Wednesday, October 9, 2013

New Virus Warning #Cryptolocker ransomware virus destroys all files on your computer & network, then goes after your backups

Another wave of the Cryptolocker ransomware virus appears to have hit today. This is among the worst viruses to make the rounds in a while, and is a extremely high threat. I've seen widespread reports of it, throughout Texas today, and I'm sure globally.

If you want to decrypt the cryptolocker virus then you might want to think twice. Sparing you the specifics, it uses very state of the art tactics to make sure that decryption is not an option unless you can hack their server.

The virus activates by attempting to contact the command and control node. Since the FBI or someone systematically takes their servers offline as quickly as possible, the virus has devised a novel way to call home, no matter what. It has an algorithm, that generates random domain names of various letters. It then tries to phone home using those random domains. All that's required, is for the virus author to know the algorithm, and register a domain name the virus will use to phone home, at some point before the virus does so.

Once connected, it encrypts everything it can write to, including network shares on servers that might be otherwise protected.

During it's dormant period, it attempts to spread, like worm. Infecting whatever machines it can, whenever any opportunity presents itself. 

When it phones home, the entire network could be infected, and all at once, your whole system might require the ransom to be paid.

All versions of Windows are vulnerable. Most major Anti-Virus vendors still can't stop this one yet for some reason.

Some people have attempted to use Panda Ransomware Decrypt but that doesn't work at all.

The malware itself is easy to remove, but the leftover file fragments cannot be decrypted even if you have a powerful server capable of performing brute force decryption.

Online backups are also encrypted in many cases. Cloud based backup software often pushes the encrypted file offsite, and many offsite cloud backups only store the latest "current version", so even cloud backups can be vulnerable to becoming encrypted, unless previous versions are available.

There are scattered reports of people being able to use Previous Versions via VSS snaps but it seems like some new variants may be going after that too.

Paying the ransom supposedly gets the files decrypted, but I think that's only true if you pay it before, for example, the FBI shuts down their server. Once their server's "seized" or gets taken off line, the private key to decrypt the data which is sold to you by the ransomware, is gone for good.

You seem to get infected by it, after receiving an e-mail with a customer complaint, which is infected.

Websites and other things are also supposedly being infected, but many people are thinking the an infected e-mail attachment with a message that makes your heart skip a beat and want to jump to open it, is what's spreading it.

So beware. If your hit, hopefully your backup is good and immune.

Lets recap. This virus:
  • Evades Anti-Virus
  • Destroys backups
  • Holds you hostage
  • Is very finicky
  • I don't like it at all
Posted by at No comments:

Wednesday, March 20, 2013

Node expands into Korba


Chhattisgarh India - Node, llc, a cloud services management provider, is expanding offices to Korba India. Node has current offices in San Antonio, TX, Indore India in Madhya Pradesh, and in South Bend, Indiana. 



Why Korba? The strategic value of the region is easy to underestimate, but when you look closely, there are some very vital resources there, that will help it grow. For example, there are 8 power plants that operate out of the area, with Korba being a primary power generation center. It's lush jungle landscape provides a river with hydro electrical power, and massive local coal deposits, coupled with a substantial coal mining community make it's coal fired power plants more cost effective to operate. 

The internet in Korba is hardwired, much faster and more stable than many other larger Indian cities, who prefer to deploy wireless networks that become very saturated and unstable.

While the region is developing, it is not over saturated yet. With substantial investments in it's infrastructure, and a community of hard working people who are willing and ready to learn, Korba appears to be a diamond in the rough from a strategic point of view.

So what brings Node there anyway? Well, we have a small Indian work force to help our US based teams complete various tasks faster, and more efficiently. This team has primarily operated from Indore India since Node was founded in 2010. 
We selected Indore due to it's location, university and education system, and it's diverse population of technical professionals. With nearby access to Bohpal, Indore has the big city capabilities, without the lack of attention and high costs that comes along with your huge markets like Mumbai or Delhi.

That's great about Indore, but what about Korba?

Recently, one of our Indore team members, Shashikant Sharma, completed his masters of business degree and requested to move back home to Korba. At first, I didn't like this idea, but when I found out he is heavily involved in teaching at a local technology school there now, and I realized the amount of electrical grid stability and internet speed there, the choice was clear. 

We will be building and training our team there to assist with basic computer desktop, and server maintenance tasks. These tasks are mostly run by automated scripts, which must have their logs parsed by a human for inconsistencies, and also must be confirmed to have run. By expanding our team in Korba, we will be able to provide better monitoring, faster remediation of windows errors, and expand our managed services team with hand picked closely trained people.

It's my hope to bring opportunity to people all around the world, and at the same time, make a stronger organization with exceedingly high customer satisfaction. 

We look forward to Shashikant's efforts there, and building a superior team rooted not in corporate greed but in humanitarian initiatives. 

India provides a crucial backbone to Node's research and development, and technical support teams. While our US based customers typically do not ever interact directly with our Indian division, our team constantly does. Since Node's founding, Indian labor has been critical to our growth and ability to perform huge, seemingly cumbersome and sometimes inordinately complex tasks, extremely efficiently. Our US based teams perform Quality Control against our Indian work forces tasks, and our US based customer service interacts directly with the customers and our teams. Overall, this model has yielded Node incredibly high marks for customer service, high efficiency, and low price.

If you are thinking about a move to the cloud, or if you hire an outside company to work on your business computer systems, think about Node and give us a shout. Our US based sales force is ready to assist, and find out if we are a good fit for your organization.

-Brandon Cross
President, NODE, LLC
 

Posted by at No comments:
Subscribe to: Posts (Atom)