Blog

Intel, ARM and AMD chip scare

DSurKmFX4AAj6qE

You may be aware of the news this week relating to a security risk in chips made by Intel, ARM, and AMD.  This is a global issue and we are working with the vendors to establish any action we should take. In the meantime, we would like to assure our customers that the way we deploy our hosting services and the enterprise security technologies used mean that your hosted systems have a very low level of risk.  We will update you further as more information becomes available.

Read more at:

BBC Intel, ARM and AMD chip scare: What you need to know
CNET Major Intel, Arm chip security flaw puts your PCs, phones at risk

ESET releases new decryptor for TeslaCrypt ransomware

Ransomware

Have you been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt? If your encrypted files had the extensions .xxx, .ttt, .micro, .mp3 or were left unchanged, then ESET has good news for you: we have a decryptor for TeslaCrypt.
We have been covering this malware for a few months now, sometimes along with Locky or being spread by Nemucod. Recently, TeslaCrypt’s operators announced that they are wrapping up their malevolent activities:
teslacrypt closed 1024x204

On this occasion, one of ESET’s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators, and requested the universal master decryption key.
Surprisingly, they made it public.
This allowed ESET to create a free decrypting tool promptly, which is able to unlock files affected by all variants between 3.0.0 and 4.2 of this ransomware. For instructions on how to use the decryptor, please visit the ESET Knowledgebase website.
TeslaCryptDecryptor
We must stress that ransomware remains one of the most dangerous computer threats at this moment, and prevention is essential to keep users safe. Therefore, they should keep operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).
We also advise all users to be very careful when clicking on links or files in their email or browsers. This is particularly true when messages are received from unknown sources or otherwise look suspicious.
For more information about how to protect yourself against these and other ransomware threats, please contact us

Encryption

Your Key to Secure Data

In last week’s blog post, we described the government regulations to protect sensitive data and the penalties imposed for a data breach. Keeping data secure is important not just to the individuals affected, but also to the success of your business. What can you do to protect your clients’/patients’/HR information and follow best practices? The most powerful tool you can use, to protect electronic credit card information, ePHI, personnel records and other electronic sensitive data, is encryption.

Encryption to Protect Data
Lost or stolen portable devices is one of the primary causes of data breaches. However, if the data on the lost device is encrypted, the loss is not considered to be a data breach. Therefore, the most effective solution to protect data and avoid a security breach is to encrypt data stored on these devices.

encryptionTo protect private information used in any business, the use of encryption is required on the computers and devices being used (including back-up devices), as well as for cloud applications. It is also required on websites which collect personal information, such as those used when individuals make credit card purchases on the web, do online banking, or access a patient portal.

How Encryption Works
Encryption uses a mathematical algorithm to scramble the text so that it cannot be read. This prevents the sensitive data from being accessed without providing the key to convert the information back to its readable form. The key could be a secure password or it could require a secure methodology called two-factor authentication.

Single-factor authentication requires only your username and one password. Two-factor authorization (2FA) adds a second level of authentication, requiring the user to have two out of three types of credentials before being able to read the encrypted data. The three possible types of credentials are a PIN number, a fob, and a biometric match.

In a secure system, access attempts are locked out after a specified threshold is reached to prevent unauthorized access. In addition, lockout events are logged for auditing purposes.

There are two types of data to encrypt, data at rest and data in motion (also called data in transit). Data at rest is data that is stored in digital form, such as databases, spreadsheets, backups and archives. Data in motion is information that is moving through a network, such as data being backed up from a laptop to a central server. An email is also classified as data in motion between the time that it is sent until the time that it reaches the recipient’s email host.

The encryption software to use depends on the type of data and what needs to be encrypted. There are several data encryption tools available within the operating systems and from third party vendors for use on a desktops, laptops, and removable storage devices. Encryption software can encrypt the entire hard disk, or specific files or folders. Microsoft includes a program called BitLocker on the higher end, professional versions of Windows 7 and Windows 8 which can be configured to encrypt an entire volume of data on a hard disk or removable drive.

For organizations, there are central management tools to lock and unlock several drives remotely, and to wipe a drive clean if it is stolen. Encryption software is also available for sending sensitive information via email.

Secure Websites and Email
secure email - TronixSystem WisdomCloudWhen private information is entered on the web, the URL of the website requesting the information should begin with “https” instead of “http”. Hypertext Transfer Protocol Secure (HTTPS) provides bi-directional encryption of communications between a client and server. The “s” means that the site is secure.

When sending an encrypted email, the sent email is intercepted by an encryption system which holds the email in an encrypted state. The system then sends an unencrypted notification to the email recipient notifying the recipient that an email is waiting. The recipient clicks on the link and then has to securely log in to download the email. The URL for the login screen begins with https indicating that the login is secure. secure email login - TronixSystem Wisdom Cloud

TronixSystem provides encrypted email services to our clients through our WisdomCloud. Call us to discuss how we can add optional encryption to your email communications flow.

Encrypted Backups
Backup devices also need to be encrypted. TronixSystem’s TSP backup appliance uses advanced encryption technology which ensures that data cannot be accessed while stored on the appliance, while being transmitted to an offsite data center and while stored at the data center. If a TSP backup appliance is stolen, TronixSystem has the ability to remotely wipe all data stored on the device.

Protecting a Stolen Smartphone
If you use a smartphone for business, your phone may contain personally identifiable private data related to your clients, patients or staff. Thus, you may need to encrypt the data stored on your device. It is also important to set up a password to lock your device. If you send emails containing patient or financial information, you will need to send encrypted emails to comply with government regulations. If your smartphone is lost or stolen, you can protect data by wiping it remotely. Remote wipe sets the phone back to its factory settings, thus clearing any data on the device. (Note: Depending on the device, if a device is wiped, personal data and photos will also be removed, in addition to the company information).

TronixSystem offers mobile device management (MDM) services to manage the security of smartphones, iPads and other portable devices and provides remote wipe services to our clients for their corporate devices.

The Key
Encryption is the key to secure data on websites, in email, on laptops, on backup devices, on smartphones, and on other devices. Encryption keeps personal information secure because encrypted data cannot be accessed without the encryption key required to make the data readable. As we noted in our blog post about HIPAA Breaches, Business Associates, and Encryption, the only exception to the HIPAA breach notification requirement is if the PHI disclosed was secured with encryption technology.

Does your company use encryption to protect the data stored and transmitted on your systems? TronixSystem can help you design a solution to secure your data, regardless of where that data may be. Call us to get started with this critical security requirement.

CryptoLocker Virus Holds Your Data Files for Ransom

CryptoLocker is a form of malicious malware known as cryptoviral extortion ransomware.  This scheme encrypts key data files on a computer and all the network drives you have access to, making them inaccessible until you pay a ransom to obtain a decryption key.  The virus does not reveal itself until after it has encrypted your data and your computer is on the internet so that the virus can identify your system to the encryption server run by the attackers.

Even up-to-date anti-virus applications do not defend against CryptoLocker. While you can remove the virus from your computer, there are no patches to undo the encryption damage.

The only way to get your files back is to pay the ransom or restore the files from backup.

How do you get CryptoLocker?

There are three ways that you might get this virus.

Opening an email attachment with an infected file or downloading a malicious file from a website.

Browsing a malicious website that exploits vulnerabilities in an out-of-date version of Java.

Having malware already on your computer that the criminals use as a backdoor to copy CryptoLocker onto your computer.

How will you know you have CryptoLocker?

If your computer is infected with this malware, you’ll notice two things.

A red banner will show up on your computer monitor warning you that your files are encrypted – but if you send money (usually $300) to a given email address within a specified time period, you will be given the decryption key to restore your files.

You won’t be able to open Microsoft Office files, database files, images and other common documents.  Instead, you’ll get a warning such as “Excel cannot open the file [filename] because the file format or file extension is not valid.”

How can you get your data back?

There are only two ways to restore access to your data.

You can pay the criminals but be aware that you may not get your data back. Generally, the attackers require payment using some untraceable form such as bitcoins or prepaid debit card.  What’s surprising is that, up to this point, the criminals have provided the decryption key.

The only other option is to restore your files from backup.

What can you do to prevent future virus infections?

If you use TronixSystem’s complete IT management services, you’ve already taken the first step. You already benefit from the following proactive services:

Security patching.  Our automated systems and trained techs patch your operating systems and software to keep them up to date with the latest security and performance updates.  And we do this during the overnight hours and on Sundays to minimize the disruption to your business.

Anti-virus Monitoring.  Most people have some anti-virus program, but how do you know it’s effective?  TronixSystem provides 24×7 monitoring to make sure your anti-virus is active and up to date, and resolves any uncovered issues.

Regular scanning for malware.  Our automated systems work in the background to sniff out potential malware, security holes, and exposure to viruses.

Backup monitoring and testing.  Of course you have backups!  But are you monitoring, verifying, and testing them on a regular basis?  TronixSystem monitors the status of all backups 24×7 and resolves issues as alerts are received. We also test restoring data from backups on a monthly basis.

Ransomware picSpam filtering.  Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails.  Minimizing spam using an effective spam blocking system will reduce overall exposure to these malicious sources.

Content filtering.  Viruses can be downloaded by simply browsing malicious web sites or downloading and opening files from these sites.  Internet content filters can be implemented to block access to these sites on a selective or company-wide basis.

Manage user access privileges.  Viruses get installed and spread by exploiting the high level of access control assigned to most users.  Allowing users to have full administrator privileges gives a virus full rights to install itself and infect a users’ computer, along with all systems and files to which that user has access and rights.  Implementing the best practice of “least access right” required to use a company’s key business applications will minimize this security exposure and the risk of viruses.

Feel free to call us to discuss any of these protective and preventive services. We will be happy to consult with you on a complimentary basis.