Plumbing Company Becomes Encryptionware Victim

Posted on
Bulldogtech onguard remote backup

We received a call this week from a long time customer, a plumbing company that relies on SAP software to conduct their business; stating they could not access their server drive. Theyre business was stopped in it’s tracks.

Encryptionware garbled (encrypted) all the data including their SQL databases. We instructed them to immediately power down the system while we logged in to each workstation and ran a full virus scan. We found one of the receptionists initially was infected via an email attachment (via AOL), which executed code that scanned for accessible drives and encrypted any data found.

This customers business was stopped! Their service techs did not have access to their stops, accounting data was lost and the local attached backup drive was found to also be encrypted.

What could have been a major disaster, was mitigated by Bulldogs OnGuard Remote Backup. After our technicians reloaded the main server, ONGuard was able to recover all data files & SQL databases within 20 hours from the previous nights backup.

After less than a day, our customer was back in business thanks to OnGuard backup.

As a result, we discussed with the customer to migrate away from AOL email and move to our secure exchange servers as well as use our OnGuard Defender package to help mitigate future attacks.

This was a Win-Win for all!

If your data secure? Learn more about our OnGuard Remote Backup and protect your company today!

Call Us: 718-921-6159

sales@bulldogtechinc.com

Several Medical Offices Affected By AllScripts Hack

Posted on
Bulldogtech onguard remote backup
Malware strikes again! We recieved numerous calls this week from several healthcare providers who use allscripts. We sent our technicians out to do a site inspection and found every single machine infected with encryptionware. Luckily for the Doctor, the operating system was not heavily damaged, and we were able to successfully clean the boot volume of any infections. Their data unfortunately was encrypted requiring a full data restoration of their patient data, office documents, and EMR databases via Onguard Remote Backup. We initiated the restore process and within 12hrs all data was present, and all applications functional. Another OnGuard Success Store Is your data protected? Call us: 718-921-6159 sales@bulldogtechinc.com

Bulldog Tech Restores Encrypted Server

Posted on
Bulldogtech onguard remote backup

OnGuard Remote Backup saves another long time customer! One morning we received a call from a fabrication company, unable to access their billing system, driven by SAP software. We found they were hit with the Ransom.CryptXXX (WannaCry) attack, causing complete encryption of all data, and critical operating system files.

We acted quickly to get them running again. First we picked up the server, reloaded the operating system and began a full system restore using OnGuard Remote Backup. We reviewed there security policy, and disabled remote access using insecure remote desktop. 

OnGuard emote Backup saved their data and put them back in business as if nothing happened!

OnGuard Remote Backup is typically installed to the main server, set to back up the network shared volume, or volumes, which typically contain any business related documents, scans, databases, etc. OnGuard runs on a nightly schedule, first scanning for any changed files, then sending the date to our secure remote storage vault.

OnGuard has been wildly successful in instances where all volumes are destroyed from an Encryptionware type exploit. With no indication these types of threats will subside, having and testing a backup solution regularly is the only way to avert disaster.

Are you protected?

Call Us: 718-921-6159

Sales@Bulldogtechinc.com

If your Windows De-Activated, Bring it in

Posted on

By by Danny Bradbury, Sophos

Microsoft Windows 10 users were left livid late last week after Microsoft mistakenly told them that their licenses were invalid.

On Thursday, Windows 10 Pro and Enterprise customers began complaining online that Microsoft was declaring their license keys invalid. The users, who confirmed that they had legal copies of the operating system, were told that they were actually using Windows Home. When they checked, the Pro version was still installed.

The problem led to Windows deactivation, according to some:

My digital entitlement is gone from my Microsoft account and I have a Windows 10 Home key now. Windows is deactivated because I went from Windows 10 Pro to Home and it doesn’t match anymore.

The issue affected both Pro and Home versions of Windows 10 that had been upgraded from earlier versions of the operating system, along with clean Windows 10 installs, according to posters on Reddit.

One Windows user reported that purchasing a Windows 10 Pro key in the Microsoft store was listed as an option for him, even though he had already upgraded to Windows 10 Pro years ago. When he tried to repurchase the key, it would not let him.

Customers were confused by what seemed to be inconsistent responses from Microsoft. Microsoft Support’s Twitter account denied any knowledge of a problem with Windows activation:

It then fell to a mixture of customers and volunteer moderators to tell the rest of the customer base what was happening. One of them posted this response from a Microsoft live chat support agent:

I am very sorry to inform you that there is a temporary issue with Microsoft’s activation server at the moment and some customers might experience this issue where Windows is displayed as not activated. Our engineers are working tirelessly to resolve this issue and it is expected to be corrected within one to two business days.

An actual Microsoft employee then commented on the customer’s post to offer an official explanation, and a volunteer moderator on the company’s forums also stepped in to relay information about the issue.

By the end of the day on Thursday, the company had indeed fixed the problem, according to reports.

Users also said that they were able to run the Activation Troubleshooter program manually to fix the problem if Microsoft’s changes didn’t correct it automatically.

Some customers were irked by Microsoft’s regular online checks for operating system legitimacy. “And someone please once again explain why DRM for an operating system was a good idea?” quipped one. Another complained that Microsoft had created a system to deter pirates with its regular online checks but ended up causing trouble for paying users.

Unfortunately, this isn’t the first time that Microsoft has let users down with its constantly connected operating system, which also offers the ability to install updates automatically for users. Just last month, the company had to stop offering its October 2018 update after users complained that it was deleting files.

Friendly Reminder, The Real Microsoft Will Never Call You

Posted on

Microsoft cracks down on tech support scams, 16 call centers raided
Read Article at Sophos

More than 100 Indian police swarmed 16 tech support scam call centers in Gurgaon and Noida last week, arresting 39 people for allegedly impersonating legitimate support reps for companies including Microsoft, Apple, Google, Dell and HP.

The day after the raids, which were carried out on Tuesday and Wednesday, Microsoft said that it has received over 7,000 victim reports from customers in more than 15 countries who’ve been ripped off by the call centers.

This is the second of two recent, big raids on Indian tech support scammers. In October, after Microsoft filed complaints about customers falling for pop-up messages that lied about their systems being infected with malware, Indian police raided 10 illegal call centers and arrested 24 alleged scammers.

In that second raid, law enforcement seized a wealth of evidence, including the call scripts, live chats, voice call recordings and customer records used to run the scams.

Read More