Tuesday, May 16, 2017

WannaCry Ransomware

By Jeff Joyner 

The WannaCry ransomware (aka WannaCrypt) is a ransomware computer worm infecting 200,000+ computers worldwide. It targets MS Windows systems (desktop and server) exploiting an SMB protocol vulnerability resulting in files getting encrypted until the victim pays a ransom in BitCoin currency ($300-$600) to the attacker. Windows 10 and Windows Server 2016 operating systems are not affected by this attack.

A patch was released by Microsoft for each of the affected, currently supported operating systems back in March. Patching systems with Windows Updates is an easy way to prevent devices from being infected. 

For information on older systems (Windows XP, Server 2003), Microsoft has published additional guidance at this link: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Additionally, MalwareBytes and Webroot have stated that they actively block WannaCry attacks.

Call CTG sales or your account manager to learn how we can secure your network from threats like this.

Jeff Joyner is a Senior Network Engineer at Convergent Technologies Group.

Ingram Micro Cloud Summit

By Jeff Garell

 

I had the good fortune to attend the Ingram Micro Cloud Summit last week in beautiful Phoenix, Arizona. This conference offers the opportunity to talk to representatives from a large cross section of cloud service providers. Some of the names are quite well known such as Amazon, Microsoft, Dropbox, and Hewlett Packard Enterprise and others you may not have like Odin, Intermedia, and NCR (among many others).

I should clear up that this conference is exclusively focused on companies like CTG that help customers make informed decisions about technology. I mention this simply to explain that many of the sessions were about attempting to convince us to sign on with them to sell their stuff and how to market/price/deliver these services.  Candidly, it can be a bit of a meat grinder at times but the alternative is to attempt to reach out and coordinate with each of these organizations individually with the possibility of missing some of the lesser known names that may be a great fit.  And there’s no way to do all of that in 2 days without a conference like this one.

So after being educated, solicited, and sold to for two days here are just some of the highlights and takeaways:

The Thursday morning keynote by Marc Randolph, one of the founders of Netflix, was thoroughly entertaining, informative, and entrepreneurial.  He spoke about the process that he and his cofounder went through before finally settling on this twice discarded idea of sending movies through the mail. Interestingly, the idea originated in the days of VHS tapes and was undoable in terms of mailing & storage costs for that format. The DVD technology shift enabled them to re-visit the idea a second time, but they had another thing they were pursuing, so they shelved it again.   Eventually they came back around to this DVD through the mail thing and got started.  Marc discussed the trial and error processes, the successful and unsuccessful campaigns, learning to iterate their promotions and changes more quickly, and how they were at one point perched on the edge of closing up the shop.   He told the story of their meeting with Blockbuster and for the low price of $50 million they could be purchased.  Blockbuster said no (obviously) and on the plane ride back from that meeting Marc and his partners decided to take down Blockbuster, who then was the largest player in the movie rental business, bar none.  And they eventually did.  All in all the message was to continue to generate ideas, spend a little time determining the feasibility, quickly chuck the ones that don’t make the cut (you don’t have that kind of time to waste, do you?), and move forward with the promising one(s).  That ideas come from everywhere and usually from a “pain” that you experience – as in, “wouldn’t it be nice if someone could find a way to fix [insert a daily annoyance you experience]?” Why not be that “someone”?

A meeting with Dropbox was interesting and enlightening. I’ve been a Dropbox user since getting a beta invite a lifetime ago but honestly didn’t look into, or understand, what kind of business/enterprise offering they had, or even why.  I walked into the meeting a bit skeptical about what I would possibly learn…and said as much, politely of course.  It turns out, there is a “there” there and it falls under the “Shadow IT” umbrella.   For those that don’t know what that means, it’s when your employees go outside of the internal IT services being offered and sign up for things like Dropbox in order to perform their job.  For example, Dropbox makes it really easy to share documents with anyone in a secure manner.  So imagine a marketing department needing to share image files with an outside ad agency or print shop that can’t be emailed because of their size.  Poof!  Dropbox account.  The problem with that approach is multifold. First is that there’s no way for the business to know exactly what data is being shared outside the organization and to whom.  The enterprise edition gives IT the control and reporting to know these details.  Second, is that the Dropbox terms and conditions state that the data in an account belongs to the account holder.  Imagine you have to let someone go and learn that they have been using this unmanaged & unapproved service that is now full of your proprietary information.  Dropbox considers it the account holder’s, not yours.  Finally, there are integrations and add-ons to do things like Rights Management and Data Loss Protection.

On a similar note, I attended the Microsoft Secure Productive Enterprise pre-conference session to learn about new advances in Office 365 and how it continues to improve security in a cloud connected world.  The session focused on what you get with the addition of the Enterprise Mobility & Security option – and there’s a lot. Microsoft covered quite a bit in the two hour session and it could have gone much longer once Q&A started.  In a nutshell, this additional service gives you the ability to manage and control mobile devices, advanced eDiscovery, and create policies around encryption, rights management, and Data Loss Protection to name just a few things. These kinds of features are important for everyone but exceptionally important for those industries where data loss is an expensive proposition (I’m looking at you, healthcare, legal, financial, and utilities).

There was so much more in that whirlwind two day conference and I’m still going through my notes and will be grabbing presentations as soon as they’re made available – so there will possibly be a part two to this post. The only item on my wish list for this conference, and keep in mind I’m a grizzled old nerd, is that there were technical deep dive or hands on options. It’s one thing to tell a room full of sales guys that your product does x or y that are thinking “show me the money!”, it’s another when you have folks like me (and there were many) that are thinking “show me the console!”. I’m hoping there will be a technical track added in the future.  The good news is I got to meet all of the right people to setup trials and demos to get my hands on those consoles – which also will undoubtedly spawn more blog posts. (You have been warned.)

Jeff Garell is the co-founder of Convergent Technologies Group.