Paul Hanley

Recent Posts

TeslaCrypt and CryptoWall bring new approaches to ransomware

Posted by Paul Hanley on Mar 30, 2015 2:00:00 PM

As the saying goes, what’s old is new again, but sometimes what’s new can still be new again.  Enigmatic?  Perhaps, but two programs in the ransomware category are doing their best to prove this.  An old friend that I’ve written about several times now, CryptoWall, is pioneering a new infection vector, while a fresh challenger, TeslaCrypt, is seeking to carve out a new target niche that has been underexploited.  Let’s see why security experts are concerned about these two infectious agents.

Read More

Topics: Malware, IT Security, Cyber Security

Lenovo’s SuperFish software threatens user security

Posted by Paul Hanley on Mar 11, 2015 3:57:43 PM

Lenovo recently announced that the SuperFish software, which came pre-installed on their consumer-grade devices, needed to be removed from every system. Logically, many were asking what the intent of the software was and why it needed to be removed.

Read More

Topics: IT Security, Announcements

What SMB business continuity and disaster recovery plans are missing

Posted by Paul Hanley on Feb 25, 2015 11:40:00 AM

When we talk about business continuity and disaster recovery, data backup is always an important part of any suggested plan. And it’s true: if your SMB clients aren’t backing up their data, they’ll have big problems if they have a run in with malware or get hit by a natural disaster. A good disaster recovery plan is about more than just backing up files, though.

Read More

Topics: Business Continuity and Disaster Recovery, Data Loss

It’s Back: CryptoWall Enters a New Generation With Version 3.0

Posted by Paul Hanley on Jan 19, 2015 1:52:55 PM

After several slow months, it seems that the authors of the infamous CryptoWall malware (Win32/Crowti or Trojan.Cryptowall) have re-emerged from wherever they’ve been hiding and have brought another version of their devious malware with them. Dubbed “CryptoWall 3.0” by security blogs and researchers, the new malware contains a number of changes and additions over the previous version.

Read More

Topics: Malware, Cyber Security

KEYHolder malware – The latest ransomware craze

Posted by Paul Hanley on Dec 10, 2014 3:07:00 PM

A new contender in the ransomware space has burst onto the scene in the last few days. Known as KEYHolder, it follows in the same vein as CryptoLocker, CryptoWall, CryptoDefense, and similar members of the Locker family of malware. 

Read More

Topics: Malware

Cryptowall: New ransomware picking up where CryptoLocker left off

Posted by Paul Hanley on Jun 11, 2014 1:40:00 PM

A new form of ransomware is on the loose, filling the void left by CryptoLocker. Several security blogs are warning IT pros about “Cryptowall”, which leverages social engineering and security exploits to encrypt its victims’ files.

Ronnie Tokazowski at PhishMe.com wrote an analysis of Cryptowall, explaining how users around the world have lost access to thousands of files after failing to pay the ransom.

Cryptowall tricks users into downloading infected attachments or clicking infected advertisements, and then takes advantage of security gaps in Silverlight, Flash, and Java to make its way onto computers, according to an alert from SANS Internet Security Center.

Read More

Topics: Malware

How to prevent Intronis from being quarantined by Symantec antivirus

Posted by Paul Hanley on May 7, 2014 11:57:00 AM

UPDATE: We have been able to resolve the issue described in this post with the team at Symantec so that it will not continue in the future. This blog was published before the issue was solved, but we still advise partners to please follow the steps outlined below to ensure that the Intronis software is not blocked by any anti-virus programs.


Currently some Intronis partners are experiencing an issue where Symantec software flags Intronis as a virus and disables our backup software. We wanted to explain why the issue is occurring and offer two quick steps to fix it. 

Last week, Symantec rolled out an update to their SONAR technology and this started picking up our software as a false positive.

SONAR is the heuristic component of Symantec Antivirus (SAV) and Symantec Endpoint Protection (SEP). Heuristic definitions are theoretical signatures used to infer which programs are bad instead of using explicitly known definitions like in the old days.

Read More

Topics: Backup Management

Webinar: Protect your managed services clients from cryptolocker

Posted by Paul Hanley on Jan 9, 2014 11:10:00 AM

By Paul Hanley, Technical Support Engineer

With the new year comes a whole host of new threats and risks to clients' data security. To help you prepare for their inevitable questions, I'll be presenting a 30-minute Intronis webinar, called "Cryptolocker: Should you pay the ransom?", on January 16 at 1:30 p.m. EST.

Read More

KEEP UP WITH THE LATEST CLOUD NEWS

Follow Intronis