ITS turned 10 in May 2017! We have seen countless technological changes and new products in our lifetime; we learn, evolve, and develop solutions to embrace and harness new technologies to meet the needs of our clients.
The fallout from the recent WannaCry ransomware attacks have certainly drawn more attention to network security and ransomware in general.
How can I prevent ransomware?
If you haven’t questioned or considered your network security and disaster recovery plan yet, now is a great time. Here are some important steps to start your reflection:
1. Backup your data: When we have successfully defeated ransomware for our clients, it has not been with savvy decryption ciphers or paying with bitcoins. We have simply removed the damaged files and restored from their most recent unaffected backup. If you are using a backup service, check your backup reports to make sure they are successful and make sure they are backing up your mission-critical data.
2. Keep your OS up-to-date: An interesting facet of the WannaCry attacks were the machines targeted. Many of the machines were running operating systems that were out-of-date and out-of-support. Unless businesses were running specific software products that would only run on those operating systems, they should not have been using
The WannaCry attack manipulated a specific vulnerability in the Windows OS. Although considered out-of-support, Windows did release a patch for these older operating systems. Click here to learn more about Microsoft’s response.
3. Think twice before clicking: The ransomware tickets we have worked for clients have been largely traced back to emails. Hover over links before clicking and see if the address preview is an expected destination. Do the emails use correct grammar and spelling? Does it contain excessive exclamation marks? Is the email something you would expect to receive? Does it contain an attachment; that should increase your alarm!
4. Install an up-to-date antivirus. Many products sold to businesses also offer a free version for home use. Ransomware is generally very wormlike; users that first click the infected email or link and inadvertently install the ransomware on their device have opened the door to invite the ransomware to install on other networked machines and servers. It is important that all machines that connect to your network and server be protected by a robust antivirus product. If you have wireless open for guest users, make sure they are only able to access the internet and not your server drives. If your company has a BYOD policy, check to see how you are enforcing the antivirus coverage for those devices.
What do I do if I get ransomware?
- Get your machine off the network to eliminate the spread of files, or the ability for your computer to be controlled by those files.
- Do not pay the ransom; you cannot guarantee that you will indeed receive the decryption key and be able to recover your files.
- Restore affected files from backup.
- Check connected cloud accounts. If you are backing up to Google Drive, Dropbox, etc., login from an unaffected machine and stop syncing your accounts. Check those files to see if they were encrypted as well. If they were, revert to a previous version.
- Make sure you have an antivirus product installed, and make sure it is up-to-date. Some products are set to auto-update, some will need you to approve updates. AVG, the product most of our SMB clients use, will auto-update. Learn more about their ransomware coverage and response on their website.
An email furiously bounced between personal, school and business accounts today, notifying you that a Google Doc had been shared with you.
According to preliminary reports from Google and technicians testing the message links, the message was an attempt to install a malicious Google App in your account.
On their Twitter feed at roughly 4:15 PM, Google released this statement:
We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing email in Gmail.
Just last week, we had 8th graders tour on a career planning field trip. As part of our presentation, we share some fairly standard helpdesk tickets (with sensitive information removed). We looked at ransomeware, we saw screens covered with fake BSOD messages, and we talked about the vulnerability of computer users and platforms. The teacher asked for some parting advice for the students; how can they avoid these situations? How can they assist their parents and grandparents that may turn to them with IT questions, simply because they are younger?
Our advice is to always look twice and think twice before clicking. Attentive readers would have noticed some key features in the the scam email shared today. This is not the first fake Google Doc shared via email, and it certainly will not be the last. Hover over links before clicking, check to see if grammar and spelling are correct in the content of the message, consider whether the message is of ordinary pattern for the sender, and feel free to actually engage with the sender personally to see if they are really sending you a link to a Dropbox file, sharing a Google Doc, or in dire need of funds half a world away.
ITS recently resolved our 50,000th ticket, and took a look back at other major ticket benchmarks. Some tickets originate with a phone call or an email, others are entered in our online helpdesk system. Tickets are also generated by alerts from your server or network gear without any client interaction. Helpdesk requests vary greatly in volume and topic from day-to-day, but our goal remains constant: to deliver Trusted IT Solutions.
Biometric security? Check.
Multiple levels of access control? Check.
Redundant power and fiber? Check.
Raised floors, fire suppression, tornado proof? Check.
What other security features can we offer in our midwest datacenter location?
Don’t worry, you won’t have to fight your way through a swarm of bees to access your data, but ITS President Joel Althoff is adding honeybees to our adjacent green space. Althoff’s hives will support an estimated 180,000 bees by summer, and will utilize the new crowdsourced Flow Hive along with traditional Langstroth Hives. The bees will arrive in April, some via the US Postal Service and others from a local apiarist.
Why is Althoff adding bees? “Bees are fascinating. They are a superorganism, working together for the good of the community. They also have a lot of challenges. By providing them with a safe habitat, hopefully we can play a small part in helping them out. Plus, honey is delicious.”
ITS is just one example of a growing number of corporations and entities embracing the positive impacts of agricultural pollination; major airports and large downtown rooftops are increasingly adding hives as well. In combination with our green datacenter initiatives, ITS strives to be a good steward of the land and a great provider of Trusted IT Solutions.