Posted on

Backing Up!

What would happen if your computer died right now or you had a ransomware attack? A local business recently had a ransomware attack and got in touch asking for my help. I have been a Microsoft tech support for a number of years so offered my services.

The first thing I noticed was that this business was potentially within days of, well, going out of business. That would have been 30 years of hard work gone in a few hours which would be devastating to this company and it’s employees.

Luckily the owner had made some good decisions in the past which would save the day but these decisions weren’t immediately apparent. This is what happened and how we not only fixed the issue, it’s how we have protected this business for the future. So what would happen if you saw the ransomware screen of death?

Ransomware creators are actually savvy (though illegal) business owners who wish to make large sums of money out of extortion. A lot of experts will tell you not to pay because you won’t get your files back. Think about that for a moment, surely that would mean that the ransomware companies would not make money. Therefore they are more likely to give you your files back as they want future victims to pay up.

The only way to prevent all this chaos and headache is to be prepared, just like that scouting motto I can’t remember. So what follows is how to not pay them and get all your data back in minutes. Oh! If only Travelex had read this blog post.

When you are hit with a ransomware attack you may think that your cloud storage will rescue you. The bad news is that most won’t as the newly encrypted files sync with your cloud storage and overwrite the files you need when you need them. You need version control and you have to ensure it is switched on.

Luckily the owner of this business had bought a subscription to Microsoft 365, remember the days we all had a cracked copy of office? I hope you haven’t got one now because that’s an open door for ransomware. He called Microsoft 365 support and was told that he gets version control as part of his package. With a sigh of relief, he downloaded his version of data prior to the attack. This download took 25 days to complete only to discover one week later that he hadn’t formatted all his drives and reinstalled windows. This meant that all his files were encrypted again by the ransomware still on his machines.

So back to square one with a huge headache as a customer had asked for a repeat order from 28 years prior for a heritage weekend event. So now the business had a major problem they had no previous data but needed it urgently. This meant working solidly for 24 hours to format all the computers in the business, reinstall the operating system, then all the software one of which cost £3000 and was only available on a dongle direct from Canada! Yes, even the dongle got encrypted.

So this is where I walk in and I was to ensure this wouldn’t happen again. I informed the owner that it would happen again and to be ready when it does. This is what I did to ensure his business would be back up and running without paying the ransom all within 1 hour.

  • Completed a security audit on his systems to ensure nothing was lurking behind the scenes.
  • Locked down his firewall to only essential open ports
  • Changed the routers static IP address with his ISP
  • Rerouted his security cameras
  • Changed every password
  • Installed a password manager system
  • Created an Admin & Standard account on each PC, the business runs on the standard account, so no apps can install without human intervention.

This won’t prevent ransomware because nothing will.

  • Synced the NAS storage via task scheduler and have it disconnect when not required.
  • Created a Backblaze backup with version control
  • Cloned the C: drive of each workstation and have the clone inside the base unit physically disconnected.

We then simulated a catastrophic overnight attack using veracrypt to encrypt everything (I had the key). In the morning nothing was accessible so the staff followed the new procedure which was laid down for them.

The whole business was back up and running normally within 1 hour followed by resetting everything after the close of business. Documents and files which were required for that day’s work were restored from Backblaze. The rest of the data was restored overnight, we checked the system’s integrity and celebrated with a nice cup of tea.

You may not be in a position were losing your video footage would cause you too much hardship but by being prepared means you just carry on. When I returned home I signed up for Backblaze as they offer unlimited data including video files from as little as £4.25 per month when paying for 24 months. You can get a free trial of Backblaze here https://secure.backblaze.com/r/00308d

I will receive a free month for everyone who signs up. So thanks in advance.

Posted on

How to keep your computer network healthy and virus free.

Best Practices

Passwords.

This is a huge subject but some good advice can be found at Gibsons Research Corporation, Steve Gibson is one of the most respected security advisors ever! A strong password is the best defence against any attack and the rule of thumb here is the longer the better. A 99 character password will take approx 2.00 thousand trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries to crack.

Unfortunately, the majority of online service restrict the password length which is counterintuitive. Always use the maximum number of available characters.  Ensure every password is different because when a hacker does find your password for steam train weekly they also can’t empty your bank account.

The good news is you don’t have to remember all these passwords. Lastpass is an encrypted password storage vault which not even Lastpass can see. Therefore you only need to remember 1 password. Lastpass also has a lot of other built-in security features.

Ensure passwords are changed at least every 60 days. 

Change your router password often. 80% of the internet routers are still set to:-

  • Username: Admin
  • Password: admin

Change your Wi-Fi password often. Wi-Fi is extremely insecure!

Backup Everything

It is unfortunate that in today’s online world it isn’t a case of preventing being hacked it is a case of when you’ll be hacked. So the only guarantee of recovering the contents of your hard drive and livelihood is to have multiple backups. 

Use the 3.2.1 backup system. 

  1. Local Backup

A backup to a local NAS drive or server storage

  1. Offsite Backup

Backup offsite in case of a fire, flood, theft etc.

  1. Cloud Backup
  2. Backup to the cloud in case of a drive failure,  fire, flood, theft etc

When backing up to a cloud service, ensure version history is turned on. Version history prevents previous files from being overwritten this prevents ransomware from encrypting previously uploaded backups.

The frequency at which you backup will be determined by what you would lose if the computer crashed right now.

Cloud backup options are.

  • Backblaze
  • Carbonite
  • Crashplan

One Drive, Dropbox, Google Drive are designed for collaboration, although they can be used for cloud backups they have restrictions. Also with the exception of Google Drive they cost more per Megabyte.  

Encrypt sensitive information

Industrial espionage is on the rise! You may not even be aware that you got hacked and all your files have been copied. The hacker makes money by selling your information to the competition. A hacker can sit inside your organisation and just copy anything without you knowing. 

Windows 10 Pro comes with its own encryption software but you have to turn it on. Veracrypt is way ahead of the competition with military-grade encryption and the ability to hide operating systems inside operating systems. Ideal for dodgy border crossings. 

Scan everything

It’s easy to hide a file inside a file simply typing “copy” filename+filename in the windows command prompt will merge 2 files together and you can only see 1.

Start your day with a virus scan and scan anything you plugin or download before you open it. 

Windows 10 has a secret malicious file remove, why it’s a secret I will never know but pressing the window key then type “MRT” will open the tool. This tool finds anything malicious hiding deep in the computer file system. I would run this monthly as part of a security procedure.

Do Not Click On It!

The biggest method of delivering an attack on your system is to send you an email with a link in it. Every link is a potential virus so ensure you only open them from a known source (that’s not even 100% safe). If you receive a link which states it will take you to a website. Do not click the link, go to your browser and visit the website manually. www.b.natwest.com.co.uk is not the NatWest bank it is a different west bank

Remote Desktop

Switch off the remote desktop in the Windows settings unless you use this feature, it’s a wide-open door that hackers can walkthrough.

Run Spybot search and destroy monthly. This app is very good at finding the unusual low key viruses from the dial-up days and yes they are still around.

Run Malwarebytes monthly. Malwarebytes is the best app for finding adware.