Ransomware Archives - Triton Technologies

Ransomware Attacks are Increasing Against Established Organizations

When it comes to ransomware, this cyberattack scheme isn’t new, but it has become increasingly common over the past several years. Many of the viruses lurking out there steal data to be used for nefarious purposes, with the goal having long been to access important financial and personal data that can be sold off. Not ransomware. Ransomware generally does not access your data to sell off to criminals. Instead, the virus kidnaps your data until you pay the ransom.

Understanding How Ransomware is Different

Going back to other forms of cyber-attacks: they focus on credit card numbers that can be sold and used to buy things or social security numbers that can be sold to be used to create fake identities. In the case of many viruses, victims may never even be aware their data has been accessed. Typical malware and spyware tries to go undetected.

How Ransomware Works

Ransomware stops you from using your PC, files, or programs. It holds your data, software, or entire PC hostage until you pay a ransom to get it back. When an attack occurs, you suddenly have no access to a computer – a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. In some cases, there may be a nerve-wracking clock ticking down to the deadline for the ransom payment. Some versions are so sophisticated they even have mini call centers to handle your payments and questions.

What Happens After a Ransomware Attack?

Ransomware stands out from most viruses in that you really have no option once an attack has been made. You either pay up or lose the data.

Have a Data Backup?

The only sure answer is a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also.

Have a Disaster Recovery Plan?

The only answer is to be aware that these viruses are out there and that you have to make careful, specific plans to protect your data. It is essential that your backup and disaster recovery plans are designed with a ransomware attack in mind. When it comes to making data security and disaster recovery plans, you should consider bringing in experts with a strong background in this field. Lost data is not something any contact center can easily recover from.

Three Responses After a Ransomware Attack

Ransomware is a type of computer virus that kidnaps your data and holds it hostage for money. It has become increasingly common, attacking governments and all manner of business as well as non-for profit institutions. If you are unfortunate enough to be the victim of a ransomware attack, there are basically only three options open to you.

What to Do After a Ransomware Attack

Why is ransomware so nasty? Because it steals the most important thing your business possesses. Data. Worse, once infected, there isn’t generally a way out. No one can “disinfect” your machine. You aren’t going to be able to call in IT support to solve the problem. Basically, you have three options.

Do What the Hackers Ask

Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). Some ransomware viruses even provide helplines if you’re having trouble. Of course, there are no guarantees you will get access to your data – these are thieves you’re dealing with. Plus, you’re going to only ensure more ransomware attacks will happen.

Refuse to Pay to Get Your Data Back

Don’t pay and lose your data – This has its obvious downsides, unless…

Being Prepared with a Backup

You have a safe, clean backup. In that case, you are stuck with the nuisance of restoring your data with the backup, but you aren’t out any money. However, this comes with a caveat: your backups have to be clean. The problem with ransomware viruses is that just making backups may not be sufficient to protect your data, as the backups can be infected also.

Ransomware Requires Prevention and Backups

As you can see, the first two options aren’t very favorable solutions. The only real defense against an attack is the third option. You have to be prepared ahead of time with a safe, segregated backup. Be sure to get the advice of a specialist on how to protect your data from this very serious threat to your business. In addition, you can bolster your cybersecurity through:

Managed IT: Our clients with our managed IT have never suffered a ransomware breach. Better cybersecurity with network protection like firewalls keeps them safe.
Avoid Phishing: Many ransomware attacks start with phishing. Make it harder for your company to be targeted by avoiding publishing individuals’ contact information and with better email procedures.
Stay Updated: Many hackers work through security vulnerabilities that are patched, but that doesn’t help you unless you update your systems. Always run updates or get them managed.

Contact Triton Technologies today to learn how we don’t just protect against ransomware but provide a full suite of cybersecurity and IT support for all your projects and IT infrastructure.

Ransomware and Disaster Recovery Plans

Disaster recovery is a fundamental element of good business continuity planning. Business continuity planning refers to the broad range of plans created so that a business can continue to be operational no matter what negative event might occur. Business continuity planning addresses catastrophic events, from loss of a CEO, director, or other principal in the organization to severe natural disasters that incapacitate a physical location. Disaster recovery planning is one piece of this broad planning. Specifically, disaster recovery plans refer to how to quickly recover from some event that compromises your IT infrastructure.

Part of Your Disaster Planning: Ransomware

In general, smaller businesses without any or single-person IT staffs utilize the services of a managed service provider (MSP) to develop disaster recovery plans. One piece of your disaster recovery planning needs to address how the contact center can protect its data from a ransomware attack. Unlike more well-known viruses, ransomware doesn’t just access your data, it locks it down so it is unusable. The business model behind this approach is simple: they are betting you will have no segregated backups and will be willing to buy back access to your data.

Is Your Data Properly Backed Up?

The only real defense against a ransomware attack is offensive. Just routinely making backups of your data may not necessarily protect it from being held hostage. Talk to your managed service provider about the design of your backups and how they are structured, so you will always have a “clean” copy of your data. If you want to defeat the designers of ransomware, your only real solution is to have uninfected backups. As long as you have these, you can simply refuse to pay the ransom. In the case of this virus, offense is the only defense that will keep your business data safe.

Make Sure Your Backup System Get Audited

The most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of backups. Routinely backup your data. However, even backups may not be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also become corrupted. Given the severe consequences of a ransomware attack to a business, consider having a security evaluation done by a managed service provider who will have the security expertise to advise you on the best backup protocols for your situation.

From providing superior managed online backups to business continuity planning, Triton Technologies is here to help. We can be called in to help proactively prevent ransomware, as well as provide full IT infrastructure audits and consultation. Contact us today to get started.

Hotels are Now The Hottest Ransomware Target

We have been working with the hospitality industry for quite some time. We’ve taken what we’ve learned and applied it to an industry we feel has been under-secured. Rightfully so. Now ransomware is targeting hospitality clients, from small privately-owned hotels and resorts to the biggest chains and names in the industry. Front desks, reservation systems, and even Wi-Fi is now under active attack for their valuable credit card information – and potentially even more valuable payoffs if the locked-down client pays.

Ransomware Prays on Unsecured Hospitality Networks

Nothing makes a more attractive target than a network that is filled with active and useful credit card information for current and past clients. Those credit cards can be compromised within a second’s notice, and then payment derived worldwide.

Also Beware Virtual Skimmers and Data Breaches

Some ransomware targets are no longer waking up the network, but instead are actively skimming the credit cards as they interact with the usually front desk machines.

What You Can Do to Increase Hotel Cybersecurity

We’ve been providing managed IT for the hospitality industry for many years, from wireless network installations to full cybersecurity. Here are some of the most common issues we encounter and what we suggest for solutions.

Update to Windows 10: Many problems are caused by outdated or unsupported software. Specifically for hotels, roomMaster from innQuest has ended Windows 7 Support, leaving many front desk computers vulnerable.
Improve Network Protection: Make sure you’ve got a good firewall (we recommend Sophos) and avoid common issues like allowing port-forwarding on your networks.
Backup Your Data (The Right Way): Do you have online backups? Make sure they are done the right way to avoid ransomware infiltrating your backups as well.

To our current hospitality clients: please contact us for further information and about upgrading your existing workstations and managed plans with us. To new hotels, resorts, and others in the hospitality industry looking for the best IT solutions to this problem: Triton Technologies can help. Reach out to us for a consultation.

Ransomware Insurance is Fueling Ransomware

Why cyber insurance is keeping the ransomware industry in business.

As all good managed IT companies and manage security providers do, we are in constant training. From daily check-ins, weekly trainings and monthly seminars, we are kept apprised of the latest trends, threats and how to mitigate them. For us, it has worked incredibly well for many years. But a new threat has arisen that we didn’t expect: ransomware insurance from insurance industry. Continue reading Ransomware Insurance is Fueling Ransomware

IT Problems: Yes, Always Run Updates

In the last week, an update proliferated through our clients’ servers. A small minority of our clients’ servers went down during these updates. A vast majority did not have a problem at all. But that small minority represented hundreds of users. One of the questions I was asked was: do we really need to do updates?

Yes, You Need To Do Updates

We cannot stress enough how important it is to stay on your updates. At times, a server may go down or workstations may be slow, but the updates must be applied. The reason is simple exploits, 0-day infections, and hackers take advantage of unpatched systems.

Issues such as WannaCry, Petya, and more have taken advantage of people not updating their systems. The viruses enter in through a rogue website, email or link someone accidentally clicks on and the viruses in the system through a known exploit. This is extremely dangerous, and that is why we do updates every day.

Updates are Required by Massachusetts Law

On top of that, in the state of Massachusetts, where our headquarters are, there is an actual law that requires us to stay on the updates through the entire network. Under Massachusetts law 21.CMR.17 and its subsequent judicial trials, the state is looking for at least a minimum of a 90-day window for hardware and software updates. It is also a rule of thumb that the government wants to see updates done within a 30-day window. With 0-day exploits, viruses, and issues like this suddenly popping up. We have a policy of doing our system updates weekly and are third-party patches daily. It stays ahead of the game.

Don’t Become a Weapon

As also blogged about before and we were cited in multiple articles: people who don’t patch and do not have critical data also can become a weapon. So a person who has a very low priority network does not do their patching, their network can be used against someone else. It makes them a liability. Now you may say I am not even anywhere near a critical network, nor do I have clients that are, but you can be put on the hook for not following best IT practices when it comes to data security.

That is why we extremely recommend that you stay on your updates even though they may be painful at times. Want to learn more about staying on top of updates? Contact Triton Technologies today to learn about our Managed IT services.

WannaCry or GoingtoRelax?

On Dealing With Ransomware

A couple of weeks ago, a worldwide exploit stolen utilities from the National Security Agency were utilized to take down literally hundreds of thousands of computers, from hospitals, government, and large corporations.

For days people were freaking out and having a tremendous time securing their networks. Traditional methodologies failed. Traditional thought processes failed.

In the days and weeks since this attack, we have learned much. From the tools they use, to methodology and the exploits.

We Suffered No Incidents

At Triton Technologies, we were not affected at all. Not a single one of our clients’ computers, not a single compromise network, not even a rogue email. Not that we didn’t see a single remnant of it, but our technology, up dates and our near-religious security methodologies protected every single one of our clients.

That’s right, not a single person had a problem: business as usual. Just like with CryptoLocker.

Why We Weren’t Affected

The reason why? The exploits that were utilized by the WannaCry hackers dealt with old and unpatched systems. Every single one of our managed clients and their systems is patched daily and weekly. Every exploit mitigated, and every possible vector to enter into a network patched up.

We understand that has affected many businesses and many small business owners are freaking out. Not us. With the right managed plan and the right technology to head off potential disasters, issues like this will never affect the business. The proof is in the pudding, and not a single one of our clients is worried.

Managed IT services saves you money and protects your data. Contact Triton Technologies today and quit worrying about ransomware.

Dealing with CryptoLocker: Why We Do What We Do

As the owner of Triton Technologies, I go through constant training when it comes to MSP services, products and support methodologies.

I was at a conference in Hartford Connecticut and listening to other business owners and I heard something that isn’t heard in our office:

“Cryptolocker is kicking our butts.”

We Take Security Seriously

I can barely remember the last time I had to deal with any type of crypto virus. It was early last year (1.5+ years) and it was a personal laptop someone brought into one of our clients to use when there was some downtime. The virus was actually running in the background and they had put it on standby and took it to work. When they opened it up, it continued but the network had all the necessary defenses to prevent it from being more than a blind annoyance.

Our network firewall, the antivirus on all machines, the SSL and third party confirmed certificate communication was all working to prevent it from getting in and it worked perfectly.

The Best IT Solutions are Proactive

The call when it came was a shock but after reviewing the logs, the firewall defenses and the internetwork logs, it was mitigated and shutdown before it did anything actually.

We implement the firewalls, the solutions, the antivirus, the backup, the monitoring and the third party patching because… IT WORKS. It just works, and it keeps the hackers, viruses and more at bay.

Some clients we work with thing we’re over-the-top when it comes to planning and security, but not one has been sad when they realized by taking our advice, they got the tech they needed for dealing with CryptoLocker and avoided having their own data being held hostage against them. If you’re looking for just that kind of solution, contact us.

Dispelling Ransomware Myths

Ransomware is the new underground economy.

In the last few years, a new breed of exploit has arrived on the scene, called Ransomware. Basically, what it does is encrypts all your files, demands bitcoins or some other crypto currency and waits. It usually has a timer giving you a couple of days to setup an account, transfer the funds and when done they usually send you the decryption codes.

Why Does This Happen: Money, Greed, and a Lack of Patching

A majority of infections are from “drive-by” downloads. You go to a website, or to an obscure search engine and a virus writer has purchased an AD on that page or engine. In the coding, it displays to the search engine something different than what others see to avoid detection. When you go to that page, it runs a JavaScript with usually a zero-day exploit and tries to inject itself in your computer, and you don’t have to do anything for it to come in. It tests the weaknesses of your java, shockwave, HTML interpreter or other system weakness and exploits it.

What is a “Crypto Currency”?

Years ago (and there is some disagreement how it was developed), a new type of currency was developed. It was named “BitCoin”. Bitcoins are computer generated slices of encrypted code that utilizes each other to generate a code when it considered a currency. You can slice and dice up this code to pay other people, bundle up all the bitcoins or be able to send money to anyone else on the planet. It is extremely fast, easy to use and no one government controls it. It also has some drawbacks: enter in the wrong bitcoins address and it is gone, never to come back.

My Files are Encrypted. What do I do?

Most people don’t think anything of the popup that they receive when the initial demand for payment is made until they go to launch a program or access a file. That is when people begin to panic. Word, Excel, PDF’s and more are locked down solid. They want their bitcoins and your data is being held hostage to deliver them. The virus is smart, so it disabled system restore and in some cases deleted backups in the process.

I’ll Call the Police, They’ll Help!

Nope. The people who develop these ransomware viruses are overseas and they use the highest encryption they can get their hands on. Usually, 4096 bit+ RSA multi-key crypto keys and they are extremely hard to break if you’re not a major super power. FBI, NSA, DHS and the local police have no tools to help you. These writers specifically target small business owners, hospitals, and smaller targets so the governments do not get involved. If they targeted larger, then something would be done. The best thing is just to NOT get infected to begin with by utilizing a terrific antivirus, patching, and maintenance program and being proactive in your security.

Patching Your Computer

If you see a leak in a dam, you patch it right? Why not your computer?

Many people avoid patches, and yes, there are many. From Windows updates to Office updates, Adobe Reader, Shockwave, Firefox, Google Chrome and more it requires you to keep on top of them. Why? Anyone of them can be a vector to enter into your computer and you should be patched. At Triton Technologies, we have an excellent patching system in place for our clients and networks. We update once a day for workstations, weekly for servers, and hourly for 3rd party software such as Adobe, Google and more. It pretty much KILLS the ransomware even before it has a chance to come in.

I Have a Firewall, I Don’t Need to Patch All the Time!

Nope, the firewall is just another line of defense, but it shouldn’t be your only defense. You need to have a proper maintenance program in place, security protocols in place, anti-virus that is up to date and more. Just relying on a single piece of technology for a total system defense is not only bad for data security, it could potentially bankrupt your business. If you’ve got any of these concerns, or are recovering from a ransomware attack: contact us. We can help you get your system back up and backed up, and make sure it never happens again.