Archive for tfedro

A Good Backup Strategy: Your Best Defense Against Ransomware

By Tom Fedro
As seen in Security Magazine 2.2.17 –

http://www.securitymagazine.com/articles/87775-a-good-backup-strategy-your-best-defense-against-ransomware

Last year, cybercriminals attacked the California-based Hollywood Presbyterian Medical Center, encrypting files crucial in running the hospital’s operating systems and demanding a ransom to restore them to working order. The scam worked – after 10 days of futility, the hospital surrendered and paid $17,000 to regain system control.
Other hospitals, government agencies and businesses in the U.S. and abroad were targeted similarly last year, leading CNET to dub such ransomware scenarios as “the hot hacking trend of 2016.” And the numbers are truly staggering. Osterman Research estimates that nearly half of surveyed organizations have been hit with ransomware within the last year, and concludes that ransomware will amount to a $1 billion source of income for cyber criminals in 2016. In a recent report, Kaspersky Security states that in Q3 2016, a business was attacked by ransomware every 40 seconds, and that even after paying the ransom, one in five of them never got their data back.

Apple Users Now a Target

But while many ransomware instances go unreported due to embarrassment or the desire to not be targeted again, the attacks were thought to be largely focused on the Microsoft Windows software realm, leaving Apple users relatively unscathed. But that changed in 2016 when the first public ransomware targeting Apple systems was discovered by Palo Alto Networks, which found a popular BitTorrent client for Apple’s OS X software for Macs infected with ransomware. Known as “KeRanger,” the ransomware is delivered with a ransom note demanding 1 Bitcoin, which has a current market value over $700. Fixing the problem can also be complicated and time consuming.
Antivirus software also isn’t having an impact; by the time a computer is infected with ransomware, it’s likely that the antivirus software won’t detect it until it’s too late and the damage has been done. The encryption used by modern ransomware is often too good to crack, leading most security experts to conclude that the best approach to fighting ransomware is to avoid it in the first place.

Different Backup Approaches

It seems the most effective way for Apple users to safeguard their computer files from these nefarious attacks is through regular backups. And, in the event you are hit with ransomware, the solution would lie in simply restoring your system to the state it was before the malware hit your computer. There are several backup and restore approaches to consider for the Apple environment:
Time Machine is the backup software application distributed with the Apple operating system, introduced in Mac OS X Leopard. It was designed to work with various storage drives such as Time Capsule. But for Time Machine to be effective, files must be unlocked or closed, which may not be practical for those currently in use. In addition, there is the possibility of a two-step process within OS X that requires users to reinstall the operating system before retrieving the application and files from the backup image.
File System Snapshots simplify backup and recovery by taking a point-in-time virtual file system photo. But while this backup method can be employed to protect active operating systems, depending on files sizes, it can take significantly more time.
Disk Management Solutions can create image-based copies of a disk or partition (or multiple disks and partitions) whether active or inactive, at a specific point in time far more quickly. Such robust offerings have the advantage of being able to make consistent sector-level backups (also often referred to as Snapshots) even if data is being currently modified.

Thus, while there are different backup approaches to consider, the bottom line is that a regular, proactive backup strategy – potentially even a multi-pronged approach – is your best defense against crippling ransomware attacks. And while Apple users were once immune from such attacks, they too now need to join the rest of the computer world in being vigilant in protecting themselves. After all, like many things in life, when it comes to avoiding being held hostage by cybercriminals, an ounce of prevention is worth a pound of cure.

What Mac’s Battle for Workplace Dominance Means for IT Professionals

mac

What Mac’s Battle for Workplace Dominance Means for IT Professionals

by Tom Fedro

Mac’s growing popularity in the workplace doesn’t have to be a whole new set of IT headaches – if IT pros are willing to consider broader enterprise management tools.

For more than three decades, Apple has had a strong play in desktop publishing, education and other creative fields (e.g. photographers, graphic designers, video editors), but for many years, it was a rare exception to see a Mac in most other business environments. Ever since the BYOD (bring your own device) phenomena began picking up momentum over the past decade, things have changed.

According to JAMF Software’s second annual global survey of IT pros, 96% of all enterprise IT professionals say their internal teams are now supporting Macs. In fact, PC shipping estimates from Gartner show that the Windows PC market has been steadily declining, with shipments down 9.6% in Q1 2016 compared with the previous quarter. At the same time, worldwide Mac sales are holding steady.

Macs Bring New IT Management Challenges

Although end-users may find Macs easier to use, 73% of IT administrators feel the exact opposite, according to a study by Dimensional Research. Specifically, there are three areas where IT administrators run into challenges with Macs in the workplace:

  1. There is an obvious risk of putting business software and other intellectual property on personal devices—especially when employees lose their devices, or they terminate employment. The Find My iPhone app, which is the same app used to manage MacBooks and iMacs, is not able to distinguish between personal data and corporate data when performing a remote wipe. Additionally, the software requires an IT administrator to use the device owner’s user ID and password, which are the same credentials used to access users’ personal emails, photos, videos and anything else stored in iCloud. This can create a power struggle between users and IT professionals, and many headaches as well.
  2. Backup and Recovery. Like Microsoft, Apple bundles backup and recovery software with its computers. However, Time Machine, like the Find My iPhone app, has its shortcomings. For instance, Time Machine doesn’t, in normal operation, create a bootable backup of the internal drive. It can only restore an internal drive from the backup archive. Additionally, Time Machine offers no flexibility with backup intervals; it runs a backup once per hour, which for some companies may be too often and for others not often enough. It is also difficult to verify the success of each backup since Apple makes the backup file log an invisible file, not intended for user inspection.
  3. Although many popular software suites run on Mac and Windows platforms (e.g. Microsoft Office), there are always one or two that either only support Windows or have limited functionality on a Mac. Rather than using two devices, Apple’s Boot Camp software, which is included with Macs, can be used to install Windows on a Mac and allow users to switch between platforms during the boot-up process. Configuring Boot Camp requires hard drive partitioning, which isn’t problematic until users need to add more space to the partition down the road, an IT professional wants to move one of the Boot Camp partitions to another computer, or to perform an advanced task such as converting a partition table without data loss.

Minimize Mixed OS Frustrations with Disk Management Software

Instead of accepting Mac’s software limitations, there is another option that many IT teams overlook: investing in a disk management solution. When made specifically for the Apple platform, these solutions can give IT pros the kind of advanced data protection, backup, networking and overall granular control that they’re accustomed to in traditional PC/Windows environments, including:

  • Secure disk wiping of business apps, files and directories using system administrator privileges instead of users’ personal IDs and passwords.
  • Snapshot-driven backup and recovery and sector-level imaging, which minimizes backup storage footprints and enables users to create bootable USB drives, recover lost or accidentally deleted partitions, and perform full bare metal restores.
  • The capability to resize partitions and redistribute unused space, perform non-destructive partition conversions and move partitions to new machines.

If you’re an IT professional who’s hoping Mac’s presence in business is a passing fad, you might want to reconsider your position, especially since millennials are playing a greater role in businesses’ IT strategies – and a large percent of them are Mac loyalists. Today’s new breed of enterprise-grade solutions built just for the Mac make it possible to get beyond what many consider a “Mac vs. Windows” IT battleground, and instead focus on getting the job done right, regardless of platform. The good news is both platforms can (finally) play nice together and create a better work experience for everyone.

Published with permission of WestWorldWide, LLC, publisher of Computer Technology Review. All rights reserved. 2016

 

Most effective protection against the Locky Trojan horse – an up-to-date backup

Locky: A New Trojan Horse That Encrypts Your Files

It’s time to take caution because a new Trojan horse known as “Locky” is striking terror everywhere and is spreading like wildfire all over the internet. More and more infections have been reported in the past few days, especially in Germany – thousands of infections an hour, in fact! Like many other harmful programs, this Trojan horse also spreads via E-mail. Specifically, E-mails with infected Office documents attached are being sent to unsuspecting victims. These document contain a macro code which the Trojan horse installs as soon as the document is opened. The insidious trick here is that such documents are often passed off under the guise of an open invoice. The virus is now being spread byJScripts as well.
Once installed, the virus searches for certain file types which the developers of the virus assume to be private files of personal value, such as text documents and multi-media files. Files in accessible networks and cloud storages can also fall victim to the virus. These files are then encrypted by Locky so that the user can no longer open them. Instead, the user is demanded to pay the developers ransom money to decrypt the files. Unfortunately, there is no way at present to remove the virus from the system once it has been activated. As soon as you detect that Locky has infected your system, you should shut your system down as quickly as possible – even the rough way by pulling the plug on your computer. This way, you can at least prevent the Trojan horse from causing even more damage. You can then remove the virus with a disinfection CD and attempt to restore the encrypted files. However, this approach only works for files which Windows has made a “shadow copy” of. Unfortunately, Locky will also delete these files, which severely limits your chances of success.
That’s why it’s better to take preventative action so that you won’t even catch the virus in the first place. This means there are basic rules for protecting your system from external attacks (which you should already be following anyway).
Do not open file attachments on E-mails from senders you don’t know, and back up important files on a separate data medium. Make sure to keep your antivirus program up to date at all times. You should also update your operating system and other programs regularly, since these updates often close security loopholes which Trojan horses take advantage of.
Specifically for this virus, you can configure your MS Office not to run any macro code at all, or only to do so upon confirmation from you.
If you have already fallen victim to Locky, make sure to keep the encrypted files. Since the virus is quite new, there is no way to reverse the damage right now, but this may change over time. This makes it all the more important look for updates on a regular basis.

How can you protect yourself?

The only effective protection in a worst-case scenario is to have a backup on hand which can reliably restore your data. This is also recommended by the BSI (German Federal Office for Information Security).

Paragon Backup & Recovery

Backup & Recovery 15 Home
Backup & Recovery Home

That’s why we recommend our solution Backup & Recovery 14 Free Edition for personal backups.
You can get it for private use free-of-charge at www.paragon-software.com/home/br-free/.

 

Don’t wait: today is the best day for a backup!