Serving Carroll, Frederick, Howard, Baltimore, and Anne Arundel Counties & South Central PA

Posts Tagged ‘Crypto Locker; Ransomware; Backup; Malware’

Will WannaCry be the one that catches your biz unprepared?

WannaCry Ransomware

If you haven’t heard about the global WannaCry Ransomware attack that has hit over 150 countries over the weekend, then you truly haven’t been paying attention. Originating in the healthcare system of the UK, taking down Spain’s telecommunications, disrupting Germany’s transportation system – this is bad one, folks. And sadly, the WannaCry attack is not going away anytime soon, although experts are working on a new way to block it.

The two biggest reasons a business may become infected with the WannaCry Ransomware are:

  • At least one Windows workstation is behind on its Microsoft security patches. How does your company manage your Windows updates? If these are not automated, are you sure that EVERYONE on your staff ALWAYS updates when them when the Update Pop-up appears, or do they often hit “X” because they are too busy to be bothered?
  • Someone at that workstation clicked a link or attachment in a phishing email that downloaded the malware, which then began spreading through the company’s entire network. Have you sufficiently trained your staff on the 9 ways to identify Phishing and Spear Phishing emails and are you running continued awareness programs?

NoWorriesIT has been in the IT management business for over 18 years and we’ve seen plenty. We are passionate about educating small businesses and non-profits so that they are as secure as possible when breaches occur. But to be honest, many business owners push back or offer excuses about using a proactive approach to managing their technology. Here’s what we see and hear:

  • “We use our office manager (or some staff member) to double as our tech person.” But when our engineer does a free IT Review, he sees that security patches are out of date and other network security issues are pending!
  • “We only use a computer guy when there’s a problem. It’s cheaper that way.” But it really isn’t cheaper. If you wait until you get the Ransomware and you don’t have a working backup; you may not be able to restore your data at all!
  • “The bad guys won’t come after a small business like ours.” But please understand, there is no discrimination in the world of cybercrime, because these are automated attacks that only look for vulnerabilities (unpatched machines) and untrained staff who click on phishing emails.
  • “We have a backup so we’re safe.” But when was the last time you tested your backup? I can’t tell you the number of times our engineers have done our free IT Review and have had to tell a prospect that the backup they thought was working hadn’t been backing up for months!

This WannaCry Ransomware attack is huge. Don’t let this attack be the one that catches your company unprepared.

NoWorriesIT management plans include automated security updates, backup and disaster recovery plans, new generation strategies to reduce the risk of cyberattacks (Ask us about Sentinel One and their $1 million guarantee) and an optional Staff Training & Awareness program. 410-751-7650 or www.noworriesit.net

Crypto Locker Virus: You Need To Pay Attention


I’ve written about virus and malware outbreaks before in this blog, but the Crypto Locker Virus is a particularly destructive “Ransomware-type” malware. The problem with Crypto Locker is that even once the malware is removed, the damage remains. An additional concern for small businesses is that the Crypto Locker virus, actually a malware, encrypts all the data on the initial computer and continues through the entire network, as long as machines continue to run. Very scary.

NoWorriesIT President sent a security alert out to our clients last week, notifying them of the potential threat the Crypto Locker Virus poses.  See CRYPTO LOCKER SECURITY ALERT>>

How Does the Crypto Locker Virus Work

Similar to the Revington, or FBI Virus, which was reported earlier, an infected user will typically experience a locked screen with a display claiming that the FBI has found incriminating files on the computer. The display will require a payment of a fine, generally $300 but anywhere between $100-$700, within a short time period, generally no more than 7 days. (And by the way, if you do not pay the fine or get the virus removed, your data will be destroyed, so you can’t take this lightly.) The “ransom” comes with the promise to deliver an decryption key.

Again, please note that while the malware can be removed, the damage has already been done to your data. That is what makes the Crypto Locker Virus particularly dangerous.


Preventative Measures to Protect Yourself from Crypto Locker Virus

While some small businesses would like to believe that their Anti-virus software is capable of blocking this nasty Crypto Locker Virus, nothing could be further from the truth. In fact, AV companies are scrambling to come up with software to defend against it.  See PREVENTATIVE MEASURES>>


What To Do If You Do Get Infected with Crypto Locker Virus

Unfortunately, your first knowledge of infection will be after the damage to your data is already done. There have been success stories of companies that have payed the “ransom,” received the decryption key and were able to go along their merry way. See NEWS STATION ABC 33-40>>

However, there have been additional reports of people paying the ransom, receiving the decryption key, and having the restoration interrupted 1/2 through, so that they only received some of their files back. Since there is no one to contact – no customer service center for malware authors! – these folks were basically out of luck. READ MORE HERE>>

However, your IT provider can provide some remediation, depending on the severity of the case, without having to resort to paying the fee. Either way once infected by the Crypto Locker Virus you will be spending money, unfortunately.  See STEPS TO TAKE ONCE INFECTED>>


Photo: CryptoLocker Ransomware Information Guide and FAQ, http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information