virus

How to prevent your business from getting hacked ..

1) Use two-factor Authentication for Authentication to all your web and application services

Your password now is a single point of failure for your email or service getting hacked by unauthorized users. The chances are the account would be exploited in the first day against some social engineering trying to get money from your finance department. Your bank and financial institutions have been using 2fa for years now and it's the recommended solution now to add to the rest of your cloud and local services. 

2) Use SSL Certificates whether possible

This is usually added to company's Web Application such as a Document Management Solution or Content Management Solution which use certificates to encrypt traffic between your web browser and the app to make sure no prying eyes will see any confidential data.

SMTP emails should be set to use TLS for mail flow by default over normal port 25.

3) Have a fully up-to-date antivirus program that also Alerts

Windows 7 and Windows 10 now-a-days come with Free Antivirus checkers ( Windows Defencer and Security Essentials)  however these are only licensed for Home use. It's best to get a fully managed AV like Webroot where Virus detections are alerted on straight away.

4) Use a third party for Spam Filtering

Even with cloud providers such as Google's Google Apps for Email or Microsoft's Email Hosting 365 , they need that added layer of protection against Spoofing, Phishing and Virus.

Services such as Mimecast and Postini can help protect all the above and provide real time protection to new threats

5) Regularly change your password

Per Bullet point 1) the first form of defense if your password! Make sure this is changed once a month and sign up to https://haveibeenpwned.com/ to make sure this hasn't been compromised elsewhere

6) Keep your Equipment Up-To-Date

Make sure all the firmware on your Wireless Devices , Servers and Routers are kept up-to-date to make sure you install security updates as well as feature updates

7 ) User training

Make sure users are told regularly about current well-known attacks such as phishing , Spear Phishing or Cryptolocker so they can understand what to look out for and ask before clicking!

 

Petya Virus - Another Virus in the Wild and how to keep safe

Another Cyrptovirus has reared it's ugly head in the wild called Petya. It's already infected an Ukrainian Bank , DLA Pipa Law Firm in the USA and a few other agencies.

So far there has been no kill switch found to stop mass infection.

It utilises the same flaws that Wanna Cry used with SMB 1 so if you have already disabled this you should be some what protected. This virus gets into organisations through Email to Spam Filters behind your email servers are a real time defense against these new virus as well as up to date Windows and anti Virus on your Firewall.

Important Note per below :

Wanna Cry Virus - What you need to know!

Cyprtolocker Variances such as the recent "WannaCry" have been around for years. The main reason this hit the news headlines is of big outbreaks across the NHS and other global organisations.

Per below we've put together a list of things you can do to mitigate this for this strain and other strains : 

http://www.response-it.co.uk/news/2016/10/27/ransomware-the-small-business-guide?rq=Cryptolocker

Install the MS17-010 update that patches the vulnerability in Windows

Done with finding out the version? Here are the links to the updates for all of the Windows versions for which it has been released. Note that if you aren’t sure if you use 32-bit or 64-bit version of Windows, you can simply download both patches — one of them will work for you; trying to run the wrong one will bring up an error box but will do no harm.

 

 

You can also be extreme and disable SMB 1 totally from your network however careful with this as things such as VCentre use this for domain authetnication! 

Microsoft have put together a full list here thats uses SMB1

https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/

 

 

 

Small Business - Guide to Ransomware

What is it?

Ransomware is the ability of the attacker to launch an application usually on your Windows Desktop to Encrypt all your Company Shared files and hold the unlock key to ransom. The ransom is usually asked for by payment of a Bitcoin key which is totally untraceable.

Such strains of this attack has usually been nicknamed Cryptolocker

There are even companies selling this Virus as a service offering 10% of all the Ransom paid!

 

How do I stop it? 

Spam Filters

Make sure you have one of these before email hits your Office 365 or Email Server. They can scan Macro's and files and also block emails which have been bulk sent and this protects you before the email even gets to your server!

User training

Make sure users are wary of what emails they open with attachments. For Example why is my gas company sending my home gas bill to my work email? Why is TNT sending me a receive note when I have not received anything?

Keep Up-To-Date

Alot of Ransomware comes from out of date programs such as Flash and Java, sometimes through Averts! Make sure you keep these up-to-date or speak to your IT Provider about a tool to deploy these weekly and Advert Blockers.

Disable Macro Scripts

Cyptolocker variants like to use Zipped up PDF , Word and Powerpoint presentations harmless looking invoices to download programs to the computer. Make sure you read the warnings before enabling these.

Group Policies

Enable Group Policy's to Disable Executables running in AppData and Local App Data

Antivirus

Make sure it's turned on - Remember when you turned off the Anti Virus to stop it annoying you about updates or a false positive. Make sure you have a management center for all your Anti Virus Clients to check what users have what enabled!

File Resource Manager

Get alerts when specific files hit your server so straight away you can action the removal of the machine from the network. The process can even be automated!

 

What if I get infected?

Call your IT Provider Straight Away

You will start seeing your files changes extension from .doc ( Work document ) to .zzz and you will be unable to open these anymore. This means they are encyrpted and the virus is encrypting or has encrypted all the company data. There will also be Readme.html files are placed in each directory with the Unlock Key and instructions of how to pay as well as a deadline.

Call your IT provider so they can determine which computer is infected which will need to be unplugged and wiped. They can also get on with the restoring of Data

Try and Find an Unlock Key

Our friends at Kaspersky have put together a load of tools to be able to unlock for files for you for free here

Backups 

Backup is the only last method of defense. If there is no unlock key from above from your strain. Depending on your backup software ( Veam / Backup Exec ) you should be able to restore from the previous' Nights backup meaning only a loss of a days data compared to everything. This might be a good time to thing about your current backup plan, maybe a midday backup would be good to mitigate a 24 hours loss instead of a 12 hour lost.

Pay up

This is the last scenario, it never helps to pay Ransom's as it encourages it , however if this is your last option, maybe a 500$ Payment is cheaper then wiping all your Data. Payments do actually work if you leave all the documents on the system intact, it will actually decrypt it per case study.

Huge rise in hack attacks as cyber-criminals target small businesses

Cybercrime attacks ALL. It is down to user knowledge to avoid the potholes of dangerous emails, and websites that sometimes appear too good to be true! Downloads, attachments and erroneous surfing all can prove fateful, as in this Case Study, from The Guardian, reports.

Response IT have dealt with over a dozen client instances of cybercrime, and its on the rise. The more data you can move to the cloud, the safer you will be. The alternative being if you have a local server, make sure it is backed up regularly - like nightly! Don't get caught out, as this type of malware will encrypt all your network shared data, quicker than you can detect it!

Please take the time to read this article...written in February this year but still current today.

Article: http://tinyurl.com/hxufszf