Allison Dillow No Comments

The “Wanna Cry” Ransomware – WE CAN HELP!

It’s Not Even Close to Over… Wanna Cry?

In case you have been living in a cave the past three days…Wanna Cry is a ransomware that spreads like wildfire by leveraging a Windows SMB exploit to remotely access and infect computers running on unpatched or unsupported versions of Windows. It infects the targeted computer then moves on to others on the network and those it can find on the open internet.

237,000 computers across 99 countries have been infected thus far.

The news has reported that a 22-year-old security researcher has stopped the Wanna Cry ransomware plague.

That’s only partially true.

He found a “kill switch” in the code of Wanna Cry that will keep one strain of Wanna Cry from infecting computers.

Here’s the problem…

Now there are multiple strains of Wanna Cry cropping up across the globe.

Some with a different URL “kill switch,” and if reports can be believed, at least one strain with no “kill switch” at all. This “no kill switch” variant is believed to have been created by parties not related to the criminals who developed the first Wanna Cry code.

Whatever the final number of Wanna Cry strains ends up being, the truth is that we aren’t even close to being done with Wanna Cry. And the criminals in control of this cyber-WMD aren’t done with causing us pain.

Yes, the infection rate has slowed, but that lull is likely only the calm before the second wave of the storm – according to industry experts.

Where did Wanna Cry come from?

There is no public information on the criminals behind Wanna Cry, but the SMB exploit they are utilizing is believed to be part of a hacking toolset that the NSA allegedly created and lost control of when a group of hackers called “The Shadow Brokers” stole it and dumped it onto the dark web.

Currently, the predominant strains of Wanna Cry are being thwarted before they infect computers by utilizing the method discovered by 22-year-old MalwareTech.

He discovered that by registering a domain name that was buried in the ransomware’s code, he was able to create a “sinkhole” that didn’t allow the virus to infect the computer.

The problem is that if the connection to this “sinkhole” domain is lost, Wanna Cry will move into “infect” mode.

As we have stated above, there are now several strains of Wanna Cry out there with a “kill switch” domain name in their code. Each unique domain name must be registered so that a “sinkhole” is created for that strain.

Even with these domain name “sinkholes,” we aren’t out of the woods.

Malware Tech, the security researcher who found the first “kill switch” buried in Wanna Cry code, has stated that “WannaCrypt (or Wanna Cry) ransomware was spread normally long before this and will be long after, what we stopped was the SMB worm variant.”

There are some scenarios that will allow your unpatched computer to be infected – even with the kill switch in place. Here they are

  • If Wanna Cry comes to you via an email, a malicious torrent, or other vectors (instead of SMB protocol).
  • If your ISP or antivirus or firewall revokes access to the “sinkhole.”
  • If your system requires a proxy to access the internet – common in corporate networks.
  • If someone utilizes a DDoS attack to makes the sinkhole domain inaccessible.

What to do…

The cyber-security experts of {company} advise you to:

  • Patch your computers
  • Run a decent anti-virus
  • Make sure your backups are current and secure

Because of the high-profile nature of this ransomware attack, there will be copycats that make Wanna Cry even more virulent and destructive.

Wanna Cry 2.0 is inevitable.

It’s important that you act proactively for your company now and get the BKCS cyber-security team on your side.

We have the resources to help you stay running and safe.

Contact us now at 540.662.0084 or bkconnectedsolutions@bkcs-inc.com

Used with permission

Allison Dillow No Comments

5 Reasons You Can’t Wait Another Second to Switch to Cloud Email

Think you’ve got your email solutions all figured out?
See why you may be leaving money (and time) on the table if you haven’t considered a cloud email solution.

With the amount of discussion on the topic, few people want to think about the best way to receive and send an email. Switching to a different platform takes time and money that companies don’t often have. And ultimately, why risk confusing everyone with the introduction of new software? Choosing a vendor to manage it all serves many concrete purposes, and the longer you go flying solo, the more likely it is you’ll run into problems.

Saving Your Budget

Running your own server means paying for and maintaining the hardware and software. Between the platform, OS, power, and labor it costs to run, it’s often not worth it. Broken down over time, it’s cheaper to use a cloud service provider (CSP) than a per-user model. When every company’s budget is at the forefront of decisions, cutting costs when it comes to getting your mail should be a no-brainer.

Better Recovery

Whether your servers go down because of a blizzard or because a teenager got their hands on some malware, you’re much more likely to get your data back when you have a CSP on your side. Companies that go through hacks can end up losing valuable contacts, sensitive data or ideas forever, and try to claw back from that can be exhausting. Thankfully, both your interests and that of the vendor are the same — safe and effective storage of data.

Increased Reliability

Some emails can be pushed until tomorrow, but many are time-sensitive. Vendors keep their servers going practically every second of every day, so everyone gets the information on time. If you can’t claim the same for your own email, it’s time to consider other options. Also, your email is easily scaled to your business to allow for more (or less) communication. If you experience a surge in popularity for example, you can adjust your capabilities to accommodate the growth. Your own servers may not be as flexible.

Better Productivity

When your workers are out on assignment or even in another country, they should have a way to stay connected with work. Cloud email gives every employee the chance to access new information and last-minute changes regardless of where they are. The global servers that vendors use have a much larger reach than any private data center could have.

Migration Choices

CSPs are experienced in migrating your email from all the popular platforms. Popular choices like IMAP or a traditional exchange can be handled by your CSP if you wish, or you can potentially do it all yourself. The flexibility that companies have when it comes to transferring their data lets business owners and IT leads feel more in control over what’s happening with their precious information.

BK Connected Solutions is the trusted choice when it comes to staying ahead of the latest cloud developments and can provide you with tips, tricks and news. Contact us at 540.662.0084 or send us an email at bkconnectedsolutions@bkcs-inc.com for more information.

Used by permission

 

Allison Dillow No Comments

Malware & Ransomware…What To Expect in 2017!

Cyber-attacks are on the rise and there are several steps your small business can take to reduce risk and mitigate success of an attack.

Many experts in the IT industry believe that by 2020 there will be 200 billion devices connected to the internet. Driving this incredible number is the Internet of Things (IoT). There will be no escaping this connectivity as our homes, workplaces, cities, cars, planes, and WiFi hot spots will have dozens of devices connecting to the internet from wherever you are. But, all this connectivity is also problematic as each device that connects to the IoT can be hacked.

When device manufacturers are informed that there are vulnerabilities in their products they are slow to issue software updates if they bother at all. However, while the IoT already is under attack, it is not the only source of hacking. Business’ are dealing with more frequent threats daily.

Where Do Cyber Attacks Come From?

A report about Cyber Crime from F-Security answers the question of where attacks originate and other interesting facts as well. They include:

Attack Origination – In 2016, most cyber-attacks had IP addresses from 10 countries. The top five were:

  • Russia
  • The Netherlands
  • The United States
  • China
  • Germany

Outdated Android devices expose users to risks.

The poorly maintained infrastructure allows successful cyber-attacks to happen using basic scriptable techniques.

Ransomware families are rising exponentially in a year over year comparison. In 2015, there were 44 new ransomware attacks identified, but, in 2016 that number soared by more than 4-fold to 197 new ransomware families discovered.

This and other reports show the trend for cyber-attacks is they will continue and continue to increase. In fact, F-Secure Security Expert Andy Patel had this to say about why the report was done:

“Commodity malware, like ransomware, is still prevalent. And endpoint protection is excellent at protecting users from those threats. But defenders need to think about risk assessment, penetration testing, breach detection, incident response, and crisis management if they want cyber security plans they can count on when attackers wise up to their defenses.”

How Can My Company Prevent Computer System Attacks from Being Successful?

No IT security vendor can guarantee your company won’t be a victim of a hack or ransomware – changes occur too rapidly in IT for a claim like that to make any sense. But, there are some proactive steps you and your company can take to limit and mitigate an attack.

Inform & Educate Staff

Ransomware is almost always the result of a successful phishing plot. Warn employees about clicking on links or downloads that come to them from external email addresses. If a legitimate email seems “off” tell employees to call to authenticate it before opening links or completing a download.

Likewise, downloads from unknown websites hold all the dangers of clicking on email links, warn staff about both risks.

Hire a Managed Services Provider (MSP)

Keeping track of OS patches, software program patches, printers, and other devices can exhaust the IT function of small and medium-sized businesses. By delegating security to an MSP, your IT people no longer need do these unproductive tasks and can devote themselves to programs and advancements that improve efficiency and company productivity – in other words, help advance the company’s profitability.

For more information about how a Managed Service Provider can help you solve current and future security issues give BK Connected Solutions a call at 540.662.0084, visit our website at bkconnectedsolutions.com or email us at bkconnectedsolutions@bkcs-inc.com.

Used by permission