5 Ways To Recognize A Ransomware Attack
Whenever we work with ransomware victims, we spend some time looking back through our telemetry records that span the previous week or two. These records sometimes include behavioral anomalies that (on their own) may not be inherently malicious, but in the context of an attack that has already taken place, could be taken as an early indicator of a threat actor conducting operations on the victim’s network. If we see any of these five indicators, in particular, we jump on them straight away. Any of these found during an investigation is almost certainly an indication that attackers have poked around: to get an idea of what the network looks like, and to learn how they can get the accounts and access they need to launch a ransomware attack. Attackers use legitimate admin tools to set the stage for ransomware attacks. Without knowing what tools administrators normally use on their machines, one could easily overlook this data. In hindsight, these five indicators represent investigative red flags. A network scanner, especially on a server. Attackers typically start by gaining access to one machine where they search for information: is this a Mac or Windows, what’s the domain and company name, what kind of admin rights does the computer have, and more. Next, attackers will want to know what else is on the network and what can they access. The easiest way to determine this is to scan the network. If a network scanner, such as AngryIP or Advanced Port Scanner, is detected, question admin staff. If no one cops to using the scanner, it is time to investigate. A network scanner found among a repository of tools used by Netwalker ransomware Tools for disabling antivirus software. Once attackers have admin rights, they will often try to disable security software using applications created to assist with the forced removal of software, such as Process Hacker, IOBit Uninstaller, GMER, and PC Hunter. These types of commercial tools are legitimate, but in the wrong hands, security teams and admins need to question why they have suddenly appeared. The presence of MimiKatz Any detection of MimiKatz anywhere should be investigated. If no one on an admin team can vouch for using MimiKatz, this is a red flag because it is one of the most commonly used hacking tools for credential theft. Attackers also use Microsoft Process Explorer, included in Windows Sysinternals, a legitimate tool that can dump LSASS.exe from memory, creating a .dmp file. They can then take this to their own environment and use MimiKatz to safely extract user names and passwords on their own test machine. Mimikatz and related PowerShell scripts used to launch it, found among a repository of tools used by the Netwalker ransomware threat actors Patterns of suspicious behavior Any detection happening at the same time every day, or in a repeating pattern is often an indication that something else is going on, even if malicious files have been detected and removed. Security teams should ask “why is it coming back?” Incident responders know it normally means that something else malicious has been occurring that hasn’t (as of yet) been identified. Test attacks Occasionally, attackers deploy small test attacks on a few computers in order to see if the deployment method and ransomware executes successfully, or if security software stops it. If the security tools stop the attack, they change their tactics and try again. This will show their hand, and attackers will know their time is now limited. It is often a matter of hours before a much larger attack is launched. Source: Sophos News, Peter Mackenzie
Why Your Tampa Area Business Needs An IT Support Partner
Many small businesses need reliable IT support in order to succeed in the digital age, but hiring a full-time IT staff may not be in the budget. If this is the case, outsourcing your IT support can be an affordable solution. Below, we’ll take a look at some of the most valuable and cost-saving services an IT Support or Managed Services Provider can provide your Tampa area business. Help Desk Support When your employees are needing assistance with computers in your office or in an employee’s home office, an IT support company can remote connect to troubleshoot and resolve the issues. This means that an IT support partner is often able to solve IT problems remotely, saving your company time and money while ensuring that quick and effective IT solutions are always just a phone call away. On-Site IT Support In cases where remote support is unable to address all of the issues you might experience, on-site IT support is always an option. For example, with on-site IT support, your IT support partner can perform tasks such as deploying new computers, setting up printers, addressing hardware issues, troubleshooting network connectivity problems, and more. Data Backup and Recovery Should you have an incident that affects your data, such as a ransomware attack, it is imperative you have a backup that can be restored to get you back to normal. By partnering with an IT support partner that offers data backup and recovery, you can ensure that your data is always backed up and able to be restored in the event that the original data is lost or otherwise inaccessible. Email Services If your business’s email services go down, your ability to communicate with customers, accept orders, communicate with remote employees, and more may be compromised, bringing your entire business to a halt. With an IT support partner, though, you can rest assured knowing they are just a phone call away and can immediately start troubleshooting any issues you might have with your email services. Network Setup and Administration When looking for an IT support partner, be sure you choose one that offers managed services. Managed Services Providers can monitor, troubleshoot, and address your network issues before you even know there’s a problem, giving you peace of mind that your network is always under the careful watch of expert eyes. Print Support If your business is heavily reliant on copiers and printers for its day to day operations, you know how crippling it can be if you can’t print. Your IT support partner should be available to quickly address any machine issues and, if needed, provide you with a loaner until your machines can be repaired. Conclusion For businesses that cannot justify hiring an in-house IT team, working with an IT support partner offers a number of considerable benefits. At Boring Business Systems, we are proud to be the go-to company for managed services and IT support in the Tampa area. If you own a business in Tampa Bay and would like to learn more about the many benefits that working with an IT support partner can provide, feel free to contact us today!
5 Benefits Of Using A Managed Services Provider
Technology continues to play an increasingly important role within businesses of all sizes. However, the important role that technology plays within your business means that you will also have to dedicate more time and resources to keep your IT infrastructure running smoothly. Thankfully, there is an affordable solution that allows you to focus on your core business without having to worry about monitoring and maintaining your IT infrastructure – managed IT services. With managed IT services, your managed service provider is responsible for monitoring, maintaining, and updating your IT infrastructure, leaving you to focus on growing your business. Below, we’ll take a look at the top five benefits of using a managed services provider. 1) Eliminate Downtime Having part of your IT infrastructure malfunction can bring your entire business to a halt. With a managed services provider, your IT infrastructure is constantly monitored for issues and repaired the moment an issue arises, helping you eliminate costly downtime. 2) More Cost-Effective Having a managed services provider is a much more affordable solution than hiring one or more employees to maintain your IT infrastructure. This makes using a managed services provider an especially attractive choice for small to medium sized businesses which may not be able to justify hiring a full staff of IT professionals. 3) Stay Up-to-Date with the Latest Technology Having a managed services provider means that your business will always be up-to-date with the latest software solutions. Technology changes rapidly and keeping up can sometimes be difficult. With a managed services provider, you can rest assured that you and your employees always have access to the latest and greatest technology available. 4) Increased Security At one time, cybersecurity was mainly a concern for large corporations. Today, though, cyber-criminals are targeting small and large businesses alike, making security an important concern for businesses of all sizes. With a managed services provider, though, you can count on your data being secured with the best security software and protocols at all times. 5) Improved Relationships with Your Customers Issues with your IT infrastructure can make it difficult for you to offer high-quality service to your customers, which can damage your brand image. By preventing most issues before they ever arise and quickly fixing the ones that do, a managed services provider can ensure that your customers always have a positive, hassle-free experience when visiting your website, working with your employees, and more. Conclusion Using an MSP is an incredibly beneficial option for businesses that want to drastically improve the quality and effectiveness of their IT solutions. If you would like to learn more about how we at Boring Business Systems can provide your business with top-quality managed IT services in Tampa as well as IT Support in Lakeland. Contact us today for a professional evaluation of your company’s technology needs.
Break-Fix vs. Managed Services IT Support
In recent years, managed services has become the go-to model of IT management, offering a number of key advantages over the older break-fix model. For companies looking for a more effective and affordable approach to IT management, managed services certainly has a lot to offer. Below, we’ll take a look at the key differences between these two models of IT management in order to help you determine which one is right for your company. The Benefits of Managed Services over Break-Fix IT Management For many years, break-fix was really the only model of IT support that companies were able to purchase. Under this model, the company would have to wait until a piece of hardware or software malfunctioned before they were able to call in an IT service to fix it, hence the name “break-fix”. With managed services, though, companies are able to take a much more proactive approach to IT management. Rather than paying for costly repairs every time something breaks down, managed services enables companies to pay a monthly fee for ongoing IT management and support. The benefits of this new model are numerous. First and most important, the managed services model allows companies to actively prevent IT issues rather than just responding to them as they happen. This helps companies avoid the costly downtime that IT issues can cause as well as often times avoid the cost of repairs. The managed services model is also a much more comprehensive approach to IT management. Under the break-fix model, IT service providers have no real incentive to invest in network management tools, no real incentive to make your network as stable as possible, and even no real incentive to protect your network against future issues. After all, every time there’s a problem, they make money. With managed services, though, this is not the case, as managed services providers are paid a monthly fee to offer comprehensive IT support that remains the same regardless of how many issues they must repair. Taking Advantage of Managed Services The proactive approach of managed services, the fact that managed services providers are incentivized to keep your network operating as best as possible, and several other key benefits make managed services the go-to model of IT management for most companies. If you would like to learn more about how we are able to help you and your company take advantage of all the benefits that managed services has to offer, we invite you to contact us today. Boring Business Systems is a managed service provider in Tampa, Lakeland, and surrounding areas.
2020 Cybersecurity Resolutions – Cybersecurity Tips
You’ve probably decided on your New Year’s resolutions at this point. Maybe you’re one of those who simply chooses a word to define your year. But what about your business? You’ve likely considered your revenue goals, but have you considered how you’re going to protect your business in 2020? There is a magical word – prevention. Here are eight cybersecurity actions you should take to protect your business in 2020. Identify your risks: If you don’t know where your risk lies, then you cannot take the steps to mitigate them. Go back to the basics. Consider what devices, processes or gaps your company might have. Review and test your backups: It is essential for every business to have a good backup strategy. Even if you fall victim to a ransomware attack, if you have a good backup, you can roll back and get back to business. You need to think ahead and consider all the critical data and ensure you are getting frequent backups should you have a breach. For example, if you’re only backing up weekly on Fridays and you have a breach on a Thursday, you’ve lost up to six days of data. Combine this with an event like a month-end or fiscal year-end and now you’re really in trouble. Install Anti-Virus / Malware Protection Software: You need to ensure you have a reputable and fully updated version of malware protection software on every device in your organization. Be sure that it is fully licensed and that it’s updating as it should. You should implement systems to alert you if a device is out of compliance. Train your Employees: Your employees are your weakest link. You should implement ongoing training for your staff. Be sure your users know the basics like how to spot fake URLs and attachments. Staff at all levels need to be adequately educated from the C-suite down. You’d be surprised how often executives skip this training then wind up being the target. Secure your infrastructure: In many small businesses, this is often a challenge because the budget does not allow for a full-time IT staff person that is adequately trained in all the needed disciplines. You need to ensure your servers, routers, switches and all network devices are secure. If you don’t have the staff to do this, this is where a managed service provider can really help your company. Implement Multi-Factor Authentication (MFA): Going back to number four above, your employees are your weakest link and inevitably some of those employees will have weak passwords or worse yet, share those passwords. By enforcing MFA, you can help minimize this risk. Identify your threats and make a plan: It’s important for a company to determine all its risks. Whether it be those bring your own devices or outdated software. Even if you have a known risk that you just can’t get around, by identifying it you can at least put systems in place to reduce the risk. Not only do you need to consider prevention, but you need to know what you will do in case of a breach or malware attack. Be sure you have a disaster recovery plan in place and key personnel who know how to execute it. Measure and report: Many times, a company goes through the steps above but then files it away in a drawer never to revisit the plan. You should regularly look at key security metrics. Then at least annually, you should review your disaster recovery plan to ensure it’s still relevant. You should also consider penetration testing. This is simply the act of figuring out what could a hacker do to harm your business in a real-world scenario. This will give you peace of mind in identifying your weaknesses. It’s much better that you find through penetration testing before a hacker finds your deficiency. If these tips have you feeling a little uneasy about your company security, Boring Business Systems would be happy to meet with you and help you get into compliance. Boring is a Managed Services Provider in Tampa and Lakeland and also a cybersecurity company. Contact us today for a free consultation.
