Bad Rabbit Cyber Attack Targeting Windows Machines

Bad Rabbit Cyber Attack Targeting Windows Machines

On October 24th, a new cyber threat was released. It is called Bad Rabbit. Bad Rabbit targets Windows machines, impersonating as an Adobe Flash update. After initial infection, it attempts to spread itself through your network. Once it has spread, it begins to encrypt commonly used Microsoft Office files, pictures, video, and emails on the infected workstations. These files can only be unlocked after the user pays a fee in Bitcoin to the rasomware’s authors.

The imitation Adobe Flash Update screen (almost an exact copy of the real Flash update) can be seen below:

The following is an example of Bad Rabbit’s lock screen and ransom note:

 

We at ITOnDemand are monitoring the situation. We have taken the necessary steps to make sure that our partners are protected. Please contact us immediately if you feel that your computers or network have been compromised.

For more information about Bad Rabbit, please see the following link.

Your Wifi Security Is Our Top Priority

Your Wifi Security Is Our Top Priority

As you arrive home tonight and turn on the news, you may be greeted with the unpleasant news that ‘Wireless Internet Isn’t Safe, It’s Been Hacked!’

Please be assured that we are monitoring the situation, and patching all related systems that we manage to insure that you are protected.

This security breech is different from the normal methods that culprits and criminals have historically used to access your data (brute force, social engineering, phishing, etc…) in that the vulnerability is on the client machine, not the Wireless Access Point.

This means that each device you have connecting to your Wi-Fi is a potential security risk, and should be updated as soon as possible.

– For ITonDemand customers using Windows workstations, updates pushed to your computers on October 10th included the applicable security updates. Please be sure that you have rebooted to apply any patches that we have deployed to you.

– For customers using Mac or any other platform, as the updates become available for your particular hardware they will be automatically pushed out by those vendors as they become available.

All available patches for ITonDemand managed Wi-Fi devices have been applied and will be pushed out to your managed devices this evening to insure that they are protected from this attack as well.

In the event that you have a non-managed access point (wireless router) or would like to consult with us on your best options to be sure that your business and data are protected, please feel free to reach out to us and we will be happy to assist.

As always, thank you for being an ITonDemand customer!

Petya virus spreads across the globe

Petya virus spreads across the globe

Yet another ransomware attack is spreading across the globe hitting Russia, Europe, and the U.S. Thus far there are confirmed reports of the virus hitting Ukrainian ministries, radiation monitoring at Chernobly nuclear facility, metro systems, and banks. A number of large companies like the Russian energy company Rosneft has also reported being hit.

Ukrainian vice prime minister Rozenko Pavlo tweeted an image of a computer that has been infected with the ransomware.

In the United States the pharmacutical company Merck confirmed its global computer networks had been hit as did lawfirm DLA Piper.

Symantec has reported that this ransomware is also using the same hacking tool, Enternal Blue, that was used in theWannaCry ransomware attacks. The tool was created by the National Security Agency (NSA).

The New York Times wrote:

The attack is actually “an improved and more lethal version of WannaCry” according to Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware last month when he created a “kill switch” that stopped the attacks from spreading.

The vulnerability used by Eternal Blue was patched by Microsoft last April but many organizations have failed to apply the patch.

ITonDemand & Petya

We are happy to report that to our knowledge all our clients who use our basic services avoided the Petya attack. We were able to provide protection via patching, backup, antivirus, and disaster recovery.

If you have not, make sure to update your computer this week and be wary of email attachments. Learn more about ransomware or contact us to carefully plan and execute a comprehensive security plan to mitigate the risks ransomware presents.

Scriptkiddies try to resurrect WannaCry

Scriptkiddies try to resurrect WannaCry

Last week, ransomware WannaCry made headlines as it spread rapidly across 150 countries and attacked over 300,000 computers in a very short time.

Security researcher Marcus Hutchins put a stop to the ransomware spreading by registering a domain that he found in the malicious code. He explained the process saying that “a sinkhole is a server designed to capture malicious traffic and prevent control of infected computers by the criminals who infected them.”

Registering the domain effectively acted as a killswitch since the malware was setup to ping the domain before continuing to spread.

Today that domain was the target of DDoS attack aimed at knocking it offline which could have potentially let the ransomware spread again.

Since the ransomware hasn’t been able to keep up with the amount of decryption requests, Hutchins speculated that low level hackers, or scriptkiddies, were doing it for laughs. Hutchins did not seem worried about the DDoS attack succeeding, but it serves as reminder to have plan in place in case your business or organization is hit by a ransomware attack.

ITonDemand & WannaCry

WannaCry exploited a vulnerability that was identified in March by Mircrosoft. Due to our strict adherence to keeping our software and hardware up to date, we are able to provide protection from ransomware via patching, backup, antivirus, and disaster recovery.

If you have not, make sure to update your computer this week and be wary of email attachments. Learn more about ransomware or contact us to carefully plan and execute a comprehensive security plan to mitigate the risks ransomware presents.

WannaCry Ransomware Hits Over 150 Countries

WannaCry Ransomware Hits Over 150 Countries

As we had discussed on a previous blog, ransomware is one of the fasted growing ways to attack companies, hospitals, and other institutions. This past weekend a ransomware attack called “WannaCry” struck and spread across the globe rapidly, hitting over 150 countries and over 300,000 computers.

WannaCry demanded payments of $300 in order to unlock data and in the US over $60K was paid attempting to retreive data according the White House.

BBC reported that the spread of the ransomware was slowed down after MalwareTech, who was hailed as an “accidental hero”, registered a domain to track the spread of the virus.

Today, Microsoft accussed the NSA of being partly responsible for the attack due to them stockpiling computer vulnerabilities saying:

This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.

ITonDemand & WannaCry

We are happy to report that to our knowledge all our clients who use our basic services avoided the WannaCry attack. We were able to provide protection via patching, backup, antivirus, and disaster recovery.

If you have not, make sure to update your computer this week and be wary of email attachments. Learn more about ransomware or contact us to carefully plan and execute a comprehensive security plan to mitigate the risks ransomware presents.

Getting The Most Out Of Your IT Call

Getting The Most Out Of Your IT Call

We’ve all been there. Your computer or smart device, cable box, or what have you, isn’t functioning properly and you have to make that call, sometimes the dreaded call, to tech support. You know that when you make the call you’re likely to have to go through an automated system before you get to talk to a live person.

One key point to remember: You may be frustrated and that is understandable, but getting emotional does not help the situation. It will not resolve a problem any quicker and can actually slow the process down. Remember to remain calm and do your best to remain polite, and find peace in the thought that this will always be the returning response from the technician.

This can be a stressful time, especially if your startup or small business is dependent on the malfunctioning device. It’s also stressful if it’s your personal device, but dollars may not be on the line, just hair-pulling.

Before making the call you’ve agonized over what you’re going to say, even if you don’t know exactly what the problem is. Having as much data as possible to tell a tech support representative is the key to making the call (or online chat) as painless an experience as possible. Lifewire laid out some key points that are handy to have:

Details of the problem – is there an error message? What does it say?

When did the problem begin?

Have you taken any troubleshooting measures, such as turning your device off then back on?

But, in addition to those points, here at ITonDemand, we think there are a few other things to keep in mind when calling IT support.

Verify if there have been any changes to the device environment – a recent installation of hardware or software or if there has been an update.

Have device specifics handy. In other words, what is the make and model of the problem device? Knowing a serial number can also come in handy.

Did you reboot? (That’s usually a first stop in IT questions, but it’s good to know if you have already tried.)

Another thing to know is whether or not you have Internet access. Wi-Fi can go down. And sometimes it can happen while you’re in the middle of a project and you don’t realize it. Try to open a Web browser and see if an error appears.

If you do have Internet access, don’t be afraid to Google the problem while you’re on the line with tech support. You may come across something that helps the situation.

Repeat yourself. Did we say that already? At ITonDemand, we recommend providing information to tech support in the same manner you would leave a telephone number on an answering service – with pauses and slow, deliberate intonations.

Go into the conversation with the tech support rep armed with as much information as possible. That will make things go smoothly and, hopefully, quickly. And don’t be afraid to repeat the details. Be clear and concise when talking with tech support. The better the lines of communication, the quicker the service should be.