January 2016 Virus Backup Update

Regular data backups:

The only sure way to knock out threats from Crypto-style viruses

One of the biggest data security threats of 2013 – CryptoLocker – has brought the term “ransomware” to new levels of awareness. That’s because CryptoLocker is one of the most infamous examples of a virus that renders data files unusable unless the victim pays for a key to unlock the infected files.

According to recent reports, ransomware attacks grew by 500 percent in 2013, led by CryptoLocker – which first appeared in late summer 2013, and escalated sharply throughout the remainder of the year.

Like many viruses, CryptoLocker is triggered by clicking on a link sent in an email, or by downloading and opening an email attachment. When combined with phishing techniques, some of these emails may seem like a normal, harmless request from a business partner.

The good news is that by mid-2014, law enforcement had shut down the botnet used to distribute the CryptoLocker virus. Two organizations also came up with a Web tool purportedly able to unlock individual encrypted files.

The bad news is that there are CryptoLocker limitations such as CryptoWall and TorrentLocker. So, unfortunately, the threat from this type of virus is very much alive. And with the introduction of anonymous payment systems such as Bitcoin, it’s a pretty sure bet that this type of cyber extortion will continue.

—-

So how do you protect against Crypto-style viruses?

Isn’t it as simple as instructing employees to never click on suspicious attachments or links of unknown origin?

Unfortunately, that method of protection doesn’t work all the time. Employees get careless or don’t adhere to policy, and if the virus is embedded within a well-targeted phishing attack, it’s possible for someone to make a mistake.

So, yes, setting a clear policy regarding suspicious emails, links, and attachments should be your first step – part of your “Plan A” for protection – but it’s hardly foolproof.

Pinning all your hopes on data security vendors being able to spot and remove all phishing attempts or on other specialists being able to devise software to unencrypt ransomware, also falls short of foolproof. Of course you should have firewall protection and security software, but that won’t guarantee complete protection.

Since total immunity from these viruses can’t be counted on, that leaves us with mitigation measures that help an organization with infected files get back to normal. Regular data backup is the answer. It’s a surefire “Plan B” should efforts to protect against Crypto-style viruses ever fail.

It’s important that your backup solution has versions that can be rolled back to a specific date. While ransomware will make itself known soon after infection, there may be a lag time of a few hours to a few days before the virus spreads to encrypt most of your files and the ransom message appears.

On shared drives found in businesses, this can be a huge problem if suddenly your files can’t be used. And creating new files only creates more infected files. So the only way to get things back to normal is to roll back to a complete, clean set of files that was backed up before the initial entry point of the virus.

There is work and costs involved in rolling back all of your data and bringing everything back up under fresh installs of your system’s software and applications, but let’s face it, what’s the alternative if you aren’t backing up?

Paying the cybercriminals might get you a code that will unlock your data, or it might not. After all, these aren’t exactly trustworthy individuals you are dealing with. You might hope that the encryption used isn’t really all that strong and can be broken, but you can’t count on that as a solution. And in the meantime, your data is locked.

So, the most effective mitigation strategy for Crypto-style viruses is to have regular, versioned backups in place.

There’s added costs to saving more data more frequently, but depending on the nature of your business, it may be worth the peace of mind and risk reduction to have a more frequent, full data backup.

It also helps to have strong support services to walk you through recovery steps should you ever fall victim to one of these viruses, and to also offer options – like being able to overnight you a clean set of files on disk to speed up file restoration.

The great thing about automatic backup solutions is that they don’t just mitigate Crypto-style viruses, they protect you from other causes of data loss, such as server failure, disk failure, or a natural disaster that wipes out your server room. The risk mitigation step here addresses overall systems continuity.

So by all means, set some serious policy about unknown emails and the like, and educate all your employees about nasty threats like Crypto. Just remember, there is a cost to being too draconian with prevention. Your people need to be able to collaborate with business partners without too many hurdles in the way.

Most small to mid-sized businesses (SMBs) can’t build a hyper-secure private cloud in which to conduct absolutely all collaboration, and we certainly can’t go back to the days of faxes and paper forms.

But, for sure, you can take the necessary protection measures and combine them with regular backups as a sure way to knock back the damage from one of these viruses should your business ever fall victim.

Jim Flynne
Vice President, Operations
Chief Security Officer
Carbonite, Inc.

Carbonite-SAT Footer

Merry Christmas!

Merry Christmas & Happy Holidays

St. Aubin Technologies wishes you and your families a very Merry Christmas
& a Happy New Year.

Our office will be closed Christmas Eve, Christmas Day, New Years Eve,
& New Years Day. Emergency rated service will be available as usual throughout the holidays.

May the DaaS be with you

May The DaaS Be With You

 

 

Happy Star Wars Day!

 

“Data as a Service” refers to most cloud services. Here are a few of our cloud partners:

Our
mailing address is:

St. Aubin Technologies, Inc

44 NE 16 St.

Homestead, FL 33030

 

 

 

What You Need to Know about CryptoWall 4.0

It has a new name.

help_your_files ransomware. Threat watchers discovered the resurgence of CryptoWall after receiving and examining multiple complaints from concerned users who hadn’t heard of the strain of ransomware. It literally snuck up on them.

The attack vector is still email.

CryptoWall 3.0 relied heavily on naive end users opening unfamiliar attachments in unfamiliar emails. The logic is like accepting an invite to free candy in a dark alleyway from a stranger. CryptoWall 4.0 is not different in this regard.

While hacking schemes are more sophisticated and targeted in today’s IT field, it really feels that an attacker could put in an email “DON’T CLICK THIS LINK BECAUSE I’LL DELETE ALL YOUR FILES AND PICTURES AND STEAL YOUR MONEY” in bold, large, red letters, and some end users will still click it (hold my beer and watch this).

CryptoWall 4.o builds on the social engineering aspect of attacks, and will continue to use email as the main transmission source. Bleeping Computer discovered the infected files were disguised as resumes enclosed in zipped email attachments. In reality, they were JavaScript files that downloaded the virus, and ran it. People, end users, have not learned, and will not learn unless we teach them to not take candy from strangers. A good way to teach end users to not open these emails: If you weren’t expecting it, don’t open it. Your companies, or worse your clients, revenue stream could be at risk.

It has upped the game to encrypt file names too!

Previous CrptoWall left the file names so you can see the files there, and salivate at getting them back, so you’d send money. This didn’t work to the hackers benefit in 3.0; you could pick and choose which files to attempt to de-crypt, since attempting all of them would take lots more time and money. Now, you won’t know which files you are locked out of, the file names will just appear randomly.

Cybercrime & Security Overviews: Terms, Trends, Statistics, and Takeaways

Worst part yet, paying the ransom doesn’t always help. The more money hackers make, the more incentivized they become. Plus, there is no guarantee they will comply with sending you the decryption key for your files. CryptoWall has already extorted $325 million from victims internationally, and not all have ended happily.

decrypt-service-site

CryptoWall 4.0 behaves like previous versions.

This is probably the only good news a new CryptoWall comes to bear. Because it is transmitted, behaves, and communicates the same way 1.0, 2.0, & 3.0, it is predictable. While this is good news, it won’t stop it. The weak link here is the end user, but we can utilize tools like Spam Filtering, Antivirus and Content Filtering to give the user warning (like a police car and crime scene tap in front of the alley) and opportunity to stop the infection. We also know that a good online backup, like Carbonite, provides us with a fail safe to fall back on in the event of the worst.

Lets stop it.

Our first step in stopping any virus outbreak is user education. Just like it is important to teach children how to wash their hands to kill germs, it is important to teach users to think before they open emails or websites, especially ones they are not expecting. A lot of serious infections occur when the timing of a malicious email is just right, you were expecting a resume and the virus arrives disguised as a resume. It is important to pay attention to what you are opening and where you are going on the web today. Blind clicking is like driving too fast, you may get there quicker, but eventually it will catch up with you. In any event, we cannot depend on user intuition alone, we must use business-class protection, and we need it fast:

Office 365 spam filtering is one of the best, utilizing a combination of content analytics (reading the email for spam-like word and phrase combinations: You’ve won a million dollars! Just send us your social security number and claim your prize!) and malware scanning to protect users from getting malicious emails in the first place.

We can help with your move to Office 365!

AVG and St. Aubin Technologies have partnered together to offer AVG CloudCare to our clients! AVG CloudCare is an inclusive, centrally managed, Antivirus & Content Filter solution to protect your end users and business. AVG CloudCare provides top notch real-time protection to workstations and servers, scanning files and links before they are opened, stopping malicious programs from even entering your business network, along with generating email alerts about impending issues. Since CryptoWall utilizes a JavaScript file to download a virus installer via HTTP, the real-time virus scanner would stop the JavaScript program from even running, the Content Filter would stop the installer from even downloading, all you’ll get instant notification it stopped a user from creating a IT catastrophe on your network. Pretty sweet!

AVG and St. Aubin's Partnership with CloudCare

St. Aubin Technologies and Carbonite Online Backup have a long standing relationship, saving many of our clients gigabytes of data from being lost forever, which could have resulted in thousands, if not millions, of dollars in lost time and revenue. The effects of these saves continues on, even months after data is recovered. Carbonite is a major component in our recommended Business Disaster Recovery plans (BDR), providing protection when the absolute worst happens. We’ve always compared virus protection on workstations and servers to airbags in a car crash; if a user hits something hard enough, or mashes the gas pedal because they are in a hurry, the airbag can only do so much. Carbonite Backup is the ultimate protection for your files in the event of an infection.

Carbonite Backup can save you too!

By utilizing the full suite of data protection, Office 365 with enterprise-spam filtering, AVG CloudCare w/ Antivirus and Content Filtering, and Carbonite Online Backup, we can give our business networks a fighting chance in the ongoing war against evil computer viruses!

10-21-15 Back to the Future Day

BTTFIIdateThis date in future history, Marty McFly (played by Michael J Fox) returned to the future. In Back to the Future II, Dr. Emmett Brown (played by Christopher Lloyd) persuades’ Marty and his girlfriend, Jennifer Parker (Lea Thompson) to go help their children in the future. But that’s besides the point, the talk of the day is how much BTTFII got right in predicting the future in 2015, whilst stuck in 1989.

  1. Video Games: At some point, Marty is mocked for his ability to play video games…that require touch. While most of our video games today still require “touch”, many games available on xBox Kinnect, PlayStation Move, and the Wii do not require you to touch almost anything. Still up and coming tech, hand motions and facial expressions are the cornerstone of a new security movement, debuting in Windows 10.
  2. The Hollywood Sequel Obsession: Yup, Jaws 19 might have been correct. Hollywood has been making sequels, and move reboots, like crazy recently, so this satire showcase in BTTFII was not necessarily completely off. Lets just hope we don’t see a Jaws 19.
  3. Automation: Drones are shown walking a dog in the film, and taking care of a few other tasks. We don’t have fully automated dog walkers, trash cans, or waiters yet, and this might not be a bad thing, but we do have semi-autonomous flying drones, robots that build things, and computer technology that automates a lot more of our daily lives than you realize.
  4. Biometrics: Used to open the door of the McFly home, biometrics has taken off in recent years. We now can unlock computers, safes, cars, and yes, our home doors with a finger print or optical scan. New technology is being developed to improve facial recognition, so we may not have to touch to gain access in the near future. Maybe that will improve the line at park entry turnstiles for Walt Disney World theme parks. Inside joke, moving on!
  5. Self-Lacing Shoes: Nike patented this. We haven’t seen a working pair yet, and they aren’t on sale either. But they patented it, so that makes it reality, right?
  6. Glasses: Virtual Reality glasses have been around for a while, but they were big and bulky. Augmented Reality is relatively new, and is making head lines. In the VR world, Oculus Rift is making motions, and has sold quite a few units in the US. For AR, Microsoft HoloLens and Google Glasses are prime examples of how far we’ve come. Although, wearing your Google BTTF-VideoGlasses on a night on the town might not be the best fashion statement.
  7. TV Calls: May be not as tacky as the movie predicts, but video conference calls are a thing. There are many conference room systems that will handle video and sound, and many more conference room systems that will tackle screen sharing on your computer. Skype for Business is an example, with the capability for chat, audio calls, video calls, and presentations. Heck, we can even flash writing on the screen stating “You’re Fired” just for kicks.

What ever your cause for celebration of today’s technology, sometimes its best to leave some alone. BTTFII, meant to mock the future with some ridiculous and exaggerated ideas, happens to be right about quite a few things and could stand as a warning. But at the same time, all these neat things are right at our fingertips. My how far have we come.

Disclaimer: Mike was not alive in 1985, where this movie’s original time was staged. He was, however, alive in 1989, the release date of this movie, and is also a technology professional in 2015, and is well versed in  so he his qualified to talk about such topics.