OnGuard SAVED company from rogue employee

Posted on
Bulldogtech onguard remote backup

November 2018. A Brooklyn business opens for their usual days work. Employees go about their morning activities preparing for the work day. Upon starting their computers, they begin to log into their emails and fire up their software applications. One employee after the other gets similar error messages “file can’t be found” when they try to access their data. They notify management who also receives the same errors.

Bulldog Tech receives the tech call. After we remotely log into the systems, we find their entire servers data drives have been formatted! All their data has been erased! After further investigation, we found that special software was loaded onto the server that not only removes the data but security wipes the system making it nearly impossible to recover using recovery software.

Further investigation of their router logs (all server logs were erased) shows at 2:31am the previous night, an IP logged into the server using remote desktop ports. Reviewing the server we indeed found remote desktop enabled – a security risk in itself. Reviewing the finding with the owner, he realized that he released a long time employee recently – not on the best of terms. Is it possible this employee logged into their system and erased the data? Why was not all passwords and remote access turned off after termination? Good questions owner could not answer nor though of.

What again could have been a major disaster was quickly rectified by OnGuard Remote Backup! OnGuard Remote Backup was able to restore all customer data quickly and put them back in business!

We discussed with owner to use our additional services of OnGuard Defender, and security auditing as well as put in place an employee manual that addresses items upon termination. Basically a security checklist! Its your business, only you can protect it!

Call us Today: 718-921-6159

sales@bulldogtechinc.com

 

 

 

Plumbing Company Becomes Encryptionware Victim

Posted on
Bulldogtech onguard remote backup

We received a call this week from a long time customer, a plumbing company that relies on SAP software to conduct their business; stating they could not access their server drive. Theyre business was stopped in it’s tracks.

Encryptionware garbled (encrypted) all the data including their SQL databases. We instructed them to immediately power down the system while we logged in to each workstation and ran a full virus scan. We found one of the receptionists initially was infected via an email attachment (via AOL), which executed code that scanned for accessible drives and encrypted any data found.

This customers business was stopped! Their service techs did not have access to their stops, accounting data was lost and the local attached backup drive was found to also be encrypted.

What could have been a major disaster, was mitigated by Bulldogs OnGuard Remote Backup. After our technicians reloaded the main server, ONGuard was able to recover all data files & SQL databases within 20 hours from the previous nights backup.

After less than a day, our customer was back in business thanks to OnGuard backup.

As a result, we discussed with the customer to migrate away from AOL email and move to our secure exchange servers as well as use our OnGuard Defender package to help mitigate future attacks.

This was a Win-Win for all!

If your data secure? Learn more about our OnGuard Remote Backup and protect your company today!

Call Us: 718-921-6159

sales@bulldogtechinc.com

Several Medical Offices Affected By AllScripts Hack

Posted on
Bulldogtech onguard remote backup
Malware strikes again! We recieved numerous calls this week from several healthcare providers who use allscripts. We sent our technicians out to do a site inspection and found every single machine infected with encryptionware. Luckily for the Doctor, the operating system was not heavily damaged, and we were able to successfully clean the boot volume of any infections. Their data unfortunately was encrypted requiring a full data restoration of their patient data, office documents, and EMR databases via Onguard Remote Backup. We initiated the restore process and within 12hrs all data was present, and all applications functional. Another OnGuard Success Store Is your data protected? Call us: 718-921-6159 sales@bulldogtechinc.com

Bulldog Tech Restores Encrypted Server

Posted on
Bulldogtech onguard remote backup

OnGuard Remote Backup saves another long time customer! One morning we received a call from a fabrication company, unable to access their billing system, driven by SAP software. We found they were hit with the Ransom.CryptXXX (WannaCry) attack, causing complete encryption of all data, and critical operating system files.

We acted quickly to get them running again. First we picked up the server, reloaded the operating system and began a full system restore using OnGuard Remote Backup. We reviewed there security policy, and disabled remote access using insecure remote desktop. 

OnGuard emote Backup saved their data and put them back in business as if nothing happened!

OnGuard Remote Backup is typically installed to the main server, set to back up the network shared volume, or volumes, which typically contain any business related documents, scans, databases, etc. OnGuard runs on a nightly schedule, first scanning for any changed files, then sending the date to our secure remote storage vault.

OnGuard has been wildly successful in instances where all volumes are destroyed from an Encryptionware type exploit. With no indication these types of threats will subside, having and testing a backup solution regularly is the only way to avert disaster.

Are you protected?

Call Us: 718-921-6159

Sales@Bulldogtechinc.com

If your Windows De-Activated, Bring it in

Posted on

By by Danny Bradbury, Sophos

Microsoft Windows 10 users were left livid late last week after Microsoft mistakenly told them that their licenses were invalid.

On Thursday, Windows 10 Pro and Enterprise customers began complaining online that Microsoft was declaring their license keys invalid. The users, who confirmed that they had legal copies of the operating system, were told that they were actually using Windows Home. When they checked, the Pro version was still installed.

The problem led to Windows deactivation, according to some:

My digital entitlement is gone from my Microsoft account and I have a Windows 10 Home key now. Windows is deactivated because I went from Windows 10 Pro to Home and it doesn’t match anymore.

The issue affected both Pro and Home versions of Windows 10 that had been upgraded from earlier versions of the operating system, along with clean Windows 10 installs, according to posters on Reddit.

One Windows user reported that purchasing a Windows 10 Pro key in the Microsoft store was listed as an option for him, even though he had already upgraded to Windows 10 Pro years ago. When he tried to repurchase the key, it would not let him.

Customers were confused by what seemed to be inconsistent responses from Microsoft. Microsoft Support’s Twitter account denied any knowledge of a problem with Windows activation:

It then fell to a mixture of customers and volunteer moderators to tell the rest of the customer base what was happening. One of them posted this response from a Microsoft live chat support agent:

I am very sorry to inform you that there is a temporary issue with Microsoft’s activation server at the moment and some customers might experience this issue where Windows is displayed as not activated. Our engineers are working tirelessly to resolve this issue and it is expected to be corrected within one to two business days.

An actual Microsoft employee then commented on the customer’s post to offer an official explanation, and a volunteer moderator on the company’s forums also stepped in to relay information about the issue.

By the end of the day on Thursday, the company had indeed fixed the problem, according to reports.

Users also said that they were able to run the Activation Troubleshooter program manually to fix the problem if Microsoft’s changes didn’t correct it automatically.

Some customers were irked by Microsoft’s regular online checks for operating system legitimacy. “And someone please once again explain why DRM for an operating system was a good idea?” quipped one. Another complained that Microsoft had created a system to deter pirates with its regular online checks but ended up causing trouble for paying users.

Unfortunately, this isn’t the first time that Microsoft has let users down with its constantly connected operating system, which also offers the ability to install updates automatically for users. Just last month, the company had to stop offering its October 2018 update after users complained that it was deleting files.