Allison Dillow No Comments

The “Wanna Cry” Ransomware – WE CAN HELP!

It’s Not Even Close to Over… Wanna Cry?

In case you have been living in a cave the past three days…Wanna Cry is a ransomware that spreads like wildfire by leveraging a Windows SMB exploit to remotely access and infect computers running on unpatched or unsupported versions of Windows. It infects the targeted computer then moves on to others on the network and those it can find on the open internet.

237,000 computers across 99 countries have been infected thus far.

The news has reported that a 22-year-old security researcher has stopped the Wanna Cry ransomware plague.

That’s only partially true.

He found a “kill switch” in the code of Wanna Cry that will keep one strain of Wanna Cry from infecting computers.

Here’s the problem…

Now there are multiple strains of Wanna Cry cropping up across the globe.

Some with a different URL “kill switch,” and if reports can be believed, at least one strain with no “kill switch” at all. This “no kill switch” variant is believed to have been created by parties not related to the criminals who developed the first Wanna Cry code.

Whatever the final number of Wanna Cry strains ends up being, the truth is that we aren’t even close to being done with Wanna Cry. And the criminals in control of this cyber-WMD aren’t done with causing us pain.

Yes, the infection rate has slowed, but that lull is likely only the calm before the second wave of the storm – according to industry experts.

Where did Wanna Cry come from?

There is no public information on the criminals behind Wanna Cry, but the SMB exploit they are utilizing is believed to be part of a hacking toolset that the NSA allegedly created and lost control of when a group of hackers called “The Shadow Brokers” stole it and dumped it onto the dark web.

Currently, the predominant strains of Wanna Cry are being thwarted before they infect computers by utilizing the method discovered by 22-year-old MalwareTech.

He discovered that by registering a domain name that was buried in the ransomware’s code, he was able to create a “sinkhole” that didn’t allow the virus to infect the computer.

The problem is that if the connection to this “sinkhole” domain is lost, Wanna Cry will move into “infect” mode.

As we have stated above, there are now several strains of Wanna Cry out there with a “kill switch” domain name in their code. Each unique domain name must be registered so that a “sinkhole” is created for that strain.

Even with these domain name “sinkholes,” we aren’t out of the woods.

Malware Tech, the security researcher who found the first “kill switch” buried in Wanna Cry code, has stated that “WannaCrypt (or Wanna Cry) ransomware was spread normally long before this and will be long after, what we stopped was the SMB worm variant.”

There are some scenarios that will allow your unpatched computer to be infected – even with the kill switch in place. Here they are

  • If Wanna Cry comes to you via an email, a malicious torrent, or other vectors (instead of SMB protocol).
  • If your ISP or antivirus or firewall revokes access to the “sinkhole.”
  • If your system requires a proxy to access the internet – common in corporate networks.
  • If someone utilizes a DDoS attack to makes the sinkhole domain inaccessible.

What to do…

The cyber-security experts of {company} advise you to:

  • Patch your computers
  • Run a decent anti-virus
  • Make sure your backups are current and secure

Because of the high-profile nature of this ransomware attack, there will be copycats that make Wanna Cry even more virulent and destructive.

Wanna Cry 2.0 is inevitable.

It’s important that you act proactively for your company now and get the BKCS cyber-security team on your side.

We have the resources to help you stay running and safe.

Contact us now at 540.662.0084 or bkconnectedsolutions@bkcs-inc.com

Used with permission

Allison Dillow No Comments

5 Reasons You Can’t Wait Another Second to Switch to Cloud Email

Think you’ve got your email solutions all figured out?
See why you may be leaving money (and time) on the table if you haven’t considered a cloud email solution.

With the amount of discussion on the topic, few people want to think about the best way to receive and send an email. Switching to a different platform takes time and money that companies don’t often have. And ultimately, why risk confusing everyone with the introduction of new software? Choosing a vendor to manage it all serves many concrete purposes, and the longer you go flying solo, the more likely it is you’ll run into problems.

Saving Your Budget

Running your own server means paying for and maintaining the hardware and software. Between the platform, OS, power, and labor it costs to run, it’s often not worth it. Broken down over time, it’s cheaper to use a cloud service provider (CSP) than a per-user model. When every company’s budget is at the forefront of decisions, cutting costs when it comes to getting your mail should be a no-brainer.

Better Recovery

Whether your servers go down because of a blizzard or because a teenager got their hands on some malware, you’re much more likely to get your data back when you have a CSP on your side. Companies that go through hacks can end up losing valuable contacts, sensitive data or ideas forever, and try to claw back from that can be exhausting. Thankfully, both your interests and that of the vendor are the same — safe and effective storage of data.

Increased Reliability

Some emails can be pushed until tomorrow, but many are time-sensitive. Vendors keep their servers going practically every second of every day, so everyone gets the information on time. If you can’t claim the same for your own email, it’s time to consider other options. Also, your email is easily scaled to your business to allow for more (or less) communication. If you experience a surge in popularity for example, you can adjust your capabilities to accommodate the growth. Your own servers may not be as flexible.

Better Productivity

When your workers are out on assignment or even in another country, they should have a way to stay connected with work. Cloud email gives every employee the chance to access new information and last-minute changes regardless of where they are. The global servers that vendors use have a much larger reach than any private data center could have.

Migration Choices

CSPs are experienced in migrating your email from all the popular platforms. Popular choices like IMAP or a traditional exchange can be handled by your CSP if you wish, or you can potentially do it all yourself. The flexibility that companies have when it comes to transferring their data lets business owners and IT leads feel more in control over what’s happening with their precious information.

BK Connected Solutions is the trusted choice when it comes to staying ahead of the latest cloud developments and can provide you with tips, tricks and news. Contact us at 540.662.0084 or send us an email at bkconnectedsolutions@bkcs-inc.com for more information.

Used by permission

 

Allison Dillow No Comments

The Exploding Cloud

Is It Worth The Switch?

The cloud is all over the place, but that doesn’t mean every business has jumped on-board. Find out whether or not it’s worth it to you to move your data, and who you should consider trusting if you do.  

If you still see virtual data floating around in the sky when you hear about the cloud, then it might be time to rethink this picture. The cloud might be on everyone’s minds (and lips) these days, but that doesn’t mean those who speak about it really understand what it is and how it helps. With so many players crowding the game now, it’s easy to see where the confusion comes from.

What Exactly Is the Cloud?

The best way to picture the cloud is to envision a group of people that specialize in storing data from multiple companies and organizations. Credit card information, demographic information, and medical documents are all kept in one place and organized according to efficiency and safety. The servers that hold everything are meticulously maintained and given the attention they need to continue functioning the way they were meant to. The benefits of this arrangement have been seen by both small businesses and large enterprises alike.

Security, Reliability, Savings

Essentially these are the three primary reasons you’d want to move to the cloud. Running your own servers is not only expensive, but it can also be downright inefficient. The majority of companies running their own servers are losing thousands of dollars over the years to power costs to run machines that are operating at a fraction of their capacity. Without the right controls (dedicated staff, environment fluctuations, etc.), websites can fail without notice. It can mean a loss of profits and productivity due to downtime from both customers and clients. Compare this to 99.9% uptime of cloud vendors or even higher. The cloud also gives small businesses the chance to experience what enterprise-security means regarding preventing breaches, leaks, and hacks.

Understanding the Market

IT teams can do more when they don’t have the extra hassle of needing to maintain fussy servers, but companies still have a responsibility to be involved in the process. Without the right vendor, you may find yourself having a harder time with the migration than you think. You may be harder to gain access to your information or you may struggle with upfront payments. Looking for someone who has both the reputation and the experience can make your transition a lot easier, and your costs more manageable. A good vendor knows their success is predicated upon keeping the financial, personal and medical information safe from the evil eyes. Not only is it necessary for their clients, but also to comply with government recommendations. As such, they not only spend money meeting the state requirements but also invest countless dollars in research and resources to be on the watch for new threats.

BK Connected Solutions is the trusted choice when it comes to staying ahead of the latest cloud developments and can provide you with tips, tricks and news. Contact us at 540.662.0084 or send us an email at bkconnectedsolutions@bkcs-inc.com for more information.

Used with Permission

Allison Dillow No Comments

Malware & Ransomware…What To Expect in 2017!

Cyber-attacks are on the rise and there are several steps your small business can take to reduce risk and mitigate success of an attack.

Many experts in the IT industry believe that by 2020 there will be 200 billion devices connected to the internet. Driving this incredible number is the Internet of Things (IoT). There will be no escaping this connectivity as our homes, workplaces, cities, cars, planes, and WiFi hot spots will have dozens of devices connecting to the internet from wherever you are. But, all this connectivity is also problematic as each device that connects to the IoT can be hacked.

When device manufacturers are informed that there are vulnerabilities in their products they are slow to issue software updates if they bother at all. However, while the IoT already is under attack, it is not the only source of hacking. Business’ are dealing with more frequent threats daily.

Where Do Cyber Attacks Come From?

A report about Cyber Crime from F-Security answers the question of where attacks originate and other interesting facts as well. They include:

Attack Origination – In 2016, most cyber-attacks had IP addresses from 10 countries. The top five were:

  • Russia
  • The Netherlands
  • The United States
  • China
  • Germany

Outdated Android devices expose users to risks.

The poorly maintained infrastructure allows successful cyber-attacks to happen using basic scriptable techniques.

Ransomware families are rising exponentially in a year over year comparison. In 2015, there were 44 new ransomware attacks identified, but, in 2016 that number soared by more than 4-fold to 197 new ransomware families discovered.

This and other reports show the trend for cyber-attacks is they will continue and continue to increase. In fact, F-Secure Security Expert Andy Patel had this to say about why the report was done:

“Commodity malware, like ransomware, is still prevalent. And endpoint protection is excellent at protecting users from those threats. But defenders need to think about risk assessment, penetration testing, breach detection, incident response, and crisis management if they want cyber security plans they can count on when attackers wise up to their defenses.”

How Can My Company Prevent Computer System Attacks from Being Successful?

No IT security vendor can guarantee your company won’t be a victim of a hack or ransomware – changes occur too rapidly in IT for a claim like that to make any sense. But, there are some proactive steps you and your company can take to limit and mitigate an attack.

Inform & Educate Staff

Ransomware is almost always the result of a successful phishing plot. Warn employees about clicking on links or downloads that come to them from external email addresses. If a legitimate email seems “off” tell employees to call to authenticate it before opening links or completing a download.

Likewise, downloads from unknown websites hold all the dangers of clicking on email links, warn staff about both risks.

Hire a Managed Services Provider (MSP)

Keeping track of OS patches, software program patches, printers, and other devices can exhaust the IT function of small and medium-sized businesses. By delegating security to an MSP, your IT people no longer need do these unproductive tasks and can devote themselves to programs and advancements that improve efficiency and company productivity – in other words, help advance the company’s profitability.

For more information about how a Managed Service Provider can help you solve current and future security issues give BK Connected Solutions a call at 540.662.0084, visit our website at bkconnectedsolutions.com or email us at bkconnectedsolutions@bkcs-inc.com.

Used by permission
Allison Dillow No Comments

Cyber Security Statistics Small Businesses Should Be Aware Of

The latest cyber statistics reveal that small businesses are at a high risk for attacks.

Each day media outlets cover the latest cyber-attacks throughout the globe. From the recent CIA data breach to the multitude of mom and pop small businesses that succumb to a phishing scam, the evidence of a growing number of cyber attackers is prevalent. Any small business that is not considering the state of their IT security needs to keep the following statistic in mind: approximately 60 percent of small businesses will be forced to close their doors within six months of a data breach or other form of cyber-attack. If you still have a “this won’t happen to me mentality,” then remember those small businesses are targeted 43 percent of the time by cyber attackers. These statistics are not meant to only scare you, but rather to help you understand where your small business is most vulnerable.

Small Businesses Need To Remain Vigilant
By reading the latest cyber security statistics you can fortify your IT defenses to reduce the risk of attack and minimize vulnerabilities. The first two statistics to help you formulate your defense are the following:

  • Malicious intent is the leading motivator for cyber hackers in 48 percent of data security breaches.
  • An estimated 52 percent of data security breaches are caused by system failure or human error.

The above statistics showcase the importance of cyber security education. If your employees and vendors don’t understand best practice approaches for maintaining a secure business network, then you are putting yourself at an increased risk for costly data breaches. In fact, a recent study revealed that in the aftermath of a data breach involving employee or customer information, businesses spent an average of approximately $879,582. This money was spent as either a result of the theft of valuable IT assets or the damage caused by the cyber-attack.

Small Businesses Need To Do More Than The Bare Minimum
Valuable IT assets are housed by almost every small business. These assets include: email addresses, phone numbers, billing addresses, full names, purchase histories, credit cards, and any other personal or professional information for employees, customers, or vendors. Cyber attackers will steal these assets and sell them at a profit on the black market. So, while you might be tempted to think that “your company doesn’t have any data worth stealing”, think again.

You must remain vigilant and dedicated to meeting your IT security needs so that you don’t become like:

  • The 62 percent of small businesses who don’t regularly upgrade software solutions;
  • The 69 percent of small businesses who fail to monitor business credit reports; and
  • The 78 percent of small businesses who don’t encrypt their databases.

The moral of the story is written in the statistics. If you want to protect your small business from cyber-attacks, minimize the damage that an attack could cause, or safeguard your valuable data assets, then you need to do more than the bare minimum. IT security should be as important as marketing, hiring the right employees, or solidifying business relationships. Take the steps needed to protect your business from IT cyber-attacks by contacting BK Connected Solutions at 540.662.0084, bkconnectedsolutions@bkcs-inc.com or by visiting bkconnectedsolutions.com.

Used with permission