Category

General

Trent Ray

#WAES Presentations

By | General, Latest News | No Comments

Presentations for the WA Education Summit 2018 below. Click to download.

 

Trent Ray: Trends in Education

Trent Ray: Assessing for Future Skills

Chris McNamara (MGG) : Designing Schooling for Student Autonomy

Mary-Lou O’Brien (MGG):  Pushing Digital as a Core Company Value

Tamara Sullivan (Ormiston College): Leadership Action Matter – It Begins With You!

Melissa Marshall (Santa Maria): Gamification in Schools – with or without technology

Leigh Treacy (Fortinet): Notifiable Data Breach Scheme 

Ian Curlewis (Lavan): Privacy Act Breaches 

James Manson (Webroot): Webroot Threat Landscape

Michael Richards (Microsoft):  Securing a Microsoft Environment in the Cloud

Jason Byway (Microsoft): Managing Devices

Anthony Spiteri (Veeam): Intelligent Data Management for the Hyper-Available School

Should you have any issues in accessing these files, please contact us for help.

WAES Sponsor Special Offers

 

Lenovo

Minimum 10% off all Education RRP. Contact us for more information.

Microsoft

STEM OFFER. Offer ending Dec 31st

Fortinet

WAES delegates can access a Free Cyber Threat Assessment  for their schools- see an example report here

Veeam

3 month free licences for Veeam Backup for Microsoft Office 365 and Veeam Agents for Microsoft Windows and Linux: https://www.veeam.com/veeam-special-offers.html

Webroot

20% off new schools with a 250 seat minimum order. Offer ending in Dec 31st. Contact us for more information.

Vivi

Keen to try out the Vivi’s screen mirroring technology used at the WA Education Summit?  Contact us to discuss how you can take advantage of their free in-school trials.

ClassVR

FREE access to the ClassVR Teacher Portal until December 2018 (Valued up to $749) when purchasing a ClassVR Headset

Solutions IT – Zuludesk

FREE training session (valued at $450) per school when purchasing Zuludesk

ransomware

Ransomware

By | Commercial, Company, General | No Comments

Your how-to guide for protecting yourself against malware.

With the advent of information technology and the internet, came an almost limitless potential for technological advancement and improvements in efficiency in business. Unfortunately, there are two sides to every story. Rapid advancements in technology and how we use the internet have also been accompanied by a host of dangers any internet user would do well to be wary of. This includes malware such as ransomware. Read on to find out some useful tips on how to protect yourself against this malware and limit the risk of losing access to your data.

 

 

What is ransomware?

Malware is a type of software that is specifically designed to get access to or damage your data without your knowledge. Ransomware, in particular, is a type of malware that prevents users from accessing data, by either locking the system’s screen or files. In order to regain access, a ransom has to be paid.

 

More modern versions of ransomware, collectively classified as crypto-ransomware, encrypt certain files, forcing users to make online payments in order to get a decrypt key and restore access to their system.

 

The consequences of becoming a victim of crypto-ransomware and not having the necessary safeguards and mitigation strategies in place are significant. Where small businesses are concerned, such an attack could mean the end of your business.

 

 

Protecting yourself

All is not lost and there are precautions every user can take to limit their exposure to this malware.

 

  • Use and implement proven multi-vector endpoint security

Your first line of defence is the security system you have in place. It is critical that it offers multidimensional protection and prevention against malware, quickly recognising external threats and any suspicious behaviour. A next-generation endpoint security solution is recommended, offering protection beyond file-based threats.

 

  • Prepare for the worst case scenario with robust backup

While next-generation endpoint security is important for your system’s security regime, it is not completely fail-proof and can still fall prey to crypto-ransomware infections. Ensuring you have comprehensive backup together with a business continuity plan that will allow you restore data and minimise business downtime. This entails more than just your standard backing up to an external drive. It should include back up that is located in at least three different locations:

 

  • Main storage area (file server)
  • Local disk backup
  • Mirrors in a cloud business continuity service

 

  • Keep Windows updated

While occasionally tedious, keeping Windows up to date will ensure that a number of infections are instantly ruled out. In addition, you can reduce workload by putting in place a patching routine – a security fundamental.

 

  • Keep all plug-ins up to date

Keeping all third party plug-ins updated to their latest build lessens the likelihood of being exploited by ransomware.

 

  • Use a modern browser with an ad blocking plugin

Modern browsers like Chrome and Firefox are constantly being updated to offer more robust protection. They also give the option to add plug-ins that will make you more secure. Even simply having a pop-up blocker running can offer some protection.

 

  • Disable autorun

Autorun is convenient, however, it is helps malware spread across a corporate environment. Disabling autorun as a policy will bolster your system’s security.

 

  • Disable Windows Scripting Host

VBS are Microsoft scripts used by malware authors to either disrupt an environment or run a process that will download more advanced malware. Disable them completely by disabling the Windows Scripting Host engine.

 

  • Have users run as limited users and NOT admins

This is critical because some current ransomware threats are capable of browsing and encrypting data on any mapped drives that an end user has access to. Therefore restricting the user permissions for the share or the underlying file system of a mapped drive will limit ransomware’s scope for encryption.

 

  • Show hidden file extensions

One way ransomware like CryptoLocker and others frequently arrive is in a file named with the extension ‘.PDF.EXE’ or something similar. If full file extensions are visible such files will be easier to spot and remove accordingly.

 

Coping with infections

Don’t worry if your organisation has unfortunately already been infected. Take the following steps to limit the damage done to your systems:

 

  1. Isolate the PC(s) immediately to stop further infection.
  2. Do not begin re-imaging process until the infection is categorised.
  3. Contact the endpoint security vendor’s support staff to assist you with completely removing the infection.
  4. Check if user data was encrypted as soon as possible.
  5. Alert other employees if this was a targeted attack, or about the threat vector, if appropriate.

 

We hope you have found this brief guide useful and will adopt some of these precautions and general tips to protect yourself and your business from online extortion.

 

Solutions I.T. has been providing Western Australian organisations with a comprehensive range IT solutions since 1999. Our strict adherence to industry best practice, ensures our clients are granted access to the most effective solutions available. For premium IT services, the best-fit technology and excellent customer support, contact our friendly team today.

Held Ransom By A Trojan Cryptolocker?

By | Education, General | No Comments

At 4pm on a Friday afternoon, St Simon Peter Primary School identified files on their Office Server that were encrypted.  From what was seen in the text files, it seemed that some of the server files were infected by a Cryptolocker and to unencrypt them, the user had to pay a ransom.  Shortly afterwards files on a second server was also identified as being encrypted.

 

What was on the servers? Only the most important school data!! The admin system:MAZE, confidential documents and admin documents had all been affected. Both servers were critical to the day to day running of the school so it was imperative that  the situation was remedied quickly.The school called us immediately.

 

As soon as we understood the issue, we advised them to shut down all servers and immediately unplug the network attached storage device used for their backups.  Soon after one of our technicians attended the school to retrieve the backups for testing.

Over the weekend we worked to test the files and identified that they were in fact encrypted by one of two newer Trojans: TeslaCrypt. Processes were put in place to remotely test each workstation for the presence of the Trojan and to log all suspicious activity. We were able to track down and identify the source workstation and user account enabling us to fully remove the Trojan.

 

On Monday morning we visited the school to test that the Trojan was contained.  Soon after all staff in the administration area were able to use their workstations with access to email and internet.  By lunch time all staff were able to log onto their computers. Data was restored from backup to the two affected servers resulting in full functionality being restored by the end of the day.

We performed a full health check and settings remain in place to prevent similar Trojans from executing.

Things you need to know about some of these new Trojans:

 

  • McAfee and other traditional virus scanners do not appear to detect it
  • It encrypts all files such as documents, photos, spreadsheets, databases, etc with military grade encryption which is virtually impossible to break
  • It demands a ransom to retrieve the encryption key and get back your files
  • The price of the ransom increases as time goes on
  • Paying the ransom to receive a decryption key does not always result in files being decrypted
  • It encrypts all files on local drives but also any mapped network drive (servers etc) and any USB device attached
  • It deletes volume shadow copies preventing easy rollback to previous versions of files
  • It will encrypt any backup files it finds so any backups living on an usb drive etc
  • A full health check of your network is highly recommended to help prevention
[604kb]
[604kb]
[604kb]
[604kb]