Our Client CryptoLocker Warning E-Mail

This is a copy of an e-mail we are sending out on a somewhat frequent basis to our clients to keep being Internet Street Smart at the top of their minds:

Hello all,

I may have mentioned this in the past while but it bears being mentioned again.

There is a really bad malware being spread via links in e-mail that take the user to a bad site or attachments in an e-mail that contain the bad software. Its name is CryptoLocker.

If the link is clicked on or the attachment is opened the software starts up and goes on to encrypt, that is make unavailable, EVERY file the user has access to. There are two ways to get out of the mess once the infected system is found and quarantined:
1.    Best Option: Recover the files from Previous Versions (Volume Shadow Copy snapshot) … may be out by a few hours.
2.    Okay Option: Recover or from Backup … may be a bit out of time in the form of hours.
3.    Worst Option: Pay the bad guys to decrypt the data and risk identity theft among other problems of handing over a credit card number.

Simple rule of thumb: NEVER click on a link in an e-mail and avoid opening attachments if at all possible (Especially ZIP archives). And, if a link must be clicked on in an e-mail hover the mouse cursor over the link to see where it leads to. If it looks suspicious please ask!

Our systems are designed to provide maximum recoverability however the snapshots and backups are timed throughout the day. So, if there is an infection some work may be lost!

As always, please be very careful and aware that bad folks out there are always on the hunt for more victims. No business large or small is exempt from these folks nefarious activities.

We are aware of firms, fortunately not our own clients, that are on the brink of possibly being lost due to CryptoLocker and bad or unavailable backups!

Thanks and have a wonderful day! :)

We do our best to keep folks aware of what is happening out there but things are getting even more nasty for e-mail transmissions.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Our Data Mule System Gets A Transplant

We have a system sitting at the end of the shop that is used for making ShadowProtect images of _all_ systems we will be working on, data recovery on dead drives, and for secure wiping hard disks.

The motherboard, power supply, and hard drive are custom mounted to the inside of an old Compaq desktop PC cover leaving SATA connectors and PCI/PCI-E connectors quickly accessible depending on the job at hand.

We swapped out the Intel Desktop Board DQ965GF with Core 2 Duo E6600 series CPU for an Intel Desktop Board DQ67SW with a Core i5-2500K CPU that we purchased as part of the Intel Virtual Channel Conference a while back.

To get the necessary speeds for the drives with the old setup we would power down and plug the SATA cables directly into the drives to be serviced and power up again.

Now, we can drop a drive into one of the above NexStar Hard Drive Docks that utilizes a USB 3.0 interface (NST-D300S3) giving us the ability to work on two drives at USB 3.0 speeds simultaneously. We will pick up a couple of dual drive docking bays at a later date if the need requires.

For now, we also have the eSATA ports that we can plug a couple of BlackX eSATA drive docks (ST0005U) into to give us two more hot swappable and fast connections for drive work.

We store images on the local hard disk that are password protected, but we will be taking the extra step to BitLocker the drive since this board comes with a compatible TPM.

System Configuration

• Intel Desktop Board DQ67SW.
• Intel Core i5-2500K CPU.
• 4GB Kingston Value Ram (2x 2GB).
• 500GB Seagate SATA drive.
• 750 Watt Enermax PSU.

Utilities

• GetDataBack by Runtime Software
• Data recovery tools so good if they don’t work that drive is probably going to Recovery.
• StorageCraft ShadowProtect IT Edition
• ShadowProtect licensed so that we can back up _everything_ we work on in the shop and on-site.
• Heidi Computers – Eraser
• By far the best DoD multi-pass capable drive wipe.
• Microsoft SysInternals Utilities
• All of the good stuff.
• Malwarebytes
• Microsoft Security Essentials

We have an account that is set up as a Standard User on that machine. The account runs under very restricted domain access so as to prevent any possible overspill from bad stuff on drives hooked up to it.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Partition Recovery Tool – Active@ Partition Recovery

This little tool may come in handy for those times when a partition just mysteriously disappears after a server or workstation reboot.

• Active@ Partition Recovery

Cost wise it is very reasonable for us to use here in the shop for any hard drive boot record work.

Hat Tip: Boon Tee

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer