Viruses

Here we go again, another major ransomware attack in Europe and the United States within a couple of months.  This one is called Petya and it's been working its way here in the US by using the same exploit of SMBv1 that WannaCry used which rapidly spreads across networks.  

Petya which also has been referred to as Petwrap has been bringing computers down at corporations, banks and other companies.  How Petya works is that it will reboot the computer and encrypt the hard dive's master file table, which makes the master boot record inoperable restricting access to the system.  It will replace the master boot record with it's own code which displays a ransom note and leaves computers unable to boot.

Every day hackers find new ways to gain access to your most important data whether it be your own personal information or that of your clients.  Just like having an alarm system in your home, there are ways to deter a would be hacker from gaining access to your vital information.  Below are some tips to keep you safe.  

1)  Make sure your computer is up to day with the latest operating system and that all updates are installed. This includes updates to Java, Flash and Adobe.
Read more . . .

The more sophisticated malware gets the more sophisticated your firewall has to be to fight it.  WatchGuard has added APT (Advanced Persistent Threats) Blocker as another layer of prevention against advance ransomeware viruses that encrypt all of your data and make it inaccessible. 

APT blocker checks file against an existing database of malware. This happens first on the firewall itself and then in the cloud.  If the file has never been seen before it is analyzed, and if found to be suspicious, blocked from ever entering your network.

Some of the newer forms of malware coming into systems are macro-based.  Recent data shows that 98 percent of Office targeted threats use macros.  To combat this issue Microsoft has added into Office 2016 a feature that helps prevent the risk from macros and other higher risk scenarios.  This feature can be set by group policy or allowing individual users rights to revise their settings.  

The thinking behind this is, if you block the macro, you block the threat.   When you set your macro threshold lower, the user gets a warning when they try to open the email that states the contents of this document are being blocked. This feature relies on the security settings built into windows to specify trust.  If the file originates from a location considered to be the internet zone the macros will be disabled.  This helps cut down on malware getting through.  

It is not recommended that you enable macros on documents or emails from any source you do not trust or know. You should also be careful even with friends or colleagues as may have been unknowingly hacked.  If it seems suspicious it probably is and it's best to heed the warnings.  

Any questions you may have regarding the disabling of macros, please contact us at Glasser Tech 516-762-0155.   

Ransomeware is a malicous attack that causes your data to be unavailable to you unless you pay a payment to unlock the captive material.  Often, ransomware requires that you pay this ransom in bitcoins. How does this happen?  Malware can be delivered many different ways exploiting vulnerabilities through ad networks or older versions of a flash player. 

According to "The Guardian," a news magazine, a number of major websites including the NLF, the New York Times, the BBC and AOL have all been hijacked.   When a user visits a page that has been targeted, the page gets redirected to a different server hosting the malware.   The malware then looks for any way to exploit the target computer.  It installs a program similar to cryptolocker that takes over the user's data and encrypts it in such a way that you cannot use it again until you pay the ransom to get the information back.  

Ransomeware seems to be the newest trend for criminals versus the older forms of threats such as a virus, adware or trojans.  

It is best to keep your computer up to date with the most current Windows  and Adobe updates as well as having an antivirus software  such as Symantec Endpoint Cloud Protection which pushes new anti-virus signatures directly to your computer through the Cloud.  

If you have questions or concerns, we would be happy to assist you.  Please contact Glasser Tech at 516-762-0155. 

There is a new ransomware called "Locky" that is on the attack.  Please make sure your entire office is aware of it.  It comes in the form of a Word Attachment.  If you are not expecting an email with a Word Attachment call and ask the sender if it in fact came from them and was it actually meant for you. 

What the "Locky" ransomware does is rename your files, scrambles them and then encrypts them. Locky also removes any Volume Snapshot Service (VSS) files also known as shadow copies that you may have.  Shadow copies are Windows way of making backup snapshots.

Once seeded on a host, the ransomware can spread quickly across your network.  Then when it is ready, it instructs you via a screen to pay a ransom to get your data back. 

The best defense is a good offense.  

• Make sure you have a good backup solution.
• Check your backup and make sure you have a good backup every day.
• Make sure your staff does NOT click on random emails that they were not expecting.  If something looks suspicious, it probably is suspicious.
• Make sure you have a good Antivirus and it updates automatically.