Windows

Keyboard equipped with a red ransomware dollar button.
Keyboard equipped with a red ransomware dollar button.

There has been report of several companies becoming infected by the Crysis Ransomware and as such we have had a look into what it does and how it can be prevented.

History

First detected in February 2016, this virus has multiple methods of infection typically an email which has attachments using double extensions to make them appear non-executable.  Although it has been seen to also come through SPAM emails and compromised websites.  There has also been reports that it has been distributed to online locations and shared networks disguised as an installer for various legitimate programs.

Description

Crysis Ransomware itself is capable of encrypting over 185 file types across fixed, removable and networks drives and uses RSA and AES encryption, once infected it will also look to delete the computers shadow copies.  Whilst also creating copies of itself into the following locations.

  • %localappdata%\­%originalmalwarefilename%.exe
  • %windir%\­system32\­%originalmalwarefilename%.exe

The virus will then look to create/edit certain registry keys to ensure it is run on each system start.

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"

Finally after encryption there is a .txt file placed in the computers desktop folder, sometimes this accompanied by an image set as the desktop wallpaper.

  • %userprofile%\­Desktop\­How to decrypt your files.txt

There has also been reports of Crysis stealing data and credentials from the affected machines and passing these back to its Command and Control server.  This would then allow the computers and local networks that have been infected to become vulnerable to further attack if the credentials are not changed.

It has also been seen that Crysis will monitor and gather data gathered from IM applications, webcams, address books, clipboards and browsers prior to sending this to the C&C server with the windows variant stealing account and password credentials.

Prevention

To reduce the risk of infection we recommend the following

  • Ensure you are using an upto date AV product
  • Ensure any specific Ransomware prevention tools in the AV are used
  • Ensure you have a regular tested backup of the data
  • Educate users in the dangers of opening attachments from an unknown source

 

 

Bitdefender have updated their GravityZone cloud console with some new features over the weekend and here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.

Anti-Ransomware

The big news is that Bitdefender has now incorporated Anti Ransomware vaccine to all its cloud customers, and will be rolling this out through the on-premise version on Tuesday 27th Sep 2016.  This module is activated through the policy section  Antimalware --> On Access settings

Gravityzone Ransomware Vaccine Policy Setting
Gravityzone Ransomware Vaccine Policy Setting

By activating this module, machines will be protected from all currently known forms of Ransomware.

Other New Features

Update Rings - this feature allows Administrators of the program to  chose when in the validation cycle an update is received.

Anti-Exploit Techniques - a new set of powerful techniques which further enhances existing technologies to fight targeted attacks.  These are integrated into the existing Advanced Threat Control module.

Web Access Control Rules - The categories list has been updated with multiple new categories added.

Exchange Protection - This can now be enabled/disabled when editing a customer with a monthly license subscription.

 

The above features are now in place for all current users of Bitdefender Gravityzone in the cloud and will be rolled out to Bitdefender Gravityzone on-premise users from the 27th Sep 2016.

For more details on the above features and a look at the other features included please click here

logo     bs-logo

Windows10

Article originally published on the Malwarebytes website

It’s that time again, a new operating system emerges from the Microsoft incubator! While many of you might not get to experience Windows 10 just yet or even in the foreseeable future, we want you to know that when you decide to use it, Malwarebytes has got your back.

The latest versions of our Malwarebytes products supports Windows 10! And that includes:

  • Malwarebytes Anti-Malware Free
  • Malwarebytes Anti-Malware Premium
  • Malwarebytes Anti-Exploit Free
  • Malwarebytes Anti-Exploit Premium
  • Malwarebytes Anti-Malware for Business
  • Malwarebytes Anti-Exploit for Business
  • Malwarebytes Anti-Malware Remediation Tool

So one of the first things you should do after setting up your new operating system is to download Malwarebytes Anti-Malware. Trust me, the cyber criminals won’t wait until everyone is comfortable with Windows 10 to start targeting folks using it.

To download the latest Malwarebytes Anti-Malware on your new Win 10 system, click here.

Find out more about Malwarebytes at www.bluesolutions.co.uk/malwarebytes/. Call our sales team today on 0118 9898 222 for a free trial or demo.

BD Banner for blogOriginally published by Bitdefender

I came across an interesting article reported by The Register. In a survey, half of companies will still have Windows Server 2003 somewhere in their environment after the support cut-off date of July 14th passes. While purchasing a custom support agreement with Microsoft is an option, it’s one that will quickly get quite expensive ($600 per server per year, doubling each year).

An often complicated, and critical, application, is the endpoint security management suite. Traditional management relied on applications installed on Windows servers, most often leveraging a SQL database running on other servers. This very quickly creates a series of dependencies. Does the security management support a newer Windows version? If so, which databases does it support, and which Windows versions do those supported databases run on? If the management application uses a web server, which versions, and on which operating systems are those supported? How does the migration work, is there downtime, is the data migrated, can it be done in stages, or is it a forklift upgrade.

Much of this complexity can be avoided. Of course, custom-built, in-house applications are still tricky, but off-the-shelf solutions should be very simple, including endpoint security management.

For example, GravityZone can be delivered in two ways that avoid this complexity. The most straightforward is a GravityZone management console hosted by Bitdefender or a partner. In that case, the organization leveraging GravityZone never has to deal with any complexity underlying the management application.

The second option is hosting GravityZone on-premise. In this case, complexity is minimized because GravityZone operates as a self-contained private cloud. The deployment consists of a Linux-based virtual appliance. Multiple instances can be deployed, each playing one or more roles. The roles encompass all required functionality, including the database (often the source of most upgrade woes).

In this way, complexity of GravityZone is not exposed. Bitdefender builds and tests the virtual appliance, while the customer simply updates it. Everything from the web server to database is contained in the virtual appliance.

While adopting an endpoint security management solution that lowers operating system upgrade complexity won’t solve all of your problems, it certainly takes quite a bit of complexity – and therefore risk – off the table for a critical part of your environment. If you’re struggling to move your current solution off of Windows 2003, consider the advantages of a self-contained, flexible, and scalable solution like GravityZone, because it’s only a matter of time before you’ll begin the next round of operating system upgrades!

Want to know more about Bitdefender solutions? Contact our sales team today at 0118 9898 222 and they'll help with your queries or arrange a free trial.

 

Need some urgent help?

In only 28 days, your current version of Windows Server 2003 will expire, meaning you will no longer receive regular system updates, security patches, or hot fixes from Microsoft; which could leave your IT infrastructure exposed to serious security threats and compliance failures. If you would like to learn more, get in touch through emailing our friendly SMB team.

It's time to say goodbye to Windows Server 2003.

Call the Blue Solutions team on 0118 9898 222 for advice and help with upgrading your systems.

windows 10

Missing out version 9, Microsoft is likely to release Windows 10 during 2015. The new operating system introduces new features to integrate desktop and mobile devices, improve web browsing and increase productivity.

The Start menu returns

The Start menu, a familiar feature of Windows, was dropped in Windows 8 but then reintroduced after customer feedback. The Start menu is also a key part of Windows 10.

Free upgrade

Microsoft will be offering a free upgrade to Windows 10 for qualified new or existing Windows 7, Windows 8.1 and Windows Phone 8.1 devices that upgrade in the first year.

Web browsing

Internet Explorer will be replaced by a new, stripped down web browser named Spartan. Internet Explorer has developed over many years and carries a large amount of old code even in the most recent versions. Leaving that behind allows Microsoft to develop a faster, more secure browser for Windows 10.

Cortana digital assistant

Cortana is a voice activated digital assistant first seen in Windows Phone. Bringing Cortana to the desktop could make your time with Windows 10 more productive as the app can recognise your voice and then search Microsoft’s search engine Bing to provide answers. Cortana can also take notes, set reminders and launch apps.

Hololens

Hololens is a major new feature that uses a virtual reality headset to show computer generated images over your physical surroundings. Hololens will enable new applications from gaming and communication to 3D design and education.

Time to upgrade

With mainstream support now ended for Windows XP and Windows 7 an upgrade to Windows 8 or Windows 10 is required to keep your data and network secure.

Call the Blue Solutions team on 0118 9898 222 for advice and help with upgrading your systems.

Microsoft logo

Chances are, they may not be – according to estimates, there are still millions of servers running Windows Server 2003. It was the workhorse of choice for many years, but the time has come for customers to migrate to a newer, fully supported platform. That’s where you come in. It’s a great opportunity for you to ramp up your business and support your customers through a major technology change. They’ll appreciate the help, and you’ll appreciate the way your business will grow.

Find tools to help. 

Access our extensive set of resources to learn more about:

  • Talking with your customers about the importance of migration.
  • Ways to assess a customer’s current environment by categorising applications and workloads.
  • Migration options, either in the datacenter or in the cloud.
  • How to develop a migration plan.

Visit the Windows Server 2003 end of support partner page

You’ll also find customisable ModernBiz marketing materials that highlight Windows Server 2012 R2, including partner readiness materials, pitch decks, email templates, brochures, and copy blocks. Use these to show your customers the importance of migrating from Windows Server 2003, and the migration paths that are available.

Helpful tools like the Microsoft Assessment and Planning (MAP) Toolkit which makes it easy to conduct a migration assessment for a customer's current IT infrastructure, are also available. Get started migrating your customers

Call our Sales Team today on 0118 9898 222 to upgrade to Windows Server 2012 R2.

Windows 8.1

On March 1, 2014 Microsoft began offering the Windows Enterprise Upgrade in Volume Licensing.

The following are changes related to this offering:

  • Windows Pro Upgrade: The Windows Pro Upgrade remains available for purchase without SA.
  • Windows Enterprise Upgrade: The Windows Enterprise Upgrade is offered as of March 1, 2014 and allows customers with a qualifying OS to upgrade to Windows Enterprise.
    • Downgrade Rights:  Windows Enterprise edition has downgrade rights to previous versions of Windows Enterprise in addition to the same downgrade rights as Windows Pro.
    • Open Value: Customers may be eligible for an Up to Date Discount based on existing Windows 8.1 Pro, Windows 8 Pro and Windows 7 Professional licenses.
    • Software Assurance:  Except as stated below, SA may only be purchased for Windows Enterprise Upgrade license.
      • Select Plus, Open Value, and Open License Programs: customers may continue to acquire SA for new devices licensed for Windows 8.1 or 8 Pro or Windows 7 Professional OEM or FPP within 90 days of purchase until July 1, 2014.
      • Renewals: Customers who bought SA for Windows Pro may renew SA on their covered devices without the need to buy a Windows Enterprise Upgrade license.
      • Purchasing Windows Upgrade + SA: Any customer in a volume licensing program which requires SA and who previously purchased Windows Pro Upgrade + SA may continue to purchase Pro Upgrade + SA until the end of their enrollment or agreement.  Upon entering a new enrollment or agreement the customer will purchase Enterprise Upgrade + SA.

Got any questions about this Windows 8.1 upgrade? Contact our product specialists on 0118 9898 222 for help.

Microsoft logo

Microsoft logo

Microsoft has started to warn users about the upcoming end of support for a number of its popular products, including Windows 7.

What does end of support really mean? When Microsoft say this, they mean there will be no more fixes or patches (paid or free, security or non-security) for specific products. So the end, really does mean the end.

Which products will be affected?

Mainstream support will end for Windows 7 (Enterprise, Home Basic, Home Premium, Ultimate and Starter editions) on 13 January 2015. Extended support for Windows 7 will last until 14 January 2020, so users will continue to receive free security updates but not feature updates.  Some industry experts are saying that Microsoft might continue with Windows 7 support, in the same way that it did with Windows XP. On that point we’ll have to wait and see…

Mainstream support will also end for the following:

  • Windows Server 2008, 2008 R2 and editions of Windows Storage Server 2008 –  ends 13 January 2015
  • Dynamics C5 2010, Nav 2009, NAV 2009 R2 – ends 13 January 2015
  • Windows Server 2003  - ends 14 July 2015
  • Office 2010 –Service Pack 1 – ends 14 October 2014
  • SharePoint 2010 with SP1 – ends 14 October 2014

What’s the Microsoft advice for customers?
Microsoft are advising “Customers should migrate to the next available Service Pack to continue receiving security updates and be eligible for other support options”.

Need more information? Visit the Microsoft support page for all of the end of support dates.