ACE IT Solutions

What You Need to Know About WannaCry Ransomware

ransomware protectionThe WannaCry Ransomware attack has been touted as the biggest ransomware attack in history. The attack has engulfed businesses around the world, bringing many large enterprises and hospitals to a standstill. The ransomware affects Microsoft Systems, particularly older, unpatched operating systems such as XP. Microsoft released a patch for versions of Windows it no longer supports — because many businesses and organizations use legacy technology as critical infrastructure.

If you are attacked:

  • Experts are advising infected users not to pay the ransom, because it is unlikely they will get their files back. You will most likely have to rely on data backups to recover encrypted data.
  • Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
  • Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup.
  • Work with your trusted IT and cybersecurity partner to ensure you fully recover from the attack and are protected against future attacks.

Recommended Steps for Prevention from Homeland Security:

  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
  • Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.
  • Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
  • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed.
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  • Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
  • Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
  • Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
  • Test your backups to ensure they work correctly upon use.
Contact ACE IT Solutions if you need assistance protecting against or recovering from a ransomware attack. Our technology and cybersecurity experts can be sure all the proper steps are taken to protect your systems against ransomware.

What SMBs Need to Know About Cybersecurity

SMBs mistakenly believe they are too small to be targeted by hackers and ransomware. In fact, SMBs fall into hackers’ cybersecurity sweet spot — they have valuable digital assets, but tend to have less cybersecurity in place than a larger enterprise. Cybercriminals know that SMBs are an easy target with a potentially large and damaging… Continue Reading

NY DFS Tightens Screws on 3rd Party Cyber-Risk for Financial Firms

ACE IT Solutions Managing Partner, Warren Finkel, recently spoke to FinOps about New York State’s Department of Financial Services new rules on managing cyber-risks and how banks are expected to protect critical non-public customer data. “Out of sight doesn’t mean out of mind when it comes to following New York State’s new rigorous rules on… Continue Reading

ACE IT Solutions Recognized for Excellence in Managed Security Services

New York, NY,  February 15, 2017 – ACE IT Solutions announced today that CRN®, a brand of The Channel Company, has named ACE IT Solutions to its 2017 Managed Service Provider (MSP) 500 list in the Managed Security 100 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed IT… Continue Reading

NY DFS Releases Cybersecurity Requirements for Financial Service Companies

New cybersecurity regulations are set to go into effect on March 1, and NY-based financial firms need to be prepared. Announced  in September 2016, the new cybersecurity regulation, known as 23 NYCRR 500, was developed to “guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent… Continue Reading

ACE IT Solutions Nominated for Five Hedge Fund Technology Awards

ACE IT Solutions has been nominated as a finalist for five HFMWeek 2017 US Hedge Fund Technology Awards, including: Best infrastructure provider (read more) Best IT consultancy service (read more) Best IT service for small and start-up firms (read more) Best security solution (read more) Best overall technology firm – client service​ (read more) The 2017 US… Continue Reading

Simplify Cybersecurity with a Proactive Approach to Security Threats

ACE IT Solutions’ cybersecurity partner, IBM Security, has launched a new team of global experts – IBM X-Force IRIS, to help clients prepare for and rapidly respond to security threats with best-of-breed security solutions. Our seasoned experts and consultants deliver threat intelligence services, incident preparedness planning and onsite response services to help organizations stay ahead… Continue Reading

Restore Systems After Ransomware without Paying

The San Francisco Municipal Transportation Authority (SFMTA) was hit with a ransomware attack the morning of Friday, Nov. 25. It is reported that the hacker demanded approximately $73,000 USD to restore operations. Fortunately, the SFMTA had an information technology team in place and backup systems that allowed the SFMTA to bounce back without paying a cent.… Continue Reading