Tag Archives: malware

4 Data Disaster Types that Cloud Backups Protect You From

Cloud Backups concept. Security and safety of cloud computing

Moving to a hybrid type backup system with onsite and cloud retention policies is the best disaster recovery solution available

Data disasters are a fact of life, but like natural disasters, they are events that most businesses think will never come for them. You never see the software update that corrupts all your data coming. You never expect the rains this week to flood your building and drown your servers. It’s easy to think that malware attacks happen to other businesses, but somehow yours won’t get hit. But data disasters happen and businesses rarely see them coming.

Fortunately, you don’t have to see them coming. You just have to have a backup plan. That’s why backup-recovery plans are essential. Taking backups gives you a way to partially or completely restore your data from a save-point, like a video game where you can die and reload. And the best backups today are those stored on the cloud. Cloud backups are not on any one server that can be destroyed are damaged. They are distributed over several servers throughout the world and therefore can be retrieved no matter what happens to your company’s local servers or even cloud servers in a particular location.

Let’s take a look at four completely different types of disasters that cloud backups can protect you from.

Local Software Failures and Data Corruption

Software updates are always the type of data disaster that takes a company by surprise. You’re confident in your tech stack and are working with good software, but updates don’t always work. Especially if you’re updating from several versions behind. Data needs to be altered and updated to align with any changes made in the software, but this can result in corruption. Some companies have experienced complete data loss because their data was corrupted in a software update.

Updating the software on your local or dedicated cloud servers can corrupt all the data on your normal servers. But cloud backups mean you can bring back that data at any time in the original form. You can try the update more carefully or import your old data into a fresh install of the latest version without the disaster of servers-full of corrupted data.

Fires, Floods, and Hurricanes

Natural disasters and human-made disasters can do a number on your office building. If you’ve ever seen a glass tower wrecked by tornadoes or hurricanes or seen streets flowing like rivers with rainwater, you know that office buildings are not impervious from the elements. Your basement full of servers can flood in a storm or the windows might blow out with equipment destroyed within. Your building might catch fire from lightning or faulty wires or a forgotten space heater and the whole interior can go up in flames.

Whether part of your building and equipment is damaged or everything in your workplace, your cloud backups are safe. You can rebuild your data and your entire business infrastructure by loading those backups into new computers in an undamaged location.

Sudden Building Relocation

Speaking of setting up in a new location, that’s another great capability of cloud backups. Whether natural disaster or sudden logistics requirement, cloud backups make it possible to set up a new business location anywhere with any computers. You can build off a new location by cloning your backups into a new set of computers. Or you can quickly relocate, rebuilding your business from scratch if necessary if the truly unexpected or disastrous happens. That’s the great thing about cloud backups, you can load them to and from anywhere.

Network-Invasion Type Malware

Finally, cloud backups keep your data safe in the face of localized malware. There are several types of malware that specialize in invading your business network. Like some ransomware, these malware types invade one computer on your local network, then spread to other devices on the network. Your entire local computer system can be infected in minutes, which is most easily eradicated by wiping everything to factory settings and reinstalling from scratch.

Cloud backups allow you to do this without worry or delay. If your tech-stack is prepared for quick redeployment and all your data is backed up on the cloud, then a network-wide infection can be recovered in hours, not days.

Is your business ready to fully restore your data from a cloud backup? If you’re planning to build or improve on your backup-recovery system, contact us today! Our team is ready to make your data immortal.

4 Signs that There’s Malware Hiding on Your Work Computer

Portrait of shocked and surprised IT manager realizing there is malware hiding on the work computer

Having a proactive plan to deal with malware can minimize the impact

Malware comes from everywhere. You can pick it up from files, websites, interesting PDFs and so much more. Everyone is subject to a little malware and it’s understood that professionals who must access the internet for work will inevitably get some kind of malware on their work computers. That’s just the world we live in now, and businesses have long since adapted to the idea of Backup Recovery when cybersecurity is never 100%.

But as a professional living your day-to-day, it’s also important to know how to identify malware when you pick it up. Unlike when the trend started back in the 90s, modern malware is pretty darn sneaky. It doesn’t cover your screen in ads anymore or obviously open and close programs. Instead, it eats your processor speed and steals your data in the background. Sometimes for months before you realize.

Today, we’re here to share four of the most tell-tale signs that there’s malware hiding on your work computer and it’s time to do a little BDR with a fresh operating system.

 

Unusually Slow Performance with Offline Programs

Internet speed ebbs and flows, even in the most high-speed office or the quietest residential neighborhood. You may expect the occasional slow performance due to internet speeds (or you may not) but slow offline programs are a completely different story.

You know your computer. You know how fast it can handle the offline programs you use regularly. Things that don’t need the internet like a simple calculator, word processor, or image editor. If you’re getting serious lag and latency when you should have your computer’s whole processing power to yourself, this can indicate that you’re sharing power with malware.

A malware program may be able to hide its install location or running processes. But it can’t hide the resources it uses up.

 

Unseen Programs that “Refuse to Close” When You Reboot

When you reboot your computer, Windows will tell you if there’s a program that didn’t close out smoothly with the ShutDown command. Often, this is just a Chrome browser you didn’t fully close. But sometimes, it’s a surprise. Your computer may tell you that Internet Explorer or Microsoft Edge are still running when you never use those programs. It might tell you something called xvb55t is running and won’t close, and that is a definite tip-off.

If something is opening programs invisibly on your computer and won’t close when you shut down… that’s malware. No two ways about it. And it’s time to fully wipe your system, because it’s hidden deep.

 

Your Web Extensions Aren’t Working as Expected

So often, web extensions are the cause or target of a malware attack. Most modern professionals run with some kind of ad blocker on. If you use Adblock plus, for example, it tends to pop open an extra tab nearly every time you open a new browser window. Especially from a new or recently cache-cleared device. If that browser window stops popping open, or if any of your other extensions start acting in an unusual or suspicious fashion, malware is often the cause.

You may want to clear your caches, prune your unused extensions, and possibly recover the entire computer to make sure no malware files have been hidden on your computer.

 

After a Scan/Clean/Reboot, You Still Scan Trackers

If you have a manual scanning program like CCleaner or something similar and you suspect there’s malware on your computer, there’s one sure way to check just how virulent that malware really is.

Start with a scan-clean cycle. Scan for trackers and junk and clear them. These could be anything and are often just clearing your temp files of web-junk that could be slowing you down. Reboot your computer, then do another scan. Find new trackers? Find new junk? There’s malware adding malicious crud to your computer as soon as it gets a chance. Also, watch your scanned-for and threat-eliminated results. If the scanner says 1 tracker was found, but it eliminated 3 trackers by the end-report, those trackers were added while the sweep-and-clear was ongoing.

You not only have malware, you have seriously aggressive malware and BDR is the best option.

Find malware on your computer? Have a really intense suspicion that there’s malware lurking? Now is the time to use your company’s backup recovery plan or get in touch with your IT help desk for guidance on how to fully wipe and safely restore your work computer. For more cybersecurity, backup recovery, and malware protection insights, contact us today!

The Secret Capabilities of Managed Network Monitoring – Pt 2

Speedcurve Performance Analytics Network Monitoring

Monitoring provides so much detail that it truly is the first step in network security

Welcome back to the second half of our two-part article on managed network monitoring. Last time, we talked about how network monitoring is one of the best-kept secrets in the cybersecurity along with how it can detect unauthorized access to your network and authorized connection with stolen login credentials. Join us again today as we pick up where we left off.

Signs of Employee Misconduct or Insider Espionage

Interestingly, network monitoring can use the same methods to catch the rare instance of an insider hacking job. This happens more frequently than you might think, but is more often disgruntled data vandalism or simple misconduct than organized movie-worthy corporate espionage. The trouble is that when the job is done from the inside, there is an authorized login with all the protections of a normal employee as the cause of a potential security breach.

However, to do anything shady, most disloyal employees will have to use their accounts to do their dirty work. The thing is, the normal behaviors for a job can also be recorded like a pattern. You don’t have to tightly watch an employee’s account (something that might run afoul of regulations) in order to flag when an account might be up to something.

Simply flag when an employee account accesses a file it has never or rarely accessed before. Or initiates a download in a restricted folder. You can even watch for the use of Print Screen when sensitive data is open on a computer. All without actually directly tracking a single account’s activity. Just the network itself.

Flagging Compromised Business Software

Recently, hackers have been getting better at finding and exploiting loopholes inside the software businesses are already using. This is done sometimes to slip through firewalls and anti-virus software. But it can also be used to turn your data-accessing programs against you. Your CRM program, for example, has firewall permission to access your database of sensitive client information.

It is then possible that a hacker could build a very sneaky piece of malware that was specially designed to slip onto your server and write a new routine that uses the CRM’s permissions to access and steal client information. You may, by now, see where we’re going here.

Network monitoring can be designed to recognize the exact way that your business software usually accesses protected data. With all the right authorization handshakes and keys swapped back and forth for security. So if a new routine in the same software initiates that skips the authorization handshakes but would have slipped past your CRM’s defenses, Network monitoring will raise the alarm.

In fact, that’s also why it’s great for patching detected vulnerabilities if a source patch is not available.

Detecting Hidden Malware

Finally, network monitoring does something that can save you from the fear of malware and ransomware lurking in your network. It can detect the illicit use of computer resources. You see, when a malware program slips onto your network through, say, a phishing email, it has to use a few computer resources. Even a very sneaky piece of malware needs little scraps of RAM and CPU to get anything done.

To watch your files, to wait for a network signal from its hacker, or to spread through your network in stealth-mode, it will need to use resources. And network monitoring can see that. Network monitoring can look at exactly what your computer is doing, behind the OS and all the things malware can use to hide itself from humans. And if there is a program running that wasn’t there before, if resources are being used in a pattern-defying way, or if one endpoint in a dozen supposedly-identical computers is using more resources, this is a sign of a hidden and lurking malware program.

Network monitoring is also effective at catching malware when it tries to engage in any network activity at all. If it tries to send collected data back to its hacker or to get a signal from the hacker, then network monitoring may spot activity leading to an unknown and unidentified program.

And if it tries to spread itself out onto your other devices throughout the business network, then network monitoring can notice an unusual and suspicious pattern of downloads and installations and trigger an alert state.

These are still only a few of the practical applications for network monitoring, and focuses only on cybersecurity. As you may be starting to see, network monitoring is one of the best-kept secrets in all of IT. It slices, it dices, and it can show you patterns — and breaks in patterns — for almost every detail of your business’s technical existence. And it the ideal way to catch a hacker at every single point of their attack. For more managed network insights or to set up managed network monitoring for your business, contact us today!

Kovter Strikes Computers Everywhere

Removing Trojan Kovter Malware

Are you prepared for when disaster strikes

Every year, there are high-impact viruses that plague individuals and businesses alike. One of the newest that has wreaked havoc on the world of IT is known as Kovter. It’s affecting a number of computers and there are a lot of people that have been impacted by its destruction.

What is Kovter?

Kovter works as a Trojan. It has acted as a ransomware downloader as well as click-fraud malware. It is disseminated using malspam email attachments that contain malicious office macros. One of the ways that this fileless malware has been able to evade detection is by hiding inside of registry keys.

There has been a number of reports that indicate the Trojan infections receive updated instructions from a command and control infrastructure that serves as a remote access back door. When this happens, the hackers will have an access point into your computer or server.

Kovter showed up several years ago and continues to be the biggest threat throughout 2018. Part of this is because it has evolved significantly. It may use code injection as a way of infecting the target and will steal information so that it goes back to the command and control servers.

How to Look for Kovter

Kovter is really good at hiding itself. It generally infects a computer using an attachment that comes over as a micro-based spam. Once the attachment is opened, it will install on the computer and hide within the registry entries. Most of the attachments are compromised Microsoft office files.

Since it is fileless, it can be difficult to detect. However, you want to make sure that your organization is aware of how to protect against email threats. Use various anti-spam filters so that malicious emails can be blocked before reaching the endpoint user. You also want to make sure that security updates are applied as soon as possible.

Who Has Been Affected?

A number of people throughout the UK, US, Canada, and Australia have been affected by the Trojan. Many people found the virus through a malvertising campaign or Traffic Junky. People were sent to a pop-up that told them they needed to install an update to their browser. By doing so, they unknowingly downloaded Kovter to their computer.

It’s unclear as to how many computers have actually been affected – though the number is easily into the tens of thousands since one version or another has been around since as early as 2011.

What You Can Do

You need to be sure that you have a high level of security within your business. You want to make sure that you are protecting your servers and workstations so that they stay free of viruses and Trojans. Otherwise, malware can render your computer absolutely useless or result in important data being lost or stolen.

Webroot Antivirus is a 20-time winner from PCMag. It provides you with the antivirus protection on all of your devices so that you can enjoy a greater level of peace of mind. You get advanced threat protection and the security is always on. You can stop ransomware and enjoy real-time blocks on harmful sites. This way, no matter how much you teach your employees not to go to specific sites, you can ensure that dangerous sites are blocked to avoid various problems. Additionally, based on the antivirus protection that you choose, you will also be able to monitor your firewall and network connection and secure various smartphones and tablets that are used by your employees.

Learn more about Webroot Antivirus and how it can protect your servers and workstations by contacting SystemsNet today. Our various packages will monitor your systems and help you with all of the various components of your IT infrastructure. As geeks, we work hard to help you protect your systems