SystemsNet Blog

Category Archives: Malware

3 Reasons Why Your Malware Needs Active Management

August 2, 2018Malware, Securityanti-virus, malware, MalwareBytes, ransomware, security, WebrootSystemsNet Administrator

Business man downloading an anti-malware program or antivirus software

Are your servers and workstations protected?

Everyone knows the importance of installing malware and virus protection. Whenever you get a new laptop or device, a quick click to your preferred vendor is usually one of the first steps you have the computer connections to the Internet. But knowing how the programs work is almost as important as knowing how important they are.

How do malware programs work?

Most anti-malware programs compare downloads and new programs against a list of known malware signatures. In other words, they compare incoming data and code against recognizable bits of malware. If it finds a match, the new download is either blocked entirely or is more closely scrutinized.

Other types of antivirus and anti-malware tools investigate potential threats in different ways. They might test out suspect downloads in a closed environment, or a ‘sandbox,’ to see how it behaves. Some smart programs look at how downloads behave before weighing in. So most malware protections don’t just scan initial downloads and new activity. They also monitor your computer as a whole for new or suspicious behavior.

What do patches and new updates provide?

Malware is getting smarter and stronger all the time. Your tools need to update ahead of that curve to provide continuous security to your system. A lot of upgrades are centered around the program’s database of known threats. As the service provider and cybersecurity institutions identify new threats, they add them to the database. But if you don’t install the new patch or ignore the update alert, that new information is never added to your computer.

Updates can also improve control over the sandbox environment or add new warning signs for behavioral anti-malware programs to investigate. Basically, if your anti-malware was downloaded a year ago and never updated, it won’t know what to do against new threats. Virus creators and malicious actors know that people tend to be a bit lax on their updates, so they tend to focus on malware that doesn’t display any of the old warning signs.

Why should you leave the update schedule in the hands of your IT service?

Leaving update schedules up to your employees is bad for business. The same people who leave their computer in sleep mode instead of shutting it down for new updates also won’t update the software. Here are three reasons why leaving it in the hands of an administrator, especially a third-party administrator, is better:

1. You know that everyone’s device is up-to-date.

Some of your employees will update their anti-malware software as soon as they get the alert. Others might shut down their computer regularly enough that the system updates without their knowledge. But other updates might linger for days or weeks before they’re implemented.

When your company uses mobile devices that aren’t always on your network, it’s easier for unsecured devices to pick up a bug and bring it into the office. But, when control of the update schedule is centralized, you don’t have to worry about delays.

Centralized control also brings a stronger guarantee: you know that everyone is using the same program. BYOD policies and laptops that have been used by the same employees for years could have a random scattering of different antivirus programs, all with different levels of quality and privacy. But your IT service will both provide a program and ensure its updates.

2. You get a report so you can verify that your company is in compliance.

You don’t just want to know that everyone’s computer is updated. Depending on your industry, you might need regular proof of when updates happened and what types of updates they were. Regulatory agencies are getting more and more strict about data leaks, and professionals will give you records and receipts for your paper trail.

3. Internal emergencies won’t cause delays.

Even if you hand over anti-malware updates to a systems administrator in your office, there could still be delays. A website outage, a late product delivery, or even downsizing could get in the way of the schedule. But when you use a third-party IT service, the update schedule is preset and one of their business priorities.

If you want to make sure your anti-malware software is strong both now and in the future, browse our services to find the right package for your business.

Six Steps to Make Your Company Ransomware Proof (Part 2)

March 15, 2018Malware, Securityantivirus, Help from ransomware, malware, Protect your computer, securitySystemsNet Administrator

Protect your business from ransomware attacks with regular data backups.

Welcome back to the second half of our two-part article about how to completely harden your company against the threats of ransomware. The entire reason why ransomware is so scary is because it is a known cause for complete computer wipes with all your data gone in seconds and you’d better think twice about paying a mysterious criminal who does not have to decrypt your files and will probably delete them anyway.

Rather than leaving yourself vulnerable to these malicious cybercriminals, the best defense is a stupendous set of backups. Last time we talked about creating an individual backup for each machine or group of identical machines, along with the importance of safe cloud storage. Today, let’s pick up right where we left off at point three, your final complete backup stage.

3) Create One Complete Infrastructure and Configurations Backup

Because ransomware sometimes attacks an entire network from a single connected computer, it’s important that you are ready to recover absolutely everything in case you become the victim of a particularly nasty piece of black-hat software. Just like you did with the individual computers, it is possible to take a snapshot of every setting and configuration for your entire network. This file will be pretty big but you only have to keep one or two to be ready for a ransomware attack. This way, even if the malware takes out an entire chunk of your network, you could potentially wipe every device to factory settings and reconfigure in a few hours, once again denying the hacker their opportunity to cause any real damage to your company.

4) Take Content Backups Regularly

Now that you have your infrastructure backups taken care of, you can start worrying about smaller content backups. These can either be updated to the big backups or kept separately to help you keep track of day to day changes. These should be taken even of cloud-stored data to ensure that you’re protected against everything from malware deleting files to human error entering unwanted changes. Regular content backups will ensure that once you factory reset and restore a machine’s configurations and software, you can also restore its local files for the convenience of the employee who works there.

5) Create New Complete Backups for Major Change

After all your backup preparation is done, remember that when you make configuration or infrastructure changes to either the network or an individual machine, these changes need to be updated to your collection of comprehensive backups or your restoration may bring back an older, less useful configuration. Put this responsibility in the hands of your IT technicians who will be the ones making these changes in the first place. This will ensure that your ability to immediately recover from ransomware is always up to date with exactly the data you need.

6) Run Ransomware Drills

Finally, never assume that an emergency plan is in place until you have proven it. While you may not want to wipe your entire system and re-install it, at least test the solution on a few computers or a test section of the network to ensure that everything is in good working order. The last thing you want to happen right after a ransomware attack is to discover that your backups have either corrupted or don’t integrate correctly. Check your backups and run a new drill about every six months to make sure you’re still ready.

This solution may sound complex but here at SystemsNet, we’re experts on malware defense and comprehensive backup plans. For more helpful information on how to defend yourself from ransomware or to plan your perfect backup solution, contact us today!

Six Steps to Make Your Company Ransomware Proof (Part 1)

March 8, 2018Malware, Securityantivirus, Help from ransomware, malware, Protect your computer, securitySystemsNet Administrator

Cloud Backup

Ransomware is a single word for a big, diverse problem. It isn’t just one program like WannaCry or GoldenEye, or Petya, it’s all hacker-borne viruses that have ever been or ever will be designed. One really good firewall and anti-virus setup won’t protect you forever because if history has taught us anything it’s that hackers won’t quit it. They will continue to look for loopholes, backdoors, and brute force attacks to invade your computer system and ruin your day. The good news is that even in a worst-case scenario where these malicious programs get into your company system and encrypt every important business file you possess, with the right preparation you can quickly and easily thumb your nose at the low-life hacker with a completely ransomware-proof plan.

It’s all About the Backups

Yes, in an ideal world we’d be talking about nothing but malware detection, email scanning, and firewalls and don’t get us wrong, these things are important. However, these things are like washing your hands before eating supper. It will reduce the number of ‘germs’ you are exposed to, but it won’t elimate your exposure completely. A comprehensive ransomware, and indeed any malware plan may start with firewalls but it always ends in backups. Why? Because with the right backups, you can recover from anything, even a full-encryption ransom attack.

1) Create a Complete Backup of Each Machine

Ransomware has to have an entry point, and this is usually a personal computer. These days it can also be a mobile or IoT device and the importance of recovering data on these devices should be considered when planning for backups. When ransomware strikes, it encrypts every file on the computer and then uses files from the program to project the ransom message and interface. While you could mess with the hackers, your best bet is simply to wipe the computer to factory settings and re-install everything you need.

Of course, doing this manually could take hours if not days so what you need is a total backup complete with software installs and configuration settings as well as the basic file system. This kind of backup takes more space to store but it also allows you to cut off a hack at the start and get the system back to safe working conditions in a matter of minutes rather than days. This method is especially useful if you have a floor worth of computers that share a similar if not identical configuration.

2) Save Your Data on the Cloud

In general, ransomware can only attack files stored locally on infected computers and networks. This means that while they may be able to reach out to remote servers you are actively connected to, if you save your business data through a cloud storage service or, better yet, through third-party SaaS servers for the platforms you use, the ransomware won’t be able to corrupt it. To harden your defenses and protect sensitive company and client information, make sure that important data isn’t stored on a local system, even in the Temp folder. This way, hackers will neither be able to breach your security and leak information or deny you access through encryption or local deletion.

Paired with the complete computer backup, a cloud data storage system means that after a localized attack, you can recover the compromised system up to the point where it is immediately compatible with your cloud platform again, putting the workstation back into use quickly.

Believe it or not, the setup is the most complicated part of establishing a ransomware-proof business plan. In fact, it’s only the first half of the article. Join us next time as we cover points three through six from your infrastructure backup to your restoration plan. For more tips and advice on best backup practices, contact us today!

What Should You Do If You Think You Have Been Hacked?

February 8, 2018Malware, Securityanti-virus, malware, securitySystemsNet Administrator

Small business owner upset over being hacked in the workplace. Leaning head on crossed arms over a laptop

Being a small business and being hacked can put you out of business if your not prepared

There are a couple of questions many business owners ask when it comes to hacking, and those two questions are:

How can I tell if I have been hacked?
What steps do I take if someone has hacked my business?

Unfortunately, many small business owners do not know they have been hacked. Apart from ransomware, there are many cybersecurity events that go unnoticed. Can you believe that many small businesses and medium-sized businesses can have data breaches that go unnoticed for a significant period of time, including several years? The breaches that are noticed are eventually noticed by someone outside the business, including law enforcement officials.

Can you imagine being breached and not knowing this has occurred until a third-party notifies you? If you data breach occurs and it goes undetected for a substantial period of time, you may never identify what actually caused the breach to occur in the first place. When you do not know how, why, or where the data breach took place, you may start questioning if all of your company’s data has been compromised.

How Do You Know If You Have Been Hacked?

When you have a full understanding of the different types of hackers and what their intentions are, you will be able to understand how anyone can be hacked. There are different businesses, small, medium, and large, that can all become a target for hacking. Hackers look for sensitive data that has not been carefully protected.

What Type Of Hacks Are More Common?

It does not matter if a hack is basic or advanced because even a basic hack can cause severe damage to a business. A small or basic hack can result in your computers or any devices doing things that they should not be doing. Some of the common hacker techniques include the following,

viruses
Distributed Denial of Service (DDoS) or Denial-Of-Service attack (DoS attack)
fake Wireless Application Protocol (WAP)
phishing attacks
in-house attacks

What Should You Do After A Hack Takes Place?

Do you have a plan in place if a hack does take place in your workplace? Your employees need to be trained well enough so they will be able to identify an attack on the business. When your employees are trained, they will be able to help your business get back to operating at its normal pace. Your business needs to get back to business as soon as possible after an attack has been identified.

If you have noticed that your system is behaving unusually and if you notice suspicious files that seem to be harmful, an attack has likely taken place. Professional and experienced hackers know how to carefully cover all their tracks. We suggest that you look carefully at your systems’ log files.The hackers also know how to delete those log files as well.

After you have identified you have been hacked, you should make sure the attack has been confirmed. Once there has been confirmation of the attack, you should check your computers, devices, and your networks to determine if anything else has been compromised. You will need to identify how much information the hackers have obtained.

When security breaches occur, critical data and information can be lost when your systems are down, include your network connections and content that is stored in your RAM. You will need to consult a professional so you can fully understand the options you have at this point.

It is extremely critical that you have the proper backups in place. It is also important that you have the right Managed Service Provider (MSP) that will provide you with the tools and resources you need to conduct business as usual after an attack has taken place. Contact us today for more information on how you can protect your business from hackers.