News Categories
Announcement (9) Amy Babinchak (64) Tips (1) SBS 2011 (6) Windows Essentials 2012 (4) Edwin Sarmiento (28) SQL Server (22) SQL Server 2012 (6) SQL Server Clustering (3) SQL Server Disaster Recovery (6) Windows Server 2008 Clustering (1) log shipping (1) Brian Higgins (3) Uncategorized (42) Hyper-V (67) Virtualization (13) Windows 8 (13) Cisco VPN Client (1) Windows Server 2012 (24) Friend of TT (4) Hangout (2) Office365 (4) DNS (8) Jeremy (7) Cliff Galiher (3) Active Directory (12) ClearOS (4) Linux (4) presentations (2) SQL PASS (6) Chris Matthews (4) Printers (2) SharePoint (8) SQL Server Administration (7) Windows PowerShell (3) recovery model (1) sql server databases (1) Dave Shackelford (7) SMB Nation (1) Steve (1) Boon Tee (5) Kevin Royalty (3) Lee Wilbur (2) Philip Elder (10) SMBKitchen Crew (31) Susan Bradley (15) AlwaysOn (1) AlwaysOn Availability Groups (4) readable secondaries (1) row versioning (1) undocumented (1) The Project (2) Webinar (3) Enterprise for SMB Project (9) Security (25) Remote Desktop Connection for Mac (1) Remote Desktop Services (8) Windows Server 2008 (1) Exchange (15) Powershell (6) Microsoft (15) Performance (7) data types (1) Server 2012 (1) monitoring (1) DevTeach (1) SQL Server High Availability and Disaster Recovery (5) Clusters (44) Hyper-V Server 2012 (2) Business Principles (26) Cost of Doing Business (13) DHCP (7) sbs (15) Windows Server (30) SMBKitchen (26) Windows Server 2008 R2 (4) StorageCraft (1) P2V (1) ShadowProtect (6) StorageCraft ShadowProtect (1) VHDs (1) Intel RAID (2) Intel Server System R2208GZ (1) Intel Server Systems (17) RAID (2) SAS (2) SATA (2) Server Hardware (12) Microsoft Licensing (2) OEM (2) System Builder Tips (4) Intel (5) Intel Channel Partner Program (4) Intel Product Support (10) Intel Server Boards (2) Intel Server Manager (2) Cloud (26) IT Solutions (2) On-Premises (20) SMB (9) WIndows Azure (2) StorageSpaces (1) Error (47) Error Fix (35) Intel Desktop Boards (2) Intel SSDs (2) SSD (2) Business Opportunity (17) Data Security (11) Identity Security (7) Information Security (14) Privacy (2) Intel Modular Server (6) Promise (2) Storage Systems (9) Live ID (2) Microsoft ID (4) User Profiles (2) Articles (2) Building Client Relationships (6) DBCC IND (2) DBCC PAGE (2) filtered indexes (2) SQL Server Index Internals (2) training (11) Adobe (3) Internet Street Smart (8) Intel Storage Systems (2) LSI Corp (2) LSI SAS6160 Switch (2) Storage Spaces (7) Firmware Update (2) Product Support (7) Hybrid Cloud Solutions (3) Server Core (2) MAXDOP (1) SharePoint 2013 (1) SharePoint best practices (1) SQL Server Authentication (1) Family (5) Alternatives (1) SBS 2011 Standard (4) Microsoft Small Business Specialist Community (2) Microsoft Surface (2) SBSC (2) Networking (4) Availability Groups (3) CANITPro (1) HA/DR (1) Step-By-Step: Creating a SQL Server 2012 AlwaysOn Availability Group (1) webcast (1) VMWare (2) Conferences (2) Client Focus (2) Disaster Recovery (6) Error Workaround (8) Troubleshooting (4) Logitech (2) Product Review (7) Windows Features (4) XBox Music (2) SBS 2008 All Editions (4) MDOP (2) Microsoft Desktop Optimization Pack (2) Software Assurance (2) W2012E (6) Windows Server 2012 Essentials (6) Internet Explorer (3) USB 3.0 (2) USB Hard Drive (2) Bug Report (2) Microsoft Office 365 (5) sharepoint online (2) BitLocker (2) Windows (2) Microsoft Update (3) Swing Migration (2) Windows Update (4) Outlook (2) Group Policy (9) WS2012e (2) WSUS (3) Office (3) Microsoft Downloads (5) Microsoft Office (3) DRP (3) Virtual Machines (2) Virtual Server Hardware (2) online course (1) SQL Server learning (7) 2 Factor Authentication (2) 2FA (2) PASS Summit 2013 (4) SQLPASS (5) Contest (1) e-learning (1) Udemy (1) smbtechfest (1) backups (2) PASS Summit First Timers (3) IIS (2) RD Gateway (4) RD RemoteApp (2) RDWeb (4) Remote Desktop Connection (2) Remote Web Access (2) Remote Web Workplace (2) Cryptolocker (6) Backup (4) Restore (2) CryptoLocker (1) AuthAnvil (1) SBS 2003 (1) SBS Migration (1) Windows Server 2012 R2 (9) Documentation (1) IE 11 (4) testimonials (11) SQL Server 2008 (1) Best Practices (1) Support (1) Intel Xeon Processor (1) RemoteApp (1) Android (1) iOS (1) Hyper-V Replica (2) PowerShell (2) SBS (3) Break (1) Business Intelligence (1) Excel 2013 (1) Power Map (1) Power Query (1) PowerBI (1) MultiPoint (2) Surface (1) Net Neutrality (1) Opinion (2) ASP (9) HP (2) Scale-Out File Server (8) SOFS (10) Windows Phone (1) Updates (1) Intel NUC (1) Intuit (1) QuickBooks (1) Office364 (1) Intel Server Systems;Hyper-V (1) Firewall (1) Patching (1) Mobile (1) Mobility (1) sharepoint (1) Microsoft Security (1) Beta (1) Storage Replication (1) outlook (1) Hyper-V Setup (3) JBOD (1) Azure (1) PCI (1) PCI DSS (1) PII (1) POS (1) MicroStaff (2) Catherine Barr (2) Third Tier (1) BeTheCloud (1) BrainExplosion (1) LookAWhale (1) Manuel (1) Rayanne (3) SuperSecretNews (1) TechYourBooks (3) Managed Services (1) Training (1) E-mail (1)
RSS Feed
News
Jan
14
How to Block Cryptowall
Posted by Third Tier on 14 January 2015 09:08 AM

Our friends at Calyptix Security have written several blog posts on the topic of file encrypting menaces, several of which reference our free Cryptolocker Prevention Kit. Now it’s our turn to share their knowledge. Read the blog post at Calyptix Security

Block – CryptoWall traffic is associated with IP 146.185.220.0/23. Block this IP range by adding it to your static blacklist.

Patch – Always maintain the latest versions of your firmware, antivirus, operating systems, and other systems. Routinely update as new patches become available.

Educate – Explain to users the dangers and warning signs of phishing emails and suspicious attachments.

Backup – Maintain backups of all important files both onsite and offsite. Test them often. Ensure they are configured to prevent backup of infected files. <added by Third Tier, Make sure that your backup storage location is not writable by anyone other than the account running the backup>

Plan – Assume disaster is inevitable. Plan how you will respond.

Configure – Adjust security settings to prevent forced downloads.

Control – Use web filtering to control the sites users can access. Use egress or outbound traffic filtering to prevent connections to malicious hosts.

Read our other blog posts on blocking encrypting malware

_____

Not a Third Tier customer yet? Let me introduce:  We’re Third Tier. We provide advanced Third Tier support for IT Professionals and MicroStaffing for IT consulting firms. Come on over, create an account (no charge) and follow our social media locations.

Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN


Read more »



Oct
24
CryptoWall Expands to Images
Posted by Third Tier on 24 October 2014 10:50 AM

CryptoWall has expanded into images hosted as advertising on popular sites.

http://www.ibtimes.co.uk/cryptowall-ransomware-infects-millions-via-yahoo-match-com-aol-other-major-websites-1471290

Sites that have had infected advertising in recent months include these very popular locations. The crypto

Websites Serving CryptoWall ransomware variants like this one will never be proactively detected by your anti-malware protects easily, because they exclusively use legal means of installation and operation. Meaning that everything they do is allowed by a non-admin user of a computer. There is no suspicious behavior.

Recently we’ve heard that there are now over a hundred variants of Crypto but the thing is that they continue to infect via the same method. Improvements are related to being in more places where they might find you (distribution) and improvements in hiding the trail back to the authors (deception). Which means that you can continue to use our Cryptolocker Prevention Kit to protect your computers.

In addition to the software restriction policies in the kit, we also recommend blocking .RU at the edge of your network (your firewall) and making sure that no one but the account used by your backup software has write access to your backup location. Further you should minimize the number of mapped drives that each individual has access to because in the event of infection anything that the user has access to including network mapped drives could be encrypted by the Crypto variants.

Find our free kit on our blog. Be sure to read everything that we’ve written about Crypto so you know how to use the kit before you deploy it. And check out what we really do at Third Tier, which is help MSP’s be more successful.

Our Crypto Information and Prevention Kit: http://www.thirdtier.net/?s=crypto

What we do at Third Tier. HelpDesk for IT Professionals, MicroStaffing for MSP’s, the SMBKitchen ASP Project

_____

Not a Third Tier customer yet? Let me introduce:  We’re Third Tier. We provide advanced Third Tier support for IT Professionals and MicroStaffing for IT consulting firms. Come on over, create an account (no charge) and follow our social media locations.

Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

Related Posts

  • 43
    Sorry folks, been really busy!We have an ASP Author’s Chat starting right now! Philip ElderMicrosoft Cluster MVPMPECS Inc. Co-Author: SBS 2008 Blueprint Book Chef de partie in the SMBKitchen ASP ProjectFind out more atThird Tier: Enterprise Solutions for Small Business
    Tags: asp, project, find, smbkitchen, third, tier
  • 40
    Original Posted Here: MPECS Inc. Blog: SMBKitchen Update - ASP Project Good news! We are continuing on with our SMB Kitchen Project. My involvement will be changing to be more workable with the crazy schedule I've been having this last year. Time involvement to produce documentation and How-To videos is huge. Trying to set aside…
    Tags: project, asp, smbkitchen, will
  • 39
    Things have been moving along at a great pace! With tax season upon us we had a crazy number of calls over corrupted Print Formats in CCH Taxprep T1 2012 v1. Somehow during the conversion process from the previous year’s Print Formats things got mangled and we were running our feet off trying to keep…
    Tags: tier, third, smbkitchen, number, support, blog, project
  • 36
    “I follow Third Tier's blog because...of the great information like the Crypto prevention.”, Anonymous At Third Tier, well let’s face it, we’re geeks that like to geek. So when a problem like Cryptolocker came along we read the materials and about it and said to ourselves, that’s nice but what should we do about it?…
    Tags: blog, kit, third, read, tier, support, cryptolocker, prevention, http://www.thirdtier.net/?s=crypto, social
  • 33
    So I’m not very good at designing a website that sell, SELLs, SELLS! Instead I’m really better at providing information. So I updated the webpage to better inform you on what ASP is all about. I hope this answers some questions. In summary we’re all about sharing what makes our local firms successful with you.…
    Tags: third, tier, asp, support, create, advanced, professionals, introduce, customer, account

Read more »



Nov
13
Our Client CryptoLocker Warning E-mail
Posted by Philip Elder on 13 November 2013 01:19 PM

Original Posted here: MPECS Inc. Blog: Our Client CryptoLocker Warning E-Mail

This is a copy of an e-mail we are sending out on a somewhat frequent basis to our clients to keep being Internet Street Smart at the top of their minds:

Hello all,

I may have mentioned this in the past while but it bears being mentioned again.

There is a really bad malware being spread via links in e-mail that take the user to a bad site or attachments in an e-mail that contain the bad software. Its name is CryptoLocker.

If the link is clicked on or the attachment is opened the software starts up and goes on to encrypt, that is make unavailable, EVERY file the user has access to. There are two ways to get out of the mess once the infected system is found and quarantined:
1.    Best Option: Recover the files from Previous Versions (Volume Shadow Copy snapshot) … may be out by a few hours.
2.    Okay Option: Recover or from Backup … may be a bit out of time in the form of hours.
3.    Worst Option: Pay the bad guys to decrypt the data and risk identity theft among other problems of handing over a credit card number.

Simple rule of thumb: NEVER click on a link in an e-mail and avoid opening attachments if at all possible (Especially ZIP archives). And, if a link must be clicked on in an e-mail hover the mouse cursor over the link to see where it leads to. If it looks suspicious please ask!

Our systems are designed to provide maximum recoverability however the snapshots and backups are timed throughout the day. So, if there is an infection some work may be lost!

As always, please be very careful and aware that bad folks out there are always on the hunt for more victims. No business large or small is exempt from these folks nefarious activities.

We are aware of firms, fortunately not our own clients, that are on the brink of possibly being lost due to CryptoLocker and bad or unavailable backups!

Thanks and have a wonderful day! :)

We do our best to keep folks aware of what is happening out there but things are getting even more nasty for e-mail transmissions.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/


Read more »



Nov
8
November Chat Recording
Posted by amy on 08 November 2013 12:24 PM

On November 7th the SMBKitchen Crew held our almost every month chat. I was supposed to hit the record button. I didn’t until someone poked at me to do it and by then half of the chat was over. So I go the last half. You can download and have a listen here. In this chat we discussed the articles recently published both online and in the SMBKitchen Knowledgebase, Cryptolocker, online banking, upcoming articles, DNS issues in Windows Essentials Server, Chrome for Business, DHCP and DNS placement, SMBTechFest, Raspberry PI projects, the October USB Patching situation and more. It always rambles but that’s the point of a chat.

Since there’s always a text chat happening on the side as we talk I’m including that here. Some good reference materials included.

Amy Babinchak [5:57 PM]: I’ll apologize in advance for the cat meowing noises. My cat has decided to starting meowing for no apparent reason.

Susan Bradley [5:58 PM]: As an aside I would just like to announce that McAfee on a Windows 8 laptop sucks

Amy Babinchak [5:58 PM]: When does McAfee not? :)

Susan Bradley [5:58 PM]: (fixing a mishaving laptop that has Macfee on it and it&apos;s pegging the cpu like crazy)

Scott Winter [6:05 PM]: If you install Chrome for business, will that prevent the consumer Chrome from installing or are we going to end up with both versions (Thanks Adobe…)

Amy Babinchak [6:11 PM]: Feel free to jump in with questions any time

lew blanck [6:16 PM]: re: WSE2012..do you recommend dns on server or router, please ?

Susan Bradley [6:16 PM]: dns on the server

lew blanck [6:17 PM]: ok. thank you :-) \

Susan Bradley [6:17 PM]: do the blog post http://blogs.technet.com/b/sbs/archive/2011/09/22/running-dhcp-server-on-sbs-2011-essentials-with-a-static-ip.aspx

David Grinder [6:17 PM]: same scenario…DHCP-Server or router?

Philip Elder [6:17 PM]: DNS and DHCP belong on the server — though I find that W2011E and W2012E have flaky DNS resolution for Internet addresses even with forwarders.

lew blanck [6:18 PM]: we run hosted pbx …any tweak suggestions, please ?

Susan Bradley [6:19 PM]: DHCP on the server too

http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/

Ed Miskowiec [6:20 PM]: Do you have a link for the information on cryptolocker fix?

Susan Bradley [6:23 PM]: http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/

Gary Shell [6:23 PM]: Thoughts on the app that attempts to prevent cryptolocker and automatically white lists existing apps like dropbox?

Susan Bradley [6:24 PM]: http://www.thirdtier.net/2013/11/why-and-when-you-might-want-to-use-a-tell/

The app just adds Software restriction policies in the registry same concept, but can work on home SKUs where group policy won&apos;t work

the blog link is pure group policy so you can control it from the server but it&apos;s the same concept

Gary Shell [6:27 PM]:  But the beauty of the app APPEARS to be the auto white listing of apps already present that would otherwise fail. Most notable is DropBox which many of my clients use.

Susan Bradley [6:29 PM]: Check the SRP and/or the registry after deploymt, it will confirm what it does

Charley Kerr [6:31 PM]: Does Rasberry allow for 64bit?

lew blanck [6:32 PM]: can group policy in WSE2012 help standardize or lockdown w8.1 desktops, please ?

Dexter Southerland [6:32 PM]: Amy How about letting us know if the test works for banking

Edward Rempala [6:32 PM]: Raspberry Pi has an ARM11 CPU, which is 64bit

Bob Romney [6:33 PM]: So, after building out an SBSE OU structure, one moves all computers to the new SBSComputers OU? Is that correct?

Philip Elder [6:34 PM]: @Bob Yes, and we use a PowerShell script to add a computer to the domain at that specific first before running the W2012E connector install.

Bob Romney [6:34 PM]: I see, its the Container issue, thanks!

Susan Bradley [6:35 PM]: whatever floats your boat as the saying goes

Philip Elder [6:35 PM]: We use the PS to pick up the GPO structures as we may have some that we don&apos;t want the computer to pick up if dropped into the Computers container.

Gary Shell [6:35 PM]: My first time here. How late doe these sessions usually go?

KenS [6:35 PM]: Is this being recorded so we can listen again later?

Susan Bradley [6:35 PM]: 25 more minutes. yes it&apos;s being recorded

KenS [6:35 PM]: :)

Amy Babinchak [6:35 PM]: no I didn’t hit record

KenS [6:35 PM]: :(

Gary Shell [6:36 PM]: Is it too late to record the rest?

Amy Babinchak [6:37 PM]: started

Gary Shell [6:38 PM]: Amy, Thanks. Where can we find a link to that recording later.

Amy Babinchak [6:38 PM]: www.thirdtier.net/blog and also in the knowledgebase

Susan Bradley [6:40 PM]: I have to leave early for a dentist appt, my next doc up will be on Office click to run

and bigger new Star Wars date annouced 12/2015

I have to leave early for a dentist appt, my next doc up will be on Office click to run

Edward Rempala [6:43 PM]: Episode 7. Harrison Ford is supposed to return

lik 70

Dexter Southerland [6:45 PM]: Amy, Will you let us know how the rasberry banking test goes? Thanks

Bob Romney [6:50 PM]: We&apos;re also seeing some inconsistencies with SBSE DNS.

Amy Babinchak [6:50 PM]: Phil is speaking specific to Windows Essentials Server. There are some DNS issues known.

KenS [6:50 PM]: I&apos;m having difficulty getting the ability to Offer Remote Assistance working on a couple of SBS Standard 2011 networks. I&apos;ve compared GPOs to SBS Standard 2011 networks that are able to use Offer Remote Assistance with no issues and have not been able to track down the differences. I initiate the Offer, then it will not connect to the computer. I&apos;ve tried running the Group Policy Results wizard, but it complains that WMI is not running, yet it is. Any ideas or help would be GREATLY appreciated. (My head is a bit sore from the banging.)

KenS [6:52 PM]: “What the chicken”? – I like it.. Can I borrow it Phil?

Philip Elder [6:55 PM]: @Ken of course! :)

http://www.reddit.com/r/talesfromtechsupport/comments/1ps0ae/tldr_accounting_firm_gets_cryptolocker_virus_tech/

Amy Babinchak [6:57 PM]: Is this the one where the guy deleted everything and had no backup?

Charley Kerr [6:57 PM]: yes

Edward Rempala [6:59 PM]: wow..someone got fired that day

Charley Kerr [7:03 PM]: Ive learned my lesson with backups along time ago.  I like the 3-2-1 philosophy.  3 copies, 2 different media 1 offsite.  Do a test restore.


Read more »



Nov
1
Why and when you might want to use a “Tell”
Posted by amy on 01 November 2013 12:03 PM

What is a Tell? A tell is something that you put into place as an at a glance confirmation that it worked. “It” can be anything that you need to know with certainty. In our Cryptolocker Prevention Kit the GPO’s were exported from my explorations in blockage and they contain a tell. I’ve used tells rarely. In fact it’s been years. I think the last time was in backup procedures when we needed to be certain that particular folders were backed up and the folder structure edited afterwards. We did this by adding a tell to the end of the scripts that we used. This way we could at a glance see the tell and know that our folder structures got updated after last nights backup without having to go in and wade through the folder structure itself.

This time I wanted a way to enlist end users of computers in the offices that I support remotely to let us know if for some reason the group policies that we rolled out to block cryptolocker didn’t get applied to their computer. Sure I could run reports across my entire clientbase but in my experience enlisting the assistance of users in situations like this one re-enforces the seriousness of the situation and helps raise awareness among the users. We know that these GPO’s aren’t the only way to prevent cryptolocker and they might not work in every instance and they might stop preventing it in the future. Such is the nature of ever evolving infections. But I do know that educated users can prevent it always. The “tell” helps me enlist them in providing the solution. Anyone and everyone will report if they don’t see that little cloud icon on the desktop with our initials on it and they will remember that are supposed to be diligent and on the lookout for odd behavior. We told them what behavior to look for. That little cloud is a reminder to keep looking.

Here’s the tell that we used.

image

Where the icon file goes to isn’t important. In fact when we developed it there was no target URL but then we realized that people might click an icon on their desktop (who doesn’t?) so we added the URL for our blog.

If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at http://www.thirdtier.net

—–
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN


Read more »



Oct
31
Cryptolocker Prevention Kit updates
Posted by amy on 31 October 2013 11:33 AM

The Cryptolocker Prevention Kit has been updated with additional information. If you have downloaded the kit previously you need to obtain the NewCryptolockerWarning doc and the Ways to Add Exemptions doc to update your kit.

In these documents Susan Bradley has added new information about additional methods to block it and explains the why and how of the “tell” that I used in the GPO and also summarizes the blog posts that we’ve made on how to exempt your frequently reinstalled apps or those that MUST run from the blocked location from your policies.

We hope that you find this information useful and thanks for you continue feedback and support of the SMBKitchen Project!

If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at http://www.thirdtier.net

—–
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN


Read more »




Help Desk Software by Kayako Fusion