LeapFrog IT Services
June 28, 2017

FrogAlert: “Petya/NonPetya” Ransomware Hits Unpatched Windows Devices

Another widespread ransomware attack began hitting unprepared businesses yesterday using a similar method of transmission and exploiting the same vulnerabilities as last month’s WannaCry attack.

Named Petya/NonPetya, this attack could be harder to overcome than WannaCry because it doesn’t seem to be susceptible to a “kill switch.”

Leapfrog updates the security solutions in our client portfolio multiple times a day to ensure their ability to detect and stop malware like Petya/NonPetya and its variants.

Since Microsoft’s remediation of WannaCry included a special patching cycle for older operating systems that is already in place, we are working through managed client networks confirming everything is in peak operating condition.

Ransomware is a type of malware that encrypts a user’s data and then demands payment in exchange for the key to that data. If you have old computers or servers on your network or VPN users who are working on computers that are unmanaged, unpatched or not updated, you are at a much higher risk for ransomware and other malware and will continue to be. We understand the challenges associated with relying on applications that do not run on newer computers and want to remind you we are here to help you navigate these challenges so you can operate in as secure an environment as possible.

Outside of your managed network, the best way to be protected (https://leapfrogservices.com/ransomware-qa-know-attacks-keep-coming/) against this and similar malware is to:

  • Use the most recent Windows operating system
  • Keep your system patched, updated and backed up on an aggressive schedule
  • Don’t execute attachments from unknown sources

If you have any questions or would like to talk about how to reduce security risk in your environment, please reach out to your Account Manager, or any member of the Leapfrog team at the Leapfrog Support Center online, 404-870-2124 or 866-870-2124.

 


May 22, 2017

FrogAlert: Worldwide “WannaCry” Ransomware Attack Continues

Each of you is aware of the cyber issues running rampant across the world, starting last Friday and continuing. The ransomware attack is exploiting a vulnerability in the Microsoft Windows environment and is the most extreme to date.

Leapfrog worked through the weekend to confirm that the patches released by Microsoft have been delivered to our clients, that those with projects in motion have good backups of old and new environments, and to identify clients who have special management requirements or an abundance of older systems. Clients with special requirements have been contacted — and, to date, Leapfrog’s normal patching and malware protection has shielded all managed clients.

While the original malware has been stopped, today there are multiple reports of new variations of the same virus starting to spread. Be especially vigilant not to use older or unpatched machines on company networks or VPNS (Virtual Private Networks).

Ransomware is a type of malware that encrypts a user’s data and then demands payment in exchange for the key to that data. The most recent and highly publicized attack involves “WannaCry,” which is malicious software that takes advantage of a vulnerability present in Windows operating systems. Mobile devices are not affected. This malware has proliferated quickly for two reasons: it targets older operating systems that are no longer supported (like Windows XP & Server 2003), and it requires no action on the part of the user to infect and move on.

The best way to be protected against this and similar malware is to:

  • Use the most recent windows operating system
  • Keep those systems patched and updated on an aggressive schedule
  • Have backup systems on an aggressive schedule

The security solutions popular in the Leapfrog portfolio, such as Kaspersky Antivirus and Fortinet Unified Threat Management gateways, can detect and stop the WannaCry infection.

If you have old computers or servers on your network, you are at a much higher risk for ransomware and other malware, and will continue to be. Please consider upgrading or replacing old computers or servers as soon as you can. We understand the challenges associated with relying on applications that do not run on newer computers and want to remind you we are here to help you navigate these challenges so you can operate in as secure an environment as possible.

If you have any questions or would like to talk about how to reduce security risk in your environment, please reach out to your Account Manager, or any member of the Leapfrog team at the Leapfrog Support Center online, 404-870-2124 or 866-870-2124.

 


July 12, 2016

FrogAlert: All Clear To Reinstall And Resume Use Of TeamViewer

As you may recal, TeamViewer, a remote login service was compromised by hackers in early June. Now we are giving our clients the all clear to reinstall and resume use of TeamViewer.

However, we’d like to offer one morsel of advice.

team_viewer

TeamViewer users reported their accounts were hacked and the criminals were able to access and drain their PayPal and bank accounts.

TeamViewer believes that the account takeovers are the result of password reuse and passwords exposed in breaches external to TeamViewer. They also point to people using passwords that are too weak, i.e. name of a spouse, kid or pet.

Leapfrog recommends these six steps:

  1. Use strong, complex passwords (try strongpasswordgenerator, random.org and lastpass) and don’t reuse them — strong, unique passwords only need to be changed once a year (otherwise do it monthly)
  2. Use a password manager such as Lastpass or Dashlane that does the work for you (you only have to remember one password)
  3. Set up two-factor authentication on your accounts even though it’s an extra step … the extra five seconds can save you five weeks of work trying to reclaim your identity
  4. Lie when you answer the security questions on websites
  5. Get ahead of hackers. Educate yourself on some easy security steps you can take and implement an IT security plan

If anyone on your team has any questions or concerns, please contact the Leapfrog Support Center online or at 404-870-2124 or 866-870-2124.


June 3, 2016

FrogAlert: TeamViewer May Have Been Hacked — Recommend Uninstall

TeamViewer, remote access software used for remote control and support, may have been hacked to gain access to computers, data and networks and to install malware.

team_viewerTeamViewer says its service was down on June 1 because of a DDoS (Distributed Denial of Service) attack. However, there are enough complaints about unauthorized access to accounts, including those that use two-factor authentication, to warrant action on your part even though TeamViewer is not Leapfrog’s primary remote support application and there is little risk to managed Leapfrog clients.

Leapfrog recommends all employees uninstall TeamViewer for now.

We will contact you again about how to proceed once we’re sure of the extent of the security problem, if there is one. In the meantime, employees who had TeamViewer installed should be extra vigilant about checking their financial accounts (PayPal, bank accounts, credit card accounts and shopping sites like Amazon and eBay) for strange transactions. Also be on the lookout for other possible malware activities.

If someone on your team suspects a problem, please contact the Leapfrog Support Center online or at 404-870-2124 or 866-870-2124.

Thank you for your attention. And hop safe out there!

 

Send this to a friend