It’s not your fault why you can’t fix your PC and here are the 10 reasons why!
The first reason is the most important:
- Computing wasn’t even taught when I was at school
- Your job didn’t require you to use a computer
- Technology moves so fast that no one can keep up with it
- Technology is really for young people
- You only want to do email and get on the internet
- You don’t know who to trust with all the scams around
- Trickery is everywhere
- You have a son or grandson that can sort you out when you need them
- You just want it to work
- You know lots of other things but computing doesn’t interest you.
Number 1 – Computing wasn’t even taught when I was at school
No only was computing not taught in my school but they would not allow pocket calculators into the math exam. The rationale was that we needed to know how to do mental arithmetic. Logarithms were the thing. Calculus needed to worked out by hand.
There wasn’t a sign of a computer in my school.
When they did get computers into schools they all seemed to be completely out of date so that didn’t help and most of the kids knew more that the teachers.
So you are completely correct it isn’t your fault you don’t know how a computer works.
This is just one of the reasons why you need to be considering upgrading you home IT support package to Bytesafehome Premium. This package covers everything you need from an IT supplier.
Number 2 – Your job didn’t require you to use a computer
Jobs in the 70’s and 80’s didn’t require you to use a computer so you were not going to get much experience of a computer for that fact alone. I recall that in the 80’s there was a fear that using computers would loss typing jobs. There rumors of the typing pools not being needed because word processing was going to take over. In some ways that happened but not the job losses, they just got deployed elsewhere in the organisation and the managers had to learn how to two finger type.
When computers started to come into service they cost around £3000 which must translate to about £ a million (or so it feels like). They were not on every desk, computers in companies were reserved only for specific jobs – like accounts.
Things have really changed in so far as most jobs require the use of a computer.
Number 3 – Technology moves so fast that no one can keep up with it
Very true. I will be honest if I wasn’t working in my IT Support company I would be mucking about with a computer somewhere else. I use them in the evening, when I wake up – all the time. I love them, I read books on them, I read magazines about them and I’m passionate about them. This is not like work for me so keeping up with the latest technology is just not a problem for me, it is something I enjoy.
I know that is a bit odd but I’m OK with that.
That said, the pace at which technology moves on is unbelievable. At one time computers were doubling in their speed every 18 months. New processor, new RAM speeds and sizes, Solid State disks, USB 3 even now USB C. Everything changes and it changes all the time. We quoted £2600 for a particular graphics card the other day, this graphics card has so much processing power it beggars belief.
You do not need to know all that to use a computer today. Just plug it in, use it. If you have a problem then just call us for support. I specifically designed our Bytesafehome support packages for the very reason that most people can’t keep up with technology. You don’t need to, you just need to trust that we have it covered for you. Our support packages are not free but they represent real value from people that you can trust.
Number 4 – Technology is really for young people
Yes and No. Yes, I’m in my late fifties and I’m young and no, not all young people are any good at technology apart from checking their smart phones.
If you were brought up on a diet of smart phones, tablets, laptops and desktops then maybe you would be really into them. So in a way technology is for young people but it’s really about an era. The information era is here and it’s not going to go away anytime soon.
I’ve seen most young people not admit they don’t know about technology when they don’t and I see that they are not really intimidated by technology either. I have talked to many a person that has said “I know know anything about technology” when in reality they know just the same as young people.
Number 5 – You only want to do email and get on the internet
If I only want top get some shopping once a week you don’t really want to understand how to service your car.
Starting your computer, checking your email and getting on the internet is not a complex operation for a computer. If this is all you want to do then you are not going to get a lot of experience if the whole thing goes wrong.
Do you want to know how I learned about computers? Do want to know how I can fix them so quickly and taught my staff to fix them? I found out everything when something went wrong. The difference was that I was prepared to stay up until 3 in the morning to get it fixed. Those early days set me up with the knowledge that I still use today.
We don’t think of computer engineers as crafts people but when I look at the progress of my son Martyn who works in the business, he knows how to fix computers even better than me now because he did the same. I may have given him some clues on some of the problems but mainly he had a lot of patience and stuck at leaning it.
Some of the issue that we solve are really complex but because we have done it so many times before we can do it quickly.
Number 6 – You don’t know who to trust with all the scams around
I am astounded by the amount of criminal activity around the internet. If you have read anything from me in the past you will know I have written about Cybercrime and have had some speaking engagements talking about the subject. I have personally spoken to a person that lost £27,000 of his savings through an Internet scam.
I’m going to make this really simple for you. You do have to put your trust in someone. Personally I think that as a company we have been in business for 21 years, we have a good reputation and we will look after you. You can come in and talk to us. The same people that serve in the shop or visit your business are the same people that connect up remotely. We are not strangers and we haven’t been around for 5 minutes. We respect your privacy and wont look at any personal stuff.
Whilst we are a small company we have designed some packages that means that we can deliver great value for money and keep you safe from scam. I’m getting to really dislike the scam artists. They were portrayed as lovable rogue but when they target pensioners and steal their money they are low life.
Number 7 – Trickery is everywhere
Every time I have seen the trickery of a computer scam which actually works it has been because something happen by luck.
I had a very experienced computer user that regularly got hundreds of rogue emails actually fall victim by being tricked by a UPS delivery infected email. He had these types of emails every day and they had never posed a problem to him before. Because he was waiting for a delivery and because it was something he really wanted and because the email suggested to him that it was late – he went and opened and email. This was something that he would never normally do. Just a moment off of his guard and he had been infected.
Little wonder that we get people come in with lots of problems on their home computers.
You could get protected with our Bytesafehome Premium package.
Number 8 – You have a son or grandson that can sort you out when you need them
Most of us know of people that are great at technology. They just seem to know what they are doing including fixing the TV working out how the HDMI leads go together. They even know about Apple and the iPAD. When it comes to computer they also know how to download and install programs like free anti-virus. If they are living with you or are on call all the time I don’t see a real problem if you rely on them and they have a busy life themselves then you could be a burden. All of our customers have sons and grandsons and they use us because of our professional expertise.
Number 9 – You just want it to work
Technology should just work but in fairness, it is quite complex and there is a lot to go wrong. Sadly you just wanting to work doesn’t really help when it comes to working out why your email isn’t coming in or sending.
Most of the work we do here is I’m afraid quite boring. We spend most of our time getting systems to be reliable, whilst that isn’t that exciting but it is what our customers have been telling they want from us. You can do without the excitement of virus infection or failed backups or.. you get the picture.
Number 10 – You know lots of other things but computing doesn’t interest you
This is something that we respect. We do not think of ourselves as really clever and knowing something that you don’t know. My whole company would have collapsed years ago if all my customers were computer experts. We need people that are not interested in computing and want us to fix their problems.
My dad was a diamond sorter. Every day he measured, graded and recommended where was the best place to cut the diamond was. He told me that he learned something every day about diamond sorting. I on the other hand know nothing about diamond sorting and to be honest I don’t really want to know either.
If any of the above list resonates with you then you might want to consider spending some money on a home IT support package so that you don’t have to be talked to like an idiot and you have a small personal company behind you every step of the way.
Upgrade to Windows 10 to stay clear of some viruses.
A very interesting Microsoft announcement this week about the encryption virus that is infecting external drives including pen drives.
Microsoft are suggesting that you upgrade to Windows 10 to stay clear of some viruses. The main area of concern is that these devices are normally used for backup. That means if your backup is unavailable then you are in a very dangerous position. Files on these devices were already being encrypted with other viruses.
Microsoft were saying that it only affects operating systems below but not including Windows 10. I find that announcement quite disturbing. If it is true then it will only be a matter of a few short weeks that before Windows 10 machines will also be affected.
I support Microsoft’s argument that you should upgrade to Windows 10. I’m in a strange position here because i really like Windows 10 and have installed it on all of my Windows devices but I am uncomfortable about the bias being shown by Microsoft. It almost seems that they are saying that users need to upgrade to Windows 10 because you get more protection from viruses. I wonder if they are using every argument possible for user to upgrade to Windows 10.
I think people should be given more of a choice and not pressured into upgrading, they create a clear resistance by applying pressure.
Microsoft has made it very clear that Windows 7 will be supported until 2020. It is a bit early to give up the struggle against virus writers with a full 4 years to go. Windows XP the old operating system which so being supported in 2014 is still being used. Windows 7 is used just about everywhere and it is far more widely used than Windows XP ever was. If they don’t help to support that operating system fully then I just see the virus situation going from bad to extreme.
Is this announcement from Microsoft going to push me towards upgrading? Probably no, but over time these kind of announcements will just mean that sticking to Windows 7 will make it more difficult.
If you are backing up using an external disk (USB) then the disk needs to change on a regular basis and daily is ideal. With Bytesafe Local Cloud Backup the worse case scenario you may not get the benefit from the hourly backup automated routine. You may have to revert to the retention policy of the cloud synchronisation. A layered security approach including mail filtering seems much more essential.
Dam it, workstation monitoring is very interesting.
At the heart of the Bytesafe agreement is the monitoring of the server and the workstation. Monitoring just isn’t that sexy, although I have tried my best to explain the fantastic benefits over the years.
I would even go as far to say that some of the monitoring checks could even be described as over the top. I have even heard some people say that they don’t think that monitoring on a workstation to be that useful.
Interesting will depend on your viewpoint but useful they certainly are.
We called an amazed customer this week, explaining that one of the checks had failed and it was the predictive disk failure.
“Just check your backups and we will replace the disk before it goes.”
I can’t tell you how much time and inconvenience has saved for that very busy business man.
I can tell you straight, we do not use a stethoscope on a computer. But we are making workstation monitoring checks every 30 minutes all the time the computers are turned on.
First thing in the morning there are also daily safety checks. These are like a “snapshot” in time of the health of the workstation. These in turn automatically form a workstation report that you can get sent to you weekly.
So are workstation monitoring checks really necessary?
Most viruses enter into the network via a workstation. That means if you are not monitoring what is going on, then you will not know what has hit you.
Monitoring checks are about predicting and informing you about a hardware of software failure – so you can do something about it on your schedule rather than fire fighting.
Last week we created a script for a workstation to check for the presence of Quicktime. If Quicktime is present it removed it and replaced it with the K-Lite codecs. That check alone could save an entire network in the future.
So much of our work is just that, preventative checks on workstations to prevent problems even happening.
Daniel, one of my techs called a customer this week to tell him that his machine had just filled up his disk and it had failed a check. That would render the computer useless and it would appear to have happened randomly. The symptoms would have been that the machine would close down and then on restarting, the laptop would work normally until it would again shut-down.
This man is a business owner who is on the road and brings in an astonishing amount of business for his company. The last thing he needs is a useless laptop getting in his way.
We solved the issue by removing some files and the drama was over.
My favourite top 10 workstation checks (In order of usefulness)
- Predictive disk failure
- Disk space check
- Virus or malware check
- Critical events check
- Vulnerability check
- Windows service DHCP client check
- Windows service Task Scheduler check
- Windows service Security Center check
- Windows service Windows update check
- Windows service BITS check
(We both know that the “Security Center” should be called the “Security Centre” and the “Network Neighborhood” should be called the “Network Neighbourhood” – but that’s Microsoft for you)
Apart from saving a customer from a potential disaster which is why the predictive disk failure check is my favourite all of the other save my customers time. They also save me time because when I match them with some computer behaviour they make the fixes so much easier. In some cases the troubleshooting could take hours instead of just minutes.
One of my customers has requested a report on the load of a server over a period of time. From that report we will be able to see where the bottlenecks are. It’s a science thing so it helps with decisions as to whether to replace the server or not. Depending on the success or otherwise of the process I am considering making standard practice to report on this every six months.
It is like a “ring of steel” stopping nasties from getting to your network.
Bytedefender uses a different strategy to keep your systems safe.
It does this by proving an extra layer of security (nothing is infallible) by stopping the nasties from reaching your systems rather than dealing with them when they arrive. That makes sense to me and hopefully you as well.
Our 7 day FREE trials of our Bytedefender and Intrusion Detection System are starting in June 2016, we will install the Bytedefender box so that it will block viruses and spam. In fact it does a whole lot more than that and I have detailed it later on in this blog.
Each Bytedefender box will be installed on a Monday and pulled out on Friday afternoon. After each trial we will give you the reports on what it has caught and how much it is going to be of value to you.
The Bytedefender box has many characteristics of a normal computer but it concentrates all its power on scanning and analysing data and it is optimised for that. But it does so much more that detect viruses and spam, just take a look at the other benefits.
You can get back in control with you network by specifying the types of websites that your employees visit, whether by type of website or specific websites. You can make it so some of your people are not affected by this. Did you want to ban Facebook? No problem. Gambling sites? Easy. Our web filtering allows you to control the places on the internet where you do not want people to go.
Perimeter virus detection
Rather than each and every workstation having to scan and ban attachments for viruses our system stops them at the door. The infection is actually being detected by a Linux based system and the viruses are designed to attack Windows based systems so the viruses are pretty much powerless.
The same happens with spam and you can decide whether or not it is analysing the messages properly. The software has to make decisions on the sender, the subject line and the content of the email and there are key words that it looks out for. If you want to increase the detection rate you can.
It has a specific and separate phishing prevention which means that it looks out for email that are designed to get your details. Again this is stopping it all at source.
It has an advertising blocker. On the subject of advertising pop-ups, these pop-ups, this is just going to get worse. I see that a lot of my customers that will have this system just will not understand how bad it can get.
We can even speed up your browsing by turning on a web cache which remembers web pages and delivers them more quickly to your screen. What you see is the web just being about 5 times faster than it normally is.
For advanced configurations we can also get the system to inspect all the SSL traffic too. SSL is encrypted traffic so that means the all conversations can be analysed. Determined employees that wish to circumnavigate the Facebook ban will be caught here. It gives you the ability to check on visitors, visitor that get the wifi key have to monitored and restricted in where they are going.
The best until last the is the Intrusion Detection System which analyses connect attempts ad works out if they are hackers or not.
So it is first come first served 7 day trial. If a Firewall and IDS will work for you the reports will say so – it’s an evidence based trial.
Windows 10 upgrade ends in July 2016
The deadline is coming up pretty soon. For home users it was a very easy decision, you could decide whether you wanted to upgrade from Windows 10 if you thought it looked like and operating system that you could use. For business users it was very different.
Windows 10 for business has been adopted a lot more slowly for good reason. Businesses have a lot of “mission critical” applications which have to work with Windows 10 or it would be wise not to upgrade. More than that there are a lot of third party software Vendors that don’t support Windows 10 just yet. That could be a deal breaker for you. It isn’t that difficult, all you need to do is a software audit.
However, if you don’t upgrade now you will have to pay for the pleasure after July 2016. Worse than that, you will get nothing extra. Windows 7 will come to an end (just like Windows XP) and you then will have to upgrade to Windows 10. That is only 4 years away.
I’ve used Windows 10 ever since it came out, I have it on my laptop and I have it on my mobile phone – I think it is a great system and it works well.
Teslacrypt publishes encryption key
In the most peculiar announcement I have ever seen.
A person or persons that have released a deadly virus and then they say sorry and release the key!
The makers of Teslacrypt which inflicted misery to thousands of people all over the world by spreading viruses and then demanding a ransom payment have said “sorry” and handed over the encryption key.
That will be little comfort to the thousands of people that have lost their data and maybe even their businesses. It is likely that the people that have lost their data have already deleted their encrypted files also.
That does not mean that encryption viruses have had their day, far from it. The latest virus called Locky id the most devastating virus that we have come across and there is no way back. I wouldn’t expect that an encryption key for that will be released.
Pwned? Have your personal details been stolen?
How would you even know if you have been pwned?
There is a lot of scary computer stories going on at the moment. In fact there are so many stories that the tendency is to ignore them.
Now you might be able to find out for sure.
Adobe got hacked and some 152 million accounts got into the hands of criminals.
Ashley Maddison were compromised. That was the website that was in the news because it listed married men and women that were on the site to have extra marital affairs. A total of 30 million people were on that list.
Mate1 was 27 million, 000webhosts 13 million, R2games 13 million, Gamigo 8 million, Lifeboat accounts 7 million and 4.8 million Vtech accounts.
The one that is very interesting because of the way that it was used was the TalkTalk security breach. Criminal gangs are sending out emails and to add a massive amount of credibility they also included your own home address in the email!
Imagine getting an email with your home address inside it. Maybe you are going to believe that one to be OK, after all how would they know your home address?
There are a few services that will tell you whether your security has been breached. I personally would look beyond the widely respected https://www.haveibeenpwned.com.
There is no charge to do this.
The site was started by Troy Hunt. Troy is a Microsoft Regional Director and MVP awardee (Most Valuable professional). He is also an international speaker and author of many security courses on Pluralsight.
Just enter your email address and it will be checked against a regularly updated database of known security breaches. The results are displayed within seconds. Details of any security breach along with the sites or services will be shown.
All the website needs is your email address it will not ask for any passwords.
I checked my email addresses and I am on at least one of these lists. (the adobe one).
So what should you do if you have been pwned?
Assuming you try this out for yourself and you’re unfortunate enough that a breach has been detected then it is as this point that you’ll probably quite quickly want to login to that site/service and change the password in question.
I’d also recommend doing the same for any other site/service where the same password has been used.
I would also look at check the domain part out. You can put the entire domain for your company to see if anyone has had a security breach.
In summary then.
Yes, there are some scare stories out there about computer security but here is one example of getting some facts for you personally. I hope you find it useful.
Quicktime for Windows end of life could cause you some real problems.
A lot has been said about QuickTime for Windows just recently (in the IT press). It is interesting it is an Apple program that is causing a security issue with Windows PC’s. If you haven’t heard, Apple decided to stop security updates for QuickTime for Windows,
Read about the trouble it has caused and how it affect you.
We have some advice for you.
We therefore advise that you remove QuickTime for Windows asap. Even if you have a need for the program we have a great workaround for you.
Sadly, Apple have decided to withdraw their support in February 2016 by abandoning security updates for the program but they didn’t tell anyone that they were planning to do this. The news was leaked through an Anti-virus software company. Worse than that Apple are still allowing the downloads of this program knowing that it is a security risk. The problems have just started with virus writers specifically targeting computers with QuickTime for Windows already installed.
It is as if Apple want Windows users to have virus problems.
Apple have previous for this and acted in a similar way when they decided to withdraw security updates for Safari for Windows their Internet browser.
Even the US government are advising everyone to un-install it. Whilst that seems a strange thing for a government to do, software with vulnerablilities in them are often a souce of infect and crime..
Users are vulnerable at the moment if they visited a website with some browser plug-ins with Internet Explorer or Mozilla Firefox. Those problem are set to get worse as the virus writers work out additional and more clever ways of infecting.
That is, advice for customers that DO NOT have our latest Bytesafe services because the advice is different for our Bytesafe customers.
Our Bytesafe customers will have Quicktime for Windows automatically uninstalled and a safe replacement installed. No other intervention is required, no discussion needs to take place.
The reason for this is that all of our Bytesafe products have a feature which scans your computer for programs that need updating. That’s not major programs like Photoshop but programs like Java and Adobe flash. These programs are updated to the latest version and then the latest security patches are applied.
It is this feature that we can ask to uninstall a program and to Install the K-lite codes system for you. We have tested this process and it works like a dream.
For everyone else in the world (Not Bytesafe users) you need to go to Programs in the control panel and select Quicktime for Windows and uninstall it.
If you had needed Quicktime to run any videos like mp4’s and there is no way around it then we suggest that you use K-lite codecs and we suggest that you installed it via the Ninite website just so you can guarantee that you get the right program.
We therefore advise that you remove Quicktime for Windows asap.
LOCKY Update (Main LOCKY article is after this update)
We said it could happen. (I’m presuming that you have read the main article )
We just didn’t think it would be so quick. You remember that we installed a script that would automatically shut down a servers ability to share files and therefore render them impossible to infect by the LOCKY virus.
Boy are we glad we did what we did.
You may remember it was just 2 weeks ago that I told you about a script that we had installed on your server.
I wonder if people think that we were going over the top? After all the whole blog was in excess of 2000 words, we had graphics, we had a list of instructions on how to combat it and even had a video on the subject. It took us an entire day to prepare the material.
Were we over the top?
Do you know what has happened since?
Having a dangerous virus is bad.
Having one that can infect with such ease is really bad.
This particular virus is a nightmare just waiting to happen and it kept us awake at night. In fact, I can confirm that we wrote the script based on the fact that we were so worried about our customer networks. It means we can sleep at night knowing that we have done all we can to prevent this virus from impacting on our customer’s networks.
So what happened for me to update this blog?
THIS IS WHAT HAPPENED
Our Bytesafe Sever Vault script caught a virus dead in it’s tracks.
Just exactly as we had outlined.
It happened to one of our customers and the person who’s “fault” it was tricked in opening an attachment.
I say “fault” because it is easy to get fooled, she was waiting for a document just like the one that was attached.
When she opened the attachment nothing seemed to happen and she thought it was nothing.
Meanwhile the virus wet about its business in a systematic way infecting and destroying data on the workstation. It later reached the server and was halted in its tracks.
But not before it destroyed 12 files.
After that the game was up.
Bytesafe Server Vault script stopped sharing the data and nothing more could be infected. We got the 12 files back from the backup.
We contacted the customer because the customer was unaware that anything had happened. We got notified from our system which monitors all the servers that we look after.
I am not surprised that the lady in question opened the file. It was completely related to her job.
This part of the blog no way encourages the paying of the ransom for the encryption key. I do not even know if the key can be provided and whether it would even work. What I do know is that the people asking for the ransom were asking for Bitcoin.
Bitcoin is a currency that is not traceable in terms of transactions but for some reason the ransom demand has now turned to iTunes vouchers and Amazon vouchers. I would imagine that anyone wanting to spend a lot on Amazon with Bitcoins would be flagged up as a possible criminal.
The virus writers have changed tack and are now demanding to be paid with iTune or Amazon vouchers.
So, the script that we deployed took just 2 weeks to catch the virus and stop it dead in its tracks.
Now for the main article.
LOCKY ENCRYPTION VIRUS – from today your server is being protected from this deadly virus. (Bytesafe customers)
LOCKY is a powerful virus. We are pleased to announce an additional security measure that we’ve already rolled out to all Windows based servers covered by either a ByteSafe Silver, Gold or Platinum agreement and all at no additional cost.
Read on if you want to know how to troubleshoot the virus.
The script was gathered from the Internet community and hand coded into a Power Shell script and then tested and deployed by Systems & Solutions.
This Power Shell command protects servers from the Locky virus and others.
We will give this script to others, including IT support companies to use upon request.
This new system, which we’re dubbing the “Bytesafe Server Vault” actively monitors a server and all its shared folders for the presence of files or file types commonly associated with known strains of Ransomware (e.g CryptoLocker, CryptoWall etc). In the event that a known file or file type is detected all access to shared files and folders is removed before the virus has chance to do any real damage. Then, once the infected computer has been safely removed from the network, access to shared files and folders can then be restored again while said PC is carted off ready for disinfection or wiping/reloading.
Ransomware is software that demands payment to reverse the damage that it does and is very profitable fro the criminals that write the code.
Ransomware tends to be polymorphic by nature
This means that it creates copies of itself with slightly differing names. This means that it can succeed in avoiding detection by antivirus software. Once infection has been achieved the virus works its way in the background. It encrypts your important files (pictures, documents, spreadsheets etc.) until the point at which its finished when it then holds those files to ransom, demanding your hard earned cash in return for the decryption key which is required to unlock your files.
Locky will also work its way through all network files and folders
If the computer affected is connected to a network, it will work its way through all network files and folders. It does this in seconds and the damage is devastating.
During March 2016 we got to learn a lot about a new strain which goes by the name of “Locky” (yes, the same virus that hit the three hospitals in the States). We had two customers were hit and in both cases being able to restore all encrypted files from backups because we had an hourly backup regime. Things could have been a whole lot worse. While we were able to neutralize the threat and clear up the damage it had left behind it was nonetheless, disruptive and costly to the customer in terms of time.
We began looking into new ways in which we could prevent these types of attack from occurring in the first place. By the following week “Bytesafe Server Vault” was created from commands on the Internet put together into a Power Shell script.
Bytesafe Server Vault waits and checks for files created by the LOCKY virus and others. When it finds one, it shuts down the servers ability to share file. This means that the damage is minimal and the disruption to the business us negligible. We tested it on our systems before deploying it to all our customers servers. One problem we had was our monitoring system tries to automatically restart the service. We change the script to disable to the service which means that it survives even after a reboot.
It’s important to note that the best protection from viruses and other internet born threats is one consisting of a layered approach with Bytesafe Server Vault that final layer.
Head of Tech Support
We will share the Power Shell script with anyone that requests it. Here is our suggested approach on what to do should anyone detect the .LOCKY virus on your network server:
Solving the LOCY Virus on a large network.
- Find out that files are being called .LOCKY
- Get them to disconnect the network (hub)
- Get onsite and get onto the server
- Look at the properties of a .locky file, find out the user who changed the files and at what time were they changed
- Check over others if times are vastly different
- Identify that machine by the user
- Start that machine up disconnected from the network
- Identify the email that came in around that time
- Confirm the time that you need to working with
- Turn the network switch back on
- Restore files from backup. Select all files that have change or are new from the infected time
- Re-image the workstation, don’t bother to try an cleanse the virus
You are generally going to get a call from a customer says that they have discovered some strange files and their own files have disappeared.
You need to stop the infection spreading all over the network and I suggest that you do this by turning off the network switching hubs. They could be in the data cabinet – just power them down. That means that there is no communication between computers.
You can only do this by getting onsite. Remote access is no good now. Infection can be spread to any open shares on the network. If you tightly manage this than no real problems but be on the safe side and pull the plug on the network switch. This is an urgent issue and a “4 hour” response time will not be good enough in these circumstances.
Find the affected shares on the server and check over the properties of the infected files. The will have been modified by a particular user. Note the time they were modified. Check over more files just to see if there is more than one workstation infecting the files.
If the times are vastly different you could be looking for an additional machine or two that is also infecting but that would be unusual.
You should be able to identify which machine that user was using. I had a confusing situation when I found out that that same user was logged on to two different machines.
Point 7, 8 and Point 9
Check over the machine that is infecting all the files and go into Outlook and work out which email caused the damage and check that the times match. You can also run some anti-virus tools that will detect and destroy the process that locky is using.
It is safe to turn the network switch back on. The network will operate normally but you may have to reboot the workstations.
You have to restore the files from backup. The easiest way to do this is to find the most recent backup, mount it on the server and then Xcopy the files back by selecting missing files or newly created files. That means that you will only be restoring the corrupted files and not over writing files you don t need to. It will be quicker too.
Over time it maybe possible to cleanse this nasty virus from a workstation and for it to not come back. My advice would be to re-image it and start afresh. The virus writers are very clever and the virus changes on a regular basis, you do not need to take a risk when you can just re-image it.
Please watch the video on the subject:
There are 5 steps you should have in place already
- Mail filtering so you don’t emails containing the virus
- Up to date Office software so you don’t release the VBA code in the word attachment
- Free LOCKY protection available from Bitdefender.com
- Bytesafe Server Vault script
- Hourly local and then cloud backups
Mail filtering costs money every month and it is worth it. By not having the virus entering into your system in the first place means that your staff don’t have to be so on their guard. The social engineering that the virus writers use is proven to work so don’t take the risk.
Word 2010 had an in built function that you had to “enable editing” on attachments that came through the email system. The code cannot be released unless you enable editing. That was the reason why Microsoft put it in pace as an extra feature some time ago. I do however remember customers complaining about it!
This software is free to install on workstations. It is a good idea to deploy it. https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/
Run the Bytesafe Server Vault script on your server and then run the “updater” script.
Invest in hourly backups and have them synchronised to the cloud or off premises.
The virus writers are always going to be a threat and one day even hourly backup may not be enough. Data loss still may be possible even with all these approaches. It does give you maximum protection now.
Exchange 2013 update
The Exchange 2013 update just like every other Microsoft recommended update should be applied.
Except for ones that breaks the server!
It’s just that you have to know which ones break the server. We have a technician that goes through the Microsoft updates and researches them for any issues. It is time consuming work but this week it paid off handsomely.
Microsoft made a .NET framework Exchange 2013 update a recommended update. The consequences of have a recommended upgrade on an exchange server that then breaks the exchange server. I think you can guess the consequences of an Exchange server going down.
Just to be clear it affects the Exchange 2013 update and Exchange 2016 update.
My credentials for writing on this subject are that we provide high quality managed service agreements to a small number of heavily dependent customers. Our company has been going since 1995 and we aim, whenever possible to prevent issues happening. Microsoft have been very forthcoming on the issue and have a resource here.
This event takes me back to the old days of not applying windows updates because of the blue screens that they used to cause.
How we deal with Microsoft updates and why?
Our Bytesafe monitoring agreements amongst other things include monitoring on the services of the servers and workstations that we look after. One type of monitoring alerts is the vulnerability check which alerts our engineers if it fails. Missing patches over a certain time would fail that check for us.
The same would be true of this Exchange 2013 update.
We hold back the updates and inspect each and every one of them. We do not apply them straight away and wait to see that they are safe. We are starting to be more and more cautious when it comes to approving the Microsoft updates. Incident like this one completely vindicate why we do that.
Now to the details of this “recommended” update that can break an Exchange server 2013 or 2016.
It appears that you can get your system back from this problem by rolling back the update and re-installing the previous version of .NET framework.
My issue with would be how the issue would be reported by a customer at the IT support desk.
Our standard monitoring checks are not going to report it because a service doesn’t stop. The only check that could help would be our custom check “mail in mail out”. That custom check sends an email in to a target exchange server and then gets it back. If the test email doesn’t arrive then the custom check fails and we get alerted.
I’m still wondering what would have happened if we let this update through to all the servers that we look after. Where we would start to work out what the problem was. The likelihood of an error just after updates have been applied would have alerted the engineers to what the issue could be with an update. A search of all the updates applied would lead us to information and possibly this Microsoft Article.
With response times and that process we would possibly talking abut a couple hours at worst. I certainly prefer my resolution which is not to have the problem in the first place by delaying the application of all updates including recommended updates for a few days whilst we check. The problem of course would be for all our server so we have several unnecessary support calls at the same time. I call that stress.
This is going to happen again.
If you are responsible for the maintenance of an exchange server or any other server I suggest that you have this delay policy when applying updates. All of these facilities are included with our Bytesafe Monitoring agreement.
If you would like details of our Bytesafe Agreements then please email email@example.com
Upgrade to Windows 10 pro
My credentials for writing this article on “upgrade to Windows 10 pro” come from my company upgrading hundreds of Windows 7 and 8 computers. We have upgraded everything from simple net-books, laptops, desktops and powerful cad systems. We have upgraded from Windows 7 home, pro, enterprise and ultimate.
We have learned a lot in that time and I certainly feel qualified to recommend a company with mission critical applications to take the plunge and upgrade.
Did the upgrade to Windows 10 pro go well?
Certainly not! Some of them were a nightmare. Prepare and study as much as you like in this business but you will still come across problems that you can only fix from people that have contributed on the Internet.
You will see the image to the side for 30 days after you have upgraded. We consider it failure to have to use it.
Why should I upgrade to Windows 10 pro?
One major reason for upgrading to Windows 10 pro is that the upgrade itself is FREE. Microsoft are allowing the upgrade after their mid-life crisis that was Windows 8.
It keeps you up to date with the latest standards for operating systems and will be fully supported. You will have to upgrade at some stage so a planned upgrade is better than a forced one.
Windows 10 pro has some excellent, automatic and secure ways of connecting to your office computer network. Remote working is going to be more important in the future.
It’s a good idea where possible to keep everyone on the same operating system. This will reduce support costs for the future.
You will be joining 200 million other users (yes this is big) and that means that you cannot be considered an early adopter. Most people wait until the bugs have been ironed out – they have.
When should I upgrade to Windows 10 pro?
When you have had a proper evaluation of your current software and before the July 2016 deadline. Just like a tax return there is no point in waiting until that date as we will surely be inundated with requests to upgrade lots of company system. Book early to avoid disappointment!
Microsoft have some more information on the subject of “upgrade to Windows 10 pro” here
I hope this blog was informative, drop me an email if you want details of our bulk upgrade offer.
Windows 10 upgrade stuck – not a good start!
When Windows 10 upgrade stuck happens to you the most common cause is the machine not being able to fetch to the new build or the updates.
It is all well and good to know what is wrong but that often doesn’t help to fix the problem!
One thing to note is that the Windows 10 upgrade can take a very long time. It can appear the the Windows 10 upgrade is stuck but the reality is that often it is very slow. Our technicians have know a Windows 10 upgrade to take 5 hours in total.
I say this so you wont fix the Windows 10 upgrade stuck problem if it is just a slow upgrade. You might need more patience.
That wasn’t something that we expected when we first started to upgrade machines for customers.
The whole process of Windows 10 upgrades has been quite strange. They can go through without many issues whilst others can be a complete nightmare. The most shocking thing is that the anti-virus software often needs to re-installed and if you don’t notice that one – it could be too late.
The problem being though is that the Windows 10 upgrade stuck means that it will cost more to put it right than to do the upgrade in the first place.
“Windows 10 upgrade stuck” was the number one complaint we have had from our customer when they attempted to upgrade themselves.
These are fixable though. The process that we would go through would be to cut the internet connection, stop the windows update service, delete the installation files from the software distribution download folder, correct the error and start the process again.
Microsoft have their own help page on the subject which can be found here.
I know why you didn’t ask my company to call out and upgrade all your machines – it would cost a lot of money.
Those are the problems but what are the solutions?
At this moment I haven’t worked out a complete solution to the problem but there must be one.
I will consult with my engineers to see if we can work out how to upgrade groups of machines at more of an affordable rate.
In fact I will have something to announce by the end of February 2016 I’m sure.
If you are interested in having your Windows 7 professional or Windows 8.1 computers upgraded then please register your interest by emailing me. firstname.lastname@example.org