Managed IT Works: Especially Against Ransomware Like Petya

It’s been 6 weeks since the last global affecting ransomware attack has occurred. The last attack brought to you by WannaCry affected millions of computers and servers throughout the globe.

That attack affected an ancient exploit going all the way back to Windows XP and was stolen from the national security agency. Hackers use that exploit and penetrated systems worldwide generating tens of millions of dollars in ransom networks.

What did we learn since then? Apparently not a damn thing.

The Petya Ransomware

Lo and behold, earlier this week a new type of ransomware called Petya/Goldeneye infected millions more, but had a completely different vector: it went after the hardware as well. Older computers used a system called BIOS or basic In-N-Out system that has been around from the late 70s. Luckily, as hardware has progressed with the newer Windows additions, encrypted hardware interface technologies such as unified extensible firmware interface or UEFI requires encryption certificates in order to make changes to the system.

None of the affected hacks that have occurred in the last couple months could penetrate the newer firmware… but the older systems were extremely vulnerable.

Why do we say we have learned not a damn thing? Because we haven’t.

Update Your Systems or Get Them Managed

In March 2017, Microsoft released a patch for the latest exploit to prevent it. People didn’t listen; they didn’t patch their system; they didn’t think it would happen to them. But it did.

That is why at Triton we extremely recommend that clients go into a managed platform. Why? In our managed platform (among the other benefits), we handle all of the arduous and tenacious patching for all of your network systems. That patching has pretty much insulated our clients from any kind of hack. Are they 100%? No. But the latest round of exploits has taken hold because people have not patched or maintained their systems in a consistent way. Patching here or there doesn’t really work because you may miss some, it may not seem important to you, but in an automated patching system, a patch is going to go into your system no matter what. That is what has saved every single person under Triton Technologies management system from getting a bug.

Managed Services with Automated Patching Works

That is why we extremely recommend even the smallest business to outsource their IT technology needs, security management, backups, and everything else that has to do with your network to a managed technology company such as Triton Technologies. Will these hacks and exploits happen again? Most certainly. There is absolutely no end to what hackers and exploiters will do to get money from people who are not serious about data security. Let us help you solve that.

“All-in-One” ISP Services: Too Many Cooks In The Kitchen

In the last decade or so we have noticed that more and more Internet service providers are offering services such as hosting for websites, hosting for email, DNS hosting, registration and more.

We cannot emphasize enough how much we do not support this.

I’ll tell you why. As a managed IT provider. We try to be an all in one stop shop for our clients. Have you an email issue? We can solve it. Is your printer not printing? We can solve it.

ISPs Don’t Properly Support These Services

What we’re finding is that in order to attract clients, these ISPs are giving away these basic services and not knowing how they work. A prime example is a couple of clients that we’ve actually been dealing with for the last couple months. They went with their local Internet provider, who gave them their Internet of course, but also gave them email, established hosting, and attempted to set up their DNS.

This Went Poorly

It was horrible. The old provider would not release the domain and email information, the new provider could not get the DNS done right and required at least a 24-hour turnaround, and in the end, the client was so fed up, they pretty much fired everybody and we took over.

We Take Over

We took over the domain; we took over email, web hosting pretty much everything. In 3 days we solved all of their issues in which their previous provider couldn’t do in 6 months. We established their Managed DNS, managed web hosting, website monitoring and backup, office 365 hosted exchange, and basically removed 6 secondary vendors into one primary.

The client has never been happier.

When you need and require that your assets be managed continuously, professionally and securely, you need to use a managed IT provider. We can even help manage your ISP vendor to make sure your connection stays on and strong. Stop having spoiled soup and contact Triton Technologies today.

Compliance: When You Need to See Everything from 10K Up

At Triton Technologies we have been doing PCI, HIPAA compliance, SOX and more for years. Most of the time it is pretty straight forward and easy to implement the solutions. This one project was going on nearly a year.

Wait, what? Yup, a year to bring them into compliance with HIPAA and data protection laws.

Ending the Remediation Cycle with HIPAA

Basically what happened is every week we got a report on what we needed to do to correct potential security issues, address them and wait for the remediation to come back. Time and time again it was the same issues, similar issues or something out of left field. Weeks after weeks, month after month, from the trivial to the hash sequence to the HTTPS certificate registrar, it was becoming monotonous. As one team would shift, another would come on board and eventually it would all start again.

The Importance of Good Communication

Three months ago we put our foot down. ENOUGH. We need to talk directly to the technicians requesting this and ask them some direct questions, which we were given. The first 10 minutes of this conversation were extremely productive, where we could ask the direct question like:

  • What are you looking for?
  • How are you looking for us to protect it?
  • And the all-important: Why?

We came to find out they made A LOT of assumptions, none of them right.

After 2 weeks of giving them reports that would give them the data they would need they certified our client. Sometimes it just requires getting in touch with the right people and resolving the issues directly. Does your IT support ask (and answer) questions when they hit walls? If you’re having issues reaching your compliance, contact Triton Technologies, and we’ll help get you there.