The CryptoLocker battle continues - part 2 - paying the ransom

In my last post I talked about a client network that was devastated by CryptoLocker.  A local competitor had unsuccessfully tried to remove the malware before first determining whether the client had a good backup of their data. 

By the end of the first day, we had exhausted all possible sources of backup copies of their server and data files and it was obvious that their only option was to trust the hackers word that if we paid the ransom they would send the decryption key to restore the data.

The ransom can only be paid in one of two ways.  Send them 2 Bitcoins (value about $460) or use a Green Dot prepaid debit card to transfer $300 to them through the malware program itself.

First through, for the first time in our 25 year history, we actually had to re-install the malware that had been partially removed by the first company to pay the ransom.  Then we had to wrestle with the CryptoLocker payment screen to get it to accept the payment before finally getting the decryption process started.  The decryption program has been running for 2 days so far and has reported that it has restored over 75,000 files and failed on about 50. 

We can't tell whether the decyption is working fur sure because it's still running and it looks like it's going to run another day or so based upon a rough estimate of the number of files the client thinks are lost. 

So far, the client has lost 3 days of office and technical staff productivity. 

This was a hard lesson to learn and even if paying the ransom worked and the client gets back most of their data it's going to be an expensive one.  We've probably still got a day of work left cleaning up this mess across the network on the server and all of the other workstations and then installing a reliable data protection system.

Stay tuned, the program is still running.  Find out if the hackers were true to their word and if the data comes back after the ransom was paid.

Have similar concerns about the safety of your business data? 

Call ACT today @ (847) 639-7000 for a free consultation.

Read More

CryptoLocker Strikes Again With Disasterous Results

The battle with CryptoLocker continued today but this time with a twist.  A client called for help today because a local competitor had visited them yesterday to remove an infection of CryptoLocker.  After working on it all day, the clients problem was worse than ever and the competitor had to leave to "deal with other obligations".  Talk about being left high and dry!

What made the problem so severe was that this client didn't have ANY backup to restore the corrupted files on their server caused by this software.   Yes, they had backup software.  Yes, they had a tape drive.  No, the backup hadn't been run in 5 years and nobody noticed!
Through normal human failure, backing up the server fell through the cracks and now they're faced with a scrambled server with no fallback solution.

This latest version of CryptoLocker is also much more aggressive in the corruption of files.  Earlier releases targeted Microsoft Office files, graphics and acrobat files.  This version wipes out almost everything it touches including WordPerfect files, AutoCadd files and many, many more.  It encrypts every file on every mapped drive that the infected PC is connected to including the server and any storage devices.  The encryption level is very high and nobody has been able to crack the encryption to-date.

Without a backup the client doesn't have many options for recovery and one of them is to pay the $300 ransom and hope that the hacker that created this malware will actually provide the decryption key to undo this mess.

We've spent most of the last day trying to undo the damage the competitor did by only "halfway uninstalling" the malware so we can get the ransomware working well enough to pay the ransom because the server contents are trashed without much hope of recovery.  We're still working on it though!   

Stay tuned for further updates . . .  we're not walking away from this customer like our competitor did!

When we get the clients server stabilized, the client has already signed on to adding our DataVault Backup Solution to their business which is fully automatic and has our technician monitoring service keeping track of their backups.  Each day they'll also get a confirmation e-mail verifying that their data has been backed up and protected to ease their mind about ever having to deal with a nightmare like this again.

Have similar concerns about the safety of your business data? 

Call ACT today @ (847) 639-7000 for a free consultation.

Read More

Support for Windows XP and Office 2003 stops on April 8th.

All Microsoft support for Windows XP and Office 2003 stops on April 8th.

What are the risks to your business if you don't upgrade?

Let's be real here, unpatched systems are an open invitation to hackers to exploit your systems and your network.  Companies that continue to run Windows XP face the risk of increased hacking attacks. Small businesses are often targeted because they lack sufficient protection, and cyber-criminals sometimes use them as a stepping-stone to larger targets. In 2012 we saw a 30% increase in such web-based attacks.

Security & Compliance Risks: Unsupported and unpatched environments are vulnerable to security exploits. This may result in a recognized control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the organization’s inability to maintain its systems and customer information particularly if you’re in a regulated industry.

Lack of Independent Software Vendor (ISV) & Hardware Manufacturers support: A report from Gartner Research suggests that many independent software vendors (ISVs) are unlikely to support new versions of applications on Windows XP.  The longer you hold off, the more common this will become and the more support hassles you'll encounter.                

 Are there hidden costs to staying on Windows XP  or Office 2003?

Yes, staying on Windows XP after the end of support date means paying for increased support costs and potential compatibility problems with new application software not to mention other organizations that use more up-to-date Office applications that your version of Office probably won't process correctly.

Just one exploit of your computer network through an unprotected PC will cost you MUCH MORE than the cost of keeping your network PC's up-to-date and protected properly.

Do you have a migration plan for upgrading these products?  Call ACT at (847) 639-7000 and we'll help you find the best and most affordable way to upgrade your network.

Read More

Beware Hacker Watering Hole Exploits

Beware Hacker Watering Hole Exploits

What’s a Watering Hole Attack you ask?  Hackers can use either of two distinct tactics to compromise your computer and steal information by trying to infect a popular web site or a Wi-Fi hot spot.

Everyone that’s watched a nature film understands that in the wilds of Africa predators hang around watering holes looking for weaker prey.  When the prey wanders into reach, the predator pounces. That’s the principle here but in this case, they want to steal your information one way or another.

In the first type of watering hole attack, hackers take advantage of the fact that their victims often visit popular web sites like shopping sites, community sites and business information sites. Then they exploit or “poison” that location to achieve their objectives by embedding code that can infect weakly protected computers that can then be used to send spam, steal critical information from that PC or turn that computer into a zombie that will respond to remote commands for attacks on other computers or networks.   The malicious code on the infected web sites frequently use vulnerabilities in web related programs that enhance web and browser functionality like Java scripts, Acrobat Reader and Flash Player which individual PC owners are notoriously lax at keeping up to date.  You browse to a seemingly harmless looking web site and WHAM the site exploits an out of date version of one of these modules and embeds the hackers code on your PC to do their bidding.  

Another type of Watering hole exploit tactic is to infect a Wi-Fi site so that users that visit that location can be “listened to” or infected when they sign on.  For instance, many large companies have a local coffee shop, bar, or restaurant that is popular with company employees.  Attackers will create fake wireless access points for unsuspecting people to use in an attempt to get as much private information as possible.  Victims are often more relaxed and unsuspecting because the targeted location is a public or well known place.  Have you ever seen multiple open connections at a Starbucks, a McDonald's or at the airport?  These could be watering hole Wi-Fi sites just waiting for you to stop by for a brief visit.  That’s all it takes! 

The hackers can then sniff unprotected data from the data streams sent between their unwitting victims and their intended remote hosts. You'd be surprised how much data, even passwords, are still sent in clear text.  This is a perfect spot for keyloggers to intercept your sign-in information to private areas and send it to a “listening” device for later use by someone else.  They can even search through the data on your PC without you noticing.

 

Want some simple advice?  Make sure you keep ALL software components of your browser and operating system up-to-date at least weekly.  Never sign into an unprotected Wi-Fi hot spot without checking it's authenticity with the location management first.  Finally, keep your anti-virus/anti-malware software up-to-date DAILY!

Unsure if your business notebooks and PC’s are properly prepared for either of these hacker exploits?  Give ACT Network Solutions a call at (847) 639-7000 for a free consultation.

Read More