Thursday, June 14, 2012

Ransomware Attacks

Over the last few weeks we have seen a sharp increase in attempts to hack into various servers over the internet.  The hackers seem to have two particular goals for gaining access.  They may try to install rogue software on your server in order to use it to send mass phishing emails, or to conduct an attack on another server.  They may also attempt a fairly new form of malware called ransomware.  With ransomware the attacker installs two key pieces of software on the computer.  The first searches the computer for data files and backup files, and encrypts them in a password protected file.  The second program then completely deletes the original file from your hard drive.  When your server reboots you’ll be presented with a screen that demands $500-$1500 sent to the hacker in order for your data to be restored.  This screen also locks you out of the computer.

It is very important to stress that there is no way around this once the hacker has gained access.  The tools used by the hacker are all legitimate programs that anti-virus solutions won’t flag as a threat.  They are just being used illegitimately.  The program completely destroys all original data, and backups visible to the server.  The only way to restore your data is from your offsite (internet or portable USB) backup.

Due to the nature of this threat we strongly recommend you disable remote access into your server, whether it is open to the outside world or not.  Likewise, you must be diligent at running your offsite backup daily.  The importance of your offsite backup is absolutely critical when it comes to a situation such as this.  Without a good offsite backup you’re left with the choice of taking the chance and paying the requested ransom, or moving on without your data.  If you are part of our Managed Remote Backup Services, rest assured your data is protected.

Please follow the guide below for disabling remote access as soon as possible.  If you are a contract support holder with us you can just consider this a FYI, as we have already disabled remote access to your system.  If you need remote access to your server, for working from home, or because there is no monitor/keyboard/and mouse on it, please call Treneita at the office and arrange a time to talk with one of our technicians about an alternate method.

Friday, June 17, 2011

Rogue Antivirus Cliff Notes

Lately, we’ve seen an uptick in the occurrence of Rogue Antivirus infections.  The aim of this blog post will be to educate everyone a little bit about these viruses, how they are acquired, and how to identify them.

A Little Background:

Rogue Antivirus products are designed to scare users into purchasing a bogus product.  The typical M.O. of a Rogue AV program is delivering a pop-up to your screen, which is generally loaded with fear-inspiring terms, as depicted in the image below:

Looks legitimate, doesn’t it?  They’re supposed to. The people who write these bogus products are trying to swindle users, so they need an effective hustle.  Show a screen depicting a bunch of phony infections, and scare the user into spending $60.  The kicker:  Even if you pay the $60, the Rogue AV will, more often than not, stay on your system.  In fact, attempting to “activate” the product can worsen the infection and cause system instability.