Over 120 managed service providers forgot to update a software plugin from 2017 and are now vulnerable to attacks.
Hackers used a two-year-old vulnerability in a remote management software to gain access to networks and deploy the GandCrab ransomware on customer workstations of managed service providers.
At least one company has been hit already, according to a report on Reddit, confirmed by cyber-security firm Huntress Labs.
The vulnerability used by the hackers is from the Kaseya plugin for the ConnectWise Manage software, a professional services automation (PSA) product used by many IT service providers.
The Kaseya VSA plugin integrates data from the Kaseya VSA, a remote monitoring and management solution with a ConnectWise dashboard.
Many small IT service providers and other types of managed service providers (MSPs) use the two applications to centralize data from their clients and manage customer workstations from a remote central location.
In November 2017, a security researcher named Alex Wilson, discovered an SQL injection vulnerability (CVE-2017-18362) in this plugin that could allow an attacker to create new administrator accounts on the main Kaseya app. He also published proof-of-concept code on GitHub that could automate the attack.
Kaseya released patches at the time, however it appears that many IT companies failed to install the updated Kaseya plugin on their ConnectWise dashboards, leaving their networks exposed.
Attacks exploiting this vulnerability started two weeks ago, towards the end of January 2019. One report posted on Reddit describes an incident at an MSP where hackers breached an MSP's network and then deployed GandCrab ransomware to 80 customer workstations.
A now-deleted tweet claimed that hackers used the same attack routine to infect other MSPs, locking more than 1,500 workstations.
ConnectWise has issued a security alert for their Manage product in response to the growing number of reports surrounding these ransomware attacks, advising users to update their ConnectWise Manage Kaseya plugin. The company said that only companies "who have the Plugin installed on their on-premises [Kaseya] VSA" are impacted.
In an interview with MSSP Alert, Kaseya executive VP of marketing and communications Taunia Kipp said they've identified 126 companies who failed to update the plugin and were still at risk.
"We posted a notification/support article to our support help desk and immediately started reaching out via phone/email to those identified who were at risk of impact with resolution," she said.
Huntress Lab researchers, who said they had "first-hand knowledge" of the incident involving 80 customer workstations that got infected with GandCrab.
Important changes regarding your email security
As a valued customer of our email and/or email security products, we are sending you this email to inform you of the coming changes that may affect your services with us. As you may already know, since Intel acquired McAfee, they have decided to no longer continue providing their MxLogic email security services. By the end of the year, MxLogic will no longer be available for use.
Over the next few days, your email security services will change from MxLogic to Mailprotector. It is very important that you and your end-users are aware of this change, since the portal to manage the spam quarantine will be different.
All end-users will receive their daily reports of the messages in quarantine that require to be managed. There are also other methods to manage spam. Please view our documentation for email security in the FAQs at https://www.qwertyc.com/faq/category/email-security/
Below is the recap of Mailprotector highlights as the replacement for MxLogic.
If you receive an email from someone in our team regarding updating the MX records, please respond immediately. Failure to respond may affect email service and delivery.
We are actively updating our FAQ page to include information and instructions on using Mailprotector.
Also, don't forget to like our page for news and announcements.
Most business managers and their IT leaders don’t really have the time to look at the future of the way they handle and use IT. In the current economic climate when many companies are trying to cope with shrinking budgets moving forward with your IT strategy is very low on everyone’s to do list.
These days there is a growing demand for a company’s IT strategy to be run together with top level overall business strategy. Under these circumstances most managers find themselves dealing with urgent priorities rather than important ones as time and budget demands. However, not dealing with long term IT objectives, can create a situation of short term fire fighting
Where issues that keep coming up are never properly addressed or dealt with, often creating differences between the IT department and the rest of the company. Bearing this in mind, it is small wonder that staff members often lack initiative as they become demoralised and customers lost due to IT downtime.
At least fifty percent of companies fail to recognise the negative impacts that IT downtime can have on their overall business. The increase in these problems, if not addressed, could mean significant increases in company losses and costs into the foreseeable future.
If you find yourself fire fighting on a daily basis then you need to hold your breath and stand back for a moment. Take a realistic; overall view of things and you may be able to see a way out of the current problems. Things don’t have to carry on downwards, proactive change, for example temporarily outsourcing some strategic projects could have a significantly positive effect on your day to day business.
Think on some more and it may well be cheaper in the long run to find yourself a committed IT expert and employ them rather than pay agency costs on top of the pay for a temporary worker. If you don’t want the expense of a high salary right now, and if you want to give your existing staff room for promotion, then why not outsource some of the day to day jobs such as database updates and other regular, essential tasks.
There are things for and things against all of the above, but when you really get down to adding up the costs, outsourcing some projects might work out cheaper than hiring someone on a permanent basis. There are no easy answers to these problems, when you think strategically; outsourcing some of the more mundane tasks could be more cost effective.
Don’t forget that the company you choose has a financial interest in doing the job right and even offering extra services, because they want your business. Knowing that the IT side of your business is professionally supported means that you can expect less downtime – which in turn means less of your own and your employees’ valuable time spent fire fighting. When you outsource IT projects to specialists, you have peace of mind without the expense of full time employees.
When a computer decides to go belly up and pretty much throw in the towel, it is only normal to feel an immediate and consuming sense of panic. After this comes the decision to seek out the best computer repair at any expense necessary to make sure all is not lost.
However, sensibly speaking, there are a few more steps that should be slotted in prior to seeking the help of a computer technician following a PC meltdown. What you do next have the potential to affect whether or not you’re looking at a write-off.
So if you’re the type that can leave blind panic to one side for just a brief while, here’s a look at a few tips from the experts on how to handle a computer meltdown:
Before doing anything else at all, if you’ve been able to get your system to boot into safe mode or any mode your primary OS offers, be sure to back up every last shred of data you might need from the hard drive. When things take a turn for the worse, you have to assume that this might be the last time you will ever gain access to your data so it’s up to you to make safe copies of it or risk losing it for good.
Contrary to the above, if for any reason you suspect that your hard disks are damaged, unplug the PC immediately and call in the experts. A damaged hard disk may well be mostly intact at the time of the system problems, but the more you try to use the drive and access the data, the worse the damage becomes and the greater the data loss. So, following any drops, knocks or when you can hear any buzzing, scratching or grinding from within the drive, do not try your luck with it.
If you have been able to get yourself into the operating system but still seem to be encountering serious problems, it’s recommended that you remove any hardware or software you recently installed that could be responsible for the problems. Conflicts occur and faulty products can cause serious problems, so it’s always worth giving this a go since can of course reinstall them later.
If you have been sensible enough to create system restore points and ideally a restore disc…which let’s hope you have…you can use this to return all system settings to the way they were at a prior point in time. The good news is that this will not erase any of your files, but could potentially see your system working as it should once again by way of an automated process.
If however none of the above yield any fruit and you’re not the type that knows the inner workings of a computer all that well, it’s time to accept you might only make things worse and call in the pros instead.
QWERTY Concepts is a reliable business IT service company that has been operating since 2005. If you require business IT support in New Jersey or New York City - QWERTY Concepts engineers are ready to help.
Let's start with the basic question. What are managed IT services? They are essentially fixed-fee or subscription-based services to perform proactive, reactive, and daily operational tasks to resolve IT-related issues for end users and IT staff. The purpose of managed IT services is to maintain the infrastructure to provide availability and smooth operation to your IT infrastructure on an ongoing basis. Depending on the managed IT service provider, services may also include remote help desk, firewall and security, on-site support, and backup services to provide end-to-end management.
When shopping around for managed IT services for your business, it is important to ask the following questions:
1. Automated proactive IT services
Collecting information about a computer and manually reviewing alerts can be considered “proactive maintenance”, however the answer should ensure that these services also include automation. Manually reviewing and responding to alerts may cause alerts to be missed and remediation may not be immediately performed – therefore increasing risk of potential downtime in the future.
2. Licensing and support for antivirus and anti-spyware software
Antivirus and anti-spyware are essential to any PC therefore is a minimum requirement from your managed IT service provider. If anti-virus is not included, how will the managed IT service provider maintain a good grip on the antivirus policies, scheduled scans, and provide threat management? Because malware is the cause for major end-user "problems", this cannot be overlooked.
3. Help desk support
This is an important part of the service offering, because users generally have problems that arise out of nowhere. Having the ability to report the issue and work with a local support team usually means their business hours are in line with your business and communication should be clear between both parties. It may not matter as much if you are only looking for remote support, but if on-site support may also be required this should be a very important factor. For instance, if you are located in NJ, having managed IT services in NJ means that the on-site staff are part of the same team that supports your infrastructure remotely.
4. Vendor management & support
These typically include internet service providers, web hosting providers, domain registrars, cloud service providers, and software vendors. Having vendor support can be very helpful when you are caught in the middle between the IT service provider and the software vendor. This will allow the managed IT service provider to work with the vendor directly to quickly determine the issue using the tech terms and acronyms they both understand.
5. What IT services are not included?
This question is often missed because as human beings, we are so blinded by the illusion of the marketing presentation that we invent expectations before they are even delivered. If you receive a response with a whole list of services or a document that covers what is not included, you may find yourself arguing over invoices directed your way when services are performed. Your network needs to function all the time and having to worry about unexpected invoices can be frustrating. Asking and understanding what services are not included during the interview process would be ideal. Not only will it clarify any technical gray areas, it will minimize any future invoice inquiries and retains a healthy business relationship.
With huge competition in the online market, business owners need to be extra cautious while selecting the right IT service provider for their business. Operating and managing business is a daunting task, and this requires special attention. Business owners need to make think twice before hiring IT solution agencies that offer managed IT services NYC to do the job on their behalf. Irrespective of whether a business requires support in one specific area or more comprehensive IT solutions, there would be undeniably one service provider that can surely meet its needs. The firm offering managed IT services will act as a partner to take care of all the IT Solution needs. The basic services may begin with preliminary analysis of the current technical conditions of the company to help the owners make a right decision regarding which services and what level of service they require.
Hiring the best IT service provider would help businesses to get hands on wide range of IT solutions such as network solutions, project management, server administration, help desk support, security and maintenance support and so on. For all those business owners that are unable to manage things like data maintenance, backups, and security etc, there are chances they will face system collapse, which can be fatal for the business and cost them more than they can imagine. Thus, the need to hire IT service providers that can handle all the technical requirements and do away with quick solutions. With help of IT solution firms offering managed IT services in NYC , business owners can get centralized support, 24/7 server monitoring, and preventive maintenance at most affordable price.
Such type of IT services will not cost the business owners a fortune. Most of these IT solution firms offer a wide selection of services that includes alerts, management and monitoring services of the servers, networks as well as applications. Most of these managed IT services are available as remote assistance while some are provided with onsite support if required. Most of these IT services have well organized IT professionals who facilitate planning, coordination and supervisory with best interest of their clients in mind.
Business owners should contemplate on what exactly they require when hiring best IT services. They need to decide on whether they are happy with the way their systems perform. They also need to make out the impact of the system outages and downtown of their company. Having considered all these factors would help them to and their IT solution partners to determine how effectively they can plan out the type of managed IT services in NYC they require. This will also help to build more efficient partnership between the business owner and the IT solutions firm that can handle every minute detail of the company’s IT needs. Ultimately, it is the responsibility of the business owners to take control of their business by using the most effective IT strategies available. So, whether they have a small or large business, hiring best IT services to oversee all their IT requirements would be the smartest and most advantageous decision they could ever make.
t
Is your IT infrastructure managed by a professional managed IT services provider? Our present society is based on the unique concept of specialized division of labor where everybody is trained in a certain field where they gain proficiency and expertise.
This concept is dependent on the mutual give and take where we subcontract our services to others and hire those support and services which we do not have in-house.
With the advanced technology and globalization, this concept has acquired a new dimension where there is no limit of physical boundaries and people from all over the world are connected through the wonderful medium of internet.
This diversification of talent pools and numerous options available to select the required support has worked to the advantage of many companies as they can now focus on their core activities and manage the rest through outsourced services.
This phenomenon is most evident in the field of IT Consulting and Services industry where more and more people are realizing the advantage of managed IT services.
Instead of having a dedicated staff to look after your IT infrastructure and for maintaining your network, it works out to be more economical and effective if you take out the services of a professional company who specialize in this field.
This way you are not constrained by your available resources and have access to the expert professionals who are available to you on demand to rectify any IT related problems or to guide you in any upgrade or modification to improve your operations.
There are many companies which offer such kind of services and if you are looking for Managed IT Services then your best option would be do a little bit of research on the internet.
Nowadays the location of service provider is not really important as the statistics show that more than 95% of all IT issues can be diagnosed and resolved through remote access mechanism.
You should select managed IT services a provider based on reputation, value, experience, and knowledge. In this method, the IT service provider is able to access your system or the server through internet and run the diagnostic tests to figure out the problem causing the interruption.
You may want to click here to see the benefits of QWERTY's Professional Managed IT services to compare. Moreover they can also make necessary changes in the system settings so that the problem can be corrected and the user can once again perform their normal operation.
However the use of managed IT services is not limited to troubleshooting of current issues.
Since these companies are always in touch with the latest developments in the IT industry, they can suggest you the upgrades required to improve your organization’s functioning.
Moreover the routine maintenance jobs such as security updates, system scanning, back-up and uploading of user data to secure sites and other such back-end functions can be performed by these service providers in your non working time when the systems are free.
This way you save not only the operational costs as you do not have to recruit regular staff for IT management but you also gain on expert technical advice and consultation as well as save on system time for routine operations.
Whether it is a small firm doing local business or a corporate organization, information technology is ruling everywhere and the need of managed IT services is increasing day by day. Every business owner is now looking for support that can help them with their IT queries and can support their IT functions. To ensure the correct business continuity one has to be prepared for unforeseen in today’s world of information technology. Insuring the business can be a right decision but it is nothing more than an additional expense. A business needs services for data backups, data security, data recovery, structure cabling, and network support for their employees and client devices like desktops, notebooks, network application, servers and storage systems.
If there is something that can help, it is Managed IT Services. Managed IT Services are IT services by third party service providers that offer services directly associated to computer hardware, software and networking. It is like a complete solution that maintains and monitors IT infrastructure. If you have someone who is taking care of such aspects of your business then you get enough time to concentrate on your core business activities rather than running after IT services. Advantage of hiring a third party IT service is that they work for you 24/7 in managing your IT infrastructure. Proactive maintenance and monitoring prevents most of the technical concerns at initial stages. Their service can be specific as well as enormously broad and it all depends on the requirements of the clients.
Professionals offering Managed IT Services NJ assist businesses with their device, network, and server along with monitoring the physical component of IT systems that helps them prevent outages and breakdowns. Other services that come under their strict schedule are taking care of Anti-Virus, removing Spam and Malware management. One can come across many IT service providers but needs to be very sure about hiring the right one as it can completely affect your business and its productivity. Managed IT services come along with qualified team of Tech Support in NJ that attend to you IT concerns anytime, on-time. They are always available to troubleshoot as and when the problem arises and provides solutions that are instant and customer satisfactory.
World of IT is ever evolving and so does the risk that comes with it. To make complete use of it, experts help has to be taken who can provide complete service and you would not find it anywhere better than at QWERTY Concepts, located out of New Jersey . Businesses are complicated and the one that involves information technology is even harder to manage on your own. In order to get better business invest huge amount of time, money and energy on IT requirements that proves to be the backbone of your business. Remember, your professional service provider does almost everything that is needed for your business continuity.
