Petya Ransomware: Everything You Need To Know

If you had any doubts about the threat of cybercrime… it appears another global ransomware attack has started. If your company does any international business, you could be next.

Spread through email, infected websites, and Social Media (Twitter, LinkedIn, Facebook, etc), “Petya”  ransomware has the potential to become as debilitating as “WannaCry“, and has affected such global companies as A.P. Moller-Maersk, W.P.P. PLC, and Merck & Company.  Your first line of defense should include educating your end-users. The trigger for this strain of ransomware is social engineering, a proven effective tactic for these cyber criminals.  An example of this social engineering tactic would be a fake post on social media that seems to have  a link to an article that catches your interest, and you click the link without thinking first.

  • Ransomware Prevention and Protection

Once clicked, the malware infiltrates an unprotected computer, and causes pop-ups that say they’re from “Windows.” It’s all too easy for people to trust these messages, and provide permissions, if any is needed, which launches the malware. Your files will soon become encrypted with the latest 256-bit encryption, making it impossible to retrieve your files without a decryption key.

In addition, “Petya” will overwrite the infected PC’s boot files, giving users a blue screen, and what looks to be windows check disk — actually showing you the status of your encryption.

Although we aren’t at “WannaCry” numbers of infected end-users, this should still be a concern for most businesses. Email and web-filtering can protect staff members that may tend to be careless when surfing the internet. Always keep anti-virus, firewalls, routers, and operating systems up-to-date. This specific ransomware attack was the result of not patching operating systems after the “WannaCry” outbreak that occurred last month.

If you want to educate your end-users on how to spot ransomware and the steps to avoid company infection, head over to the link below. There you will find a sign-up page for our free community outreach program, created to teach and educate executive, and technical staff on avoiding ransomware through better awareness.

Link to sign-up for our free community outreach program:

Should IT Support be Outsourced, on Staff, or Both?

Companies need their technology tools to perform their business operations every day. As a result, they have IT infrastructures that must have support. Users need help, network devices must be managed, and everything has to work together. What’s the best way to handle this? Some companies have internal IT employees whose sole responsibility is keeping those technologies working together.

Some companies don’t want to maintain any staff for skills not related to their core business, opting to outsource support to companies that specialize in IT support and consulting. Many companies go with a hybrid route – they staff for some of the technology support they need but outsource other facets to address other needs.

Some of the common drivers in the decision to outsource some of a company’s IT support are:

Depth and Experience of Skills

A support company’s staff is likely to have a broader set of skills, and often, longer tenures in the business. An Information Technology support company is more likely to invest in training for their professionals, to ensure their skills are up to date.

Better IT Coverage

In small departments, if one person is ill, or on vacation, the lack of resources can have a huge effect on the quality of service, leaving behind loose ends for the company’s IT support. An IT support company will often have enough staff to ensure someone is more likely to be available when needed.

Flexibility in Technology

Some needs are pretty constant, and others may change. If a company were to staff enough talent for every contingency, they would end up over-staffing at times – a very expensive situation. Some skills are expensive to hire if you don’t need them all the time, such as project management, high-end router work, server migrations, security work, and strategic consulting. Either technology support or consulting can make these skill sets available as you need them.

Every company’s needs are different, but the right mix of on-staff and outsourced IT support can be the solution to keeping your company’s infrastructure up-to-date, and working at optimal performance, year after year.

Clare Computer Solutions has helped hundreds of companies achieve the perfect mix, and we can help your company too. It all starts with a conversation – contact us to get started.

How Well Do You Know Your IT Infrastructure?

Businesses today rely on technological tools to operate. These tools handle sales processes, payroll, accounting, manufacturing, planning, communication, customer relations, and more. It’s likely your company absolutely depends on its IT infrastructure to conduct day-to-day business, including strategic development and planning.

What you should be asking yourself:

– Is there someone in your company that knows this infrastructure inside and out?

– Is there current documentation of each element in the network?

Too often, the answers to these questions are no.

The reason for this is, IT tends to grow as it’s needed, with components added over the course of time to accommodate growth, and replace obsolete technologies. But this often happens gradually, and it’s not unusual for a company to have a network diagram that’s years out of date. This poses some serious problems, both on a strategic and operational level.

On an operational level, not having accurate information on network assets can make troubleshooting a difficult task. On a strategic level, it can be difficult to make informed decisions without reliable information about the deployed technologies at your business.

How can you close this gap, while continuing to run your business?

Get a Network Assessment

There are tools that can detect the assets on a network, and generate an asset list or network diagram. The diagram will illustrate what’s connected to what, and the asset list will provide details on your network devices. This will include licenses, warranty and purchase dates, and installed software versions. All of this information aids in strategic planning for your company’s network.

Get Some Help

Clare Computer Solutions utilizes the tools above to interpret the findings in the context of your business. We provide the documentation that enables your IT staff to really know your network. We help to ensure IT infrastructure is resilient against downtime.

It all starts with a conversation. Contact us to get started.

Phishing Scams Continue Their Rapid Evolution From Bad to Worse

Social engineering is at the heart of two main cyber-scams plaguing businesses and individuals alike. Many of these scams stem from Ransomware and phishing. Ransomware is malware that encrypts files and demand a ransom to provide a decryption key. Phishing is using deceptive emails to get recipients to provide confidential information or launch malware.

Here’s your update on the latest cyber-scams :

Fake HR Requests (W-2)

If you recall, back in February, we reported on a new phishing scheme where cyber criminals use various spoofing techniques to disguise emails to make it appear as though they were from an organization executive. The email will be sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 forms.

W-2 forms provide vital personal information – if this data falls in the hands of a criminal, it could very well be disastrous.

In some cases, the cybercriminal follows up with an “executive” email to the payroll or comptroller, asking for a wire transfer to be made. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email. Some companies have already lost both employees’ W-2s and thousands of dollars due to false wire transfers.

Fake DMV Payment Demands

More recently, a new phishing scam has come to light. The latest scam involves emails whitch appear to come from the NY State Department of Motor Vehicles. Enclosed in the email is a phishing scam where drivers are being targeted, stating they have 48 hours to pay a fine or have their driver’s license revoked. The NY DMV alerted motorists that the scam is bait to entice drivers to click on a “payment” link that will in turn infect their workstation with malware. It will be vital to stay extra vigilant as we begin taking those long awaited, summer vacations!

NewYork DMV Phishing scam clare computer solutions

The malware being dropped came in two categories. The first was a tracking tool on the victim’s computer to see which websites were visited. The second attempted to get a variety of identifiable information, such as names, Social Security numbers, date of birth and credit card information.

In both cases, recipients of these emails could avoid being victimized. With a mix of technical support from staff members, and minor education on how to spot a phishing scam, employees can determine what emails can be trusted.

Clare Computer Solutions provides complimentary on-site training to Bay Area businesses. With the goal to educate network users to avoid being victimized by ransomware or phishing attacks.

See http://www.clarecomputer.com/resources/events/ransomware-survival-guide and let us know your business would like to offer this training to your employees.