by the engine, the infected file is flagged so it cannot be downloaded again. Later, if another user tries to download the infected file from SharePoint Online, he or she is warned that a virus has been detected. If they choose, then, they can download the file and clean it using their personal virus software.

Malware Analysis

If you’re concerned that a file may be infected with a virus, Microsoft offers a service that lets you upload a file to see if it is infected. The submission portal will scan your file to let you know if your file is normal or if it is a threat.

Third-Party Office 365 Protection

Because of the increasingly multi-national sophistication of malware attacks, the malware protection in Office 365 is effective, but unlikely to protect you from all types of malware threats. Some of the limited malware protection capabilities of Office 365 include its inability to scan for malware in real time and its failure to differentiate between graymail and spam. These limitations have already spurred some businesses to turn to non-native security programs to better protect their Office 365 data.

Microsoft also recommends that you back up your Office 365 in case your emails or documents are corrupted by a malware attack. CloudAlly’s Office 365 Exchange Backup automatically backs up your mail, calendar, contacts, and tasks daily so if you encounter malicious activity, you’ll still be able to recover the information you need.