January 2024 - Ophtek

Data Breach at Norton Healthcare After Ransomware Attack

ALPHV, Data Backup, Data Breach, Employee Training, Norton Healthcare, partition hard drives, RansomwareALPHV, data backup, data breach, Employee Training, Norton Healthcare, partition hd's, ransomwareOphtek, LLC

Jan 2024

Healthcare data is some of the most sensitive and confidential data to exist in IT systems, so the ransomware attack at Norton Healthcare is a big deal.

Based in Kentucky, Norton Healthcare is a provider who delivers health services to adults and children in over 40 clinics. Their objective, as with all healthcare providers, is to improve the lives of their patients. However, a recent data breach has done little to inspire a sense of wellness in their patients. The breach, which occurred in May this year but is only just being reported, was part of a ransomware attack. Norton Healthcare’s network was breached for two days, but there appeared to be no evidence that their medical record system had been accessed.

Nonetheless, healthcare data should always be secure, and breaches in local networks represent a major cause for concern.

The Norton Healthcare Attack

The exact nature of the attack has, at present, not been released. But we do know what the impact of the breach was. After discovering that an attack was taking place, Norton was forced into turning its network off, the last thing a healthcare provider wants to do. As the attack was unfolding, Norton received, in a novel twist, a faxed ransom note featuring threats and demands. Later that month, a ransomware group known as ALPHV claimed responsibility for the attack.

ALPHV released a statement to the dark web which claimed that they had managed to compromise 4.7TB worth of data from Norton Healthcare’s servers. As proof, ALPHV uploaded numerous files – containing patients’ bank statements and Social Security numbers – to backup their claims. Norton’s official line is that only some network storage devices were breached, and these only contained identifying information rather than any medical data.

How Can Healthcare Providers Protect Themselves?

With more and more healthcare providers coming under attack from threat actors, it’s important that they understand how to minimize their risk. In fact, these lessons are valuable for any business running an IT network, so it’s time to find out how. So, to stay safe from ransomware attacks, make sure you follow this best guidance:

Regular backups: it’s vital that you perform regular backups of your data to ensure, if it becomes encrypted by ransomware, you still have access to it. Ideally, these backups should be completed daily at the very least, and they should always be saved to secure locations. It’s important to keep copies of your backups offline as well, this will allow you to access your data even if you need to take your network down.
Partition your hard drives: to minimize the impact of a breach, it’s a good idea to partition you hard drives and data storage. By separating these from your main network, and from each other, you’re limiting the files and data that malware can access. This minimizes the risk of data loss and allows you to keep important systems online.
Employee training: educating your staff about the dangers of social engineering and phishing emails is one of the most important steps you can take. Ransomware, such as the strain encountered by Norton Healthcare, is often spread through emails and your employees need to be able to identify these threats before clicking on them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Agent Raccoon Malware Strikes Targets Across the Globe

Agent Raccoon, backdoor attack, malware, network traffic, Ophtek, Phishing Email, trusted updatesAgent Raccoon, backdoor attack, malware, network traffic, Ophtek, phishing, trusted updatesOphtek, LLC

Jan 2024

A new strain of malware called Agent Raccoon has been discovered, and it appears to have been launched by nation-state threat actors.

A wide range of different organizations – based in sectors such as education, government, non-profit, and telecommunications – have fallen victim to Agent Raccoon. And these organizations aren’t based purely in the US, with attacks also discovered in African and the Middle East. Clearly, Agent Raccoon is an ambitious piece of malware and, given the nation-state approach of the attack, it’s one to be on your guard against.

How Does Agent Raccoon Work?

Although the exact identity of the threat actors behind Agent Raccoon remains unknown, security researchers have been able to detail how the malware works. Disguised as either a Microsoft OneDrive Update or Google Update, Agent Raccoon tricks unwitting victims into downloading an executing it. Once initiated, Agent Raccoon launches its backdoor attack. Using Domain Name Service protocols, Agent Raccoon can communicate directly with the command-and-control server set up by its creators.

Primarily, Agent Raccoon focuses its malicious attention on three main areas:

Opening up remote access to the infected PC
Incoming and outgoing file transfers
Remote command execution

However, Agent Raccoon’s activities do not appear to be set in stone. Researchers have discovered numerous variants of Agent Raccoon, suggesting that the threat actors are regularly updating it.

Can Agent Raccoon Be Stopped?

Agent Raccoon isn’t the most persistent piece of malware to have been developed, but it remains a major problem for those that it infects. As ever, maintaining strict security practices is vital for protecting your IT infrastructure. Accordingly, you need to make sure that all members of your organization are fully versed in the following:

Question all emails and links: even if an email appears to have been sent by a trusted source, this can easily be faked. Therefore, all incoming emails should be scrutinized closely. This means hovering your mouse cursor over any links to reveal their true destination, double checking email addresses to confirm they are correct and not a close variation, and contacting the sender of emails to double check they are genuine.
Only accept updates from genuine sources: software updates are an important aspect of PC security but should only even be downloaded directly from the developer. Online adverts and emails suggesting that you download these from alternative sources should never be trusted. Often, the files at the heart of these downloads are nothing but malware. So, stick to legitimate downloads and rest assured that they will be safe.
Monitor network traffic: Agent Raccoon communicates with a remote server and also transmits significant amounts of data. This means that you should be monitoring your network activity for any unusual traffic. If, for example, an unknown destination regularly starts connecting with your network, it could be a sign that your network has been compromised. In these situations, connections to this destination should be terminated and fully investigated.

For more ways to secure and optimize your business technology, contact your local IT professionals

Capacity Planning: Balancing IT Resources for Efficiency

capacity planning, Data Storage, IT Efficiency, IT optimization, Network, Ophtek, Servers, system upgradesCapacity Planning, efficiency, network, Ophtek, optimization, servers, storage, upgradesOphtek, LLC

Jan 2024

The everchanging world of IT and business means that optimizing your resources has never been more important. But how do you do this effectively?

Resource management is vital for maintaining IT operations, one small mistake and you could find your IT systems completely derailed. This means a drop in productivity, one which your competitors will be able to seize upon. But this doesn’t have to happen. Instead, you can prepare for all your potential needs and scenarios. This will ensure your organization can balance its resources and maintain a productive IT infrastructure.

What is Capacity Planning?

Naturally, you want your IT systems to be able to handle your existing workload, but it’s crucial they’re also optimized to deal with future demand. Accordingly, you need to be able to evaluate your current IT resources and confirm they’re suitable for your existing needs. After this, you need to forecast what your future needs are likely to be, and this can be achieved by identifying market trends or preparing for changes in demand e.g. winning new contracts. And this is exactly what capacity planning is.

Which Resources Should You Be Looking At?

The number of different IT resources in use at any one business are wide and varied. Nonetheless, when you’re working on a capacity planning strategy, it makes sense to concentrate on these areas first:

Servers: new product launches are almost certainly going to lead to an upswell in web traffic. Likewise, launching new online servers will create a similar increase. And your existing servers may not be suitable to cope with this sudden demand. Therefore, ahead of these types of launches, to look at scaling up your server resources to ensure continuity for your website.

Storage: we live in the age of big data, where customer data is an important marketing tool but suitable storage is vital. So, what happens if your data storage isn’t capable of dealing with an influx of new customers? The answer is that it will put significant stress on your IT infrastructure. This is why pre-empting data storage needs is an important element of capacity planning.

System upgrades: upgrades to your IT infrastructure, such as company-wide software installations, require careful planning. After all, most workstations will need to be restarted at least once to implement new software installations. And this can have a major impact on your organization’s productivity if it all happens at once. Instead, you should plan to optimize your PC resources by phasing any company-wide installations over time.

Networks: with remote working becoming more popular, it’s important for your IT networks to be able to deal with multiple remote connections. After the lessons learned during the pandemic, where the technical demands of remote working were suddenly laid bare, organizations need to be ready. As a result, upgrading network infrastructures to deliver seamless connectivity to remote workers is paramount.

Final Thoughts

As the business landscape moves further into the 2020s, mastering capacity planning with IT resources should represent an essential target for all businesses. If you want your organization to achieve optimal performance and navigate the challenges of IT successfully, your capacity planning needs to start today.

For more ways to secure and optimize your business technology, contact your local IT professionals.

SmokeLoader Trojan Used to Deliver Phobos Ransomware

anti-malware tools, offline backups, Ophtek, Phobos ransomware, SmokeLoader, social engineering, Trojansanti-malware tools, offline backups, Ophtek, Phobos ransomware, SmokeLoader, social engineering, TrojansOphtek, LLC

Jan 2024

Be aware, your files are under threat from a new variant of the Phobos ransomware. And it’s being distributed by threat actors using the SmokeLoader trojan.

The Phobos ransomware was first detected in 2017 and, since then, has gone on to be used in numerous cyber-attacks. This new variant, however, is slightly different and more sophisticated than previous incarnations. The threat actors behind the new variant are believed to be the same team behind the 8Base ransomware syndicate, a powerful cybercrime operation.

As you know, any form of ransomware is dangerous, but one which is as clever and cunning as Phobos requires special attention. Luckily, Ophtek are here to provide you with all the advice you need.

The SmokeLoader Campaign

The SmokeLoader trojan is typically used to deliver the 8Base team’s variant of Phobos. A trojan is employed as the launchpad as Phobos, on its own, does not have the capability to breach a PC’s defenses. SmokeLoader operates by disguising itself within spam email campaigns and relies on social engineering techniques to unleash its malicious payload. Once SmokeLoader has been activated, it begins loading the Phobos ransomware.

And Phobos presents a very persistent and effective threat. It starts by identifying target files and automatically ends any processes which are accessing the files. From here, Phobos’ next step is to disable the PC’s system recovery tool, which ensures the victim is unable to roll back their PC to a pre-infection stage. Finally, before encrypting any files, Phobos makes a point of deleting any backups and shadow copies. Rest assured that Phobos doesn’t want to give you any chance of retrieving your files without paying a ransom.

What’s notable about this strain of Phobos is its encryption speed. Instead of fully encrypting all files, it only focuses on completing this on files under 1.5MB in size. Anything over this file size is only partially encrypted. Phobos alerts its victims to its encryption activities by issuing a ransom note on the infected system. This ransom note explains that the only way to decrypt the files is by making a payment in Bitcoin. And this payment is dependent on how quickly contact is made.

Staying Safe from SmokeLoader and Phobos

The financial damages arising from ransomware continue to rise and rise, so it’s crucial that you keep one step ahead of these attacks. The best way to stay safe is by following these best practices:

Understand social engineering: the Phobos attack, and many other ransomware attacks, are only able to initiate themselves due to victims falling for social engineering scams. Therefore, it’s vital your staff understand what social engineering is and how to combat it. For example, if an email sounds too good to be true, it probably is. And the best thing to do with a suspicious email is to take a deep breath and think long and hard before clicking any links.

Always keep offline backups: if all your files are encrypted then you’re going to have a hard time retrieving them without paying a costly ransom. And, remember, Phobos actively seeks out backups and shadow copies you may have stored on your network. However, if you regularly backup to an offline source, such as an isolated network or drive, you have the opportunity to minimize your file loss.

Use anti-malware tools: one of the best ways to add an extra layer of protection to your PCs is by ensuring that anti-malware tools are installed. These tools are discreet, mostly running in the background, and can identify malware before they launch their attacks. This allows you to quarantine and delete threats such as SmokeLoader before they can take over your system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Sustainable Practices for a Greener IT Environment

cloud computing, dark data, green IT, Ophtek, outsourcing, sustainable IT, turn off pc, working remotelycloud computing, dark data, green IT, Ophtek, outsourcing, remote work, sustainable ITOphtek, LLC

Jan 2024

Modern businesses are constantly looking to reduce their carbon footprint. One of the best ways to achieve this is with a greener IT environment.

When it comes to the environment, digital data comes at a cost. Therefore, it’s important for businesses to evaluate their practices in order to reduce their impact on the environment. This is known as Green IT, a study and practice of the ways in which IT usage can be more environmentally friendly and sustainable. However, for many organizations, their adoption of eco-friendly practices tends to be focused on manufacturing and service elements.

How Do You Develop Sustainable IT Practices?

If you want to reduce the carbon footprint of your IT operations, you should start making changes in these areas:

Cloud computing: one of the best ways to reduce your impact on the environment is by embracing the cloud. Due to superior hardware setups, cloud data centers use less energy than traditional in-house data solutions. And the savings are seriously impressive. It’s estimated that cloud computing can improve energy efficiency by up to 93% and, in the process, release 98% fewer greenhouse gases.
Dark data: all businesses carry and store huge amounts of data, but does it all need to be kept? Data which is stored, but not required is referred to as dark data. Therefore, if you’re using cloud data centers, which are responsible for 2.5% of carbon dioxide emissions, to store dark data, you’re putting an unnecessary strain on the environment. The solution here is to evaluate your data governance policies and develop strategies for disposing of dark data.
Turn your PCs off: many employees fail to shut their PCs down at the end of the day. This is the result of wanting to get home and, of course, saving time the next day when they’re logging on. However, leaving a PC running overnight not only produces carbon emissions but also shortens the lifespan of the device. This means that you are more likely to have to replace the machine, contributing towards environmental damage. Accordingly, your employees need to be educated on the importance of shutting their PC down.
Outsourcing: if your business experiences a surge in demand, you don’t have to buy additional equipment to cope with the increased workload. Instead, you can outsource this workload, such as to a call center, to manage the demand. After all, this surge in activity may be short lived, and outsourcing represents a sustainable and more affordable option. Remember, anything which reduces the sale of new hardware will only have a positive effect
on the environment.
Remote working: advances in IT technology mean that any employee with a high-speed internet connection can seamlessly connect with your IT infrastructure from home. This means a reduction in not just emissions from travel, but also a number of energy saving costs in your office. As a result, allowing employees to work from home will easily enhance your green credentials and reduce your carbon footprint.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: January 2024