Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. For this reason, we have been educating our customers through our recent communications and our webinar that many of you attended. Little did we realise that we would see a ransomware variant spread so rapidly and affect so many organisations as the attack that started on Friday 12th May has demonstrated.
You will have seen the headlines over the weekend that this ransomware variant has impacted far-flung organisations such as the hospitals and clinics run by the British National Health Services, Chinese Universities, Hungarian and Spanish Telecoms.
Affected Microsoft products include:
· Windows Vista
· Windows Server 2008
· Windows 7
· Windows Server 2008 R2
· Windows 8.1
· Windows Server 2012 and Windows Server 2012 R2
· Windows RT 8.1
· Windows 10
· Windows Server 2016
· Windows Server Core installation option
Microsoft released a critical patch for this vulnerability in March in Microsoft Security Bulletin MS17-010 which we strongly advise that you apply on all affected nodes of the network immediately.
The patch for 2003, XP and Windows 8 machines can be found here.
We also recommend that users and organisations take the following preventive measures:
- Establish a regular routine for patching operating systems, software, and firmware on all devices.
- Deploy IPS, AV, and Web Filtering technologies, and keep them updated. Back up data regularly. Verify the integrity of those backups, encrypt them, and test the restoration process to ensure it is working properly.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Schedule your anti-virus and anti-malware programs to automatically conduct regular scans.
- Disable macro scripts in files transmitted via email. Consider using a tool like Office Viewer to open attached Microsoft Office files rather than the Office suite of applications.
- Establish a business continuity and incident response strategy and conduct regular vulnerability assessments.
The security of our customers’ systems is of upmost importance. Our team are at your disposal to offer you advice on protecting your systems and people. If you have any concerns, or would like further clarification about this statement and the recommendations we have suggested then please contact our technical support team who will be only too happy to help on 01189 186824.
We are pleased to announce that we are now a Microsoft Cloud Solution Provider (CSP) enabling us to offer clients migrating to the cloud more options and flexibility.
To join the programme, Nouveau had to demonstrate a number of capabilities including support, technical integration, lifecycle management and billing.
Flexibility and Support
With Microsoft Cloud you can scale up or down as business demands with the peace of mind that you are paying only for the services, support and storage you are using on a pay-as-you-go basis.
“We are delighted to be a certified CSP. Becoming a CSP enables Nouveau to bundle Microsoft solutions and our wrap around services and provide the customer will one bill for all services” Andy Stevens, Managing Director.
For low-cost cloud migration services and support from Nouveau including sizing, POC, provisioning, implementation and support please get in touch with a member of our Cloud team on 01189 699290.
Nouveau Solutions are pleased to announce that they have signed the Armed Services Covenant – a promise from the nation that those who serve or have served, and their families, are treated fairly.
No stranger to helping the armed services, Andy Stevens, Co-founder and Managing Director spent 14 years in the Parachute Regiment (Regular and Reserve). He says “I have many colleagues who have served in the Armed services and have been involved in conflicts around the world, some of whom have excelled in civilian roles and others who have found the transition to a civilian role more challenging, but the work ethic, loyalty and dedication that ex-serving personnel possess are a real asset to any organisation”.
With the expansion of the Reserve forces within the UK, as an employer we know how important it is to have a flexible approach to allow our reservists to meet their training commitments and we are committed to supporting them.
GlobalSign Important Communication Update – Certificate Revocation Issue.
GlobalSign are experiencing an internal process issue specific to several root certificates. They are currently working on the detailed instructions to help you resolve the issue and will communicate those instruction shortly.
Please Click image below for more information.
We’re aware that over the past few weeks, there has been an increase in CryptoLocker-style attacks. We want to make sure that all of our customers are aware of the situation and provide them with a few tips on how best to be prepared to combat this.
What is CryptoLocker?
CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows. Created via infected email attachments and via an existing botnet, when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers.
The malware then displays a message which offers to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline, and threatens to delete the private key if the deadline passes.
If the deadline is not met, there is a second message supplied stating that the price to decrypt is now much higher.
Although the CryptoLocker is readily removed, the files that it encrypted remain that way in which is considered unfeasible to break. It is said that the ransom should not be paid, but there aren’t many solutions to recover the files if payment is considered, some victims have claimed that paying the ransom did not always lead to the files being decrypted.
How to protect yourself
The best way to stay secure is to have the latest security solution. If you have Fortinet Sandboxing, this will go a long way to protect you from CryptoLocker. Additionally, you should:
- Backup regularly and keep a recent backup copy off-site
- Enable file extensions
- Don’t enable macros in document attachments received via email
- Be cautious about unsolicited attachments
- Don’t give yourself more login power than you need
- Stay up-to-date with new security features in your business applications.
We can help with FortiSandbox
FortiSandbox, provided by Fortinet, offers a robust combination of proactive detection and mitigation, threat insight and integrated automated deployment. At its foundation, it’s a unique, dual-level sandbox which is complemented by Fortinet’s award-winning anti-malware and optional threat intelligence. Years of Fortinet threat expertise is now packaged up and available on site or via the cloud via FortiSandbox.
When FortiSandbox discovers suspicious codes, these are subjected to multi-layer pre-filters prior to execution in their virtual OS for detailed, behavioural analysis. The highly effective pre-filters include a screen by Fortinet’s AV engine that sends queries to cloud-based threat databases and OS-independent simulations.
Once a malicious code is detected, granular ratings along with key threats is measured, a signature is dynamically created for distribution to integrated products and a full threat information is optionally shared with FortiGuard labs for the update of the global threat databases, making sure that you’re as safe as possible.
If you’re unsure about CryptoLocker or Ransomware as a whole, please contact us and we’ll discuss it with you in detail, how your infrastructure is set up to protect yourself from the threats today and in the future.
Enhanced Managed Services offering: Solarwinds N-Able
We always strive to be ahead in our industry, and as a result we have invested in making sure that our Managed Services offering is class leading and second to none. As such, we’re proud to announce that we’ve implemented Solarwinds N-Able, which monitors our client’s environments and alerts us when it has detected a problem. Our Service Desk will then diagnose and fix the issue – in many instances before they even become apparent to the user – keeping productivity high and interruptions low.
These enhancements to our managed service solutions provides you with complete peace of mind that we are proactively managing your networks, systems and information technology infrastructure, leaving you to focus on other business priorities.
Answering your questions:
- What can N-central monitor?
N-central will automatically detect almost any IP-connected devices, and with hundreds of built-in monitoring services, it can monitor just about anything.
- Can N-central handle all of my devices?
Yes, it’s used in a variety of establishments and the usage is in the 1,000s, monitoring over a million devices. We use the system to monitor more than 25,000 devices for a single client.
- Can it remotely connect to customers through a firewall?
N-Central can monitor whether it’s a firewall or a roaming laptop, there are a variety of ways that allow remote connection.
N-Central can produce historical data that can be stored, and detailed reports can be produced that can be shared at consultative and executive level.