10/11/2017
4 ways to disaster-proof your data backups



     Disaster can strike at any time and one of time many casualties is your business critical data. Whether it is an act of God, like hurricanes or wild fires, or man made, you can protect your business from loss of data. Twenty five percent of businesses never reopen after disaster strikes, according to the U.S. Small Business Administration. You can protect your critical data from disaster by having at least two backup plans.


Cloud backup
     Storing your data backups at one or more off-site locations is the best way to ensure that a copy of your data will survive a disaster. One way to do this is by using cloud services; uploading your data to a cloud backup provider. When selecting a cloud provider, you need to consider their track record.

     There are other considerations when choosing cloud backups. You should always encrypt your data before trusting it to a provider for safekeeping. If you have very large files, you will have to take your internet bandwidth into account. This will affect the time it takes for both sending and retrieving data. Some providers will ship your backups on physical media if your backups take too long to download, ask your provider if the offer this service.


Portable backup
     If your internet speed is too slow or you have trouble handing over your precious data to someone else, you can consider using removable backups: external hard drives, tapes or even optical media ( if your data isn't too large ). Their portability makes it easy to move to a different location. You can take the backups home or have it couriered to a safer location.

     External hard drives are inexpensive, can store TB's of data and are portable. You can get third party backup software that will encrypt the data and setup a backup schedule with a little fuss. You can go for the more traditional tape backup route also. If you have modest data needs, you may be able to use DVD's or Blu-ray discs to backup.

     If you decide to go the portable route, the media you use to store your backups can also fail. When using optical discs, store them in a cool dark place and use them for short term backups only. Tapes can oxidize over time so use multiple tapes and store them in a cool, dry place. External hard drives can fail like any other drive, plug them in only when backing up to prevent wear and tear on the drive motor.


Syncronizing your NAS
     Taking the portable backup plan may not work if your business has multiple locations. If you have several locations, you can deploy multiple Network Attached Storage devices ( NAS ) at each location and set them to backup each other over the network. This feature used to be the domain of expensive Storage Area Networks ( SAN ) but many new NAS models have it. To save bandwidth, look for devices that support block-level sync, which only transmits the changes if a file.


Disaster hardened storage devices
     Disaster resistant enclosures provide increased protection of local backups. In the old days, this used to mean storing tapes into a fireproof safe but now there are companies that offer disaster hardened storage devices. They can entail multiple drives in some sort of RAID configuration. Some can withstand extreme temperatures and / or waterproof even when fully submerged. Some will also support syncing with other NAS devices.


Disaster hardened storage devices
     You can't totally disaster proof your business but you can take precautions to protect your critical data. It will take a little time and some money but not as much as rebuilding from the beginning. Your business doesn't have to be part of the twenty five percent that doesn't reopen with just a few extra precautions.



10/14/2017
Data protection takes a backseat in the move to the cloud



     Even though data loss in on the decline, challenges remain. Compared to 2014, data loss due to data corruption, hardware failures and power outages have fallen accordiong to EMC Global Data Protection Index 2106 . Unfortunately, many companies are neglecting their onsite data centers while transitioning to cloud enabled delivery models.

A survey was conducted by Vanson Bourne and sponsored by EMC polled 2200 IT decision makers. According to the survey, 80 percent said they were using SaaS business application from the public cloud . It also states and alarming trend, over half of these businesses fail to protect their data on the cloud. On average, they run 30 percent of their IT environments in the public cloud, and the majority rely on the cloud for their business email needs but, less than half protect against data corruption or deletion.



10/18/2017
Every small business needs a backup plan



     Sooner or later, at least one of your business computers is going to fail. Whether it is from ransomware or lost/stolen laptops, not having access to your precious data is a frightening thought. Here are some easy tips to prevent a crisis.

     Keep critical files in the cloud for almost real-time offsite backup. Some cloud based storage services like DropBox allows encrypted files. Have a local backup on an external drive. For Macs, you can use the built in Time machine and for Windows 10, you can use Windows Backup and restore, these are basic but work very well. Have a cloud based backup just in case there is a disaster at your business and your backups are damaged. For security, make sure you have a modern router and your router firmware is up to date. In some cases, the firmware update will include security features and only takes a few minutes to complete. Also make sure that your workstations all have virus protection. It will alert you against some suspicious activity. Check for critical updates on WIndows machines and keep those up to date.

     Make sure that all the steps are active for each computer in your business. IF you have several computers, you may want to think about NAS storage for your local backups since you may have to manage several drives. Check every one in a while to make sure everything up to date including the virus definitions, local and remote backups, OS security updates. The key is preventing data loss is to keep it simple by focusing on redundant data and keeping your software up to date.



10/24/2017
Bad Rabbit ransomware hits Russia and spreads across the globe



     There is a new ransomware that is spreading across Russia and Europe that a number of cybersecurity research groups including ESET and Proofpoint have confirmed that spreads via a fake Adobe Flash update. Once their computers are infected, users are sent to a darknet site that must pay 0.05 bitcoins ( around $281 ) to decrypt their files. If it isn't paid within 40 hours, the price goes up. Even though experts can't yet confirm that it is related to NotPetya, it does use similar methods.

     The U.S. Computer Emergency Readiness Team ( US-CERT ) also issued a statement regarding the attacks. Much like Petya, Bad Rabbit contains and SMB component which allows it to move laterally across an infected network and spread without user interaction. At this time, it is unclear who is behind the attacks. Whoever is behind Bad Rabbit, they appear to be a Game of Thrones fan since there are references to Viserion, Rhaegal and Drogon, the dragons featured on the television series and the novels it is based on.

     At this point, it is unclear if it is possible to decrypt locked files without paying the ransom. Even though a number of security vendors state that their products protect again Bad Rabbit, Windows users can block the execution of "C:\Windows\infpub.dat" and "C:\Windows\cscc.dat" in order help prevent infection.



11/1/2017
Ransomware: it's about to get worse



     WannaCry, NotPetya, Bad Rabbit and other ransomware made headlines in 2017 which has been called the year of ransomware. Despite the "ransom" in ransomware, very little ransom was paid out; the ones suspected to be behind WannaCry cashed out $140K from bitcoins associated with the attach. This is nothing compared to all the business disruptions that was caused by files being encrypted.

     We have seen how ransomware can completely destroy data but there is a potential for ransonware being used as a diversion for other malicious activities such as stealing data, transferring funds and taking control of systems. Ransomware doesn't have to encrypt your data, but just steal it and use it for electronic blackmail. Another potential is for criminals to go after enterprise infrastructure; imagine holding a whole corporation's IT infrastructure as hostage, it could lead to huge payoffs for criminals. Vulnerabilities in router firmware has the potential to allow ransomware to be spread not just from email, it can be spread from the physical network infrastructure itself; imagine infecting all the computers in a network by having the router broadcast itself out for all to receive.



11/8/2017
Lessons learned from the 2017 hurricane season



     The hurricane season is almost over. From Franklin to Ophelia, 2017 has seen ten hurricanes. The last time we had that many hurricanes in one season was 1893. With all this extreme weather, it is more important to consider how it will affect your backup and disaster recovery plans.

     Over a month after Hurricane Maria hit, most of Puerto Rico is still without power. Even power outages of a few seconds can wreak havoc on your business. Consider uninterruptable power supplies to protect you from small power outages. For larger outages lasting days or weeks, consider power generators either diesel, propane or natural gas for secondary power. If going with a diesel or propane generator, make sure you have enough fuel to power the generators and that the fuel isn't stale.

     In cases of fire or other disaster where your office is destroyed, local backups won't matter. Even though the equipment is damaged, it is replaceable. What is not replaceable is your precious data. Local backups are great but you should also consider cloud backup. Cloud backups will protect your data in the event your local backup is damaged. As the saying goes, never leave all your eggs in one basket.

     Even though with hurricanes, you have a few days' notice, it is not enough time to develop an effective plan that covers most outcomes of a powerful storm. Create a well ahead of time; collect hardware, generators, fuel, etc to make your business more disaster resistant. As with anything else in life, plans don't always go smoothly. Test your plans regularly and adjust accordingly. Continually refine your plan until you can reach your recovery objectives.



11/15/2017
Ordinypt ransomware destroys data instead of encrypting it



     A new malware called Ordinypt is making its rounds, but unlike other ransomware, the code destroys data instead of encrypting it. The ransomware is making its rounds in Germany right now and is spread by responses to jobs ads. It pretends to be responses for job ads and attaches what is purported to be a resume. Once the file is open, it infects the machine and makes the files inaccessible. It then requests 0.12 Bitcoin for recovering them. The ominous thing is even if the victim pays, there is no way to recover the files. The malware acts by deleting the files and overwriting the drive with random strings. The code doesn't destroy Shadow Volume or Restore point files so there is a possibility of getting the data back.



11/29/2017
Is your storage ready for the future?



     There is a new research study that looks into the challenges of setting up a storage infrastructure that will need the rapidly changing needs of business. The results gives insights to all the technologies used today and what is likely to be used in the future.

     The trend to shared storage pools is well established according to the report, with seven out of ten reporting that they use shared storage and almost three-quarters expecting this to increase in the next couple of years. Shared storage gives IT flexibility while keeping costs down. Even with the benefits of shared storage, there will still be a need for dedicated storage for individual workloads for performance or security related tasks.

     The technologies being used for storage is still being dominated by traditional technologies. SAN, NAS, Server storage, tape and optical are still being employed by almost seventy-five percent of businesses surveyed. It's worth noting that tape storage is also being used by almost seventy-five percent of businesses which contradicts the publicity that tape is dead. More advanced storage such as solid state, are also gaining ground due to push in desktop virtualization and low-latency transactions.



12/13/2017
Spider spins a ransomware web



     A ransomware called spider has been spreading around the web using fake documents with threats of debt collection action to ensnare its victims. According to Nekskope Threat Research Labs, victims are given 4 days to pay. The authors claim that the file recovery is simple and even provides a video showing how to recover their files. Once the files are encrypted, a warning message comes up in the Bosnian language and even provides a language translation in the message.

     As ransomware continues to evolve, administrators need to educate employees about the impact of ransomware and protect the organization's data by making backups of critical data. Macros are the main infection method for these fake document based ransomware so users should disable macros by default and be cautions of documents that require macros to view the contents, especially unsigned macros and macros from untrusted sources.



02/13/18
Rapid Ransomware being spread using fake IRS Spam



     A new version of Rapid Ransomware is being distributed using spam that pretends to be from the IRS. The malware is being sent with email subjects like "Please Note - IRS Urgent Message..." and state that the recipient has back real estate taxes. The payload is delivered through an attachment called Notification-xxx.zip. It contains a word document where the recipient needs to click on enable editing. When clicked, it will download the Rapid Ransomware and execute it.

     Like the previous version, Rapid Ransomware will scan a computer for data files and encrypt them. When encrypted, the file will have a .rapid extension. A difference between this version is that it then scans the network to see what other shares the computer has access to and encrypts those files as well. Another difference is that this will get kicked off every time the user logs in, the autorun for this is HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Encryptor_74" = "%UserProfile%\AppData\Roaming\info.exe". By setting itself to start on login, it encrypts newly created files as they are made. It is important that this autorun gets disabled before connecting any external backup device to this since it will encrypt the backups also. At this time, there is no way to decrypt Rapid Ransomware for free.



02/27/18
Malware campaign targets unpatched systems



     Cybercriminals are taking advantage of a critical Adobe Flash Player vulnerability that was recently patched. Cybercriminals are sending massive amounts of spam to urge users to download a Word document. When the document is opened, the payload attempts to exploit Adobe Flash Player bug ( CVE-2018-4878 ) patched by Adobe earlier this month. The malware then can take control of their systems.

     Adobe describes it as a use-after-free vulnerability that impacts its Flash Player running on Windows 10, MccOS, Linux and Chrome OS systems. The flaw was originally found by the South Korean Emergency Response Team on Jan 31 and is identified as a Flash SWF file embedded in Microsoft Word and Excel documents. The malware works by opening a command prompt windows which is later remotely injected with a malicious shellcode that connect back to the malicious domain. Next, the shellcode downloads a file from the malicious domain which is executed using regsrvr32 in order to bypass whitelisting solutions.. It registers it's malicious payload, m.db into the registry.



3/03/18
New ransomware demands Bitcoin Cash



     There is a new ransomware program that is called Thanatos that is infecting computers, and it's demanding Bitcoin Cash to unlock fiiles. What makes this particular ransomware noteworkth is that it creates an encrypted file but the key is not saved anywhere. Whether it is by design or accident, there is no way to easily unlock the files onced they have been encrypted. Even if the victim pays the ransom, it is unlikely the data will be able to be decrypted, even by it's developers.

     It is possible to use brute force to discover the encryption key but it will take enormous processing power to do so. Users infected with Thanatos are strongly advised not to pay the ransom. After a computer is infected, all the encrypted filename extensions are changed to ".TTHANTOS." A README.txt file pops up with the ransom demanding $200 in cryptocurrency to decrypt the files. What sets Thanatos apart from the others is that it is the first ransomware to accept Bitcoin Cash for payment. Bitcoin Cash is a spin-off of regular Bitcoin casued by a fork in the currency, similar to a stock split.

     It's been told countless times, but it continues to need repeating. Back up your data, keep your OS up to date and con't use the same passwords for multiple applications.



3/22/18
Ransomware attacks several Atlanta city systems



     Atlanta's emergency response teams are working around the clock to address the ongoing ransomware attack on the city's systems that statted Thursday. Many services are still unavailable including oneline water bill payments. Atlanta Mayor Keisha Lance Bottoms said that Atlanta's public srevice department and airports are continuing to operate despite the ongoing attack. The attackers are demanding $51,000 in digital currency to unlock the sytem.

     Ransomware is a kind of malware that invades a computer or computer network and then locks them down with attackers demanding payment before the will unlock them. The initial infection often comes from a phishing link that someone clicks on. Such attacks are increasingly common. One of the best ways to protect against ransomware is to backup your data. Some of the new ransomware out there will scan the network to gain access to network files to lock them out also so take caution and segregate the backup from the rest of the network. Other ransomware will disable antivirus and backup programs so the backups aren't there.

     One backup system that addresses these concerns is theAccordion backup system. Accordion segregates backup storage from the rest of the netwok. Only the Accorion backup appliance sees the storage device, preventing ransomware from encrypting the backup files. Another innovation of the Accordion backup system is that there is no backup software residing on the workstations and servers. The Accordion backup appliance does the scheduling, backup and restoration. Backing up your data is useless if you end up backing up encrypted data - the Accordion backup system addresses this by having historical backups so you can restore to a previous time.