CCSI’s New Partner for Business Communication Solutions
As an SMB ourselves, CCSI understands the issues unreliable phone systems cause and with so many available options, how do you choose the best system and know you’re getting a great price? We’ve been there. And, although we’re eager to partner with value-driven vendors, few make the cut. Back in 2016, after years of issues with an outdated phone system, we chose and implemented a new communication solution through Sangoma. With 18+ months of hassle-free, improved communications and actual cost reduction, CCSI agrees that Sangoma delivers the industry’s highest quality, IP business phone solution. We’re so impressed with our results that we decided to partner with Sangoma and extend the same quality and cost saving benefits to our own customers.
WHO IS SANGOMA?
Sangoma has more than 30 years of IP communications experience and is a dominant industry leader in hardware and software enabling VoIP systems for telecom and datacom applications. With an abundance of standard features, cost savings, strategically thought out capabilities to grow with your business and adapt with the technology as it continually advances AND comprehensive 1-year warranties, it’s a clear, easy and affordable choice. Everything you need to customize the ideal communications solution to fit your needs is readily available. Whether you’re an SMB looking to deploy a cost-effective, scalable phone system or a large enterprise requiring more advanced capabilities, there is a solution for you.
Enterprise Level Business Communication Solutions at Entry Level Costs – Endless Options and Elementary Implementation. – CCSI Staff
BENEFITS:
Being that we are an actual tried and true Sangoma IP Phones user, we are able to extend our experience and give a true list of benefits. Here are some of the actual benefits we’ve received since making the switch…
Ease of Deployment – Supports DHCP provisioning and/or PnP provisioning, which is very useful in tightly locked down networks such as our own. Also supports redirection service for remote staff which is very beneficial as it allows phones to be automatically provisioned as soon as they are plugged into an internet connection regardless of their location in the world.
Security – Built-in security mechanisms and monitoring as Sangoma is aware of the growing vulnerability of toll fraud caused because many IP phone vendors simply rely on MAC address validation, which means hackers can pretend to be that phone and create toll fraud and cost your business a lot of money.
Maintenance – As businesses grow or consolidate, new employees arrive or change roles, resulting in the need for IP phone settings to be constantly updated. Sangoma IP phones can be quickly provisioned from a central location so that the administrator can eliminate the requirement for traveling onsite. This is beneficial when adding new employees to a group or adding an entire department and groups of phones. Also, the ability to quickly validate phone settings and update firmware and security on a global and granular level
Feature Rich – Just one of the many features we’ve utilized is PhoneApps, it allows users to control functions and settings directly from the screen of their phone. Apps conducive to increased productivity as they’re user need specific (I.E.: the Presence app to quickly change their availability across all their endpoints and the Login/Logout app to jump from any phone in the office or other locations on their network, instantly pulling in all preferences and custom settings) PhoneApps are included with all Sangoma IP Phones and connect seamlessly with your FreePBX or PBXact phone system.
Cost Reductions – In place of copper wires, VoIP providers use an Internet connection to send phone calls. With traditional telephone service, phone calls are made up of analog data which need to be sent over physical copper wire connections. This requires a fairly complex national telephone infrastructure so that packets of analog data can travel from phone to phone.With VoIP, your phone calls are made up of digital data. It’s easy to send digital data over a long distance without losing any call quality entirely over the Internet. Your VoIP provider uses connections between Internet protocols to transmit the data. This is a cheap and easy mechanism for transporting data, which means that VoIP providers are able to pass their savings on and our bill is has been cut into over 3/4 of what it once was!
End User Control – Unique web-based dashboard for every user. This eliminates the need to contact IT to configure or enable features, freeing up more of their time and also allows our business manager features like checking call queue stats or changing time conditions. Users are empowered to manage and control their own features by logging into UCP from any internet capable device and have access to things such as:
Voicemail: listening, delete, voicemail-to-email, and recording voicemail greetings
Follow-me: enable/disable and add phone numbers
Conference: Create unlimited conference rooms, manage live attendee, and administrator level conference room features
Presence: manage your presence across all your devices
Device management: customize the applications and features of your desk phone
WebRTC phone to make/receive calls and SMS with your colleagues…and the list goes on
WANT TO KNOW MORE?
As a tried and true customer ourselves and through becoming a partner, CCSI has been trained and became well versed in Sangoma technologies hardware solutions and best-suited solutions specific to your business environment. As a partner, we are privy to pricing not attainable by the general consumer. For more information on how to get in on the savings and pricing or how to make the switch to VoIP/ upgrade an existing communications solution, contact a CCSI account manager today!
Still, the most commonly practiced, onsite data backup isn’t much of a solution at all these days. Not only is it subject to human error more often than most business technology components, it’s also more easily corrupted or destroyed, and at greater risk of theft or compromise. So, how do we protect the critical data that keeps a business alive and ensure the processes we have in place will keep you protected and secure? The answer is cloud backup solutions. Not only is it the more reliable option available but the benefits far outweigh any “risk” or disadvantages.
The main purpose of backing up your data is the ability to roll back and access your archives in the event of local hardware failure. To do business today, you need the confidence of knowing that in the case of catastrophe, your data will be protected and available. By backing up your information in the cloud, you have the perfect destination for your archives. Your files will be at once everywhere; no longer dependent on any single computer or server.
The cloud is also remarkably affordable. It has the advantage of requiring no physical location that you’ll need to handle maintaining on your own. A competent IT provider will keep you connected and can manage your data remotely without too much hassle.
BENEFITS OF CLOUD-BASED BACKUPS
1) TIERED COST VALUE ALIGNMENT
You know those files from years ago that you never look at but hold onto just in case because that one document in a file from 2013 could be your saving grace? Yeah, we all do. Truth is a bulk of your data loses value over time, but it is a necessary evil. Thankfully, someone thought it makes sense that the resources invested in maintaining archives should diminish commensurately and came up with “backup lifecycle management.” This allows you to align your data access needs with the costs involved since you’re able to assign different accessibility statuses to different sections of your archives.
2) SAVINGS AND SCALABILITY
Maintaining low costs is a prominent goal for any business. One of the major benefits of cloud-based backups is that there are no upfront costs associated with increasing your storage and backup capacity as needed. The use of cloud services provides a low-cost, monthly fee solution for data protection and with decreasing cost per GB as volumes grow. Your company can scale up your capacity at a moment’s notice and all at a predictable cost structure, this can be more economical in the long term, which ultimately helps your company reduce costs.
3) UTILIZES EXISTING INFRASTRUCTURE
Cloud-based backups seamlessly integrate with infrastructure that is already in place. No need to purchase new hardware, your existing computer network is all you need in terms of hardware. Your backup and potential recovery is as simple as a download and doesn’t require any expensive additional equipment. Once the backup is complete, it stores the encrypted files at an offsite data center. The entire process takes advantage of cloud technology without requiring any additional expenses.
4) DATA SECURITY
Data security has to be a top priority for everyone in your organization and keeping your critical work files protected is an essential function. With cloud-based backups, 2 copies are transmitted, encrypted and stored in external data centers and off-site. Only authorized users are granted access to the data, greatly reducing the risk your business is exposed to.
5) RELIABILITY
Cloud data is stored on multiple disks, at multiple sites specially designed for security and durability of data. Data backup and recovery is a straightforward and speedy process, almost as fast as you can communicate with your provider can the task be completed. It’s important to understand how much bandwidth is available to you though as this will impact the speed and the amount of data you are backing up; which should be measured too. With such high reliability, your employees will be able to focus on their work without worrying about accidentally deleting important files.
6) ELIMINATES TAPE AND AUTOMATED
Backups can now be scheduled or started manually and can be performed at any time with a single click, changing the way businesses protect themselves. Both cloud and tape backup can be an automated process-With tape backup, it relies on the actual tape for reliability, even the best backup plan is vulnerable to:
Theft/Loss- stored copies are vulnerable to all who access where it is stored and it can easily be misplaced or categorized
Damage- Susceptible to any number of things from fires, floods, condensation/humidity…etc.
Expensive- The cost for tapes are not cheap and many are needed, also the time taken away from the employee required to do the backup
Poor tape quality- It happens quite frequently and only portions of data, if any, can be recovered
Cloud, on the other hand, can backup without disturbing the user and allows them to select how much or how little to restore and do it without engineers’ help. Once your data is backed up in the cloud for the first time, you determine the settings you want for automated backup times, and all of your company’s data is synced without you needing to do anything further. What this means for your company is having the ability to ensure data protection, reduce downtime and limit lost productivity. Files can be recovered instantly and authorized users have remote access to it at all times.
KEEP YOUR BUSINESS GUARDED WITH THE BEST BACKUP SOLUTION
It’s no secret that a company would struggle to survive if it lost all critical data necessary to operations. Even if your business survives such a loss, there are increasingly large financial implications associated with downtime as a result of data loss. Not to mention the hit your businesses reputation would take. While this makes a clear case for the benefits of cloud, the best choice depends on your situation – you may even need hybrid cloud: a mix of the two. If you would like more information and to speak with the experts to find out what is best for your business, contact CCSI today to discover how we can help your organization take advantage of cloud-based technology solutions.
Productivity is a great word that people love to use, however, in the real world, productivity can be summed up in a simple question: Can I do my job easier or not? Microsoft has invested heavily trying to make the user and administrator experiences of Office 365 as easy and simple as possible. If you are thinking about moving your business to Office 365, here are some pretty persuasive reasons why you should.
Office 365 Offers Easy and Seamless Integration with Other Solutions: The tools you already know, use and rely on for your workflow can seamlessly integrate into Office 365. The list of programs and tools that perform well with Office 365 is extensive and includes common solutions like Word, Excel, Outlook, and PowerPoint. Office 365 makes it easy to standardize your file formats and to ensure that everyone on your team can open, access and use the pieces you create.
Mobile, on the Go Access, is Easy with Office 365: Mobile use is at an all-time high and your team uses smartphones, tablets, and other devices to stay connected and perform tasks, even when they are not in the office. Microsoft Office 365 allows your team to open and process documents, access contacts and calendar information and send emails from any connected device. Office 365 works with both PC and Mac and with Android, iPhone and even Blackberry devices.
This mobility allows you and your team to work from home, while you are traveling or from virtually anywhere you can get a connection. Whether you are heading to a trade show, calling on clients or taking a much-needed day off, you connect in an instant to get the information you need to serve customers or support your team.
Office 365 Enhances Communication and Collaboration: It’s easier than ever before to collaborate with your team and for your workers to share and access information. A password-protected portal can be established that allows your team to quickly access the documentation or files then need – and more than one person can access and work on a piece at a time. Once work is complete, progress is tracked and noted so that anyone in the group can quickly determine what has been done and what still needs to be completed.
Collaboration and communication are about more than just opening, editing and sharing documents; Office 365 also supports robust, large-scale storage and sharing and even online meetings.
Intuitive, Easy and Accessible: Unlike some other programs or packages, Office is free of jargon and very user-friendly. It has an intuitive, easy to learn dashboard that is standardized between applications. Even those in your group that are not particularly tech savvy can get up to speed quickly and become efficient users of this flexible suite of tools.
You do not need an on-site IT team to handle Office 365 issues and no one on your team needs to attend any kind of special certification to actually use this software.
Security and Safety Provide Peace of Mind: Microsoft has a robust and proactive security team and Office 365 receives their full attention. In many cases, the company has recognized vulnerabilities and released patches well before a publicized ransomware or malware attack. By identifying risk and possibilities for exploitation early, Microsoft has a long history of taking aggressive action to prevent you from being victimized by cybercriminals. In an ever-changing, ever-evolving landscape, regular patches and updates are a must; you’re far more likely to be victimized if you use a system that is regularly protected and up-to-date.
Security is about more than updates; Office 365 features the same robust systems used by Microsoft and some of the biggest brands to protect networks, documents, and even email. With built-in scanning capabilities, your Office 365 suite can scan your email around the clock and alert you to any suspicious software or attempts to hack your systems.
Office 365 was designed with reliability in mind and Microsoft does more than the promise they’ll be online; they offer a 99.9% uptime guarantee via a financially backed SLA (Service Level Agreement) to provide peach of mind about availability.
Flexible, Scalable Solutions: With a simple pay-as-you-go pricing setup and plenty of flexible options, you can start small and scale at your own pace. You don’t have to pay for more than you’ll use or begin to feel restricted as you grow. For new businesses experiencing growth, this flexibility ensures cost effectiveness. Since you can scale up as needed, your team can continue to work with the tools they are familiar with as you grow, you don’t have to change to a new system or adapt to new tools.
From cost efficiency and scalability to the peace of mind that comes from working with Microsoft, Office 365 has plenty to offer the enterprises of all sizes. Interested in Office 365 and want to learn exactly what it can do for you? Contact CCSI (817) 459-4000 ext: 28; we understand the power of this suite of tools and know just how much it can help your business grow.
To Outsource or Not To Outsource…That Is The Question.
LET’S START WITH A COST COMPARISON OF HIRING IN HOUSE VS. OUTSOURCING:
At some point, every business has to decide which approach to take when it comes to IT – hiring a full-time employee or outsourcing to a MSP. Most SMBs begin running into issues when they opt to have an existing employee handle their IT tasks. Aside from the sheer inconvenience of trying to build and run a network while performing other tasks and assignments, the IT employee is likely not up to date on the latest tech and trends. Hiring a new person can help, but every business owner knows the new hire equals a huge expense – you’ll spend on much more than just an annual salary when choosing to hire an in-house IT staffer.
Here are some of the biggest expenses you’ll face when you hire a dedicated IT staffer for your business:
SALARY COSTS
You’ll need to offer a competitive salary to ensure that you attract a great IT person and a well trained professional commands a high salary; you’ll need to be able to cover this alongside benefits and related perks to be able to justify hiring a quality-dedicated employee.
If your company is big enough to have IT concerns, but not big enough to keep a dedicated staffer busy, you’ll have to find that new hire something to do during their downtime. If you are paying a salary, then you will be paying money every month, whether your employee has enough to keep them busy or not. Coming up with responsibilities that your IT team member can handle when they are not working on your network can be a challenge. Fill the downtime with too many tasks and they won’t be available to do the job you’ve hired them for – striking the right balance between enough IT work and other responsibilities can be a challenge for any business.
BENEFITS AND ONGOING COSTS
A full-time employee costs your business far more than just a regular salary. Health insurance, workers compensation and even 401K matching programs can take a big chunk out of your budget. You’ll also need to make sure that this key employee is up to date on the latest technology and trends; ongoing certification and education costs also take a bite from your budget each year. Opting to use an outsourced team for your IT allows you to place the responsibility and the cost of these big ticket items on a third party. When you outsource your IT, you pay for the services rendered, not for benefits and continuing education for the people running your network.
INTANGIBLE COSTS
When you hire a sole employee to handle your IT, your risk is naturally increased. That employee could get sick, decide to leave or even end up harming your network and business. Even a competent, healthy and loyal worker only puts in about 40 hours a week; network errors don’t always happen on a regular schedule. Having a fully resourced team on call can help you avoid expensive errors and the issues that can crop up when your network is only monitored for a few hours each day.
Turnover can be expensive too – if your new hire leaves, they take all of their institutional knowledge with them, leaving you scrambling to replace them. According to human resource experts at ERE Media, it can cost the equivalent of a year’s salary to replace a key, skilled employee. Opting to outsource your IT means your network is never left unprotected – and that you don’t have to absorb the high costs associated with replacing an employee.
Outsourcing your IT allows you to reap the rewards of having a knowledgeable network expert on your team – without the expense of a new hire. If you are considering expanding and hiring a dedicated IT person, take a good long look at the numbers – salary, benefits and the intangible costs – to determine if a new hire is truly the best course of action for your business.
OUTSOURCING SOUNDING LIKE THE BETTER OPTION YET?…
The number one reason small to medium-sized businesses (SMB’s) choose to outsource their IT needs is so that they experience fewer headaches. This is an oversimplified encapsulation of a complex issue. To make a qualified business decision on whether or not to outsource your organization’s IT, you need to back it up with supporting evidence.
An IT department is a complex environment of hardware, software, & computer networks that allow you to perform important business functions such as accounting & financial processes, customer relationship management, email, & document creation.
Your company’s success depends on it being able to use these functions reliably & efficiently. For example, it is imperative for organizations to send & receive emails to communicate with clients, employees, partners & vendors – to fulfill product & service orders. How long can your business operate without such an important function?
Additionally, you must be able to access customer information & financial data to run your business. To protect these processes, there are many back-end functions that need to be performed including security, anti-virus protection, data backup & recovery, & server monitoring.
With this large, vital undertaking, is it feasible for an SMB to totally take on the tasks & responsibilities necessary to run its own IT department? Not without a sizable commitment & investment in IT talent, infrastructure, money & time. Training IT staff, maintaining IT devices & keeping technology up-to-date are huge burdens for most SMB’s.
Outsourcing allows you to control costs by paying a set monthly fee, eliminating any fluctuations. You’re also able to take advantage of their economies of scale, lower cost structures, & learned efficiency & expertise. Funding & running an internal IT department can be extremely expensive. Qualified IT professionals must maintain their level of expertise & be adequately compensated.
MSPs also offer cloud-hosted services.You can rent hardware like servers, have them located offsite & continually monitored, greatly reducing your IT investment. All hardware has an end-of-life expiration- when its performance deteriorates, fails, & needs replacing. Cloud services allows you control & prediction over these costs.
STRATEGIC CONSULTING
With years of experience working with different client companies & industries, as well as keeping current with the latest technology, qualified MSPs will advise companies on their future IT requirements. This is done by evaluating the company’s growth & accompanying IT needs, whether the company plans to move or expand, or enter into new markets.
Technology is constantly changing, making it difficult to ascertain what a company will need in the future & how those needs will translate into dollars. By partnering with an MSP, uncertainties become more predictable.
MINIMIZE RISKS
MSPs will keep your day-to-day IT environment up-to-date effortlessly by automating the process. They’re constantly verifying that backups are working, pushing out patches, & auditing inventory to minimize the risk of any catastrophes. They also monitor for alerts of unpredictable circumstances such as backup & hardware failures, database corruptions, software crashes, & virus/spyware intrusions, acting quickly to prevent downtime.
A limited in-house IT staff may not be able to respond & resolve issues as quickly, leading to extended downtime & decreased productivity.
INCREASE PRODUCTIVITY
Because of all of the above benefits, your organization will be able to lower its costs & focus on its core competencies. A qualified MSP can predict, prevent & quickly respond to serious issues that lead to catastrophic failures & extended downtime.
Moreover, you will be using the most current technology that enhances your success & makes you more competitive. With first-class technology, you can streamline processes making them more efficient & productive. Your company will also be able to take advantage of opportunities more quickly.
MOST UPDATED TECHNOLOGY ACCESS
Qualified MSPs bring world-class knowledge & experience to your organization on a continual basis. MSPs, give you access to new technologies & know-how you may not have considered, also, techniques & tools you currently don’t possess. These tools include tried-and-true procedures & processes; documentation; & more structured methodologies.
Additionally, MSPs test the engineers they hire, & maintain their training consistently to keep them up-to-date with the latest tech.
MSPs also bring a wide variety of IT professionals of varying skill sets to take care of a number of situations. If you have your own IT staff, their skill set would be limited to their expertise.
24-7-365 NETWORK MONITORING
Even if you have knowledgeable, qualified IT professionals on staff, with a limited number of staff, it would not be reasonable to have them monitor your IT environment every hour of the day, every day of the year. Qualified MSPs have the tools & staff to do this, & can foresee serious issues with your IT environment before they ever become one.
They’re able to advise you on necessary future upgrades to avoid any future downtime. Are your servers more than three years old? Are you using an operating system that is no longer supported? MSPs can also take care of day-to-day tasks like software updates & patches, anti-virus updates, data backups, & inventory auditing & control.
The peace of mind alone in knowing that your environment is monitored and maintained even when your NOT there, pays for itself.
If you are considering partnering with an MSP to take care of your IT needs, Contact the experts at CCSI. We provide managed IT services to hundreds of companies in the DFW Metroplex and beyond.
Ransomware: How it happens, the effects of data hostage and how to prevent it from happening to you.
Ransomware attacks are quickly becoming a serious threat that businesses MUST consider. Ransomware doesn’t discriminate, these cyber criminals target small mom and pop shops to enterprise level organizations… S T O P believing it won’t happen to you! If Delta Airlines, hospitals, and Embassies can fall victim, so can you.
The average ransomware attack yielded $1,077 last year representing a 266% spike from a year earlier. An IBM Security study from December 2016 found that over half of the businesses surveyed said they had already paid over $10,000 in ransom.
Attacks come primarily through email phishing or compromised websites. The New York Times, BBC and AOL inadvertently ran malicious ads that attempted to hijack the computers of visitors and demand a ransom.
Case Studies
Hollywood Presbyterian Medical Center paid $16,700 for access back to their data after ransomware infection.
in 2016, a ransomware attack forced a county in Indiana to pay a $21,000 ransom, as well as invest more than $200,000 in beefing up its department and security.
An unidentified hacker took home $28,000 after Los Angeles Valley College (LAVC) was hit with a ransomware attack and paid the fee for fear of permanently losing data on school computers.
Prevention and Remediation of Ransomware
File and Directory Monitoring:
By using the built in Windows service you can be alerted of changes to file/folder to try and prevent the spread of infection. You can also setup blocking of certain file extensions such as .zip, .doc, .rtf
Backup and Disaster Recovery:
You need a local backup for quick file restore and testing as well as an offsite backup for disaster recovery, either natural or man made. Some ransomware attackers search out local backup systems and network shares to encrypt so that a cloud based backup becomes the only restore method.
Employee Training:
KnowBe4 offers security awareness training for companies. With awareness training the number of workers clicking on phishing attacks drop from 15.9 percent to just 1.2 percent in some companies.
Patch and Block:
Update Windows and associated programs as well as third party programs such as QuickBooks, internet browsers, etc. You can also white-list approved applications since the lists won’t let your computer install anything that’s not already approved.
What To Do If You Get Infected with Ransomware
Immediately shut down network operations to prevent the infection from spreading
Disconnect infected systems from the network, also disable Wi-Fi and Bluetooth on machines to prevent the malware from spreading to other machines via those methods
Bad Rabbit is malicious software that infects a PC and restricts user access to the infected computer until a ransom is paid to unlock it. On October 24th notifications of mass attacks with ransomware called Bad Rabbit ignited. It targets organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine. Here’s what a ransom message looks like for the unlucky victims:
How is Bad Rabbit Distributed?
The ransomware dropper is distributed with the help of “drive by attacks”. While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure. No exploits are used, so the victim would have to manually execute the malware dropper, which pretends to be an Adobe Flash installer. Further analysis confirmed that Bad Rabbit uses the EternalRomance exploit as an infection vector to spread within corporate networks. The same exploit was used in the ExPetr. There are a number of compromised websites, majority being major news or media websites.
Who Does it Target?
Most of the targets are located in Russia. Similar but fewer attacks have also been seen in other countries – Ukraine, Turkey and Germany. Overall, there are almost 200 targets, according to the KSN statistics.
How is Bad Rabbit Different to ExPetr? Or is it the Same?
Observations suggest that this been a targeted attack against corporate networks, using methods similar to those used during the ExPetr attack. What’s more, the code analysis showed a notable similarity between the code of ExPetr and Bad Rabbit binaries.
Decryption Opportunity Assesment
Unlike ExPetr, the evidence suggests that Bad Rabbit is not intended as a wiper. The threat actors behind ExPetr were technically unable to decrypt MFT that was encrypted with the GoldenEye component. In the case of Bad Rabbit, however, the malware algorithm suggests that the threat actors have the technical means to decrypt the password necessary for disk decryption.
The data shown on the screen of an infected machine as “personal installation key#1” is an encrypted by RSA-2048 and base64-encoded binary structure that contains the following information gathered from the infected system:
The threat actors can use their own private RSA key to decrypt this structure. After decryption they can send this information to the victim.
As part of the analysis, the password generated by the malware during a debugging session was extracted. Then attempted to enter this password when the system was locked after reboot. The password indeed worked and the boot-up process continued.
Unfortunately, have to conclude that at this point there’s no way to decrypt disk and victim files without the threat actor’s RSA-2048 private key. The symmetric encryption keys are securely generated on the ransomware side which makes attempts to guess the keys unfeasible in practice.
However, there is a flaw in the code of dispci.exe: the malware doesn’t wipe the generated password from the memory, which means that there is a slim chance to extract it before the dispci.exe process terminates. In the picture below, note that while the variable dc_pass (which will be passed to the driver) is securely erased after use, that’s not the case for the variable rand_str which holds the original copy of the password.
File Encryption
the trojan uses a common file encryption scheme. It generates a random 32-bytes-length string and uses it in the key derivation algorithm. Unfortunately, the trojan uses the CryptGenRandom function when generating this string.
Ransom note creation routine
An interesting fact is that the trojan cannot encrypt files which have a Read-only attribute.
File Recovery Possibility
Bad Rabbit does not delete shadow copies after encrypting the victim’s files. Meaning that if the shadow copies had been enabled prior to infection and if the full disk encryption did not occur, then the victim can restore the original versions of the encrypted files with the standard Windows mechanism or third party utilities.
Manually Remove Bad Rabbit Ransomware
1. First of all to Remove Bad Rabbit Virus , check all the shortcuts of browser on the desktop, taskbar and Start menu. Right click on the shortcut and completely change its properties
2. Investigate list of installed programs and uninstall the unknown recently downloaded programs directly
3. Then, Open Task Manager and close the processes that relates to the Bad Rabbit Ransomware in its description. Completely discover all directories in which these processes start. Navigate for a random or different file name
4. Inspect all the Windows Services. Press Win+R type in: services.msc and then Press OK
5. Disable services with complete random names and it contains Bad Rabbit Virus in the name or description
6. Once done with it press Win+R and type in taskchd.msc and after that press Ok for opening Windows Task
Scheduler. In this section, delete a task that are related to the Bad Rabbit Malware and then disable unknown tasks having the random names
7. Clear Windows Registry from Bad Rabbit Virus and press Win+R, type in: regedit.exe and then press Ok. Find it and delete all the keys/values contained in Bad Rabbit Ransomware
8. Remove Bad Rabbit Virus from all the browsers like Chrome, Explorer, Firefox, etc and in case any step is skipped the virus can come back in the system.
Reccomendations
Kaspersky Lab corporate customers are advised to:
Make sure that all protection mechanisms are activated as recommended; and that KSN and System Watcher components (which are enabled by default) are not disabled.
Update the antivirus databases immediately.
Additional Precautions:
Restricting execution of files with the paths c:\windows\infpub.datand C:\Windows\cscc.dat in Kaspersky Endpoint Security.
Configuring and enabling Default Deny mode in the Application Startup Control component of Kaspersky Endpoint Security to ensure and enforce proactive defense against this and other attacks.
