The purpose of this article is to educate users on the dangers of Ransomware, or Cryptolocker.
Definition: Ransomeware is malicious software that is delivered usually via emails that look legitimate, and are designed to trick users in to opening attachments or opening links to files in order to encrypt files (making them unreadable) and demanding a fee to have the data de-crypted.
What is CryptoLocker?
CryptoLocker is a ransomware program that was released in the beginning of September 2013 that targets all versions of Windows computers. This ransomware will encrypt files using a strong encryption that is almost impossible to crack. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransompayment in order to decrypt the files.
If the payment is not made in time, access to all of the files will be lost. The only good way to recover from CryptoLocker is restoring from a backup (if you have one, and hopefully it’s recent).
How do you become infected with CryptoLocker?
This infection is typically spread through emails sent to company email addresses that pretend to from Fedex, UPS, DHS, or even invoices. These emails traditionally contain a zip file that when opened will infect the computer. These zip files contain executables that are disguised as PDF files , office files or any sort of document that can use macros. The infection can also spread and wreak havoc on your network if not stopped. According to Newsweek, in 2015 affected Americans paid about $325 million due to ransomware attacks; in 2016 cyber security analysts estimate it will be much higher.
If these attachments are opened, they will change files files on the network (workstations and servers) to an encrypted version that can only be unlocked with a special key. Without this key, your data is impossible to get to, and must be restored from a backup.
These unlock keys are available for purchase, typically for thousands of dollars. Without a backup, even the FBI says “pay the ransom”
i.t.NOW does its best to ensure data that resides on servers is protected, but we typically do not back up every single workstation we manage. This means if you were to open one of these attachments, the data on your C: drive would be unrecoverable.
Even with backups, downtime is costly. It can take hours to restore from backups, and during that time the entire company is typically at a standstill waiting to regain access to valuable data.
What about protection??
i.t.NOW provides several layers of protection to prevent these types of attacks on your network. Emails are filtered by a spam and virus firewall. Workstations are loaded with the latest OS patches and anti-virus software. However, these attacks are typically referred to as “Zero Hour” attacks. This means that the anti-virus and anti-spam databases of the world don’t yet know about this particular flavor of virus, and can’t flag them as such until they are identified, and virus definitions are created and applied. Additionally, attackers are getting more and more clever at the delivery methods, like embedding viruses into word documents and java scripts.
i.t.NOW is providing this information because some of these messages look so legit, they would trick even the most savvy of users. Have a look at the copies of actual emails below and let us know if you would open the attachment.
Generally, if you’re not expecting an email with an attachment, don’t open it! Especially if it says is from a scanner or e-fax. When in doubt, have someone check it out! We’re happy to help, we’d rather get 1000 calls asking if you should open an email than have to spend hours, or days cleaning up damage caused by ransomware. We’ve had several infections this year and with each one we sure up our defenses. However part of those defenses is you! We want to educate you so that you can be better prepared against this ever changing threat landscape.
Social Engineering attacks- Additionally, we’ve had a couple cases where an attacker will purchase a domain that is very close to your domain- for example, if your domain was acmepartners.com, an attacker may purchase acmepartnars.com and use it to send emails that seem to be from the CEO to the Controller asking for a wire transfer. If you see something like this- pick up the phone and verify! We had a client wire $60,000 to what they thought was their vendor, who at the last minute changed the bank routing number for the payment they were expecting. Closer inspection showed the from address was one letter off on the domain name.
The bottom line is to be cautions when opening email attachments, or requests for large sums of money to be transferred, even from an email that looks legit, it could be a spoof or a domain thats one letter off.
If you see anything suspicious, feel free to forward the email to [email protected], or you can open a ticket by right-clicking your i.t.NOW icon and selecting “Create Service Ticket”.
Thank you for helping us protect your networks!
Netflix’s journey to the Cloud started all the way back in 2008 when the company experienced a major database corruption – an event that hindered their ability to deliver DVDs out to their customers. That’s when the idea of a Cloud migration came about. Netflix needed a highly reliable and scalable platform like the Cloud to host their systems. Prior to 2015, they migrated the majority of their systems to the Cloud with the help of Amazon Web Services. In early January 2016, Netflix reported the completion of their Cloud migration and shut down the last remaining pieces of their data center used by their streaming service.
One reason it took so long to make the shift was because Netflix had to rebuild nearly all of its software before the start of their Cloud journey to minimize the risk of disruption. The company built a series of tools such as “Chaos Monkey” – a service which identifies groups of systems and randomly takes them offline to ensure Netflix’s safety without affecting customers. Netflix’s “Simian Army” consists of services including Chaos Monkey, Janitor Monkey, and Conformity Monkey in the Cloud that generate failures and detect abnormalities to test Netflix’s ability to survive them.
Since their Cloud migration, the company has seen numerous benefits. They have eight times more streaming members compared to 2008 and are experiencing a viewing growth by three orders of magnitude.
The flexibility offered by the Cloud allows Netflix to add thousands of virtual servers to support their long-term expansion. On January 6, Netflix became a global force, expanding its service to over 130 new countries. Their Cloud migration has allowed them to offer better and more enjoyable streaming services to Netflix members all over the world.
“We rely on the cloud for all of our scalable computing and storage needs – our business logic, distributed databases and big data processing/analytics, recommendations, transcoding, and hundreds of other functions that make up the Netflix application,” Netflix stated on their company blog. “Video is delivered through Netflix Open Connect, our content delivery network that is distributed globally to efficiently deliver our bits to members’ devices.”
One of the main reasons why the company decided to migrate to the Cloud was because of the cost benefits. With the Cloud, they are continuously able to grow and reach economies of scale that wouldn’t be possible with their own hosted data center.
The technology behind Netflix streaming has come a long way within the past eight years, and the company is continuing to reach new heights with the possibilities offered by the Cloud.
“…it feels great to finally not be constrained by the limitations we’ve previously faced,” Netflix stated. “As the cloud is still quite new to many of us in the industry, there are many questions to answer and problems to solve. Through initiatives such as Netflix Open Source, we hope to continue collaborating with great technology minds out there and together address all of these challenges.”
Here at i.t.NOW, we equip you with the latest technology in Cloud computing to help your business grow more efficient and scalable. For more information, please contact us for a free consultation!