Ransomware – The do’s and don’ts to protect you and your business

ransomware Ransomware (viral infections that encrypt data on your hard drive), are becoming more prevalent. Cryptowall and Cryptolocker are two that are increasingly infecting computers world wide, with an estimated 545,000 infections from between Sep 2013 to May 2014. Ransomwares’ purpose is to attempt to extort money from the victim with the promise that your data will be restored after payment.

The Senior Manager of Symantec’s Cyber Readiness & Response, Bob Shaker recently stated, “We’ve seen a sharp rise in requests from customers with respect to Ransomware.”

Mr Shaker tells the story of trying to help a customer who, after being infected with a ransomware virus, could only sit and watch while his company’s data was wiped out, file by file. “I never want to have to go through that again,” he says.

Since then, Symantec has gone to great efforts to ensure that businesses understand the risks and have a clear picture of what to do, and what not to do, to protect themselves from becoming a victim of Ransomware.

Here are some Ransomware Do’s and Don’ts

1. NEVER pay the Ransom!

Your first response will undoubtedly be panic, and your first instinct will be to pay the Ransom.
Don’t do it. This will just encourage the attackers, and help fund further development of these types of attacks.
And even if you do pay, there is no guarantee that you will get your data back.

Instead, Do:

Remove the infected system from the network if you are on one, and clean the system of all viruses.
Then restore data from a known good backup. Restoring data from a backup is the quickest way to get back up and running.

2. Do install a quality security solution

A multi-faceted security solution (like Norton Internet Security for example) should be installed. Norton has protections for not just file-based threats (traditional Viruses), but it also includes download protection, browser protection, heuristic detection technologies, a firewall and a community sourced file reputation scoring system.

3. Do educate employees

One of the main ways you can be infected is through “Spear Phishing”. This is whereby an unsolicited email arrives from an unknown sender that incorporates an attachment that, when opened, executes a program (the virus).
If you have employees, you must take the time to educate them about these threats, and how to recognise suspicious links and attachments, and what they should do in such circumstances.

4. Do use content scanning and filtering on your mail servers

All Incoming emails should be scanned for known threats and should block any attachment types that could potentially pose a threat.

5. Do make sure that all computers and software are kept up-to-date with security patches and updates

Compromised websites are frequently used to spread viruses. Regular patching of vulnerable software like Internet Browsers, Java, and Adobe Flash is necessary to help prevent infection.

6. Do limit end user access to mapped network drives

Ransomware is capable of looking for and encrypting data on any mapped drives that a user has access to. Restricting permissions for shared folders and files of a mapped network drive will limit what the Ransomware virus will be able to encrypt.

7. Do make sure that you have a comprehensive backup solution in place.

The fastest way to get back up and running after this sort of attack is to have a backup of your data.

These Dos and Don’ts will not prevent an attack, but they can certainly reduce your risk level.

Microsoft Office Comparisons

Usually when we build a new computer, or supply a new Laptop, the question is asked, would you like Microsoft Office with that?

Invariably the customer will say yes, to which we would reply, which version would you like?

To which the customer will reply, I didn’t know there were different versions.

And we would then respond with, yes there are several versions. You have Office 365 Personal & Home Premium, and Office Home & Student and Office Home & Business and Office Pro.

The conversation would then turn to all the differences of one version over the other.

As you can imagine, that is time consuming, and potentially confusing for the customer.

So in an effort to decrease both the time and confusion, here is a brief description of the differences, supported with an image that graphically displays those differences.

Office 365

Office 365 is a subscription based offering from Microsoft.

That is to say, you pay a yearly subscription fee.

The advantage of this is that you will always have the most up to date version of the Office applications (Word, Excel, PowerPoint etc).

There are two versions of Office 365. They are 365 Personal and 365 Home Premium.

The only difference between Office 365 Personal and Home Premium is that the Personal version can only be installed on 1 PC/Mac and the Home Premium version can be installed on 5.

Both versions include Word, Excel, PowerPoint, OneNote, Outlook, Publisher and Access, and both have a 1 Yr subscription term.

Office Home & Student vs Office Home & Business vs Pro

All of these versions of Microsoft Office are Disk Based, with no subscription.

All can only be installed on 1 PC/Mac.

All include Word, Excel, PowerPoint and OneNote.

In addition to these Applications, Office Home & Business includes Outlook.

And Office Pro includes Outlook, Publisher & Access.

Microsoft Office Comparison Table

Microsoft Office Comparison Table If you would like to purchase Microsoft Office, it is available in our Online Shop.

 

How to remove a Rootkit Virus

Rootkit Virus I recently had a Laptop in the workshop that had a particularly difficult to remove Rootkit Virus installed on it.

I couldn’t use the removal tool that I normally use because it isn’t compatible with Windows 8, so I did some research and found a different tool called GMER.

What is a Rootkit Virus?

But before I go on and explain how useful the tool was, I’ll just quickly explain what a Rootkit Virus is.

The name comes from a term used in Unix and Linux Operating Systems, with “Root” referring to a “Privileged” account or in other words an account with Administrative rights, whilst the “kit” part of the name refers to software components that implement it. A Rootkit virus assumes admin control of the Operating System, making it very difficult to remove.

So having found that my usual bag of tricks was not going to work, it was time to find something else.

During my research, I came across a removal tool that I hadn’t heard of before (as previously mentioned, GMER), and I gave it a shot.

To my surprise it was very simple and effective.

I downloaded the Removal Tool, and unlike many other tools, I didn’t have to rename the executable file to something that a potential virus wouldn’t recognise and therefore prevent running, because it is already named with a random file name at download. It was also a very small file size of 372kb.

GMER scans for the following:

  • hidden processes
  • hidden threads
  • hidden modules
  • hidden services
  • hidden files
  • hidden disk sectors (MBR)
  • hidden Alternate Data Streams
  • hidden registry keys
  • drivers hooking SSDT
  • drivers hooking IDT
  • drivers hooking IRP calls
  • inline hooks

If a Rootkit Virus is present, you will be notified with a screen that looks like the following:

How to remove a Rootkit Virus with the GMER Removal Tool

Removing the identified viruses involves right clicking on the identified virus and choosing “Delete the Service”.

Removing the Rootkit

Spotty Dog Computer Services can remove Root Kit Viruses from your PC.

How to Refresh, Reset, or Restore your Windows 8 PC

Windows 8 Reset and Refresh options

 

Windows 8 has Enhanced System Restore capabilities.

Not only can you do the normal System Restore we’ve all come to know, love and use on many occasions, but you can also Reset and Refresh the PC.

 

Here is a brief explanation of each:

  • Restore – Restore your PC (Windows System Restore) as in previous versions of Windows, undoing recent system changes you’ve made.
  • Refresh – Refresh your PC to reinstall Windows and keep your personal files, settings, and the Apps that came with your PC, along with Apps that you have installed from Windows Store.
  • Reset – Reset your PC will reinstall Windows, but will delete your files, settings, and Apps (except for the apps that came with your PC).

The new Refresh feature in Windows 8 is intended as an improvement on the previous Window System Restore. On the other hand, the Reset feature is intended to reset your Windows 8 system back to a pristine out-of-the-box setup.

Microsoft have extensive information regarding each of these features and how to use them, so rather than me typing it all out again here, this is the link to the Microsoft Website.

Windows 8.1 Update

Why you need to update to Windows 8.1

For those of you out there that purchased a Laptop or PC with Windows 8, you may not realise that there is an update available that upgrades Windows 8 to Windows 8.1.

So what, you may ask?

Well it’s important because if you do not install the 8.1 upgrade before 10th June 2014, you will no longer receive any future updates from Microsoft.

Originally this was supposed to happen in May, but Microsoft has extended the deadline for consumer customers. Enterprise customers have until 12th August.

Here is a direct quote from Microsoft:

While we believe the majority of people have received the update, we recognize that not all have. Having our customers running their devices with the latest updates is super important to us. And we’re committed to helping ensure their safety. As a result, we’ve decided to extend the requirement for our consumer customers to update their devices to the Windows 8.1 Update in order to receive security updates another 30 days to June 10th.

There is no reason why you shouldn’t update to Windows 8.1.

There are many tweaks to the OS that people using a non-touchscreen will find helpful.

To update to Windows 8.1, go to the App Store and the first thing you will see is an option to do the free update.

Windows 8.1 update via the App StoreIt is EXTREMELY important that you update to Windows 8.1. You can view the Microsoft tutorial on how to upgrade here.

If you don’t, you will be in the same boat as Windows XP users and you will not receive any security updates and patches for your OS, leaving you vulnerable to exploits and hackers.

One of the key reasons users of PC’s get viruses is because they do not download and install Windows updates, so it is imperative that you do them.