WannaCrypt Ransomware Attack and how to protect yourself

You may be aware of the ‘WannaCrypt’ ransomware hack that propagated out May 2017 that hit Windows operating systems on over 200,000 computers across 150 countries, including dozens of large companies and institutions such as the UK’s National Health Service and France’s Renault factories. There’s an expectation that another wave of attacks will happen this week around the rest of the World.

WannaCrypt targets older versions of Windows such as XP, Vista, Windows 8 and Server 2003, which no longer have mainstream support from Microsoft. WannaCrypt can reportedly be spread over local systems without user interaction, it encrypts the files on the computer making them inaccessible. Once infected there’s no fix, you can’t unlock the files, the choices are to pay the ransom in bitcoins (not recommended), do a full reinstall of all your files; or wait until a solution is developed to remove the infection. Rockingham IT Solutions customers probably can’t afford to wait, business must go on!

The first line of defence is good virus protection. However, virus protection solutions can be breached, so if you receive an email containing a file attachment or URL you aren’t sure about, DON’T OPEN IT! The secondary line of defence is a good backup solution that stores the backup on another system in an offsite location – having a backup on another drive on the same machine isn’t a good idea, a ransomware attack will also encrypt the backup. Another risk is that if for any reason the computer is badly damaged or destroyed you will lose both the original data and backup!

WannaCrypt RansomWare

WannaCrypt RansomWare

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A small number of Rockingham IT Solutions customers have suffered ransomware attacks in the past, for this reason we addressed the ransomware risk in past newsletters. Given the escalating number of ransomware attacks we now ask you our customers to check if you have an effective backup solution in place, or if you are unsure PLEASE CALL US.

As we are IT consultant we will typically be the first port of call if a customer suffers a ransomware attack, plus if our customer has to do a full reinstall it’s best that our techs reinstall from backups that we know how they are backed up.

Rockingham IT Solutions can offer an online 3rd party backup service, for details please contact our helpful Techs on 08 6102 2919 during Office Hours.

Regards,

Jon Ellis

Director / COO

Rockingham IT Solutions

World Back Up Day 31st March

World Backup Day

World Backup Day

 

Have you backed up your data recently? Every day people, businesses, even games lose huge amounts of valuable data because they fail to follow this one basic procedure. World Backup Day is set aside as a reminder to back up your files, even if it’s once a year! A backup is a reserve copy of all the files you’d be loathe to use. There’s nothing more traumatizing than having losing your phone, or having your hard drive crash, and having hundreds of valuable and irreplaceable documents or photos suddenly gone beyond retrieval.

No matter how secure or safe you feel your data and equipment is, it’s important to back up your files. 30% of people don’t have any way to save their important files in the event that tragedy strikes. In our electronic based world, there are hundreds of ways to suddenly have things go terribly awry. 29% of all disasters are caused by accidents, costing valuable time and money as the resources they affected are lost forever. You may feel your computer is safe, but 1 in 10 of all computers, including household and business computers, are infected with a virus that may suddenly cause all of your data to be gone beyond retrieval.

The worst Virus these days is the dreaded CryptoVirus  . Cryptolocker / CryptoVirus is a ransomware Trojan which has been running around since 2013 and is still doing the rounds these days ! If you or your business would like more information regarding Cyber Security, it would be a good idea to get one of Rockingham IT Solutions consultants in to do an audit of your establishment or attend one of our many Workshop Training Courses  to learn how to protect your systems.

“But my phone is always on me!” I hear you say! Wonderful! That’ll make it easier for you to be one of the 113 phones stolen every minute, each day. In this modern digital world, many of us live from our phones. Whether it’s for business, or just personal use, these electronic assistants often contain gigs of valuable documents, pictures, videos, and music. Do you really want to chance losing all of that when backup options are so easy and available?

“Easy? How do I backup my files and protect myself?” There ya go! Now we’re asking the right questions! There are a myriad of ways you can use to backup your files, most phones are connected to some form of backup system. iPhones are tied directly into iTunes, which can back up all of your valuable data, you just need to hook that thing up to your computer and update the files daily! You can even do it as part of charging, just plug it in to your computer, set it to backup, and it’ll go about the process automatically while it takes a charge.

Android phones are intrinsically tied to Google, and with the availability of Google Docs and the Google backup, it’ll tie all of your data in to your profile, uploading it to a secure location while allowing you to choose which ones to share! Google Docs can also be used to store all of your valuable files online! The bonus here is that from google docs you can access your files from any computer, saving you from having to wait for your system to be back up before you get those important files back!

Another option is open that is the ‘all inclusive’ option. If you’d prefer to back up everything instead of just bits and pieces, there are tons of places online that will give you reviews of dozens of options for full backup services. Take some time to cruise through them and decide which one is right for you. Remember, if the only copy you have of your important files is all in one place, it only takes one accident, one small disaster for you to lose them all. So take the time to backup your files, and stop yourself from becoming one of this year’s April’s Fools.

Yahoo Hacked in Massive Security Breach stealing from one Billion people

Security Update

 

YAHOO has admitted that hackers breached its system to steal data from one billion user accounts in a massive cyber attack that was unreported for more than three years.

At Rockingham IT Solutions we always suggest to small businesses and even home owners not to use free email accounts but to have your own domain and email and let us administer them for better security.

“You will be surprised at just how competitively priced and convenient having your own domain and email hosting is” Jon Ellis our Owner / Director states.

In the past few months, Yahoo has owned up to being hit by the two of the biggest data breaches in history.

In September 2016, it announced it had been hit by what was then declared the world’s biggest hack — now it has revealed a new attack that involves twice as many people and sets a new record.

The news could not have come at a worst time for Yahoo, which is in the middle of securing a huge buyout deal.

Yahoo today has reported a experts analysing Yahoo’s records in the lead up to the buyout by Verizon had identified the mammoth attack which occurred in August 2013.

The hack reported today is separate to another hack reported in September which targeted 500 million Yahoo in 2014.

 

“I need to learn more of how to protect my Systems Data?”

Then Come along to our Cyber Security Seminar on Tuesday 7th March to learn how to protect your systems and more importantly your Data!

book-now

Cybercrime Prevention

 

 

 

Cyber Crime Prevention

Cyber Crime Prevention

 

Cybercrime prevention can be straight-forward – when armed with a little technical advice and common sense, many attacks can be avoided. In general, online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target. The tips below provide basic information on how you can prevent online fraud.

Keep your computer current with the latest patches and updates.

One of the best ways to keep attackers away from your computer is to apply patches and other software fixes when they become available. By regularly updating your computer, you block attackers from being able to take advantage of software flaws (vulnerabilities) that they could otherwise use to break into your system.

Make sure your computer’s Antivirus & Malware is up to date.

Keep in mind that a newly purchased computer may not have the right level of security for you. When you are installing your computer at home, pay attention not just to making your new system function, but also focus on making it work securely.

We recommend to install a commercial grade package such as Trend as it is not as resource hungry like Norton, Kaspersky or McAfee.

Choose strong passwords and keep them safe.

Passwords are a fact of life on the Internet today—we use them for everything from ordering flowers and online banking to logging into our favorite airline Web site to see how many miles we have accumulated. The following tips can help make your online experiences secure:

  • Selecting a password that cannot be easily guessed such as your date of birth, childrens or pets names, be at least 8 characters long and have a combination of upper and lower case, symbols and numbers.
  • Keep your passwords in a safe place and try not to use the same password for every service you use online.
  • Change passwords on a regular basis, at least every 90 days.

Protect your personal information.

Exercise caution when sharing personal information such as your name, home address, phone number, and email address online, the following list contains some advice for how to share personal information safely online:

  • Keep an eye out for phony email messages. Things that indicate a message may be fraudulent are misspellings, poor grammar, odd phrasings, Web site addresses with strange extensions, Web site addresses that are entirely numbers where there are normally words, and anything else out of the ordinary. Additionally, phishing messages will often tell you that you have to act quickly to keep your account open, update your security, or urge you to provide information immediately or else something bad will happen. Don’t take the bait.
  • Don’t respond to email messages that ask for personal information. Legitimate companies will not use email messages to ask for your personal information. When in doubt, contact the company by phone or by typing in the company Web address into your Web browser. Don’t click on the links in these messages as they make take you to a fraudulent, malicious Web sites.
  • Steer clear of fraudulent Web sites used to steal personal information. When visiting a Web site, type the address (URL) directly into the Web browser rather than following a link within an email or instant message. Fraudsters often forge these links to make them look convincing. A shopping, banking or any other Web site where sensitive information should have an “S” after the letters “http” (i.e. https://www.yourbank.com not http://www.yourbank.com)/. The “s” stands for secure and should appear when you are in an area requesting you to login or provide other sensitive data. Another sign that you have a secure connection is the small lock icon in the bottom of your web browser (usually the right-hand corner).
  • Pay attention to privacy policies on Web sites and in software. It is important to understand how an organization might collect and use your personal information before you share it with them.
  • Guard your email address. Spammers and phishers sometimes send millions of messages to email addresses that may or may not exist in hopes of finding a potential victim. Responding to these messages or even downloading images ensures you will be added to their lists for more of the same messages in the future. Also be careful when posting your email address online in newsgroups, blogs or online communities.

CryptoLocker is a ransomware trojan. CryptoLocker propagates mainly via infected email attachments, when activated, the malware encrypts certain types of files stored on local and mounted network drives, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data if a payment is made however it is recommended NOT to pay the ransom as it only encourages more infections.

Although CryptoLocker itself is readily removed, files remained encrypted in a way which researchers considered unfeasible to break.