Back to Top

Tech, Web, Cloud & Cabling Services

Category: Security

Security Category

Ransomware-as-a-service is exploding: Be ready to pay

RaaS has outgrown smaller targets and now threatens governments, NGOs, and SMBs.

ransomware

It starts with a fast click on a link in a harmless-looking email. Then your PC slows to a crawl. A message suddenly pops up and takes over your screen. “Your files and hard drive have been locked by strong encryption. Pay us a fee in 12 hours, or we will delete everything.” Then a bright red clock begins counting down. No antivirus will save your machine. Pay the fee or lose everything.

You’re the latest victim of a ransomware attack. The scary thing is, you’re not alone. The ransomware market ballooned quickly, from a $400,000 US annual haul in 2012, to nearly $18 million in 2015. The average ransom—the sweet spot of affordability for individuals and SMBs—is about $300 dollars, often paid in cash vouchers or Bitcoin.

The ransomware market scaled up so quickly, claims a recent report by Imperva, due to the rise of ransomware-as-a-service, or RaaS. Here’s how it works:

  • Ransomware authors are marketing on-demand versions of code, using traditional malware distributors in a classic affiliate model.
  • The ransomware author collects the ransom and shares it with the distributor.
  • Malware is distributed through spam email messages, malicious advertisements, and BlackHat SEO sites.
  • According to the Imperva report, “in classical affiliate marketing, the larger cut goes to the possessor of the product. In RaaS … the ransomware author gets a small cut of the funds (5%-25%) while the rest goes to the distributor (affiliate).”
  • Using the deep web, TOR, and Bitcoin, the report says, “this model, based on TOR and Bitcoins, is designed to keep the identity of the author and the distributor hidden from law enforcement agencies.”

Phishing in particular, is a highly effective tactic for malware distribution.

The well-worded email appears to come from a legitimate email address and domain name, and raises very few irregularities. The email comes with a demand for money for an arbitrary service, along with a link that purports to be an “overdue invoice.”

Click that link and open the file (which looks like a Word document), and you’ll become the latest victim of ransomware — that is, malware that encrypts your files and locks you out of your computer until you pay a ransom.

Phishing attacks have also helped ransomware move into the enterprise. In 2015 the medical records system at Hollywood Presbyterian Medical Center was attacked. The hospital paid $17,000 in Bitcoin to unlock the sensitive records. In early 2016 the Lincolnshire County Council was snagged by a phishing scheme and held up for 500 dollars.

To prevent your business from attack, make sure the IT department and communication team are in sync, keep your company’s security systems updated, and remind employees to use caution when clicking on email links from unknown addresses.

If you’ve been hacked, the ransomware rescue kit provides a suite of tools designed to help clean particularly pugnacious malware.

Businesses that suffer ransomware attacks face a tough choice. Paying the fee could restore access to mission-critical data, but there’s no guarantee the extortionists will honor the deal. And of course, paying a ransom provides incentive to hackers and validates the attack.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

The 10 most important lessons IT learned in 2015

Every year brings with it new challenges, and new lessons, for IT in the enterprise. Here are 10 of the lessons IT learned this past year.

IT lessons

 

The end of a year is always a good time for reflection, especially so if you’re evaluating what your business did right and what you can improve upon. In an increasingly digital world, IT has quickly become one of, if not the most, important aspects of an organization. So, it should be with great care that executives and admins look back on their year and try to glean some wisdom about what can be done differently in the year to come.

Here are 10 of the most important lessons that IT learned in 2015.

1. BYOX is here to stay

As smartphone use grew to near ubiquity in the enterprise, it brought with it the trend of BYOD, or, bring your own device. While that originally referred to mobile devices such as smartphones and tablets, it spawned as host of “bring your own” everything else.

“BYOX is the new mantra with consumers bringing their own applications, cloud sharing tools, social media into the enterprise; essentially bringing their own expectations of which technology they want to use and how and where they want to work in a corporate environment,” said Chuck Pol, president of Vodafone Americas.

2. DevOps is no longer just a buzzword

The term “DevOps” gained huge popularity in 2015 as a reference to an agile method that stresses the collaboration of development and operations. The goal is to connect the writers of the code with those who maintain the systems that run it. However, DevOps continues to evolve and, although it has its own set of challenges, it could be poised to become the method of choice for enterprise IT starting in 2016.

3. Data is currency

Data, especially as it relates to big data has been steadily growing in value but 2015 felt like a tipping point. Tools for both structured and unstructured data exploded in popularity and major data service providers went public, adding credibility to the field and likely creating a better inroad into the enterprise. Also, businesses got better at distinguishing between relevant and irrelevant data.

“It is no longer credible to look at data as big static objects in a deep lake, but rather be considered a set of fast moving assets in a raging river,” said Neil Jarvis, CIO of Fujitsu America. “In 2016 and beyond, companies need to look at the data that creates business-relevant information for today and tomorrow.”

4. Finding talent is problematic

Talent shortages don’t just affect startups on the West Coast. CompTIA CIO Randy Gross said that current estimates suggest there are more than one million IT job opening across the US alone, ranging across skill level from support specialists to network admins. Enterprises are going to have to work harder to attract and retain talent.

“Wise employers with IT jobs to fill have engaged in a self-examination of the tactics and strategies they’re using to attract new talent—and adjusting accordingly,” Gross said. “For some companies, new telecommuting and remote work options have helped them fill their talent gaps.”

5. SMAC is still relevant

The SMAC stack, which stands for social, mobile, analytics, and cloud, is also known by some as the “third platform.” As all of these individual components continue to grow and thrive in the workplace, their interdependencies will grow along with them.

“Senior management must become well versed about these technologies and their possibilities to create new value and new competitive advantages in their own business and markets,” Pol said.

6. Cloud lost its fear factor

Cloud acceptance was a mixed bag for a long time, but 2015 brought a more widespread embrace of cloud technologies and services in the enterprise. In fact, some trends are making it almost a necessity.

“The complete adoption of virtualization, as well as investigation into cloud and other strategies, is far more advanced than expected—particularly amongst SMBs,” said Patrick Hubbard, technical product marketing director at SolarWinds. “Making operating systems and applications truly mobile is redefining how companies think about their IT infrastructure.”

7. The security mindset is changing

Anthem BlueCross BlueShield and Harvard University were among the major organizations that dealt with a public security breach in 2015. With today’s social media, you can almost guarantee any data breach that occurs in the enterprise won’t stay a secret. And, with the risk of a breach high, Intel Security CTO Steve Grobman said that teams must adopt a new way of thinking.

“IT must embrace the mindset that they have already been breached, now how do you protect your environment with this new default outlook?,” Grobman said.

8. Shadow IT is a line item

Shadow IT carries nowhere near the same amount of scorn it once did in the enterprise. Some organizations are even openly embracing it, and making it a foundational part of their IT strategy. And, as shadow IT continues to grow, Pol said, it needs to be properly accounted for in the budget.

“As technology continues to transform business, IT infrastructure will become more complex and more difficult to have a complete view of technology across the business,” Pol said. “The role of IT will need to become more strategic and set clear lines of accountability between IT and line of business budget holders.”

9. Employees are the biggest security risk

When most people think about security risks to their organization, the image of the hooded hacker furiously typing away in a dark room. However, employees themselves pose a real threat to the security of an organization as well. Issues such as poor password practices and using unsecured networks with company devices are a real problem. Kelly Ricker, senior vice president of events and education at CompTIA, said mobile, while helping with agility and productivity, is a cybersecurity nightmare.IT

“Every device that employees use to conduct business—smartphones and smartwatches, tablets and laptops—is a potential security vulnerability,” Ricker said. “Companies that fail to acknowledge and address this fact face the very real risk of becoming a victim of cyber criminals and hackers.”

10. Commoditization is a threat

With the plethora of tools available to build and replicate popular tech, it is increasingly important for organizations to guard against the threat of commoditization.

“As development cycles become shorter and the potential for intellectual property to be recreated and copied increases, it is becoming more difficult to create a sustainable competitive advantage for your products and services,” Pol said.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Avoid Phishing Scams with Three Simple Tips

Phishing scams are online messages designed to look like they’re from a trusted source. We may open what we thought was a safe email, attachment or image only to find ourselves exposed to malware or a scammer looking for our personal data. The good news is we can take precautions to protect our important data. Learn to recognize the signs and report phishing to protect devices and data.

 

  1. Recognize Common Signs | Be wary of requests from unknown parties, especially if they ask for money or other sensitive information.

• Urgent or emotionally appealing language
• Requests to send personal or financial information
• Unexpected attachments
• Untrusted shortened URLs
• Email addresses that do not match the supposed sender
• Poor writing/misspellings (less common)

  1. Resist and Report | Report suspicious messages by using the “report spam” feature. If the message is designed to resemble an organization you trust, report the message by alerting the organization using their contact information found on their webpage. You can also forward your email to support@sjtechies.com for one of our Security Team members to review.
  2. Delete | Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. The unsubscribe button could also carry a link used for phishing. Just delete.

If a message looks suspicious, it’s probably phishing.

 

Have questions?

 

Our team is here to help. Call us at: 856-745-9990 or visit: https://southjerseytechies.net.

 

South Jersey Techies, LLC is a full Managed Web and IT Services Company located in Marlton, NJ providing IT ServicesManaged IT ServicesWebsite Design ServicesServer SupportIT ConsultingVoIP PhonesCloud Solutions Provider and much more. Contact Us Today.

 

Let’s work together to build a safer digital environment for your business. We can increase your online safety through four simple actions, and whether at home or work, these tips make us more secure when connected. Take time to discuss them with your team so you can all become safer online!

 

  1. Use Strong Passwords | Strong passwords are long, random, and unique and include all four-character types (uppercase, lowercase, numbers, and symbols).
  2. Turn On Multi-Factor Authentication | You need more than a password to protect your online accounts; enabling MFA makes you significantly less likely to get hacked. Enable MFA on all your online accounts that offer it, especially email, social media, and financial accounts.
  3. Recognize & Report Phishing | Be cautious of unsolicited messages asking for personal information. Avoid sharing sensitive information or credentials with unknown sources. Report phishing attempts and delete the message.
  4. Update Software | Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices. Regularly check for updates if automatic updates are unavailable.

In today’s digital landscape, protecting your business doesn’t have to be complicated. By adopting these simple cybersecurity practices—using strong passwords, enabling multi-factor authentication, staying vigilant against phishing, and keeping software up to date—you can safeguard your business against common threats. Remember, cybersecurity is a shared responsibility, and small actions today can make a big difference tomorrow. Stay proactive, stay protected!

 

Have questions?

 

Our team is here to help. Call us at: 856-745-9990 or visit: https://southjerseytechies.net.

 

South Jersey Techies, LLC is a full Managed Web and IT Services Company located in Marlton, NJ providing IT ServicesManaged IT ServicesWebsite Design ServicesServer SupportIT ConsultingVoIP PhonesCloud Solutions Provider and much more. Contact Us Today.

South Jersey Cyber Crime

The hackers used “ransomware” to lock the hospital out of its own medical records.

Not all kidnappers grab your loved ones.

A growing online threat – ransomware – essentially abducts your computer system, putting data and services off-limits to users and demanding a payment to restore access.

“We are seeing more cases of this – sometimes almost on a daily basis,” said New Jersey State Police Capt. Steve Jones. “And we’re not seeing all of it, because people may be too embarrassed or don’t believe it can be helped.”

Ransomware viruses are a plague. Once infected — installed to your computer by a website you’ve visited, a rogue email attachment or link, or instant message — your computer will lock up. With names like CryptoWall, these types of viruses may create a popup window or Web page warning you that you’ve broken some law and have to pay a fine, anywhere from hundreds to thousands of dollars, according to the FBI.

These scams threaten to encrypt your files forever or destroy them unless a ransom is paid, according to the FBI.

Once paid, your computer is unlocked or a code is sent to unlock the machine, authorities said.

Between April 2014 and June 2015, the FBI received 992 CryptoWall-related complaints with victims reporting a loss of more than $18 million.

The state’s top cybersecurity unit recently launched an online effort to help people guard against ransomware.

“For many organizations, preventing ransomware entirely is nearly impossible,” says the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), which introduced a Ransomware Threat Profile page at its website in February.

But it notes individuals and companies can take measures to prevent infections and to limit their impact.

Although ransomware can lock up laptops and desktop computers, the risk is particularly great for data-dependent organizations like hospitals and accounting firms, said Jones, the State Police spokesman.

So far, at least three hospitals have been hit nationwide – in California, Kentucky and the Washington, D.C., area. South Jersey hospitals are well aware of the menace.

“It’s a big concern. It’s something that has really spiked,” said Tom Handlon, chief information security officer for Kennedy Health, which operates three acute-care hospitals in South Jersey.

Handlon gave no details, but said Kennedy seeks to protect itself through protective measures inside its computer system and by promoting safe conduct by employees.
“We’re monitoring it constantly and updating as we go along,” he said. “We are really educating the staff and our entire organization that we are a target.”

A similar view came from Tom Rubino, spokesman for Cooper University Healthcare System in Camden.

“We have tracked the recent wave of ransomware attacks that have targeted hospitals across the nation,” Rubino said. He said Cooper’s IT security team “is proactively taking measures to prevent ransomware infection of our computer systems.”

“Additionally, as a critical component for preventing all computer viruses, we are increasing our employee education efforts.”

A key precaution is to back up your computer’s contents on a frequent basis, Jones said. “But you’ve got to keep the backup drives disconnected,” he warned. “Otherwise, the ransomware can migrate to the backups.”

The State Police in March 2015 investigated a hacking incident that disabled much of the computer system for the Swedesboro-Woolwich school system. In that case, a hacker demanded more than $125,000 in the form of a digital currency called bitcoins.

The district, which did not pay the ransom, had to wipe clean its email servers and cafeteria lunch-ordering system to rid itself of ransomware. Only a handful of classroom computers were infected.

Hackers exploited a gap in the district’s computer security system and a vendor’s “weak” passport to take over the computer system, Michael Procopio, Educational Information and Resource Center’s director of technology, said at the time. EIRC experts helped the district restore its system.

The district’s hacker was believed to have struck from abroad – a familiar pattern, according to the State Police.

“Many of these messages and attacks are coming through foreign servers,” Jones said. “The countries that house these servers are not often countries that have a real open relationship with law enforcement.”

Tools have been available to help decrypt older versions of ransomware, said Dave Weinstein, New Jersey’s director of cybersecurity.

“At this point, the strain has morphed to the point where there is no releasing your files,” said Al Della Fave, a spokesman for the Ocean County Prosecutor’s office. “The lock these cybercriminals put on your files is foolproof at this point.”

Unless you’ve backed up your computer prior to the infection, Della Fave said, “The only way you would get your files back is to pay.”

“Ransomware is working” for cyberthieves, said Ben Johnson, chief security strategist at Carbon Black Inc., a  computer security firm in Waltham, Massachusetts. “People are paying.”

In the last few weeks, cybercriminals have come up with some new twists, he said. For instance, one version encrypts files more quickly after someone opens up a malware-filled Microsoft Word document or some other attachment.

Other versions encrypt the computer at its most basic level so it can’t even power on, or use the computer’s own system administration tools to infect itself, he said.

The best course of action is to make sure you don’t get the virus. “You must be super careful what you click on,” Della Fave said.

Here’s what you should do, according to Johnson and the Ocean County prosecutor’s office:

  • Keep your computer’s security software up to date.
  • Keep your network firewall turned on.
  • Do not open spam email messages or links to suspicious websites.
  • Back up your files, such as documents, photos and music, to a secondary storage device.
  • Be careful when you browse the web. Use ad blockers to help protect yourself.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Here are the top features of iOS 11

The 10 best features you won’t be able to live without

Ready for some new iPhone and iPad features? iOS 11 is now out of beta and ready for the public. Here are the best features that came with it.

Get ready to back up your iPhone and iPad: iOS 11 is here. Apple released the latest version of its mobile operating system on Tuesday, introducing us to a handful of brand-new features. In fact, this version of iOS feels like the most ambitious version of iOS that Apple has launched in a while. Here are the best new features that we already can’t live without. 

Siri’s new tricks

Siri is one of those features that keeps getting better with each software upgrade, and iOS 11 is no exception. This time, Siri gets a new voice, plus a super-helpful visual interface that lets you even edit your voice request with text input. And now, Siri is able to translate phrases for you—it can process English to Chinese, French, German, Italian, and Spanish. Apple said that it will add more languages in the months to come.

 

Customizable Control Center

Currently, Control Center in iOS 10 takes up two panels, so you have to navigate to the second panel to access volume controls. However, iOS 11 brings everything back to a single screen and relies more on 3D Touch. Not only that, but you can also customize which controls you’d like to have on there. You can add new controls to quickly access your Wallet, turn on Low Power Mode, and even start Screen Recording—an all-new feature for iOS.

 

New Live Photo effects

Apple has given us more reasons to want to take Live Photos, those GIF-like moving images. In iOS 11, you can add effects to your Live Photos after you take them. Find a Live Photo on your camera roll and then swipe up. You will be able to add a looping effect to your photo or make it “bounce” back-and-forth, similar to an Instagram Boomerang. You can also make it a long exposure shot for better photos of low-lit scenarios.

 

Drag-and-drop on iPad

iOS 11 makes for better multitasking on iPad. Now you can drag-and-drop images, links, and files between apps that are open side-by-side, either in Split View or Side Bar mode. In fact, you can drag-and-drop an app from Dock onto Side Bar mode, and drag that secondary app from the right to the left side of the screen.

 

Markup your screenshots

Everytime you take a screenshot in iOS 11, it will automatically remain floating on the lower left. You can swipe it offscreen to save it to your camera roll as per usual, or you can tap on it to go into Markup. So now, you can add handwritten notes or comments either with your finger or with your Apple Pencil if you’re using an iPad Pro.

 

Social profiles in Apple Music

Apple Music gets social in iOS 11. Taking a page from Spotify, Apple Music members now have a profile on the streaming app. You can use your profile page to showcase your favorite playlists, as well as the albums you’ve recently listened to. You can also follow friends on Apple Music, and their profile photo will show up next to the albums they’ve listened to. However, there is currently no way to listen to music on private or secret mode, so be ready for your Apple Music followers to get a glimpse at all your guilty pleasures.

 

Do Not Disturb While Driving

This feature could be a real life-saver. iOS 11 also introduces “Do Not Disturb While Driving” so that the screen goes totally dark when you’re on the road. You can activate this mode manually via Control Center or have it turn on automatically whenever you’re connected to CarPlay or a car’s Bluetooth. In addition, you can go into your Do Not Disturb Settings to setup an automatic response to all your incoming texts to alert people that you’re driving and will get back to them as soon as you arrive.

 

Document scanner in Notes

There’s no reason to run to the office scanner anymore, thanks to iOS 11. Using the Notes app you can now press the plus (+) sign to access an all-new document scanner. You can scan several documents at once and apply different filters. The scans can be saved inside your Notes, and you can also export them as PDF files that are Markup-friendly, so you can add your signature and send it back.

 

Search for handwritten Notes

Another cool feature that iOS 11 brings to Notes is the ability to search for things you’ve written our by hand. If you prefer to take notes using your finger or your Apple Pencil on iPad Pro, they are now searchable. 

 

QuickType keyboard improvements

iOS 11 also makes significant improvements to the software keyboard. On iPhone, you can press-down on the globe icon and choose one-handed mode. This will bring all the keys closer to either the left or right side of the screen to make it easier to type with one hand. You can also make one-handed mode your default keyboard by going into Settings. For iPad, you can now type numbers, symbols, and punctuation marks without switching to a secondary keyboard. Simply flick down on the key to insert the character you need. 

What we’re still waiting for

Apple previewed a lot of new features for iOS 11, but not all of them are yet available. Here’s a quick look at what’s to come later this fall.

1. Apple Pay Cash for sending or receiving cash within Messages

2. Indoor maps for Apple Maps to help you navigate popular shopping centers and major airports worldwide. 

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Uninstall now! Apple abandons QuickTime for Windows despite lingering critical flaws

Apple is giving up on QuickTime for Windows.

Yet another program is joining Java 6 and Windows XP as big-name software you do not want running on your PC. Security firmTrend Micro and the U.S. Department of Homeland Security are advising all Windows users to uninstall Apple’s QuickTime as soon as possible. (The advisory does not affect Mac users.)

The reason for getting rid of QuickTime for Windows is twofold. First, Apple told Trend Micro it is deprecating the software and will no longer deliver security updates for it. Second, there are two known critical vulnerabilities that could allow an attacker to take control of a system running QuickTime.

That’s a hellacious combo.

Apple was unavailable for comment at this writing, but a quick look at QuickTime’s download page shows the software is still publicly available. It hasn’t been updated since at least January, however.

Trend Micro says it does not yet know of any instances where the two potential security threats are being used in the wild but that could change. Trend Micro’s Zero Day Initiative recently published some technical details about the vulnerabilities. ZDI did this because its disclosure policy requires it to publish threat information when a “vendor indicates that the product is deprecated,” and thus won’t be patched.

If you’re a longtime user of iTunes you may be running QuickTime. To dump the program, open the Control Panel on your PC and then from the “category” view go to Programs > Uninstall a program. Once the list of installed programs populates, scroll down until you find QuickTime. Select it with your mouse, and then click Uninstall towards the top of the window. A pop-up window will then appear asking to confirm that you want to uninstall the program. Click Yes and you’ll be QuickTime-free in no time.

A survey published by Secunia Research in late 2015 found that Apple software is among the programs that are updated the least often by Windows users.

Why this matters: Whenever software is about to be abandoned it’s always a good idea to move away from it—or at least start planning to. That goes double for software with known flaws that allow the bad guys to execute code on your machine. QuickTime used to be an important piece of software for Windows users. But these days you don’t need it to watch movie trailers on Apple’s site and it’s no longer used by iTunes to play media on Windows. There’s little reason for the vast majority of Windows users to keep QuickTime on their PCs.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Old Windows PCs can stop WannaCry ransomware with new Microsoft patch

In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8

Users of old Windows systems can now download a patch to protect them from this week’s massive ransomware attack.

In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8 — all of them operating systems for which it no longer provides mainstream support.

Users can download and find more information about the patches in Microsoft’s blog post about Friday’s attack from the WannaCry ransomware.

The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.

Computers infected with WannaCry will have their data encrypted, and display a ransom note demanding $300 or $600 in bitcoin to free the files.

Fortunately, Windows 10 customers were not targeted in Friday’s attack. In March, Microsoft patched the vulnerability that the ransomware exploits — but only for newer Windows systems. That’s left older Windows machines, or those users who failed to patch newer machines, vulnerable to Friday’s attack.

Researchers originally believed the ransomware was spread through attachments in email phishing campaigns. That no longer appears to be the case.

Infection attempts from the WannaCry ransomware.

Once a vulnerable PC becomes infected, the computer will attempt to spread to other machines over the local network as well as over the internet. The ransomware will specifically scan for unpatched machines that have the Server Message Block vulnerability exposed.

Businesses can prevent this by disabling the Server Message Block protocol in vulnerable PCs. They can also use a firewall to block unrecognized internet traffic from accessing the networking ports the Server Message Block uses.

Fortunately, Friday’s ransomware attack may have been contained. A security researcher who goes by the name MalwareTech has activated a sort of kill-switch in WannaCry that stops it from spreading.

As a result, over 100,000 new infections were prevented, according to U.K.’s National Cyber Security Centre. But experts also warn that WannaCry’s developers may be working on other versions that won’t be easy to disable.

“It’s very important everyone understands that all they (the hackers) need to do is change some code and start again. Patch your systems now!” MalwareTech tweeted.

Unfortunately, the kill-switch’s activation will provide no relief to existing victims. The ransomware will persist on systems already infected.

Friday’s ransomware attack appears to have spread mainly in Europe and Asia, with Russia among those nations hardest hit, according to security researchers.

Security experts are advising victims to wait before paying the ransom. It’s possible that researchers will develop a free solution that can remove the infection.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

What You Need to Know About the Big Chip Security Problem

According to Intel Corp.,most of the processors running the world’s computers and smartphones have a feature that makes them susceptible to hacker attacks. The chipmaker, working with partners and rivals, says it has already issued updates to protect most processor products introduced in the past five years, but the news sparked concern about this fundamental building block of the internet, PCs and corporate networks.

The revelation of the so-called Meltdown and Spectre vulnerabilities spurred a scramble among technology’s biggest players, from Apple Inc. to Amazon.com Inc., to enact fixes and reassure customers they were on top of the problem.

1. What’s the problem?

Modern processors guess what they’ll have to do next and fetch the data they think they’ll need. That makes everything from supercomputers to smartphones operate very fast. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data stored in memory that had been thought to be secure. In a worst-case scenario, that would let someone access your passwords.

2. How bad is it?

The vulnerability won’t stop your computer working and doesn’t provide an avenue for hackers to put malicious software on your machine. Though it could put important data at risk, there’s been no report so far of anyone’s computer being attacked in this manner. More broadly, though, the new fears could undermine longtime assurances that hardware and chip-level security is more tamper-proof than software.

3. How was it discovered?

The weakness was discovered last year by folks Google employs to find such issues before the bad guys do. Usually, solutions are developed in private and announced in a coordinated way. This time the news leaked before the companies involved had a chance to get a fix in place.

 

 

4. What’s being done to fix it?

Chipmakers and operating system providers, such as Alphabet Inc.’s Google and Microsoft Corp., are rushing to create software patches that will close the potential window of attack. Intel said that it expects to have issued updates for more than 90 percent of recently introduced processor products. Amazon.com Inc. said “all but a small single-digit percentage” of its servers have already been protected. In a blog post, Google said its security teams immediately “mobilized to defend” its systems and user data. Some customers of Android devices, Google Chromebook laptops and its cloud services still need to take steps to patch security holes, the company said. Patches for Windows devices are out now and the company is securing its cloud services, Microsoft said in a statement.

5. Is this just an Intel problem?

No, though that seems to be what panicky investors initially thought. Intel says it’s an issue for all modern processors. But rival Advanced Micro Devices Inc. stated that its products are at “near-zero risk.” ARM Holdings, which has chip designs that support all smartphones, said that, at worst, the vulnerability could “result in small pieces of data being accessed” and advised users of its technology to keep their software up to date. Google fingered all three companies. Apple said all Mac computers and iOS devices — including iPhones and iPads — were affected, but stressed there were no known exploits impacting users and that steps taken to address the issue haven’t dented performance.

6. What will the fallout be?

Some computers, mostly older ones, could be slowed down by the software patches that will make them more secure. Intel said that in common situations software might be slowed down by as much as 3 percent or not at all. But in other rare situations, performance might be reduced as much as 30 percent. The company doesn’t expect any financial impact and said it thinks customers will keep buying. As the fixes haven’t been widely deployed yet, it’s unclear whether anyone will even notice or whether computer slowdowns will be widespread. Intel has only done lab tests.

Quick Reference CyberSecurity Guide

In today’s digital age, cybersecurity is at the forefront of technology, both at the workplace and in our personal lives. With the increasing frequency and sophistication of cyber threats, it is essential that we all play a role in protecting sensitive information both business and personal.

 

To help you stay informed and vigilant about cybersecurity best practices, we have created a Quick Reference Guide for Cybersecurity to be shared with your users as a courtesy to better protect themselves from cyber threats and contribute to a safer digital environment.

Please Download Our Quick Reference Cyber Security Guide Below

Quick Reference CyberSecurity Guide

If you have any questions, please email us at support@sjtechies.com or call us at (856) 745-9990.

CALL US NOW!