SystemsNet Blog

Tag Archives: malware

Six Steps to Make Your Company Ransomware Proof (Part 1)

March 8, 2018Malware, Securityantivirus, Help from ransomware, malware, Protect your computer, securitySystemsNet Administrator

Cloud Backup

Ransomware is a single word for a big, diverse problem. It isn’t just one program like WannaCry or GoldenEye, or Petya, it’s all hacker-borne viruses that have ever been or ever will be designed. One really good firewall and anti-virus setup won’t protect you forever because if history has taught us anything it’s that hackers won’t quit it. They will continue to look for loopholes, backdoors, and brute force attacks to invade your computer system and ruin your day. The good news is that even in a worst-case scenario where these malicious programs get into your company system and encrypt every important business file you possess, with the right preparation you can quickly and easily thumb your nose at the low-life hacker with a completely ransomware-proof plan.

It’s all About the Backups

Yes, in an ideal world we’d be talking about nothing but malware detection, email scanning, and firewalls and don’t get us wrong, these things are important. However, these things are like washing your hands before eating supper. It will reduce the number of ‘germs’ you are exposed to, but it won’t elimate your exposure completely. A comprehensive ransomware, and indeed any malware plan may start with firewalls but it always ends in backups. Why? Because with the right backups, you can recover from anything, even a full-encryption ransom attack.

1) Create a Complete Backup of Each Machine

Ransomware has to have an entry point, and this is usually a personal computer. These days it can also be a mobile or IoT device and the importance of recovering data on these devices should be considered when planning for backups. When ransomware strikes, it encrypts every file on the computer and then uses files from the program to project the ransom message and interface. While you could mess with the hackers, your best bet is simply to wipe the computer to factory settings and re-install everything you need.

Of course, doing this manually could take hours if not days so what you need is a total backup complete with software installs and configuration settings as well as the basic file system. This kind of backup takes more space to store but it also allows you to cut off a hack at the start and get the system back to safe working conditions in a matter of minutes rather than days. This method is especially useful if you have a floor worth of computers that share a similar if not identical configuration.

2) Save Your Data on the Cloud

In general, ransomware can only attack files stored locally on infected computers and networks. This means that while they may be able to reach out to remote servers you are actively connected to, if you save your business data through a cloud storage service or, better yet, through third-party SaaS servers for the platforms you use, the ransomware won’t be able to corrupt it. To harden your defenses and protect sensitive company and client information, make sure that important data isn’t stored on a local system, even in the Temp folder. This way, hackers will neither be able to breach your security and leak information or deny you access through encryption or local deletion.

Paired with the complete computer backup, a cloud data storage system means that after a localized attack, you can recover the compromised system up to the point where it is immediately compatible with your cloud platform again, putting the workstation back into use quickly.

Believe it or not, the setup is the most complicated part of establishing a ransomware-proof business plan. In fact, it’s only the first half of the article. Join us next time as we cover points three through six from your infrastructure backup to your restoration plan. For more tips and advice on best backup practices, contact us today!

What Should You Do If You Think You Have Been Hacked?

February 8, 2018Malware, Securityanti-virus, malware, securitySystemsNet Administrator

Small business owner upset over being hacked in the workplace. Leaning head on crossed arms over a laptop

Being a small business and being hacked can put you out of business if your not prepared

There are a couple of questions many business owners ask when it comes to hacking, and those two questions are:

How can I tell if I have been hacked?
What steps do I take if someone has hacked my business?

Unfortunately, many small business owners do not know they have been hacked. Apart from ransomware, there are many cybersecurity events that go unnoticed. Can you believe that many small businesses and medium-sized businesses can have data breaches that go unnoticed for a significant period of time, including several years? The breaches that are noticed are eventually noticed by someone outside the business, including law enforcement officials.

Can you imagine being breached and not knowing this has occurred until a third-party notifies you? If you data breach occurs and it goes undetected for a substantial period of time, you may never identify what actually caused the breach to occur in the first place. When you do not know how, why, or where the data breach took place, you may start questioning if all of your company’s data has been compromised.

How Do You Know If You Have Been Hacked?

When you have a full understanding of the different types of hackers and what their intentions are, you will be able to understand how anyone can be hacked. There are different businesses, small, medium, and large, that can all become a target for hacking. Hackers look for sensitive data that has not been carefully protected.

What Type Of Hacks Are More Common?

It does not matter if a hack is basic or advanced because even a basic hack can cause severe damage to a business. A small or basic hack can result in your computers or any devices doing things that they should not be doing. Some of the common hacker techniques include the following,

viruses
Distributed Denial of Service (DDoS) or Denial-Of-Service attack (DoS attack)
fake Wireless Application Protocol (WAP)
phishing attacks
in-house attacks

What Should You Do After A Hack Takes Place?

Do you have a plan in place if a hack does take place in your workplace? Your employees need to be trained well enough so they will be able to identify an attack on the business. When your employees are trained, they will be able to help your business get back to operating at its normal pace. Your business needs to get back to business as soon as possible after an attack has been identified.

If you have noticed that your system is behaving unusually and if you notice suspicious files that seem to be harmful, an attack has likely taken place. Professional and experienced hackers know how to carefully cover all their tracks. We suggest that you look carefully at your systems’ log files.The hackers also know how to delete those log files as well.

After you have identified you have been hacked, you should make sure the attack has been confirmed. Once there has been confirmation of the attack, you should check your computers, devices, and your networks to determine if anything else has been compromised. You will need to identify how much information the hackers have obtained.

When security breaches occur, critical data and information can be lost when your systems are down, include your network connections and content that is stored in your RAM. You will need to consult a professional so you can fully understand the options you have at this point.

It is extremely critical that you have the proper backups in place. It is also important that you have the right Managed Service Provider (MSP) that will provide you with the tools and resources you need to conduct business as usual after an attack has taken place. Contact us today for more information on how you can protect your business from hackers.

Recent Virus Release Starts In Ukraine And Spreads Across The Globe

September 21, 2017Anti-virusanti-virus, Global Hacking Attack, malware, VirusSystemsNet Administrator

Cyber security is a critical component in preventing downtime in your network

An international cyber attack, known as “Petya”, struck computer systems across the globe, starting in Ukraine. Tens of thousands of machines in Ukraine and the United States were impacted. Automated teller machines stopped working in the capital of Ukraine. Workers all across the globe had to quickly scramble to make the necessary adjustments.

It has not been determined who is responsible for the cyber attack. No details have been released at how impactful the cyber attack was. The attack started on the Ukrainian government. This is not the first cyber attack that has taken place as of late. The difference between this cyber attack is that it seems to be one of the most advanced attacks that have taken place since the National Security Agency had some of its hacking tools stolen.

This global hacking attack took control of all the computers. Since the hackers obtained control of the computers, the attackers demanded ransom in order for them to release access to the owners of the computers. This recent attack used the hacking tool, Eternal Blue. Eternal Blue was also used in the WannaCry attacks. Not only did the attacks use Eternal Blue, but there were also other methods that were used to carry out the cyber attacks.

There has not been any acknowledgment on the National Security Agency’s behalf regarding the use of their hacking tools. However, there have been many computer security professionals who have requested that the National Security Agency to help everyone across the globe protect itself against tools that they created.

Microsoft releases patches for its software and operating systems, but this does not always mean that the patch will be installed quickly and correctly. Since the ransomware used more than one method to spread across the computers, even some computers that were actually patched correctly and patched quickly were not excluded from the attack.

One of the most well-known computer attackers is viruses. Viruses can do a great deal of damage to computers, and an entire organization. There are various types of viruses that each have the ability to compromise a computer in multiple ways.

While many people think they will never download a file that is corrupt or that they will never click a website that is a scam, it is important that everyone remembers that a hacker is very intelligent. A hacker can create any type of virus and anyone can easily be tricked. Some viruses can even lead people to believe that they are software that will protect you from a virus.

Once your computer has been infected with a virus, your entire computer can be damaged beyond the point of repair. Your computer’s performance can be slowed down, critical files, photos, and videos can be damaged, lost, spread across other computers, etc. Viruses can cause you to spend up to thousands of dollars in computer repairs, replacements, etc.

Fortunately, there are tools you can use to help you protect yourself. One of those tools is Webroot Antivirus. The internet is not as safe as we would like it to be. Even if you are a computer whiz or extremely tech-savvy, you may still accidentally download malware, viruses, or you may even be a victim of identity theft.

When you are aware of the consequences of not having the proper anti-virus protection, you will be able to spread the word to others. Hackers are savvy, and they can easily trick anyone into clicking a link or downloading a file. We want you to protect your files, your computer, and your business. Contact us today for additional information on the latest virus releases and the best protection for your servers and workstations.

Here come the Thingbots!

March 24, 2016Anti-virus, Malware, Securityinternet of things, malware, protecting internet of things devicesSystemsNet Administrator

As the Internet of Things continues to become more common in our daily lives, the vulnerabilities of these devices will become more apparent and more in need of protection

Information technology experts have been dealing with malware for years now. First, worms, then viruses, then ransomware. Malware re-invented itself as the internet expanded and hackers found new ways to make money through criminal enterprises on the net. That was then; this is now: get ready for the rise of the thingbots.

The Internet of Things

Last year, the internet was awash with stories about the rise of the Internet of Things (IOT). In the new digital world all our smart devices would be able to talk to each other and connect to the smart grid. Our toasters, coffeemakers, baby monitors and our internet-connected cars will communicate with each other and with our smart houses to make our lives so much simpler, organized and automated. The IOT would learn our preferences and our habits and adjust programming based on what they learn about our wants and needs. Some experts estimate that by 2020, a mere four years from now, between 25-50 billion devices will connect to the Internet and, potentially, to each other.

When that happens, IOT will not only take in data about our lives but will send data to other external machines. For example, the smart refrigerator not only keeps tabs on the food in your refrigerator and knows when you need to order particular items. It can send the list of foods you need to order to your smart phone, and then externally to the shopping delivery network that you use.

How do botnets form?

Botnets form when malware takes command over large numbers of computers (the term “bots”, derived from robots) and organizes them into systems (nets). A botnet, then, is a system of computers infected by malware. Botnets are the reason we have most of the hacking, spamming, and malware that we face each year.

As a rule, most of us haven’t worried too much about botnets attacking our computers. They seemed to mostly target the data of Fortune 500 companies or cause denial of service issues. When you hear the numbers of computers infected and controlled by botnets, however, the scale is nothing short of amazing. Just as an example, hackers created one botnet called ZeroAccess. At its height, this botnet reportedly controlled 1.9 million computers around the world in its efforts to commit cyber crimes.

Botnets are a threat to both businesses and personal users. We all use smart devices now. We bring our smart phones, notebooks and tablets to work. Any infection in the business network will spread easily to your personal devices. Similarly, an infected personal device linking to the business network can spread the infection to the network.

Of course, corporate networks usually have more sophisticated anti-malware protections and cyber-security systems than we do at home simply because they have more secret and proprietary information that hackers want to steal. Since there are various types of malware, though, any computer user is at risk. Some botnets send spam, some collect credentials or steal intellectual property, and still others send internet users to malicious websites. Once individual devices are voluntarily connected to each other, who knows what evil hackers will accomplish on a worldwide scale.

So, What are Thingbots?

Thingbots are botnets made of infected devices from the internet of things. Controlled by the owner of the botnet, they have the same capacity for malicious activities as traditional botnet malware.

Wireless routers and modems are the most likely targets for thingbots because they are directly connected to the internet. As our home appliances and workplace machines become fully automated, cyber-security will need to protect data at each segment of connection. The more data points connect, the more companies will need to employ security checkpoints.

To read more about thingbots, read the October 2014 article “Botnet malware: What it is and how to fight it,” on welivesecurity.com.

To talk more about botnets, thingbots, and what it means for your cyber-security, please contact us. We want to help your business stay cyber-secure.