Given recent incidents with the first known Mac ransomware, and the problem we had recently with a customer who had PCs connected to their Mac server, let’s take a minute to talk about ransomware in general.
Ransomware is somewhat unique among types of malware in that it is not attacking the OS, not trying to install anything, and not trying to hide. It is attacking the user’s actual data files. That means it needs no higher privileges than what the users themselves have. Once run, it merely scans the user’s home directory and any mounted drives (including network shares), then encrypts anything that looks like a data file (.docx, .pdf, .jpg, etc). It deliberately does NOT disturb the OS or any other files that would prevent the user from using the computer, as this would prevent them from getting paid, which is the entire point.
Given that all the ransomware doing is accessing files the user normally has access to, then modifying them, it’s not necessarily doing anything “virus-like”. Therefore, the heuristics that modern anti virus products are so proud of will likely not catch it unless they have a definition for that particular variant of the binary. This is a big problem, since as recent targeted attacks against several hospitals have proven, anti virus is NOT catching these things. All it needs is a vector to get in and get running, and the client’s data is toast.
Common infection vectors include all the usual suspects: phishing emails, malvertising, illegal or compromised software downloads (like what happened with recent new version of Transmission), malicious websites, etc. Most of these are mitigated by keeping OS and browsers up to date, having a good anti-spam/anti-malware solution filtering the email, and using network wide content filtering to keep users off of illegal and/or malicious sites. Still, especially with laptops that come and go from the corporate network, malware, ransomware, and other threats will find a way in.
The sad truth is, there is no way to completely prevent a ransomware outbreak on a network aside from restricting all machines to a strict whitelist of allowed software, which is impractical in most cases. The only thing you can do is have good backups and be prepared to use them for recovery. Backups on external drives connected to end user workstations are just as vulnerable as the rest of their files. Time Machine and Carbon Copy Cloner will not help here. Only backups that are offline (as in not directly accessible to the infected host) are safe.
Apple was able to quickly shut down this last Mac specific malware via revoking Transmission’s code signing cert and blacklisting the binary in Xprotect).
For the more immediate problem of infected PCs encrypting files on Mac servers to which they’re connected, a local backup on the server should be safe as long as the backup itself is not shared.
In summary, here are our recommendations for handling things right now in mixed Mac/PC networks:
1. Ensure users don’t have access to more shares on the server than they actually need.
2. Ensure servers are only accessed remotely via a VPN solution to prevent exploits that could infect the server itself.
3. All servers should have at least two backups, one of which is off-line.
4. Firewalls should be utilized with intrusion prevention, content filtering and gateway Anti Virus to protect against bad user behavior as much as possible.
5. Windows PCs should be professionally monitored and maintained with up-to-date Anti Virus software.
It’s not often that we reference a story from Inside Edition. Tonight there was a story about a Paralympian, whose home was burglarized and of course they took the normal stuff like jewelry, computers, TV’s, and electronics. They also stole 5 external hard drives, which were the only place she had irreplaceable videos of her Olympic journey and a documentary movie that she was working on.
See the video here. Details of the hard drive theft start at 49 second: http://goo.gl/b6iXT6
In order to be FULLY backed up you HAVE to have your data first backed up locally, then it needs to also be backed up to the cloud or off-site storage.
The Golden Triangle of Backups is as follows:
1. Redundant: This means it has to be in TWO places. On your computer and also safely stored on a backup hard drive.
2. Automatic: This means that you don’t do a thing to make the backup run. It happens on it own without a human intervention.
3. Off-Site: This means your data has to be backed up to the cloud (iCloud is not a normal place folks use to back up their computers) or stored off-site in the form of a second hard drive stored at a relatives house or at at your office.
You can read more about this at this former MacMedics Blog post. It’s titled: 9 Things We Wish We Did Before Our House Burned Down
“I went to the genius bar for an emergency, of course because Christmas is right around the corner they were PACKED! I was looking online for my next closest Apple Store when I saw a link for MacMedics. I was nervous at first because, well I’ve been conditioned to only go to Apple, but I was put a ease to see that they work directly with Apple. So the next morning I went before work, the store was easy to find, and easy to access. I went in and was highly impressed with how beautiful and clean the store was, I was greeted by a very friendly staff, they immediately went in to action to solve my dilemma. The staff did everything within their means to help me and ultimately resolved my issue above my own expectations. I left the store with a huge smile on my face and my mind at ease, I have since told multiple friends, family members, and clients about Mac Medics and vowed this will now be my go to for my Apple devices.”
There is Mac malware, mostly in the form of “trojans” and adware and much of it finds its way onto the Mac by way of those MacKeeper ads.
Do not download or install MacKeeper. If you have already installed MacKeeper then please quit MacKeeper and drag the application from your Applications folder to the trash. Then download this application and use it to run a scan on your Mac and remove any adware/malware that it finds.
http://www.adwaremedic.com (now Malware Bytes).
MacMedics 5-Star Review: “I will never take a device to Apple again as long as the MacMedics team is around”
“I buy Apple products because of their design, features, and overall awesome service delivery. Having the opportunity to work with the MacMedics team feels like yet another extension of Apple’s awesome service model. Actually, these guys are better than Apple employees in almost every way.
I first went to MacMedics: Apple Authorized Premium Service Provider for: Macintosh, iPhone, iPad, iPod, Apple TV, and Apple Watch about seven or eight years ago at the recommendation of an Apple advisor. While they were the quickest option available to fix my then dead MacBook screen, I didn’t trust doing this because they were not Apple employees. I can honestly say that using these guys was the best recommendation EVER! They are the fastest at what they do, and can usually turn your repair around in 24 – 48 hours; not even Apple can do that. And they have the best attitudes of any service people I’ve encountered. They’re just awesome to work with.
Most recently, I took my 2010 iMac in to have them upgrade the hard drive to a solid state from the traditional one. Not only did they turn the repair around the same day, but they also saved me lots of money. Simon was great in recommending that I could go to Amazon to find the parts for cheaper, and then bringing it all to them to install for just $150. Thanks, Simon. I later had the pleasure of working with both Chris and Sam. Sam was the best to work with even after I screwed up the work they had done with the new install of El Capitan. Because I couldn’t get the download to work from my account, Sam offered to do the install again at no cost. Sam and Chris even took the iMac back in a few more times to troubleshoot a RAM issue, again at no additional cost to me.
I honestly, enjoy taking my Apple devices to MacMedics because they care about the work they do, and also the customers they’re working with. They truly make tough electronic issues easier to deal with because they are honest people. I will never take a device to Apple again as long as the MacMedics team is around. THANKS, GUYS!”
The iMac family now includes the Retina 5K display on every 27-inch model, and a stunning new Retina 4K display on the 21.5-inch model.
Both Retina displays now feature a wider color gamut that delivers more available colors so photos and videos appear even more true-to-life. More powerful processors and graphics, two Thunderbolt 2 ports, and new storage options that make the high-performance Fusion Drive even more affordable are also included.
Along with the Retina models, the 21.5-inch iMac models feature faster processors and graphics, and a 1TB hard drive. All iMac models come with the all-new Magic Keyboard and Magic Mouse 2. And customers can choose to configure their iMac with a Magic Trackpad 2 instead of Magic Mouse 2. New keyboards and mice now have built-in batteries and are charged with a Lighting cable.
Mac OS X El Capitan 10.11 was released to the public this week.
This new version of the operating system breaks every Intel-native version of Microsoft Office, including Office 2008, 2011, and 2016.
All Microsoft Office applications are especially crash-prone under El Capitan, but additionally, Outlook will stall when attempting to connect to a mail server.
Until Microsoft releases patches for their Office applications, MacMedics strongly urges you not to install this new operating system. Unless you have a specific business-purpose for installing El Capitan, we suggest holding off on installing it for several months — until at least Mac OS X 10.11.2 becomes available.
More info is here.
There is still a repair extension program available for several MacBook Pro models from 2011-2013. If you have one of the models listed below and you have experienced video issues (such as no video even when the machine is powered on, distorted or scrambled video, or unexpected restarts), your MacBook Pro may be eligible for a free repair. You can visit any MacMedics location in order for us to run a quick test to see if you are eligible for the repair program.
▪ MacBook Pro (15-inch Early 2011)
▪ MacBook Pro (15-inch, Late 2011)
▪ MacBook Pro (Retina, 15-inch, Mid 2012)
▪ MacBook Pro (17-inch Early 2011)
▪ MacBook Pro (17-inch Late 2011)
▪ MacBook Pro (Retina, 15 inch, Early 2013)
For more info see: http://www.apple.com/support/macbookpro-videoissues
Hurricane Joaquin is Coming: This Would Be an Excellent Time to Purchase, Check, or Upgrade Your Backup Plan!
Hurricane Joaquin will most likely hit the Mid-Atlantic area, and it will likely destroy some data in some way.
Here in the Mid-Atlantic area, MacMedics clients and friends should unplug their computers and remove and store backup hard drives in a dry place if you’re not going to be around when the rain and wind hits us.
Power surges via power lines and lightning hits via Comcast’s network seem to be the leading cause of damages to our client’s Macintosh computers.
Pro Tip: When disconnecting your computer system from power, unplug everything attached to your network, even the COAX cable from your cable or satellite box as that appears to be #1 surge source (based on past repairs). In regards to power surges, if your power DOES goes out (or starts to flicker), disconnect from power, as surges can also occur when the power comes back on as well!
This might also be a good time to enhance your back up plan by adding an off-site back up. MacMedics hosts Crashplan for our customers. If you’re interested in having us host your off-site backup, just call us at 1-866-MAC-MEDICS.
For our friends and clients in the Mid-Atlantic region, MacMedics recommends that you back up your hard drive via a “clone” use Super Duper or Carbon Copy Cloner, as that way you can “test” your back up to insure you have a good, bootable copy.
Take that back up put it in a Ziploc bag and have it ready to go with you, if you should need to evacuate. Also, hurricanes bring the rain with them, so plan ahead to protect your computer AND your back up. If you have to leave, put a garbage bag over your computer. If you have a light roof leak, that might be enough to save your computer.
The important thing is to PLAN AHEAD. Your back up is not complete if it’s not:
Here is the official Federal Emergency Check List for businesses:
• Conduct a room by room walk-through to determine what needs to be secured
• Obtain plastic to cover electronic equipment in the event of roof leakage
• Move electronic equipment away from windows
• Elevate electronic equipment off of the floor in the event of flooding
• Back-Up your systems and if possible store your back-ups off site
• Protect business records
• If you plan on being out of your business for an extended period, consider shutting down unnecessary electric breakers in the event of power surges
• If possible shut off gas valves leading into the business
• Consider alarm systems may not function during extended power outages.
• Remove valuables and cash to a safe location
• Move company vehicles to an area safe from flying debris and falling trees. Make arrangements with nearby parking garages to house vehicles if possible
• Remove expensive items from display racks, particularly near windows.
• Consider window breakage
• Understand your insurance policy and keep it in a safe location
• If you have a number of employees, establish a phone tree to distribute information
Here’s a few more tips from MacMedics:
1. If you do not have Ultra Call Forwarding, be sure to forward your business phone lines to your cell phone BEFORE you lose phone and/or power to your phone system.
2. Your alarm system should contain a small back up battery, but you can extend that greatly, by plugging your alarm system into a high capacity UPS system.
3. If your server is not set to Auto Restart after a power failure, it’s not to late to turn that on.
We have tons of posts on Time Machine and we even have a free White Paper on it If you’d like a copy, let us know. If you’re not using an automatic backup, your data is at risk!
P.S. If you are going to be where the hurricane is, then you DO need to go get a Ziploc bag right now, and put it with your iPhone. That way if you get caught outside or you’re checking out the surf at the beach, your iPhone is protected.
Brought in a MacBook Pro and had the hard drive replaced and all data transferred. Two weeks later the track pad went crazy. I was on vacation and emailed Dana and he answered back immediately. When I returned home, I took the computer back and after consulting with Chris, decided to purchase a new MacBook Air. I was refunded the cost of the newly replaced hard drive and given a fair trade-in discount for my old computer. Great guys to work with and I recommend them highly for the personal service they provide. Only place I will ever go for any Mac products.