Evolve IT Blog

A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, “NotPetya,” as it has been named, has a few additional features that experts say make it worse than either of its predecessors.

Why NotPetya Isn’t Really a Ransomware
The first clue that researchers had that NotPetya had a different motivation was the fact that the ransom only demanded the Bitcoin equivalent of $300. Secondly, the only means of getting the decryption key was to send an email to an address hosted by German email provider Posteo. Despite the lack of preparation the payment method appeared to have, NotPetya itself was clearly designed to be able to infiltrate as many networks as possible and do maximum damage once inside.

A Hybrid Hacking Attack
Since the attack commenced, researchers have ascertained that despite its initial similarities with Petya, NotPetya shares many traits with other malicious programs. Like WannaCry, the attack that affected much of Europe, NotPetya leverages EternalBlue. EternalBlue is a National Security Agency hacking tool that targets unpatched systems and steals the passwords that allow administrator access. In addition to EternalBlue, NotPetya also utilizes EternalRomance, another code that was stolen from the NSA.

Once NotPetya has infected one computer, it extracts passwords from its memory or the local filesystem to allow itself to spread--including onto updated and patched Windows 10 systems.

How To Protect Your Files
First off, don’t expect that you can retrieve your files just by paying the ransom. Even if those responsible for NotPetya intended to keep their word and return them once paid, Posteo has shut down the provided email account victims were to receive their keys from. As a result, unless a victim was already following certain best practices, their files are as of yet unrecoverable.

However, this does not mean that everyone is vulnerable to this attack. Before the EternalBlue and EternalRomance exploits were distributed on the dark web, Microsoft had already released patches for the vulnerabilities. However, if these patches were not applied, a user’s systems were (and are) still vulnerable.

The best method to avoid infection from this kind of attack is to ensure your users understand the importance of cyber security efforts, and that all of your business’ systems are reinforced against the latest threats by keeping your defenses up-to-date.

Furthermore, even an infected user is not without hope if they have been backing up their files. If they have done so, all they have to do is disconnect their computer from the Internet, reformat their hard drive and restore their data from their backup solution. However, for this to work, you have to also be sure that your backups are up-to-date, and that your backup is stored in an isolated location, separate from your network.

Evolve IT has the experience and expertise to help prevent you from becoming a victim of a malware like this, whether we help you manage your backups or help educate your users to avoid attacks like these in the first place. Give us a call at (518) 203-2110 today.

Ransomware is so common in the world of online threats that even the FBI has labeled it a massive threat to businesses of all kinds. Unlike other types of malware, ransomware has a unique return on investment that’s measurable and highly lucrative for hackers. A new variant of ransomware called Maktub Locker lures victims into a false sense of security by tailoring phishing emails to match their street address.

As time goes on, the password has proven time and again that it’s not going to be enough to keep hackers out of online accounts and other sensitive parts of your IT infrastructure. One of the most valuable responses to this development was two-factor authentication, which is part of a more complex overarching trend that involves much more than simple two-factor authentication.

Drones are great devices for entertainment. Whether they’re flying in races or recording breathtaking videos or photos from a bird’s-eye view, drones can help you feel like you’re on top of the world. Unfortunately, just like all types of technology, drones can be abused. Violations of drone legislation have led authorities to ask a difficult question: how can you get an illegal drone out of the sky, without risking those who are passing by below?

Businesses that have online dealings should always be aware of how much danger their operations are in, especially with the omnipresent threat of hackers. Depending on the severity of the hacking attack, some organizations might not even know they’ve been hacked until it’s far too late. It’s critical that your business is able to identify potential threats before they’ve caused irreparable damage to your infrastructure.

In 2015, there was an incredible amount of information stolen from organizations all over the world. From healthcare companies to government institutions, nobody was safe from the endless onslaught of hacking attacks. Now, in the wake of these hackers’ destruction, it seems that most of the incidents in question exposed passwords and email address; important credentials that put many users’ security in jeopardy.

The number of high-profile hacks that have occurred over the past several years continues to climb, and it won’t let up anytime soon. Now, another incident involving Time Warner Cable, a large ISP in the United States, shows that even large companies that deal with sensitive information aren’t invincible from data breaches.

If you’re still using Windows 8 (instead of the much improved 8.1), we’ve got bad news for you. Microsoft has ceased offering patches and security updates for the Windows 8 operating system, which means that if you want to be using the most secure and up-to-date operating system, you should make the switch to Windows 8.1 or Windows 10.

More often than not, it’s always recommended that you use a solid password to optimize your online accounts. However, just because passwords are critical, doesn’t mean that you should put all your eggs in one basket. Passwords should only be the start of a comprehensive online account security setup.

Many computer users make use of security tools that limit their exposure to hackers, and they generally understand that hacks are something that can realistically happen to them. On the other hand, there are plenty of other folks out there who don’t worry enough. They might think their PC holds no value to the average hacker, but they’re wrong.

Security is a primary concern for businesses that take advantage of the cloud, but the industry often dictates to what extent a business is concerned about cloud security. Yet, despite the varying cloud needs of industries, there are several variables that should be addressed when thinking about cloud security, including data permissions, account compromisation, and, of course, malware and other common online threats.

Network security is more important today than it’s ever been before, especially in light of several concerning developments in targeted hacking attacks. Unfortunately, many employees (and even some employers) don’t know or understand how to follow various security best practices. By ensuring that every single one of your employees understands the importance of cybersecurity, you can exponentially increase your organization's network security.

It’s been over a year and a half since Microsoft gave up support on its extremely popular operating system, Windows XP. Without the necessary patches and security updates, Windows XP becomes a hazardous system to run for average users and business professionals. Now, things are about to get worse as Google cuts support for its popular web browser, Google Chrome, for Windows XP and several other older operating systems.

ATMs are probably everyone’s favorite kind of computer. You swipe your card, enter in your PIN, and withdraw cash immediately. Many people forget that an ATM is simply a computer in disguise, though; one that can be infected with malware just as easily as any old PC can. A new type of ATM malware, GreenDispenser, is making its rounds in Mexico, and could potentially make its way to other countries if left unchecked.

Here’s a surprising fact for October’s Cyber Security Month: small businesses are at a greater risk of a hacking attack. Many small organizations feel that they’re not a target for hackers due to their size, but this is what hackers want you to think so you’ll focus less on securing your network.

Most devices that are being produced these days are aiming for the “connectivity” angle, be it simply connecting to the Internet, or allowing you to stay connected to something specific through the cloud. While this does wonders for productivity and online interaction, some users approach these devices without considering the state of online security. October is Cybersecurity Month, so there’s no time like the present to ask yourself how trends in Internet of Things security can affect your organization.

October is Cybersecurity Awareness Month! With the number of data breaches growing every day, one has to wonder what hackers do with all of the information they steal. In some cases, the hackers go public with the information, as seen by the recent Ashley Madison and Sony hacks. Other times, however, hackers just want to use the information as a bargaining chip on the black market. The theft of passwords, usernames, Social Security numbers, and other sensitive information is a very lucrative market for hackers.

How often have you logged into your Google account, only to find that there’s some suspicious activity going on? You might wonder why, where, and how this happened, but in case you weren’t aware, you can access some of this information by simply checking out your Google account’s security settings. Here’s how it’s done.

Modern society has become fully reliant upon technology. While technology has certainly done much to improve just about every facet of our lives, it also leaves us quite vulnerable to a scenario where we abruptly lose it. What would a worst-case scenario like this actually look like?

Do you know anyone affected by recent ransomware activity? The tragedy of Cryptolocker/Cryptowall, where files are locked down and returned in exchange for a ransom fee, might still be fresh in your minds. Well, the FBI warns that the end of cyber extortion is still far off, and that the next hacking technique that will be used is likely the DDoS attack.