THANK YOU to all of the delegates who visited us and met us at our stand.
What a wonderful support for the (National Small Business Centre)’s 2015 NSBC My Business Expo in Durban on Thursday, 4th June! We hope all the delegates learned a lot and enjoyed meeting us and allowing us the opportunity to offer advice on what we do and introduce ourselves to you.
A very big THANK YOU to our suppliers and representantives Janine Touche, from Ricoh, and Sandy Bennett, from Rectron who gave of their time to demonstrate the amazing capabilities of the Battery operated Ricoh Gel Printer and the MakerBot 3D Desktop Replicator 2 printer . For many people, this was a first time experience with both of these printing capabalities and quite an experience to witness!
Press release issued by Security Specialist at ESET Southern Africa
Johannesburg, 29 Apr 2015
“The single biggest thing that will defeat ransomware is having a regularly updated backup routine in place”
Nathan Loftie-EatonESET SA
Ransomware is malicious software that cyber criminals use to hold a user’s computer or computer files for ransom, demanding payment in order for the user to get the files back. Sadly, ransomware is becoming an increasingly popular way for malware authors to extort money from companies and consumers alike, says Nathan Loftie-Eaton, Security Specialist at ESET South Africa.
There are a variety of ways that ransomware can get onto a person’s machine, but as always, those techniques either boil down to social engineering tactics or using software vulnerabilities to silently install on a victim’s machine.
One specific ransomware threat that has been in the news a lot lately is Cryptolocker, which has spread quickly by its perpetrators via e-mail.
You may wonder why there’s a big fuss over this one particular ransomware family – in essence, it is because Cryptolocker’s authors have been both nimble and persistent. There has been a concerted effort to pump out new variants, keeping up with changes in protection technology, and targeting different groups over time. Initially, e-mails were targeting home users, then small to medium businesses, and now they are aiming at enterprises.
The malware also spreads via Remote Desktop Protocal (RDP) ports that have been left open to the Internet, as well as by e-mail. Cryptolocker can also affect a user’s files that are on drives that are “mapped”, which is to say, they have been given a drive letter (eg, D:, E:, F: ). This could be an external hard-drive, including USB thumb drives, or it could be a folder on the network or in the cloud. If you have, for example, your Dropbox folder mapped locally, it can encrypt those files as well.
Paying the criminals may get your data back; however, there have been plenty of cases where the decryption key has never arrived or where it has failed to properly decrypt the files. Plus, it encourages criminal behaviour! Ransoming anything is not a legitimate business practice, and the malware authors are under no obligation to do as promised – they can take your money and provide nothing in return, because there is no backlash if the criminals fail to deliver.
At this point, tens of thousands of machines have been affected, though it is estimated that the criminals have sent millions of e-mails. Hopefully, the remainder of the recipients have simply deleted the malicious e-mails without opening them, rather than having the e-mails unopened in their in-box, waiting to unleash more pain.
What can you do about it?
On the one hand, ransomware can be very scary – the encrypted files can essentially be considered damaged beyond repair. But, if you have properly prepared your system, it is really nothing more than a nuisance. Here are a few tips that will help you keep ransomware from wrecking your day:
1. Backup, backup, backup
The single biggest thing that will defeat ransomware is having a regularly updated backup. If you are attacked with ransomware you may lose the document that you started earlier in the morning, but if you can restore your system to an earlier snapshot or clean up your machine and restore your other lost documents from backup, you can rest easy. What you need is a regular backup routine, to an external drive or backup service, one that is not assigned a drive letter or is disconnected when it is not doing backup.
2. Show hidden file extensions
One way that ransomware frequently arrives is in a file that is named with the extension “.PDF.EXE”, counting on Windows’ default behaviour of hiding known file extensions. If you re-enable the ability to see the full file extension, it can be easier to spot suspicious files.
3. Filter EXEs in e-mail
If your gateway mail scanner has the ability to filter files by extension, you may wish to deny mails sent with “.EXE” files, or to deny mails sent with files that have two file extensions, the last one being executable (“*.*.EXE” files, in filter-speak). If you do legitimately need to exchange executable files within your environment and are denying e-mails with “.EXE” files, you can do so with ZIP files (password-protected, of course) or via cloud services.
4. Disable files running from app data/local app data folders
You can create rules within Windows or with intrusion prevention software to disallow a particular, notable behaviour used by Cryptolocker, which is to run its executable from the app data or local app data folders. If (for some reason) you have legitimate software that you know is set to run not from the usual program files area, but the app data area, you will need to exclude it from this rule.
5. Use the Cryptolocker Prevention Kit
The Cryptolocker Prevention Kit is a tool created by Third Tier that automates the process of making a group policy to disable files running from the app data and local app data folders, as well as disabling executable files from running from the temp directory of various unzipping utilities. This tool is updated as new techniques are discovered for Cryptolocker, so you will want to check in periodically to make sure you have the latest version. If you need to create exemptions to these rules, they provide this document that explains that process.
6. Disable RDP
The Cryptolocker/Filecoder malware often accesses target machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access your desktop remotely. If you do not require the use of RDP, you can disable RDP to protect your machine from Filecoder and other RDP exploits. For instructions to do so, visit the appropriate Microsoft Knowledge Base article below:
Windows XP RDP disable Windows 7 RDP disable Windows 8 RDP disable
7. Patch or update your software
These next two tips are more general malware-related advice, which applies equally to Cryptolocker as to any malware threat. Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto your system. It can significantly decrease the potential for ransomware-pain if you make a practice of updating your software often.
8. Use a reputable security suite
It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behaviour. Malware authors frequently send out new variants to try to avoid detection, so this is why it is important to have both layers of protection. If you run across a ransomware variant that is so new it gets past anti-malware software, it may still be caught by a firewall when it attempts to connect with its command and control (C&C) server to receive instructions for encrypting your files.
If you find yourself in a position where you have already run a ransomware file without having performed any of the previous precautions, your options are quite a bit more limited. But all may not be lost. There are a few things you can do that might help mitigate the damage, particularly if the ransomware in question is Cryptolocker:
9. Disconnect from WiFi or unplug from the network immediately
If you run a file that you suspect may be ransomware, but you have not yet seen the characteristic ransomware screen, if you act very quickly you might be able to stop communication with the C&C server before it has finished encrypting your files. If you disconnect yourself from the network immediately, you might mitigate the damage. It takes some time to encrypt all your files, so you may be able to stop it before it succeeds in distorting them all. This technique is definitely not foolproof, and you might not be sufficiently lucky or be able to move more quickly than the malware, but disconnecting from the network may be better than doing nothing.
10. Use system restore to get back to a known-clean state
If you have system restore enabled on your Windows machine, you might be able to take your system back to a known-clean state. But, again, you have to outsmart the malware. Newer versions of Cryptolocker can have the ability to delete “shadow” files from system restore, which means those files will not be there when you try to replace your malware-damaged versions. Cryptolocker will start the deletion process whenever an executable file is run, so you will need to move very quickly as executables may be started as part of an automated process. That is to say, executable files may be run without you knowing, as a normal part of your Windows system’s operation.
11. Set the BIOS clock back
Cryptolocker has a payment timer that is generally set to 72 hours, after which time the price for your decryption key goes up significantly. (The price may vary as Bitcoin has a fairly volatile value. At the time of writing, the initial price was 5 Bitcoin or $300, which then goes up to 4 Bitcoin.) You can “beat the clock” somewhat, by setting the BIOS clock back to a time before the 72-hour window is up. However, all this does is keep you from having to pay the higher price, and it is strongly advised that you do not pay the ransom.
If you are an ESET customer and you are concerned about ransomware protection or think you have been targeted by ransomware, call us as your preferred ESET partners and we will assist you. We will have the latest details on how to prevent and remediate ransomware attacks.
Tips on how to fight and avoid ransomware May 29th, 2015maryba73
If you were to ask a person that was not familiar with computer backups, most would think that a backup was just an identical copy of all the data on the computer. In other words, if it was created Tuesday evening, and nothing changed on the computer all day Wednesday, the backup created Wednesday evening would be identical to the one created on Tuesday.While it is possible to configure backups in this way, it is likely that you would not.
To understand more about this, we must first understand the different types of backups that can be created.
•Normal (Full) Backups
These is the starting point for all other backups, and contains all the data in the folders and files that are selected to be backed up. Because it stores all files and folders, frequent full backups result in faster and simpler restore operations. Remember that when you choose other backup types, restore jobs may take longer. This approach is good when the project includes not so large amounts of data.
These store all files that have changed since the last backup. The advantage is that it takes the least time to complete. However, during a restore operation, each incremental backup must be processed, which could result in a lengthy restore job.
This approach is good when the project includes too many files to back up all of them each time. It’s fast and takes less time for incremental backups. They also take less disk space. It allows you to create backups frequently. However, to restore all the files, you have to restore the last full backup, and all the following incremental backups.
These contains all files that have changed since the Previous full backup. The advantage is that it shortens restore time compared to an incremental backup. However, if you perform it too many times, the size of the it might grow to be larger than the baseline full backup. Is intermediate between the first two approaches. It is also good when the conditions are intermediate.
Each differential backup includes all the project files changed since the last full backup. It takes less time and space than “Always Full”, but more than “Full+Incremental”. The good thing is that restoring is simpler than for (2) – you’ll have to restore the last full backup and the last differential backup.
These include all files that have changed since the last normal (full) or mirror backup, missing files are also to be deleted from the backup set. The resulting backup archive consists of either one compressed file or one folder.
Description of Full Backup:
It would be ideal to make full backups all the time, because they are the most comprehensive and are self-contained. However, the amount of time it takes to run full backups often prevents us from using this type.
Full backups, if you have the time to perform them, offer the best and easiest solution in data protection. In effect, a single backup can provide the ability to completely restore all backed-up files.
However, you should be aware of a significant security issue. Each full backup contains an entire copy of the data. If the backup media were to be illegally accessed or stolen, the hacker or thief would then have access to an entire copy of your data.
1.Restore is the fastest
1.Backing up is the slowest 2.The storage space requirements are the highest if kept more than one copy
Description of Incremental Backup:
This provides a much faster method of backing up data than repeatedly running full backups. During an incremental backup only the files that have changed since the most recent backup are included. That is where it gets its name: each backup is an increment since the most recent backup. The time it takes to execute the backup may be a fraction of the time it takes to perform a full backup. Genie Backup Manager uses the information it has recorded in its index files to determine whether each file has changed since the most recent backup.
The advantage of lower backup times comes with a price: increased restore time. When restoring from incremental backup, you need the most recent full backup as well as every incremental backup you’ve made since the last full backup.
For example, if you did a full backup on Friday and incremental on Monday, Tuesday and Wednesday, and the PC crashes Thursday morning, you would need all four backup container files: Friday’s full backup plus the incremental backup for Monday, Tuesday and Wednesday. As a comparison, if you had done differential backup on Monday, Tuesday and Wednesday, then to restore on Thursday morning you’d only need Friday’s full backup plus Wednesday’s differential.
1.Backing up is the fastest
2.The storage space requirements are the lowest
1.Restore is the slowest
Description of Differential Backup:
There is a significant, but sometimes confusing, distinction between differential and incremental backup.Whereas incremental backs up all the files modified since the last full backup or incremental backup, differential backup offers a middle ground by backing up all the files that have changed since the last full backup. That is where it gets its name: it backs up everything that’s different since the last full backup.
Restoring a differential backup is a faster process than restoring an incremental backup because only two backup container files are needed: the latest full backup and the latest differential. Genie Backup Manager uses the information it has recorded in its index files to determine whether each file has changed since the last full backup.
Use differential backup if you have a reasonable amount of time to perform backups. The upside is that only two backup container files are needed to perform a complete restore. The downside is if you run multiple differential backups after your full backup, you’re probably including some files in each differential backup that were already included in earlier differential backups, but haven’t been recently modified.
1.Restore is faster than restoring from incremental backup
2.Backing up is faster than a full backup
3.The storage space requirements are lower than for full backup if more than one full version is kept
1.Restore is slower than restoring from full backup 2.Backing up is slower than incremental backup 3.The storage space requirements are higher than for incremental backup
Description of Mirror Backup:
A mirror backup is a straight copy of the selected folders and files at a given instant in time. That is, the destination becomes a “mirror” of the source.
Any mirror operation after the first will only copy new and modified files, making the operation faster. And deleted files will be removed from the set as well.
1.It creates a snapshot of selected files and folders in the destination which you can browse and access later.
Understanding Backup Methods: Advantages and Disadvantages June 11th, 2015maryba73
Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that’s often used to represent the Internet in flowcharts and diagrams.
A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is sold on demand, typically by the minute or the hour; it is elastic — a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access). Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing.
A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently, Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a data center that supplies hosted services to a limited number of people. When a service provider uses public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT services.
Infrastructure-as-a-Service like Amazon Web Services provides virtual server instanceAPI) to start, stop, access and configure their virtual servers and storage. In the enterprise, cloud computing allows a company to pay for only as much capacity as is needed, and bring more online as soon as required. Because this pay-for-what-you-use model resembles the way electricity, fuel and water are consumed, it’s sometimes referred to as utility computing.
Platform-as-a-service in the cloud is defined as a set of software and product development tools hosted on the provider’s infrastructure. Developers create applications on the provider’s platform over the Internet. PaaS providers may use APIs, website portals or gateway software installed on the customer’s computer. Force.com, (an outgrowth of Salesforce.com) and GoogleApps are examples of PaaS. Developers need to know that currently, there are not standards for interoperability or data portability in the cloud. Some providers will not allow software created by their customers to be moved off the provider’s platform.
In the software-as-a-service cloud model, the vendor supplies the hardware infrastructure, the software product and interacts with the user through a front-end portal. SaaS is a very broad market. Services can be anything from Web-based email to inventory control and database processing. Because the service provider hosts both the application and the data, the end user is free to use the service from anywhere.
What is Cloud Computing? February 22nd, 2015maryba73
An interesting read of a common mindset in people regarding IT. This is something we have really come across in our industry, sadly enough, and we at Cyber Infrastructure Solutions strive to provide a unique approach and take a real interest in our clients and the specific needs and problems they face at all levels of their organisations. Tell us what you think? Interact with us. How do you see IT? Is there truth to this article? How can IT improve their reputation in the industry? We would love to hear from you!
How I.T. can harness business trust February 18th, 2015maryba73
In today’s economic crisis, we find ourselves having to turn over every penny before we part with it.
Some good advice: Be sure to research your purchases before you buy, talk to us, we can advise you so that you make sound decisions that best answer your business or personal IT needs.
Once you’ve made your purchase, have you thought who is going to set it up for you or deal with any problems you may have? What are the guarantees and return policies? What is the after sales support like? Are you sure you are getting the best offer and pricing you can? All critical questions that need answers BEFORE you buy! And things that can affect your bottom line and business flow drastically if you make the wrong decision.
Partnered with more than 5 of the top suppliers of IT products in the country, we have daily specials and promotions mailed to us, often for short periods of time; too many to promote each day. But they are there. For you.
If you have any IT needs, in your home or in your business, no matter how large or small, talk to us and check with us. We will willingly advise and assist you to make good, sound decisions because we are passionate about what we do and most of all, we really do care.