Recovery

Keyboard equipped with a red ransomware dollar button.
Keyboard equipped with a red ransomware dollar button.

There has been report of several companies becoming infected by the Crysis Ransomware and as such we have had a look into what it does and how it can be prevented.

History

First detected in February 2016, this virus has multiple methods of infection typically an email which has attachments using double extensions to make them appear non-executable.  Although it has been seen to also come through SPAM emails and compromised websites.  There has also been reports that it has been distributed to online locations and shared networks disguised as an installer for various legitimate programs.

Description

Crysis Ransomware itself is capable of encrypting over 185 file types across fixed, removable and networks drives and uses RSA and AES encryption, once infected it will also look to delete the computers shadow copies.  Whilst also creating copies of itself into the following locations.

  • %localappdata%\­%originalmalwarefilename%.exe
  • %windir%\­system32\­%originalmalwarefilename%.exe

The virus will then look to create/edit certain registry keys to ensure it is run on each system start.

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"

Finally after encryption there is a .txt file placed in the computers desktop folder, sometimes this accompanied by an image set as the desktop wallpaper.

  • %userprofile%\­Desktop\­How to decrypt your files.txt

There has also been reports of Crysis stealing data and credentials from the affected machines and passing these back to its Command and Control server.  This would then allow the computers and local networks that have been infected to become vulnerable to further attack if the credentials are not changed.

It has also been seen that Crysis will monitor and gather data gathered from IM applications, webcams, address books, clipboards and browsers prior to sending this to the C&C server with the windows variant stealing account and password credentials.

Prevention

To reduce the risk of infection we recommend the following

  • Ensure you are using an upto date AV product
  • Ensure any specific Ransomware prevention tools in the AV are used
  • Ensure you have a regular tested backup of the data
  • Educate users in the dangers of opening attachments from an unknown source

 

 

manage-backup-banner

Here’s the terrifying truth: according to industry analysts Gartner Group, in this recent article, only 35% of small and medium businesses have data backup in place for disaster recovery (DR) - and 70% of them do not believe that their backup and DR operations are well planned!

So that’s 65% of SMBs just waiting, apparently, for IT channel partners to sweep in with a convincing new backup or DR solution, and swathes more of them looking to the channel to help them either replace or improve the solutions they are already using.

Only it’s not quite that simple. Firstly, there is a fast-changing regulatory environment, which is outpacing many of the DR and backup solutions available.

Secondly, end-users are clamouring for unprecedented ease of use. Forget complex on-premise applications that suck up admin resource; in Gartner’s words, today’s business users want one simple data backup solution that meets all their RPO (Recovery Point Objective) and RTO (Recovery Time Objective) requirements.

A big ask?

Backup and recovery challenges: is MSP the panacea?

On the face of it, backup and DR services delivered in an MSP model would seem to be a great fit for these eager but choosy end-users.

Rapid to set up (often within an hour or two), easily scalable (so the service builds margin and profitability for the channel partner as it grows), the MSP approach also removes complexity from the mix, smoothly delivering viable alternatives to partners whose long-standing offerings have too limited a scope for their business today.

And as the MSP model is naturally compatible with the cloud, it helps get the thorny mechanics of backup and recovery off hard-pressed IT managers’ desks, slashing on-premise risk and admin overheads.

But beware - there are dizzyingly stringent forces at work in the background, potentially challenging many MSP backup and DR solutions’ licence to operate. EU data protection directives are now being reworked and will become regulations – that is, they will assume uniform force of law across the 28 signatory countries – by 2017.

Make no mistake, for MSPs and other service providers, these changes are a big deal. They make MSPs, as data processors, explicitly responsible for breaches in any data they have “touched.”.

Fines may be as high as €100m or 5% of global revenue (whichever is higher), in stark contrast to the current UK limit of £500,000!

 

Backup & DR: the MSP proof points

Clearly, the data regulators are upping the ante, so here’s how to ask questions that will help to identify the MSP backup and DR solutions that can be profitably delivered in this newly draconian environment - without engendering insane levels of legal and reputational risk!

1) Data centre - citadel or sitting duck? Firstly, Is the data all in one centre, or is it mirrored between different sites so that data can instantly fail over to another centre in the case of an outage? Is the data centre elsewhere in the EU, or in the UK, where it’s ultimately more manageable?

At the very least, the data centre should be ISO 27001-certified. But additionally, consider what physical security there is on site, and how long the generator fuel will keep the centre online in the event of a power failure.

(If all this seems like nitpicking, remember that €100 million fine for the consequences of getting it wrong…)

2) Speed, frequency, and data volume – Some 80% of businesses experience a shutdown if they can’t get to their data.

 Yet the fact is that, often, when backup software is tested against large, complex data sets that emulate those of a real-world production system, the time it takes for the backup to complete  - despite even the most ample computing, I/O and bandwidth resources – does not fit within the required backup window.

And that window is shrinking. Indeed, as Information Age recently put it, “with today’s expectation that services will be available around the clock, every day of the week and with an increasing data volume, the back-up window is constantly being squeezed… more than ever before.”

This raises another pertinent point. When uploading of data is not an option, due to bandwidth constraints, can large data sets be “seeded” to the solution provider instead? And will this attract extra fees that will eat into partners’ margins?

Likewise, does the solution make it possible for the partner or end-user to instantly access large amounts of data without the prior need to download it in its entirety? The most powerful MSP backup solutions use clever technology to eliminate this latter bottleneck.

3) Security – In a multi-tenant cloud MSP environment, global encryption keys and space-saving deduplication (each of which can be used to unlock customer-confidential data) should frighten partners and their end-users alike!

 Partners need to be sure that their solution providers’ offerings use both source-side and global deduplication. This makes the data tamper-proof by ensuring that each customer’s unique encryption key remains valid only for their own data set, whilst intelligently managing the shared data pool as it changes.

Finally, solution providers should use the latest, government-standard 256-bit AES GCM encryption technology, both for data in transit and at rest.

Settle for nothing less!

4) Cost, effort, and complexity – Managing hundreds of DR and backup end-users manually does not scale, invites security errors and, ultimately destroys margins. Partners need to quiz solution providers about whether they offer integrations that simplify customer and technical management, including remote monitoring (RMM) and “single pane of glass” operating consoles.

Likewise, when things do go wrong, where is the support coming from? Chasing it down across continents and timezones is stressful, time-consuming, and, therefore, expensive. Prefer a service provider that offers UK-based support, 24/7.

 

The size of the MSP backup/DR opportunity

So with regulations stricter, but end-user expectations higher, than ever before, is there still money to be made from managing the provision of a MSP backup and DR service?

The answer seems to be a resounding “Yes”! Analyst MarketsandMarkets, for example, predicts global growth in the DR service market from $1.42 billion last year to $11.92 billion by 2020, a compound annual growth rate of 52.9%.

But, like everything else in business, it’s about backing the right horse - so choose your tipster wisely.

security-banner

Our top security updates in the news and on the web this week

1. CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware

When the malware makes its move, the new CryptoWall not only encrypts files, as it always has done, it also encrypts filenames. Heimdal Security states this new technique increases victims’ confusion, and thereby increases the likelihood that they’ll pay the ransom, and quickly. First posted on Dark Reading.

For the original post and further information click here

2. TalkTalk – The case for a Chief Security Officer

While the importance of the Chief Information Security Officer has been in constant growth over the past few years, organisations that employ a CISO/CSO are still far too few. First posted on Trend Micro.

For the original post and further information click here

3. Linux Ransomware Debut Fails on Predictable Encryption Key

No need to crack RSA when you can guess the key. File encrypting ransomware Trojans are almost ubiquitous on Windows, and it was only a matter of time. First Posted on Bitdefender Labs.

For the original post and further information click here

Brian-A-Jackson1

 

4. Adobe Flash Update Includes Patches for 17 Vulnerabilities

In what’s becoming a monthly ritual, Adobe today pushed out an updated version of its Flash Player that includes patches for critical vulnerabilities. First posted on Threatpost.

For the original post and further information click here

5. How Scammers Are Trying To Use Your Computer To Steal Your Cash

Cyber criminals want to hijack your computer for financial gain. But how does the scam work and how can you stop them? First posted on TechWeek Europe.

For the original post and further information click here

6. Top ranking Instagram client removed from iTunes and Google Play after user data theft discovery

A software developer has discovered that a leading free app on iTunes and Google Play has been sending people’s usernames and passwords to an unknown website. The malicious app is called InstaAgent, and is touted as an Instagram client. It is also reportedly the most downloaded free app in the UK and Canada. First posted on TechWeek Europe.

For the original post and further information click here

If you have any security news that you would like to see on our blog please send it to us at bluesolutions, please include the link from the original article in the email.

Partner image

We've been busy working with StorageCraft on some new events for you. If you missed our news about us signing the distribution agreement to be their UK distributor, you can read it here. These events are another way that we are supporting you in building and growing your MSP and Reseller business. So what's happening?

  • We have a webinar on 30th September at 11:00am where we'll share with you how to Recover from disaster in less than 5 minutes. The session will be run by a StorageCraft Technical Specialist who will show you the disaster recovery solution for your clients’ physical and virtual environments. We’re also offering anyone who registers and attends the webinar, a free ShadowProtect Desktop license. You can register here for this event.

storagecraft imageOur Learn and Sell event on 30th October is where we’ll share with you the value of adding StorageCraft to your existing product portfolio. Our half day Disaster recovery for Resellers who want to get ahead event, will take you through how the Recover-Ability solution can set you apart from other backup and data recovery resellers. We’re offering anyone who registers and attends the webinar, a free ShadowProtect Desktop license. You can register here for this event.

We hope you'll be able to join us for these events and if you have any questions please contact our product specialists on 0118 9898 222.

StorageCraft banner27Jun14 We always like to let you know what’s happening at Blue Solutions, especially when there’s great news from our vendors.  We recently signed a distribution agreement with StorageCraft Technology Corporation, a leading data backup and disaster recovery vendor. Through the new distribution agreement, Blue Solutions becomes a StorageCraft Master MSP and Master Distributor for the United Kingdom.

Our Director and co-founder Mark Charleton commented: "We only work with vendors that we believe have products and services that add competitive advantage to our customers' business. This is most certainly the case with the StorageCraft product range and the flagship ShadowProtect product line. Using our in-house product experts and team of passionate staff we will actively recruit new resellers, incentivise, train and support them long-term. The StorageCraft partner program is a very attractive one -- no fees to sign up, NFR software, training, marketing incentives, etc. -- and we will provide all the support, training and marketing collateral for resellers to take out to end-user customers”.

You can read the full press release on our website

We’ll bring you more news about StorageCraft products in the coming weeks and if you want to know more about their data backup and disaster recovery solution, watch the video below:

 

Call our product specialists on 0118 9898 222 for help with any questions about StorageCraft and how it can help you build your business.

StorageCraft banner27Jun14

A lack of time and tight budgets isn’t something new to MSPs. When you’ve got to migrate physical systems to new Hyper-V Servers and stay on schedule without blowing the budget, where do you start?

With StorageCraft ShadowProtect IT Edition, you can backup and restore an unlimited number of machines. It’s a standalone tool for IT professionals that enables you to back up and recover any Windows server, desktop, or laptop—even Windows Server 2012 and Windows 8 machines. Without installing any software on existing systems, you can take full backup images of the servers and restore those images to Hyper-V clients.

These Hyper-V clients are exact copies of the original physical systems and can be tested and run in parallel until the moment that you decide to cut over from the physical to the virtual systems.

ShadowProtect IT Edition is portable so you don’t have to install any software to use it. You’ll receive the software preloaded onto a USB key so that you can back up or restore a machine.

Subscription model

As it is a unique subscription-based model, ShadowProtect IT Edition lets you back up and recover an unlimited number of servers, desktops, and laptops for the duration of your subscription. Subscribe for two weeks, one month, three months, or a year—it’s up to you. Platinum, gold and silver StorageCraft partners are also entitled to a free IT edition after reaching a specified sales turnover per quarter. Please see the partner program website for more information.

In summary, here’s some of the benefits of ShadowProtect IT Edition:

  • Use ShadowProtect IT Edition for backup and recovery without installing any software.
  • Back-up and restore an unlimited number of machines, one at a time, for the duration of your subscription.
  • Restore a backup image to a different machine, even if the failed machine doesn’t have ShadowProtect software installed.
  • Back up Microsoft SQL, Exchange, and SharePoint servers and other critical application servers, including updates in memory.

Click here for further information of how ShadowProtect IT Edition can help you work better and faster.

More questions?

If you have any queries about ShadowProtect IT Edition call our product specialists on 0118 9898 222. More information is also available on our website at our StorageCraft pages.

 

StorageCraft Partner program ImageFollowing on from the introduction of its European Headquarters in Cork, StorageCraft announced the launch of their new European Partner Program.

The Program is designed to help MSPs and resellers grow their businesses by providing the tools and support to help them generate new opportunities and increase profitability. There are 3 levels available – Platinum, Gold and Silver and the benefits of the program are:

•  A dedicated account manager
•  Sales training tools
•  Marketing materials
•  StorageCraft technical resources
•  Lead sharing
•  Pre-sales support
•  Marketing and sales collateral
•  Marketing development funds (MDF)
•  NFR software
•  Competitive upgrade pricing

Interested in joining the program?

All you have to do is login to http://partners.storagecraft.eu

If you have any queries, please contact our product specialists on 0118 9898 222.

Is tape backup part of your disaster recovery plan?

StorageCraft banner27Jun14

Hearing that anyone is backing up their data using a tape might seem laughable these days. But anyone with a business knows that it’s easy to get into a routine and continue to use the same methods and techniques, never questioning whether they are still effective. So what’s so bad about using tapes? Here’s a few points to think about:

  • Businesses need to think about physical transportation and storage. What happens if the tapes are stolen or lost in transit?
  • If the tape drive fails, what happens to your data? Remember when the tape in your old cassettes would unravel in the tape recorder!
  • Relying on people to do the back up. What happens if your I.T. Manager gets called to a long meeting and he doesn’t get to do the backup?
  • Tape back-ups take longer to do.

Tape back-up might still have its place for archiving purposes and for certain industries (e.g. financial services), but companies can make big improvements to their disaster recovery plans by moving to solutions that combat the problems listed above. With StorageCraft ShadowProtect you’re able to develop effective disaster recovery plans with two powerful features - StorageCraft ImageManager and Headstart Restore because:

  • StorageCraft ImageManager offers local replication and consolidates data, taking copies and verifying your back-up as it’s being done. This means that you know you are restoring the correct data every time while minimising the disk space used. This free product is part of the Shadow Protect suite of products.
  • Shadowprotect Headstart Restore* is constantly restoring your data in the background to physical, virtual or server environments. This feature is available for a license fee and helps you to start a restore operation to a virtual machine, while the original production server continues to run.
  • Offsite replication is available with StorageCraft Shadowstream or Intelligent FTP. For a license fee you can send copies of backup image files to a remote server, co-location facility or data center.

Still need to understand why StorageCraft Back-up and Disaster Recovery solutions should be part of your disaster recovery plans? Watch the video below:

*Please note: Headstart Restore, Shadowstream and Intelligent FTP are all available as part of the StorageCraft licence fee

StorageCraftStorageCraft VirtualBoot moves a system volume backup image into a Virtual Machine (VM) environment, without performing a restore operation or converting backup files to a different format.

By using the open source Oracle VirtualBox software, VIrtualBoot provides a quick, temporary replacement system for a failed server.

 

Here’s a few examples of how VirtualBoot can help when a server fails:

  • System Fail-over: Restoring a failed system with terabytes of storage using traditional methods can take days. A VirtualBoot replacement can take minutes and gives users full access to system resources and applications after only a brief downtime to cut-over to the new system.
  • Backup Test: Few administrators perform backup and restore tests using traditional methods. VirtualBoot can mount any backup image in a VM for testing to make sure a restored system would function properly.
  • Access Application-specific Data: While backing up data is a critical operation, sometimes the data files alone aren't useful without their associated applications. VirtualBoot can mount an entire system, both applications and data, in a VM where you have access to data within its associated application.

Visit our website for more information about the Storagecraft Recover-Ability solutions. If you’d like to see VirtualBoot in action, take a look at our short video below:

Powered by Attix5 200x51Growing businesses produce ever increasing amounts of data and managing backup and recovery places additional pressure on companies.  Attix 5 Pro v7 Sailfish offers companies a solution to manage these challenges.

Why Attix5 Pro v7 Sailfish?
Putting you in control of all of your backup accounts is delivered by the Attix 5 Pro Storage Platform Console, which includes:

  • Multi-tiered backup group support and group-level settings, offering you the ability to manage thousands of backup accounts running on Windows, Mac and Linux operating systems. This support is offered across workstations and servers, on physical and virtual platforms with ease.
  • The capability to assign roles to users, giving them control over certain accounts.
  • The ability to produce storage platform reports for backup and recovery success, single-instance, compliance and more.

Attix5 Pro v7 Sailfish and disaster recovery
Recovering your data after a natural disaster or corrupt hardware and software presents companies with numerous challenges.  VirtualRestore is the feature that gives I.T. companies the tools to manage their disaster recovery because:

  • Backed-up data is instantly presented on a virtual drive and appears on a local machine (where the restore is required).
  • The live data or database can be migrated to a different machine for you to continue working.

While almost no disk space is required, VirtualRestore makes restoring data as easy as doing a normal restore and copying the files and folders in a local file system.
Available for desktop, laptop and server editions, Attix5 Pro v7 Sailfish and VirtualRestore are the solutions for your disaster recovery plans.
Read the latest release notes on our website here (add link)