Pine Cove Pulse

Dan Russell

Recent Posts

Sophos Intercept X stops Ransomware

Posted by Dan Russell

Sophos Intercept X Overview from Sophos on Vimeo.

We are excited for the upcoming launch of Sophos Intercept X, a next generation of endpoint protection for today’s threats.  Intercept X is Sophos’ new signatureless anti-exploit, anti-ransomware, and anti-hacker technology that includes enhanced reporting and visibility (root-cause analytics) as well as advanced malware cleanup.  All of this managed from Sophos Central.

Ransomware has been a hot topic in the Cyber Security world for several years now, costing businesses and organizations hundreds of millions every year.  With the release of Sophos Intercept X, you can stop Ransomware right in its tracks.  As part of Intercept X, Ransomware protection (Cryptoguard) is built in to stop Ransomware attacks as soon as they are detected and roll back any files to their original state if them become encrypted.  

Along with Cryptoguard, Intercept X also has many other exciting and new technologies that include anti-exploit technology that blocks zero-day threats without needing to scan files or the need of signatures/definitions the way it was traditionally done.  Sophos Intercept X also includes deep-cleaning technology, which can track down spyware that traditional Anti-Virus misses and cleans up deeply embedded malware to make remediation extremely simple.   With all this, Sophos has added forensic reporting that traces attacks back to their origin and pinpoints addition infection points while cleaning up the malware and providing guidance for strengthening your organizations security posture.

 Whether you’re a business or school, Sophos Intercept X is a must have add-on to your current Anti-Virus solution.  Regardless of whether you are a Sophos Endpoint customer already, or use a 3rd party Anti-Virus solution, Sophos Intercept X can be installed alongside existing endpoint protection solutions to give you ultimate protection – all with minimal impact to system performance.  Watch the video below to get a first hand look at Intercept X’s Cryptoguard technology in action. 

Watch the Technical Demo:

 
 
 
 
 
 
 
0:19
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Topics: security

New ‘Locky’ Ransomware Virus Spreading Rapidly

Posted by Dan Russell

locked-background.jpg

At Pine Cove we are creating awareness about a cyber threat that is spreading like wild fire.  This blog isn’t intended to scare you, but rather create awareness.  By now I’m sure you have all heard of “Crypto Locker” which was pretty popular a few years ago where someone would click on a link and accidentally download the executable and it would encrypt their files and any mapped drives they had access to.  The only way to recover was to either restore from a backup, or pay the ransom (Sometimes up to $1,000) to get the key from the hacker to un-encrypt the files.

This new variation called “Locky”, takes things to a whole new level.  It was just released last week and stats show that it hit around 60,000 PC’s in the first 24 hours and doubling and tripling daily.  Locky works in a similar fashion where a user clicks on a Word Document received via email titled “Invoice”.  When a user clicks on it, it will tell them they need to enable Macros, once that is clicked the infection begins.  Where this variant differs from the old Cryto Locker is this one spreads.  It will reach out into  your network and any computer it sees, whether its Windows, Mac, or Linux and encrypt the files on it and shared drives.  Similar to Crypto Locker, you either have to pay a ransom to get these files back, or recover from backup and clean up all the infected machines it has spread to.

Things you can do to try and prevent Locky:

  • Make End-Users/Employees aware
  • Disable Macros from being executed on a machine either by Group Policy or Machine by Machine
  • Make sure PC’s are patched with the latest security patches
  • For current Sophos Customers reading this:
  • We have made sure your Firewall is running IPS and ATP (Intrusion Prevention and Advanced Threat Protection)
  • We have turned on Country Blocking to block all Countries except “USA, Canada, US Virgin Islands”
  • We can create exceptions to single entities if there is a provider that needs accessed outside the U.S


Please let me know if you have any questions regarding any of this and I would be happy to discuss.  Again this is not to scare you, but to make you aware of the threat and spread the word to employees to be extremely cautious opening anything that might look suspicious.

We will keep everyone up to date as we know and find out more.

If You Need Help:
If you need help with identifying your current risk or adminstering any of these recommendations, please reach out to our team at sales@pinecc.com or call 800.432.0346 and our team of consultants can quickly advise.

Below is a link that provides more detail into the Locky Virus.
https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/

Topics: security