What is Rombertik? Latest Malware Attack Triggers Destruction Tactics Upon Detection

Just yesterday, security experts discovered the latest strain of malware, nicknamed “Rombertik”, a specialized “wiper” malware smart enough to actively take precautions to help itself avoid detection. 

But most importantly: If Rombertik even suspects, let alone confirms malware analysis, it will activate a number of “self-destruct” type functions on the host computer it has infected to stop you in your tracks. Here’s hoping you have updated backup solutions in place…

 Why self-destruct? Doesn’t that harm Rombertik’s goals too?

One of the greatest dangers of Rombertik is the malware’s obsessive secrecy, for its creators are determined not to allow malware analysis to be run on their latest masterpiece. Chris Stobing has gone as far as dubbing “Suicide Bomber” of malware attacks.

Why such an extreme title? As soon as it suspects detection, Rombertik overwrites all vital information on your computer, which in turn makes you lose all of your data and forces you to reinstall your operating system and restore your files from backups.

How does it know? What triggers Rombertik’s destroy function?

In the beginning of its attack, as soon as it is up and running, Rombertik completes multiple checks to ensure that it has not been detected.

According to the Talos team of cybersecurity experts responsible for its discovery, Rombertik, “is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis.”

 How is this conducted? Don’t most malware attacks try to avoid detection?

While most malware attacks these days include instructions and commands to help them evade discovery, Rombertik will automatically compute a 32-bit hash and encrypt its victim’s hard drive if at any point the infection suspects a disturbance to its operations.

Furthermore, the Rombertik’s infection methodology, “incorporates several layers of obfuscation along with anti-analysis functionality,” (meaning that it has the capability of actively fighting off malware analysis in multiple different ways).

The attackers have also developed a way of evading sandboxes, which have traditionally been overcome by enforcing extended “sleep” periods before executing in order to get past sandbox timeouts.

As security specialists identified this method, sleeping lost effectiveness, which is why Rombertik instead chooses flood memory by the writing of a byte of random data to memory 960 million times.

By exploiting the scale of  this new strategy, Rombertik is able to consume time without being flagged as sleeping, and also manages to flood application tracing tools with over 100 gigabytes of logged data, which further complicates and derails any potential analysis.

The Final Punch/ Going in for the Kill

Remember that 32-bit hash we mentioned? As a final anti-analysis tactic, Rombertik will computer a 32-bit hash of a resource in its host machine’s memory, which it then compares to the timestamp of is original sample upon creation. If the malware discovers that the sample has been accessed or altered in any way, Rombertik goes into “Destroy” mode.

 This Includes:

1.)    Overwriting the Master Boot Record (MBR) of PhysicalDisk0, which will fry your machine and leave it inoperable

2.)    If it is unable to overwrite your MBR, Rombertik will destroy all files in the user’s Home folder and encrypt each one using a randomly generated RC4 key.

3.)    Following the completion of MBR overwrites and Home folder encryption, Rombertik restarts its victims’ computer, but not without implementing code which forces an infinite loop and stops the system from being able to continue onto fully rebooting.

So what is this malicious spyware attack after?

Its sophisticated software for attacking to avoid detection is what makes it unique, but in terms of data capture, Rombertik isn’t picky.

Once it has infected your computer, it gathers any and everything that you do through monitoring all of your behavior on the we and each and every keystroke that you make.

Why? By capturing all of your activity before transmission, secure methods such as HTTPS become irrelevant. This method of lying in wait methodology helps Rombertik evade detection while it discovers the details of your business and your users’ sensitive data.

Once Rombertik has succeeded in transmitting the the data it has gathered while spying on you, specialized scripts can be used to identify your login credentials, passwords and payment information from the logs ofyour behaviors on the web and each keystroke that you make.

How do I keep this from happening to my business?

Considering that Rombertik relies heavily on spam and phishing attacks, the best place to start is by implementing strong security practices. For more information on how you can avoid malware attacks, check out this blog from one of Bay Computing’s senior technicians, Matt Simpson.

 Need a quick overview? As an intro your organization should:

1. Make sure anti-virus software is installed on all machines accross your organization
2. Regularly update your anti-virus solution
   1. (The best option is working with your IT managed service provider to implement a centrally managed antivirus solution which automatically takes care of all updates for you)
3. Teach users not to click on attachments from unknown senders or messages which seem out of place from known senders
   1. (Think safe, not sorry when it comes to malware)
4. There is never a failproof solution, but implementing and following best security practices is one of the most effective methods out there
5. Implement the right Spam filter to block suspicious emails and attachment types
6. Utilize backup and data recovery solutions to ensure that your business continuity is protected, no matter what happens.
   1. Double-check (and then triple-check) that your backups are set to occur regularly and that they are completed successfully
7. Work with your technology provider to ensure that your computer network services are implemented with a threat-centric approach which incorporates protections across your extended network and your full business IT environment.

 If you have any questions about implementing the right security solutions for your organization, need help fighting your way through a malware attack or are simply looking for the right IT service provider for your Bay Area business, contact us today!

As a business owner, it can be overwhelming trying to stay up to date in the latest and greatest best practices for business technologies, but you know you need to keep your network, systems, and data safe in order to keep your office operations humming along.

Having a comprehensive IT management plan is a key step in the right direction. The problem is, there is no single set of rules or protocols that will work perfectly for every business and accross all office needs.

When you work directly with an IT services provider, a team of experienced technicians helps you identify the technology needs of your organization and employees, and then designs your customized, reliable and comprehensive IT solutions plan.

As for mapping out the details of each IT solutions plan, the requirements and specific policies will vary greatly based upon each organization’s:

• Hardware limitations
• Industry-related security requirements (HIPAA requirements, PCI Compliance, etc.)
• Data transfer
• Data access demands
• Backup needs and requirements
• Business obligations for unified configurations

But keep in mind, there are a number of fundamentals each business must consider when developing, maintaining or revamping their IT systems and networks.  Here is a walkthrough to cover the basics of  office IT necessities to help you cover the best practices for your business. 

1) Disaster Recovery and Data Backup

First and foremost, when your business has crucial data, your office IT systems must have the right backup solutions in place. Whether you run a botique wealth management firm or a multi-office cosmetic surgery practice, data should be backed up religiously.

Not only does the success of your business depend upon having reliable, up-to-date versions of your files, but you can’t allow a natural disaster, theft or rogue user take down your operations!

A key component of protecting your business is creating the processes and procedures to properly assign the responsibility for backing up your business data each day.

Yet the hardest part can be making sure they are actually implemented and completed daily to ensure that your day’s work doesn’t go missing.

When you ensure that your information is stored, saved and replicated, you lay the foundation for proper business continuity and enable your business’ disaster recovery planning

Here are some of the most common data backup solutions used by local businesses and organizations:

• Manual Back-Up – One of the simplest ways to back up data is to move all your information into one file, and then transfer that file to a portable hard drive.
• This is a common data backup ritual for small businesses, but it has many drawbacks and can present significant risks to your Office IT:
  • When backing up large amounts of data, it is a slow, tedious process
  • The hard drives you use are just as likely to get lost, corrupted, or damaged in some sort of disaster scenario (fire, earthquake, etc.) if they are stored in the same location
  • If you do keep your external drives at a separate location, it is quite common to see actual backups fall behind and out of date as drives must be transported round trip and time must be allocated for periodic backups.
  • Without automated processes in place, your business becomes reliant on the manual process and employees not getting side-tracked by daily work operations
• Remote Servers – Many businesses backup their data by transferring it to a set of computer servers at another location.
  • This is a form of secure P2P file-sharing called “friend-to-friend,” and it is especially helpful for businesses that have multiple offices.
  • There chance of data getting stolen along the way is lower than with other options, and the information will be stored safely in multiple locations. However, there is still the risk of both servers being destroyed in a large-scale disaster situation.
• Cloud Storage – One of the newest, most advanced forms of data backup is Cloud storage, which  stores your data on multiple remote computer servers. 
• These cloud servers are maintained by a hosting company that ensures the data security and redundancy of their services.
• In terms of continuity, cloud technology offers one of the strongest forms of data backup solutions as it involves having multiple copies of your data created, accessible from any location with a secure Internet connection.

2) Security

The modern world is overrun with threats from cyber criminals attempting to exploit people online.

Some are sophisticated hackers looking to steal money or electronically stored protected personal health information from secure computer systems.

Others may be mere spammers attempting to inundate your company with junk mail or advertisements with hopes of hoodwinking your employees into the latest cyber scam.

Their weapons may be relatively simple (phishing attack), slightly more advanced (spear-phishing attacks) or possibly quite advanced and sophistacted in their methods (Rombertik and “wiper” malwares)

There are even “hackers for hire,” who are the digital mercenaries hired by competitors to crash your systems or harm your business reputation. Whatever the threat, you must stay prepared.

Know that different operating systems require different malware protection, but there are some basic data security tips that will keep your office IT system as foolproof as possible. Consider the following:

• Choose unique passwords
• Diversify your password
• Regularly update your anti-virus software
• Avoid pop-ups
• Limit Administrator access to one person

3) Maintenance

When it comes to office IT, it is important to make sure that you have your computer maintenance consistently covered.

This includes everything from server maintenance to scheduled software updates, and the bigger your invesment, higher the likelihood that you should also invest in an extended manufacturer’s warranty.

Whenever our clients make major investments in their technologies, we always investigate the best warranty options for them and help them evalaute if the investment is worthwhile, depending on the terms.

There are far too many variables to accept hard-line rules across the board when it comes to IT maintenance. The only thing you can know for certain is if you have the right resources on your side to ensure that you will always be able to handle dealing with any unexpected tech support problems or even IT disaster recovery necessary situations.

Basically ask yourself, “Do I know who to call?”

Computers break like everything else, and when your data is lost or your work flow is stalled, this can be a disastrous time to try “DIY” computer maintenance. Having a managed IT services provider is the best way to get your equipment back up and running in no time.

4) Disaster Planning

Disaster planning is an integral part of any foolproof IT system. Whenever there is a large scale natural disaster (like the 2011 tsunami in Japan) businesses can be destroyed just as easily as homes. If you employ local backup solutions and lose your data along with your office/equipment, you may never recover. This is why you need a plan of action for the worst possible scenario.

Disaster preparedness, or business continuity, includes 3 important aspects:

• Data Recovery – You need to recover all of your data from the backup location (and immediately “backup the backup” since the first backup becomes your original)
• Replace Damaged Equipment – This can be difficult if an office or computer server was destroyed, but it is important to salvage whatever you can. Having a well-designed BYOD policy may also allow you to get by in the short term.
• Data Access – If your office was destroyed or rendered inaccessible (but your data was stored remotely) you need a way to access the backups while you sort things out. This is where Internet-enabled cloud computing becomes so valuable.

While technology advances each and every day, making sure that your IT is built upon sound foundation will always be a wise investment to enable your company to succeed. 

As you seek out the best tech solutions and IT services for your business, make sure you have the right partner on board to help you develop the best strategy for storing, accessing and protecting your mission-critical data and for securing your network and systems. 

There’s a reason that such for a wide range of businesses throughout the Bay Area depend on managed services providers:

When you work with professional IT services experts, your business becomes free to focus on your core competencies, key clients and most crucial projects to help keep your clients happy.

If you are interested in learning more about what options would work best for your organization, Contact Us at (925) 459-8500. With years of experience and our friendly team of technicians, Bay Computing is proud to serve as one of the premier IT service providers in the East Bay Area!

Best Practices in Securing Mobile Healthcare Devices

Many physicians and practice support staff participate in bring your own device (BYOD) arrangements at work. Having a BYOD policy is both convenient for staff and cuts the cost of supplying staff with electronic hardware. However, without proper technology management BYOD can easily turn into a nightmare with regard to security, so follow these best practices to ensure your practice is safe.

Authentication and Encryption of Mobile Devices

Strong passwords and dual or two-factor authentication (2FA), which involves the entering of a password and a personal identification number (PIN), greatly aid in preventing the illicit use of mobile devices.

Encryption of mobile devices ensures that if your equipment is lost or stolen, the data cannot be read by unauthorized users. If your practice has a breach in security, you will have to prove to the Department of Health and Human Services (HHS) that your devices are encrypted and that you have an encryption plan in place; if no encryption is being used, your practice will be in violation of HIPAA compliance requirements and is liable to get a fine.

Develop a Mobile Device Policy

A written mobile device policy is also essential if you have a BYOD policy for personnel. The policy should include:

• Who is allowed to access the practice network?
• What medium of access is allowed? Public WiFi networks are vulnerable, while virtual private networks (VPNs) are more secure.
• Which devices are acceptable?
• What data can be stored on the devices?

Other elements to incorporate in a mobile device policy are appropriate use, support and costs. Hand out the policy document to all staff involved in the BYOD scheme, and have them sign it to indicate that they understand the policy and that they agree comply with it.

Keep Up to Date with New Technology

Advances in mobile device management (MDM) are continually being made, and it’s important to know what’s available. For example, MDM software lets administrators know which devices are accessing data and from where, gives the ability to wipe lost or stolen devices completely clean, and monitors data that is coming into and leaving the network. Secure containers keep personal apps separate from practice data, preventing inadvertent divulging of the electronic protected health information (ePHI) of patients.

Best Practices Training for Staff

All BYOD users need to know how to activate security features, how to identify “friendly” apps, and to have guidance and controls implemented to ensure they know where it’s safe to upload sensitive data such as ePHI to. Your practice needs establish this technical know-how in all of your employees and get them on board with mobile device security as humans are most often the weakest link in the cyber- security chain.

Partnering with a reputable IT services company smooths the way to your successful implementation of mobile device security software. Contact the team at Bay Computing for advice and information about how to secure the mobile devices used each day in your medical practice.

Simple Internet and Router Troubleshooting: DIY Tips for the Office

Modern information technology is a wonderful thing – that is, as long as it’s working. When it fails to do so, the results can range from a bad case of nerves to lost revenue for frustrated business owners.

Fortunately, many computer-related maladies are fairly easy to fix. With that in mind, here are some simple Internet and router troubleshooting tips:

1. A new router fails to connect to the web

While this has many possible causes, a surprisingly common issue is that the modem is still attuned to the old router. To solve this issue, disconnect the network and power cables from the modem and from the new router. Leave everything alone for 30-60 seconds. Then reconnect the wires to the modem and wait until the little light that says WAN/Internet is burning. Then reattach the router cables, switch the router back on and try surfing the net.

2. Internet connection is spotty or non-existent

As with the previous issue, this can be caused by numerous problems, including overheating. To find out if this is the problem, simply place your hand on your router. If it feels uncomfortably warm, then move it to a spot where it gets plenty of airflow; you may even want to unplug it for a while to let it cool. If it works fine afterwards, then keep it in a well-ventilated location going forward.

3. A wireless connection runs slowly or frequently fails to work

Often a poorly placed router is the cause of this problem. All sorts of things can interfere with wireless signals, including brick and concrete walls, electrical wiring and other electronics. Try moving the router to a different room or, if that’s impractical, to a higher spot near the same location. You can also try moving your computer closer to the router.

One common yet unexpected office IT obstacle can stem from having your office microwave located too close to your business technology equipment. If you have a microwave in your business, make sure it is properly stored away from your wireless router if at all possible! If any of these steps help to solve the issue, then you’ve found the root of the dilemma.

4. Your Android tablet won’t connect to your network

With more and more people using mobile devices these days, this is an especially common issue. One quick fix that often does the trick is to go into your system settings, find the network to which are trying to connect and choose the “forget” option. Then try reentering the network password. This causes the system to flush out old, obsolete connection information.

5. Your wireless printer won’t connect to your network

The culprit might be your security suite. You might need to configure its settings to allow the printer to work. Avoid disabling the suite, however, as this may expose your system to malware.

If you’ve gone ahead and tried each of these simple Internet and router troubleshooting tips but find that they don’t take care of your office technology problem, then you may benefit from partnering with professional IT services support specialists.

When you have a dedicated team on your side, identifying the root causes of your technology issues is suddenly a priority and gets you on the road to keeping your business operations running smoothly, reliably and to maximizing office productivity. Contact us today to schedule your free business consultation and get started identifying the best options for your business!

6 Benefits of Outsourcing IT Services

How Healthcare BYOD Policies Affect Network Security

Healthcare organizations need to take a more involved look at network security, especially with increasing usage of personal devices in the workplace. Earlier, organizations would feel safer with locked-down internal user access and prevention of outside intrusion. But lately, healthcare IT security personnel, including physicians and office managers with small to midsize practices, are finding that the idea of walling themselves in from all sides is an antiquated notion. These administrators now prefer authentication based on the user’s role, their privileges and the nature of the data they are accessing.

Simultaneously, technologies are also evolving in support of this changing viewpoint. For instance, Health Resources and Services Administration (HRSA) are providing basic healthcare network security tips:

Capability and Efficiency

Actual bandwidth requirements depend on several factors such as the location, number of users, real-time transactions and technology used for hardware and storage. For estimating bandwidth requirements, it helps to work directly with IT professionals or the Electronic Health Record (EHR) system vendor.

Protect Your Network

A more robust protection is justified if you have higher valued assets. One of the fundamental requirements is a firewall as a part of the Internet gateway. Verify that all recent patches, upgrades and firmware versions are installed. Audit firewall rules and make sure only legitimate traffic is permitted to pass into and out of the network. Unless it serves a critical business purpose, scrap all file-sharing rules.

Segment Your Network

Isolate the Electronic Health Record system on the network along with any other system requiring access to it. Systems whose users do not need to access the EHR should have no connectivity to it.

Detect Intrusions

Install an intrusion detection system as it will drop anomalous traffic matching the signature of well-known network attacks.

Audit Your Setup

Workstations accessing the EHR system must comply with good security standards. Ensure this by auditing the active directory structure and policy. Before users can access the workstation or domain resources, make sure they are properly authenticated with tokens, smart cards or strong passwords.

Review All Privileges

Manage user rights centrally and review all existing user privileges by employing an active directory. Most clinical users of EHR systems require only a few administrative rights to access information.

Conclusion

Although HRSA does not mention aligning the security measures with BYOD policies, administrators can control all activities on a healthcare network as part of a BYOD control policy. This includes file-sharing access to email flow from one console while integrating these management platforms with network security components such as Network Delivery Controllers and Application Delivery Controllers.

Your Bay Area Medical Organization Needs Healthcare IT Pro Services

Professional IT support is a valuable investment for any business, but it is an especially important consideration for healthcare providers. Given the healthcare industry’s reliance on computer systems and the sheer amount of highly sensitive personal data healthcare practices retain, technical support is necessary for a secure and efficient office.

Security

Professional IT support offers many direct benefits to healthcare providers. Arguably, one of the most important components of your office technology support it IT security. Data breaches are a very real and increasingly common threat. Statistically, the vast majority of medical practices, regardless of size, area or specialty, will experience at least one data breach. Nearly half will suffer five or more instances of data theft. Given highly sophisticated theft methods and the vast amount of electronically-stored data, IT support is not an option, it’s a necessity. Professional technology support can customize security options for your office. Should a breach occur, IT will move quickly to neutralize the threat, restore operations and reduce damage.

Support

Computer systems, particularly those powerful enough to carry a medical practice, require maintenance, updates and repairs, all of which are time consuming and often frustrating. Should a system fail, even briefly, it may be difficult or impossible for a practice to continue until it’s fixed. By retaining support, offices have the assurance that IT professionals will respond quickly. This results in drastically reduced system downtime, which directly increases the office’s performance and efficiency.

Reliability

Solutions provided by professional IT Support are reliable. Whether tech support works with your practice on security issues, system performance, your network, database assistance or storage, professional IT support will work to develop the best solution for you. IT professionals will provide necessary support to ensure operations run smoothly.

Having local Bay Area IT support on-call significantly reduces the strain on doctors and staff, which results in more time with patients, more energy and effort to direct into the practice. This means increased efficiency and overall improved productivity as well. Not only do IT professionals assume a frustrating and time-consuming burden, they provide peace of mind, ultimately allowing you to spend your time providing care to your patients.

3 Considerations for Choosing an EHR System that Works for Your Practice

IT Collaboration

Survey the Practice

Deployment Concerns

The shift from tried and true work processes to a system with the potential to transform your workflow takes some getting used to. The deployment time may cause issues with computer or network access with an on-premise system, so plan around potential deployment issues once your IT staff is working on installing the system. Once it is up and running, it’s important to implement a thorough training program so everyone in the practice understands how to use it and stay compliant with all health record regulations.

Using IT Services to Conform to HIPAA Reqs and Protect Your Patients’ Privacy

On average, two million Americans face medical identity theft each year, costing U.S. healthcare organizations an estimated $41 billion [1]. Healthcare practices are finding it increasingly difficult to comply with patient privacy regulations. After the enactment of the HIPAA Privacy statute in 1996, there have been several regulations regarding patient privacy: HITECH, ARRA Meaningful Use, and the Omnibus Rule.

Patient privacy breaches attract severe penalties, both criminal and financial, along with harm to reputation. When the stakes are so high, a solid foundation is necessary — involving policy, procedures and technology — for ensuring patient privacy throughout the healthcare organization.

Top Challenges in Securing Patient Privacy Data

Although healthcare is the most regulated industry in the US today, in order to comply with the strict regulations and for avoiding stiff penalties, healthcare organizations face three primary challenges in protecting patient data. Every access to patient data must be logged — this is a HIPAA requirement. Massive volumes of access records are generated and need to be audited. Lastly, diverse data needs to be consolidated.

A Three-Step Methodology Can Lead To a Solid Foundation

As patient privacy compliance program [2], such as the Healthcare IT Support Services from Bay Computing in the San Francisco Bay Area, can provide a solid foundation and reduce the risk of a data breach with the following three elements:

1. Defining Appropriate Policies

When healthcare practices accept principles regarding patient privacy, those are reflected in their policies. These help establish a culture and expectation binding all stakeholders, including the doctors, office managers, and decision-makers of small to mid-sized practices.

2. Setting up Suitable Procedures

To enforce the policy, healthcare practices need suitable processes for developing, documenting, implementing, and communicating procedures. Mostly this involves defining who can access what data [3].

3. Using Current Technology

Tasks that cannot be addressed manually need to be handled with technology and this must be augmented in the procedures by IT support. As appropriate technology allows automatic monitoring of patient privacy data access, healthcare practices can be free of the limitations of random and manual audits.

Conclusion

Located in the San Francisco Bay Area, Bay Computing helps healthcare providers succeed by providing comprehensive, accessible and readily available healthcare IT support.

With IT services that focus on providing your users a great helpdesk and technical support experience, your patient care providers can now take advantage of your existing IT investments to satisfy increasing demands while observing Meaningful Use, navigating any new implementations following HIPAA Compliance Assessments, and any other number of industry requirements.

Ready to get started? Contact Bay Computing today and receive a free onsite network assessment!

References:

[1]
https://www.experianplc.com/media/news/2012/more-people-aware-of-medical-identity-theft/

[2]
http://cdn2.hubspot.net/hub/395219/file-1913515325-pdf/Documents/IatricPatientPrivacyWhitepaperCIO.pdf

[3]
http://fas.org:8080/sgp/crs/misc/R40599.pdf