7 Facts about WannaCry ransomware

7-Facts-About-WannaCry-Ransomware

On Friday, 12 May 2017, a ransomware attack called WannaCry ran riot. Within a day this massive global cyber extortion attack crippled more than 230,000 computers in over 150 countries and left others scrambling to protect themselves. It hit Britain’s National Health Service, Spain’s Telefónica, FedEx, as well as many other countries and companies worldwide, leading to PCs and data being locked up and held for ransom.

What is it, why is this happening, and how to defend against WannaCry and other ransomware? Here are 7 facts organizations must be aware of.

1. What is WannaCry and how does it work?

WannaCry is a piece of ransomware first spotted by security researchers MalwareHunterTeam, at 9.45am on 12 May. It is also being called WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.

This ransomware exploits a known vulnerability in Microsoft Windows operating system and it is believed to be using tools developed by the United States National Security Agency (NSA) that was leaked by an anonymous group calling itself “Shadow Brokers” in April.

The infection initially takes place through an exposed Server Message Block (SMB) port of a computer, then it uses the vulnerability to spread out to random computers on the Internet and laterally to computers on the same network. Once WannaCry takes hold of the computer, it then encrypts files, locks the user out of the computer, and requests a ransom.

2. Who was behind the attack?

Attribution is tricky in the world of cyberwarfare. The Shadow Brokers, who said in April it had stolen a “cyber weapon” from the NSA, is being partly blamed for the attack. The hacking tool, called “Eternal Blue”, gives unprecedented access to all computers using Microsoft Windows. It had been originally developed by the NSA to gain access to computers used by terrorists and enemy states. It is reported that a separate crime group might have spotted this opportunity and updated the tool to attack the computers around the world.

Some experts examining the code have found technical clues they said could link North Korea with the attack. Symantec and Kaspersky Lab said on Monday some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.

3. How much money are they asking for and has anyone paid?

Wana_Decrypt0r_screenshot

A key feature of successful ransomware is that the ransom is usually a modest sum – far less than the cost of paying a team of security experts to try to defeat the encryption attack. WannaCry is asking for $300-$600 worth of the cryptocurrency Bitcoin to unlock the contents of the computers. If victims did not pay up quickly, there is a threat that higher payments would be demanded.

Despite the widespread infection, only a small number of payments have been made. CNBC reports that payments have added up to just $50,000 worth of bitcoin payments, but the financial damage to victims around the world will be several orders of magnitude higher by the time all is said and done. Security experts continue to urge victims to not pay the ransom fee.

4. Will paying the ransom really unlock the files?

Sometimes paying the ransom will work, but sometimes it won’t. Security analysts say that over 200 of the WannaCry victims who promptly paid the ransom have gotten their data back. However, cybersecurity experts advise against paying the ransom, noting that historically only about two-thirds of compliant ransomware victims get their data back after meeting hacker demands. Microsoft also stated in the FAQ of ransomware that “there is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.”

5. What has Microsoft done to tackle it?

Microsoft stated that it had already released a security update to patch the vulnerability exploited by the ransomware. On 12 May, a Microsoft spokesman said its engineers had provided additional detection and protection services against the WannaCry ransomware and that it was working with customers to provide additional assistance. The spokesman reiterated that customers who have Windows Updates enabled and use the company’s free antivirus software are protected.

6. Will it continue to spread?

A British cybersecurity researcher has discovered a “kill switch” that can temporarily prevent the spread of the WannaCry ransomware. The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

However, it did not take long for new versions of WannaCry to appear after the kill switch code was removed.

7. How organizations can protect themselves?

Once ransomware has encrypted your files there’s not a lot you can do. The first line of defense against WannaCry is installing the latest Windows security updates. Resolving the flaw that allows this virus to propagate is vital.

Although WannaCry does not appear to have relied on phishing emails to spread, most ransomware viruses do, so another crucial tip is to avoid opening suspicious attachments or clicking mystery links in emails.

As ransomware encrypts data, the best defense against ransomware attacks is to maintain good backups of valuable data. In case a ransomware strikes, the system can be cleaned off, and a safe backup copy of the data can be restored. Backups of important data should be kept safe from contamination, so the best protection strategy is to store the backup data in multiple remote and cloud destinations.

Looking ahead, there will only be more rampant ransomware threatening organizations and individuals worldwide. It is now imperative for everyone to start backing up their computers in order to survive from the next waves of ransomware attacks. Just drop us a message if you would like to know more about offering backup solutions to your customers.

Sources: The Guardian, The San Diego Union Tribune, The Telegraph

Back up Your Customer’s WordPress Site in 2 Steps

Back-up-Your-Customers-WordPress-Site-in-2-Steps

Having a current backup of your customer’s WordPress website hosted by you is critical for protecting their websites against disastrous data loss or corruption initiated by the top 5 security issues in WordPress. There are two parts to back up an entire WordPress Site: Database (MySQL database) and Files. With Ahsay backup solution, you are just 2 simple steps away from completely safeguarding your customers’ WordPress sites.

WordPress MySQL database backup

On AhsayOBM client backup application, create a MySQL database backup set (free add-on module) to back up your customer’s WordPress database. After proper configuration, the database will be backed up to your selected destinations, such as your AhsayCBS backup server, local storage or public cloud storage, according to the defined backup schedule.

WordPress site files backup

On AhsayOBM client backup application, create a file backup set (free add-on module) to back up WordPress site files, such as WordPress core installation, plugins, themes, images, JavaScript and PHP scripts, and other code files that is under the folder you installed WordPress. After proper configuration, the WordPress site files will be backed up to your selected destinations, such as your AhsayCBS backup server, local storage or public cloud storage, according to the defined backup schedule.

Even if hackers, server crash or user errors completely wiped out your customer’s WordPress sites, you can still quickly restore their most recent WordPress database and files from the secure backup destination with ease.

How it works

Suppose you have your own AhsayCBS backup server up and running, and AhsayOBM client backup software installed on your web server that has WordPress and MySQL database running on it. All you need to do is to create 2 backup sets mentioned previously.

For example, I have a WordPress site, My Ahsay Blog, with site files installed on  D:\wordpress. I have create a database called “blog” in MySQL for storing WordPress data.wp-01 wp-02 wp-03

Let’s see how to back up this site.

Create a backup set for backing up WordPress MySQL database

Login to your AhsayOBM client software, click on the Backup Sets button.
Create MySQL backup set in AhsayOBM client backup software

Create a MySQL Backup Set. Enter the MySQL login info and the path to your mysqldump. wp-05

Select the WordPress database node.wp-06

Setup the backup schedule for automated backup. Here, I  created 2 daily backups. If the site has content updates frequently everyday, then you can create more frequent scheduled backups.wp-07

Setup the backup destination. For demo purpose, I just set AhsayCBS backup server as the only destination.wp-08

Keep the default encryption settings.wp-23

Copy the encryption key and save it securely so that when you need to restore the backed up data on another machine, you will need to enter the encryption key then.wp-24

That’s it. The backup set for backing up WordPress MySQL database is created. Click on the “Backup Now” button to fire a backup to AhsayCBS manually.wp-11

Done. The selected MySQL database is backed up to AhsayCBS successful.wp-12

Next, we need to create a File backup set for backing up WordPress site files that are stored in D:\wordpress.Create MySQL backup set in AhsayOBM client backup softwarewp-15 wp-16

Also, I will back up my PHP (php.ini) and Apache configuration files so that in case my PHP or Apache has problem, I can restore those configurations after re-installation. wp-18 wp-19

As these files update frequency is lower, once per day backup is good enough. Don’t worry that it will backup all the files everyday. After the initial full backup, AhsayOBM won’t backup those files which have not been modified.wp-20

Set AhsayCBS as the backup destination for this backup set.wp-22

Keep the default encryption settings.wp-23 wp-24

Done. Backup set created. Fire a backup manually by clicking the “Backup Now” button.wp-25

All site files, PHP and Apache configurations have been backed up to AhsayCBS backup server.wp-26

Restore WordPress MySQL database if user accidentally deleted contents

Let’s see how the restore works. Assume the WordPress editor has accidentally deleted all the site posts, we can easily restore them back to the WordPress site by restoring the backed up MySQL database with just a few click.

Let’s delete all the posts permanently first to simulate the data loss scenario. Just go to WordPress admin section > Posts, and trash all the contents permanently.wp-restore-02 wp-restore-04 wp-restore-05 wp-restore-07 wp-restore-08

Load the WordPress site and all the contents should be gone.wp-restore-09

Now, open AhsayOBM and click the “Restore” button.wp-restore-10

Select the WordPress MySQL database backup set to restore.wp-restore-11

Select the backup destination from which to restore. Since we have just one destination, just click on that.wp-restore-12

Select the database node, i.e. blog, to restore.wp-restore-14

Since we want to restore all the backed up contents back to the site, we can simply choose to restore to “Original location”.wp-restore-15

Choose a temporary directory for AhsayOBM to store temporary files during the restore process. Then, click the “Restore” button to start the restoration.wp-restore-16wp-restore-18

After successful restoration, go back to the WordPress admin page > Posts. All the contents should be reappeared.wp-restore-20

Reload the site and all the contents should be restored successfully.wp-01

Sounds good? Just drop us a message if you want to offer WordPress backup solution to your customers.

Top 5 Reasons to Back Up Your Customer’s WordPress Site

Top-5-Reasons-to-Back-Up-Your-Customers-WordPress-Site

Imagine this situation. As a web hosting service provider, one day one of your web servers is hacked, causing hundreds or even thousands of your customers’ WordPress sites to be inaccessible and show error screens. Angry phone calls and emails follow soon. Can you afford to tell your customers their sites have no backups (or only long-outdated backups), all the lost posts, images and comments are gone for good, and the only resolution is to rebuild the sites? A business isn’t a business without a website these days. Once your customers’ years of hard work, blood, sweat and tears turn to dust, you can count yourself lucky if any of them still stay with you.

Even if it’s not about hacking, many different things can cause a site to crash or become vulnerable. That’s why a web hosting service provider should always back up customers’ WordPress sites. If you’re not convinced yet, here are the top 5 reasons that get you to act.

1. Brute Force Login Attempts

A brute force attack on WordPress is when someone attempts to gain access to your customer’s site by trying an enormous number of different username and password combinations. As WordPress has unlimited login attempts by default, hackers can exploit the WordPress login page and use this trial and error method over and over until a successful username and password combination is discovered. Even if it is unsuccessful, brute force attacks can still wreak havoc on the web hosting server because enormous login attempts may overload the system.

2. Using Outdated WordPress or Plugins and Themes from Suspect Sources

Your customers may expose their sites to risks and attacks unwittingly. By default anyone can find out what version of WordPress your customer’s site is running. Some themes may even show the version number on every page of the site. The reason this could be a security risk is that, if your customer is running an older version of WordPress, hackers will be able to target specific security vulnerabilities that have since been patched by more recent updates.

Another common way attackers can exploit is poorly-written and insecure plugins and themes from untrustworthy sources. According to a report by wpscan.org, of the 4,000 known WordPress security vulnerabilities more than half are from WordPress plugins. Files of torrented “free” versions of premium plugins and themes may have been modified to contain malware.

3. File Inclusion Exploits

PHP, the code that runs a WordPress website along with plugins and themes, is another security issue that can be exploited by attackers. File inclusion exploits usually happen when vulnerable code is used to load remote files that allow attackers to gain access to your customer’s website. There could be serious consequence once an unscrupulous attacker has access to the “wp-config.php” file, one of the most important files in your customer’s WordPress installation.

4. SQL Injections

Your customer’s WordPress website uses a MySQL database to operate. The database contains all the posts, comments, and links on the website. Attackers can gain access to the WordPress database and to all of your customer’s website data using SQL injections. According to Wordfense, SQL injections are the second most common vulnerabilities found in WordPress in 2016. With the injection, the attacker may be able to create a new admin-level user account, which can then be used to login and get full access to your customer’s WordPress website. SQL injections can also be used to insert new data into the database, including links to malicious or spam websites

5. Malware

Malware (i.e. malicious software) is commonly utilized by cybercriminals to gain unauthorized access to a website to gather sensitive data. The popularity of WordPress as a blogging platform and CMS makes WordPress a target for malware. A hacked WordPress site usually means malware has been injected into the website’s files. Take a look at the website’s recently changed files and one may be able to detect if any malware exists on the website. There are thousands of malware types on the web, but WordPress is not vulnerable to all of them. Some of the most common WordPress malware infections are Backdoors, Drive-by downloads, Pharma hacks, and Malicious redirects.

 

Without a backup, your customers’ WordPress websites could be lost forever because of the above security issues. You need a reliable backup solution in place to protect their WordPress websites from unexpected disasters. Click here to find out how Ahsay can help.

 

Ahsay Backup Software v6 will sunset and retire on Dec 31st, 2018

Ahsay Backup Software Version 6 Sunset Edition has been released. It is the final version of v6, offering partners final hotfixes, extended support and an interim step towards v7 upgrade.

Download Factsheet at: http://info.ahsay.com/v6-sunset-factsheet

http://info.ahsay.com/v6-sunset-factsheet

Read the detailed Release Notes at: http://ahsay-dn.ahsay.com/document/v62900/customer/aobs-release-notes.htm

Ahsay Backup Software Version 7.11 is released now! Get Free Trial.

Ahsay Backup Software Version 7.11 is released now! Read the release notes and get FREE trial now: https://www.ahsay.com/freetrial/ https://www.ahsay.com/freetrial/

Enhancements include VMware vCenter Server / ESXi 6.5, Hyper-V 2016 and Windows Server 2016 support, Office 365 mailbox backup for AhsayACB, restoring VMware guest VM in VMDK format, etc. as well as bug fixes. Click this link to to read the detailed Release Notes of v7.11 before upgrade. ( http://ahsay-dn.ahsay.com/document/v7/71104/customer/cbs-release-notes.htmv7110-twitter)

Why Offer Office 365 Exchange Online Backup Solution to Your Customers?

Why-Offer-Office-365-Exchange-Online-Backup-Solution-to-Your-Customers

Microsoft Office 365 is the most common business productivity suite nowadays, and millions of organizations have migrated their on-premises Exchange email infrastructure to Office 365 Exchange Online. There circulates an opinion that once the email data is in the cloud there is no need to worry about backing it up. After all, Microsoft guarantees 99.9% uptime and the fidelity of customers’ Office 365 data within their data centers. But does it mean that Microsoft provides adequate data backup and restorability that meet the business needs or internal service level agreements? As MSPs, take a closer look and it is not difficult to find good reasons to offer Office 365 Exchange Online backup solution to your customers.

Microsoft only protects customers’ data from disasters that happen at its data centers

Database Availability Group (DAG) is Microsoft’s core technology for protecting Office 365 Exchange Online data. With multiple data centers located all over the world, the redundant network architecture hosted by Microsoft ensures that if an outage occurs at one data center, another can function as backup. While customers’ Exchange Online data is protected from catastrophic disasters that may happen at Microsoft’s data centers, it is not safe from unpredictable incidents such as:

Deleted item recovery is restricted to retention policy

When user deletes a message, it goes to the Deleted Items folder. If the message is removed from the Deleted Items folder, it moves to the Recoverable Items folder where it is stored for 14 days by default, and the retention period is a policy that can only be extended at administrator level. This is the first line of defense as users can still retrieve a deleted item as long as its retention period has not elapsed. But after that period, the message disappears permanently because emails purged from the Recoverable Items folder cannot be recovered. Users would need to contact Microsoft support and wait for a solution with no timeline guaranteed.

Item-level recovery is far from adequate

Item-level recovery alone is far from adequate. If a folder has been deleted from Deleted Items, one can recover only single items that the folder included, not the folder itself. It means that emails will be recovered to Inbox, not to the original folder. As pointed out by a Microsoft MVP, item-level recovery only protects an organization against deleting items such as email messages, but it does not allow recovery of a corrupt mailbox. Microsoft has designed Office 365 in a way that organizations do not need to worry about the core infrastructure, but has also limited the administration and end user backup and restore capabilities. Microsoft admitted that point-in-time restore functionality is also absent in Office 365 Exchange Online. In case the state of mailbox data is damaged due to unexpected third party activities such as hacker intrusion or on-purpose deletion, administrators would not be able to recover the mailbox data to an earlier point in time.

In-Place Hold or Litigation Hold is not without limitation

Microsoft does offer a functionality to put a mailbox on In-Place Hold or Litigation Hold for keeping all data in the Recoverable Items folder indefinitely. This option is solely for legal actions in a company and is available only in the most expensive Office 365 Enterprise Plans E3 and E4. It is important to note that the size of the Recoverable Items folder of the mailbox may increase quickly depending on number and size of items deleted or modified. Once the 100GB quota is exceeded, Office 365 will start to delete data from this folder and the data may become non-recoverable.

Recovery using an exported PST file is time-consuming and cumbersome

As a last resort, administrators can search for deleted emails using eDiscovery and export the deleted data to a PST format file. The major downside is that only one mailbox can be exported at a time and there are no PowerShell cmdlets for that purpose, which means it would take a great deal of time for administrators to handle a large number of user mailboxes. Besides, deleted emails found by eDiscovery are not recovered directly to an original location; administrators need to export them to a PST file first, then import to the user’s mailbox, and move the emails manually to original folders. Moreover, a desktop version of Outlook is required to restore deleted emails using a PST file because the Outlook Web version cannot open PST files. This whole process of recovery consumes a lot of time and resources from IT admins and could consequently impact the business.

It is a golden opportunity to offer Office 365 Exchange Online cloud and local backup solution

The native Office 365 Exchange Online backup and restore methods are in no way a comprehensive backup and restore solution and are insufficient to avoid critical data loss. No companies can risk all of their critical mailbox data being in the hands of one provider. As more and more customers are looking for a way to back up their Office 365 email data to another location, it is a golden opportunity for MSPs to tap into the ever-growing Exchange Online data backup market.

We have a complete Office 365 Exchange mailbox backup solution that empowers you to give your customers absolute peace of mind. It is a fully automatic backup system that backs up Office 365 Exchange data to a local server or another cloud, and enables quick recovery of full mailboxes or individual items with just a few clicks. Click here if you would like to find out more.

Partner with Ahsay to Capture Cloud Backup Business Opportunities Today

Specializing in online backup cloud solutions, Ahsay develops the next generation backup and recovery software for businesses to securely back up their servers and workstations to the cloud and local storage. With the global backup market continuing to expand swiftly, the opportunity is heading towards online backup providers. Thousands of MSPs and resellers from over 75 countries around the world have already partnered with Ahsay to provide cloud backup services or resell our software directly to their customers.

Eager to know more about us? Check out our video and partner with us today!