New Server install

Last week we installed a new Microsoft Server 2012 R2 HP Server and new Windows 8.1 PC’s for a client in Marsh Barton.

The brief was to update their old 2003 SBS server with 4 clients to the latest Server 2012 R2, with 8 clients.

The server and workstations were all pre-configured in our workshop so the onsite install and disruption to the client was minimal, only 1 day. We restored data from their online backup in the workshop prior to the install which saved hours on-site waiting for data to transfer.

Email is managed via Hosted Exchange 2013, a cloud based service, which again allowed us to restore Outlook data to PC’s saving hours of waiting around on site.

The client was amazed how quickly the install went and that all was ready for each user to carry on working without disruption of more than 1 hour each.

A new UPS and backup solution was supplied including cartridge and online backup. The client makes great use of remote access, via VPN, and folder redirection of data was a must.

A new 75Mbs fibre broadband was installed upgrading from 4Mbs ADSL so a huge improvement in download and upload speed is noticed. This worked out at £5 per month more than they were already paying.

We are now looking at a VoIP phone system with our sister company Numberite.co.uk

 

When restore of a backup was the only option!

This week has been a long week due to a clients miscalculation and their unintended click on a web site….

On Monday a panicked call from a client advised they were unable to access any documents on their PC, followed by another call saying the same was happening to their server and other PC’s.

Our immediate advice was to shutdown all PC’s and the server to reduce the damage. It later turned out the damage had occurred 2 hours earlier, but good advise all the same.

It was quickly concluded that they had received an email from “Tesco Bank”, with a link to a web site which had prompted a download. Their Avast antivirus had stopped the virus payload from installing, but the client had over-ridden the warning and installed anyway. Within seconds they had lost access to files and found them renamed with the addition of .encrypt as the extension. They were seeing a warning screen that “Cryptolocker” had infected their PC and was encrypting there data and that if they paid £300 they would be de-crypted. The client advised they would not being paying up.

The virus was soon noted as a Crytolocker variant, which did not work on the free de-crypt site https://www.decryptcryptolocker.com/.

Only 2 PC’s on the network of 8 were locally affected by the encryption and it is believed that one PC had caused the issue where the virus was found. A second PC had spyware linked to the encrption and had encrypted files. Unfortunately the PC with the virus had admin rights over the server.

The Solution!

Not a good day, but after multiple scans with Avast Endpoint and Malwarebytes the PC’s and network were deemed clear of the virus and spyware, which left the matter of 35Gb of data to restore.

After many hours of attempts to de-crypt the data the only option was to restore the clients data from backup. Fortunately we were using a local cartridge backup and online backup so were able to restore data from a few hours earlier, so minimum data loss, in fact only two files were lost.

What was learnt?

Firstly, there are still viruses and spyware out there which can seriously damage a business.

Secondly, multiple backups are a must. The client noted that files which were open were not encrypted. We also noted that the files covered by Shadow copy (Previous version), could be restored, although this may have been affected if the virus had been given more time. System Restore did not sort the issue, we later found out the client had tried this before the call.

Third, our online backup solution, which we would have thought would have been an issue with the encryption was in fact ready for the issue. We were concerned that the encrypted files would have been backed up over the originals. The company confirmed that if we supplied a date the encryption occurred they can restore “All” data to prior to this.

Fourth, clients having too many admin rights on PC’s to allow viruses to install .exe files is not a good thing. Also to reduced the access to only folders needed rather than to allow access to all company folders. This could be a little restricting but the issue would have been more containable.

Fifth, Clients will over-ride the antivirus given chance. The client had only local AV so had full access over the program. In a majority of cases the AV is server controlled and these permissions would be blocked.

Sixth, did I mention a good backup?