Proactive Not Reactive: Top 10 ideas to Protect Yourself From CryptoLocker

1. User Training
This is probably the biggest item. The worst aspect of CryptoLocker is that they are not actively hacking your network. They are sending spam e-mail or having your user’s go to websites that are not for work purposes and download the installer without them seeing it. Train your users to be wary of emails from senders you don’t know and not to go to non-work sites.

2.  Apply a spam filter to your exchange that blocks executable files being attached
This will keep them from accidently activating an executable. They can still receive zip files and will have to know not to extract or unzip them.

3.  Consider Software Restriction Policies and Whitelisting
Locking down what your users can and cannot install will assist with prevention. Also, disable hidden file extensions in Windows to keep them from unintentionally installing something.

4.  Apply a Firewall
Restrict outbound traffic only on ports that you actually use. Apply content filters to keep people honest on the types of sites that they are going on at work. Clock known malware domains.

5.  Apply good antivirus.
I would recommend that any antivirus you do choose has heuristic scanning abilities as these seem to be the best at locating when Cryptolocker is active in a system. Heuristic scanning looks for typical patterns of behavior. Such antivirus includes Kaspersky, Eset, Webroot, etc. Please do your research and find the right antivirus for your organization.

6.  Apply correct security to everyone in your network
If everyone is a domain admin then this provides the keys to the kingdom to all your users. If one of them gets CryptoLocker, then you are essentially giving that virus full range to your network. Give limited domain access to users and restrict access to vital points on your network, such as your SQL server. Also, restrict who is a local admin on the computers.

7.  Strong passwords
Newer versions of CryptoLocker are able to guess at simple passwords. If you only have capitals and lowercase letters then this can be hacked within a short period of time. In 2013. Hackers were able to crack 16-character passwords in less than an hour, to view details of the article go here. It is recommended to make your passwords vary and have capital, lowercase, numbers and atypical symbols (Such as %, &, ^, }). Normally users select ! or @. These are common and more likely to be guessed. The more complicated you make your password, the better your network security will be.

8.  Regularly clean up old logins
Let’s say your users follow your password policy. What about an old login that has been sitting there for years before the password policy has been in place? This is a hacker’s dream and they will take full advantage. I recommend putting a practice into place that cleans up old logins every 3-6 months.

9.  Backup, backup, Backups!
Backups that are on their own backup device is best. You want to backup all of your critical files. Have shares for each user and train them to store their critical files on the server. I tell clients that if it will take more than a week to recreate (if they are able to recreate the file), then to place it on your personal share where it is backed up by the company. Clients that have had CryptoLocker and a backup system were back up and running with minimal downtime.

10.  Apply 3rd party programs that act as preventions
CryptoPrevent Malware Prevention or CryptoLocker Tripwire I have not personally used these two. However, have heard good reviews for the both. I would not rely solely on either and would add them as an additional layer in addition to your antivirus.

Please never pay the ransom. Every time these criminals receive a ransom it only encourages them to target another company or person and continues the cycle.

Advertisements

CryptoLocker and Microsoft Dynamics GP

CryptoLocker is the boogeyman of the IT world.  It is a silent predator until you get an error that says your file is not legible.  It affects a multitude of programs.  It also affects Microsoft Dynamics GP.  Typically, when a computer is a victim of CryptoLocker and has Microsoft Dynamics GP installed it will get an error stating that the dictionary is not loaded.  What has occurred is your Reports Dictionary location has been encrypted and GP will not launch with an encrypted dictionary.

There are several options depending on your setup and preparedness for CryptoLocker about what this means for your data with Microsoft Dynamics GP.

  1. If your Microsoft Dynamics GP’s data is stored on your SQL server and there is limited access to this server. This will minimize risk of the virus spreading to your SQL server.  Meaning the SQL server is separate from the desktops or Terminal Servers.
  2. There are exceptions for businesses that don’t lock down access to their SQL server or do not have a separate machine for their SQL instances. Some companies run SQL express and Microsoft Dynamics GP on the same computer with an external hard drive backup plugged into the computer.  This is the most vulnerable of the setups as CryptoLocker will encrypt and lock down everything the user has access to.
  3. If the user gets CryptoLocker on their local desktop and the user remotes into a terminal server, typically you will not see the virus on the terminal server. This depends on the access the users has in the network.

Steps to take once you realize you have CryptoLocker. 
Once CryptoLocker is discovered there are several steps that I take.

  1. I disconnect all network drives and remove the computer from the network.
  2. I then check the network locations for any damage and see what needs to be restored from a backup
  3. Verify that the user is not a domain administrator. If they are then you need to check the entire network to see what the possible damage may be.
  4. Check all computers in the network for variations of the CryptoLocker files. Depending on the size of the network, I ask managers to assist going to computer to computer to locate all possible infections.
  5. Analyze the problem. It is imperative to analyze the damage done by CryptoLocker.  Where you find the virus may not be where it is originating.  Several newer variations of crypto locker have become more intelligent and have given their bots the ability to hack throughout the networks by guessing simple passwords.
  6. Isolate the malware and then create your plan of action to remove it from your network. You can run scans to remove the virus and after it is removed, you can put the computer back on the network.  I like to use SuperAntiSpyWare, Malwarebytes, Eset Online Scanner.  In extreme cases, we had to complete a complete wipe and reload of the OS.
  7. After the malware is removed from the network, you can then proceed with restoring data from your backups. You don’t want to start restores until you can verify the malware is completely gone.  I made the mistake once of not doing this and the malware encrypted the restored items as we were in the process of restoring the data.

Top Reasons To Love Microsoft Power BI

  1. Direct connection into SQL databases to connect into Microsoft Dynamics GP and also Microsoft Dynamics 365.

This product is designed to work with a variety of data sources.  Including Excel, CSV, XML, Access databases, Microsoft SQL Server, MySQL, etc.  If you have data stored, there is a high chance that Microsoft Power BI will connect to it with little difficulty.  Additionally you can connect multiple data sources into one report.

  1. Access from anywhere

Sharing is caring.  This cloud based solution offers access to anyone you permit at any time of the day and from anywhere.  It has mobile apps on Apple, Android and Windows devices.

  1. Easy to comprehend and create data.

Visual charts and graphs make Power BI useful for all users.  The charts setup is also drag and drop.  Simply select your data and it is there.

  1. Up to 1GB is free

Typically, free users are extremely limited, and in this case they are limited.  However, even with the limitations, users can create dashboards and customized reports.  They can still connect to their data and schedule refreshes.  The cost of $9.99 the paid version offers additional features and flexibility with the software that is not available for the free version, please see their pricing page for more detailed information of the differences.

  1. Designed for the non-technical person.

What you normally see with many reporting systems, is that the person creating the reports has to have hours upon hours of training and trial and error to become competent at creating the reports.  With Microsoft Power BI, they have created a solution that allows the non-technical person to hit the ground running.  Simply install the Power BI Desktop, connect to your data, and start creating.

Disclaimer:
The pricing in this post is based on the current cost on their website as of 2/6/2017.  Pricing is subject to Microsoft and can change.  For current information, please review their pricing page.

Business Intelligence: When Standard Reporting Is Not Enough

It should be no surprise to anyone that we are living in a digital world and data is being kept on the most mundane items.  Especially in every aspect of a business.  Once a business creates data, it needs to be able put it together in a meaningful, productive way.  Reports once filled this void.  There are many reporting solutions that work with Microsoft Dynamics GP.  Such as Management Reporter, Crystal Reports, Excel Reports, and Jet Reports.  The question becomes, what do you do with the information that you have at your fingertips when that monthly report is not enough?

The next step is Business Intelligence.  Once thought to be a flash in the pan, is now on its way to becoming the standard for driving business decisions for many companies.  As a consultant, I see a constant need to have relevant data and Power Bi create real-time dashboards with your data to make data-driven decisions.  It can connect to wherever you store your information and be made available to you anywhere.  This is the next step to the standard reports and can be used in conjunctions with reporting to drive your business to the next level.

Microsoft has created an extremely powerful tool called Power BI.  Power BI creates dashboards with relevant, constantly updated information that you can have at your fingertips to make business decisions.  You can create a dashboard item for any variety of reasons, such as the current sales for the year, see where your sales are at, or even compare current year sales with past years.

 

 

Integration Manager Error: “RPC Server is unavailable”

This error has been the most troublesome for me in the past.  Typically of you try searching the error you will get pointed to KB article 943948.   What I have found is that this is caused when you run an integration and Microsoft Dynamic GP seems to disappear and Integration Manager freezes or gets closed down integration.  I have also seen this occur after an error and the user tries to re-run the integration.

What is occurring is that Integration manager and Microsoft Dynamic GP still has processes running in the background.  If you go into task manager and look at the running processes you will see multiple for Microsoft Dynamics GP for the user trying to run Integration Manager.  You have two solutions, either go into task manager to stop the processes and test again or have the user reboot.

Sometimes just stopping the services does not resolve the error and a reboot is still required.  If a user is logged into a terminal server it is important to verify that they fully log off the server and simply does not disconnect.

 

Change a Vendor to a 1099 Vendor in Microsoft Dynamics GP

We have all been there, a vendor changes their status from being a non-1099 vendor to a 1099 vendor.  You can simply go into the vendor card and edit the setting to make them a 1099 vendor.  The only problem with this situation is that historical transactions posted in Microsoft Dynamic GP would still show the vendor as a non-1099 vendor.

This would be a total nightmare, however, you’re in luck that Microsoft Dynamics GP has built functionality into GP 2013 and higher that enables us to easily change the status for a vendor and their entire history.

If you are on an older version than GP 2013 then you would need to use Professional Services Tools Library (PSTL).  The Professional Services Tools Library (PSTL) has a modifier tool for the 1099 vendors.  For additional information, you can also reference KB Article 918536.

For Microsoft Dynamics GP 2013 and higher, please follow these steps.

1.  Navigate: Microsoft Dynamics GP>>Tools>>Utilities>>Purchasing>> Update 1099 Information.

2. In the Update 1099 Information window, select the last radio button for ‘Vendor and 1099 Transactions‘.

6-1

3. In the FROM and TO sections, select the appropriate

Method
Method 1: currently not being a 1099 vendor to BE a 1099 vendor
FROM
Tax Type = Not a 1099 Vendor*
1099 Box  Number is grayed out
TO
Tax Type = Miscellaneous (or appropriate 1099 type as needed)
1099 Box Number=7 (or appropriate 1099 box number as needed)

6-2

Method 2: vendor from currently being a 1099 vendor to NOT BE a 1099 vendor
FROM
Tax Type = Miscellaneous (or appropriate 1099 type the vendor had)
1099 Box  Number = 7 (or appropriate 1099 box number the vendor had)
TO
Tax Type = Not a 1099 Vendor*
1099 Box Number is grayed out

6-3

4.  Look for the ranges section. From here select a vendor for FROM and TO. Restrict the update to your criteria by selecting insert.

6-4

5. Click process at the top to update all the information within your selected criteria.

6-5

6. Print the Update 1099 Information Audit Report to the screen and/or printer. It is highly recommended to verify that all changes were correct. To print this, you will automatically prompt after you select the process button and its processes.

6-6

7.  Verify vendor setup:  Navigate: Cards>> Purchasing>>Vendor. Select the Vendor ID and click on options button. Under this window verify that the 1099 selections are correct. The process should have automatically changed this for you.

8. Verify transactions: If you did Method 1 above, now navigate: Transactions>> Purchasing >>Edit 1099 Transaction Information. Enter the Vendor ID and select redisplay, the vendor’s transaction history should populate the bottom section of the window. Review all the transactions.

Note: You can edit the Tax Type, Box number and 1099 Amount for each individual transaction as needed and remember to select the process to apply the changes.

Note 2: You can also make a smartlist to review all the transactions.

 

 

The Scan button grayed, shaded or unavailable is in Microsoft Dynamics GP

5-1

In Microsoft Dynamic GP, there is a direct scanning button that is available.  For the direct scan button to activate you must have a WIA driver installed.  If it does not detect the driver it will appear grayed out (as the screenshot above shows).

I ran into an issue recently where I needed to have the users RDP into a terminal server and be able to utilize an activate scan button.  Microsoft redirect did not work and I tested several third-party scanning redirect software programs, such as TSscan and scanredirect.  Neither of these products worked to activate the scan button because they installed a TWAIN driver on the terminal server.  I had tested about 6 scanning redirection options before I found one product that installed a TWAIN and WIA driver on the server side and pulled the scanner’s default scanning options into the server.  This product is Scanner for Remote Desktop.   Here is their guide to their product with instructions on how to install.

Additional Disclaimer:
I was not paid to represent this product and earn no money placing this on my blog.  I found that this product assisted in resolving a problem that took me over a month to find a solution.  If you have another scanner redirection product that also installs a WIA driver on the server I would be more than happy to edit this post and add it.