What is Ransomware & how do i stop it?

Ransomware is upon us, but what is this thing, and how can i protect myself or my business from it?

So the definition and description according to Wikipedia is the below:

Ransomware is a type of malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid. Any action is possible once device or system is infected and there is no guarantee that paying the ransom will return access or not delete the data.

So how to i prevent and stop Ransomware?

Patch,
Secure,
Backup

>Patch

Patching it often the most overlooked defense in anyone’s arsenal. Patching is as simple as making sure that your windows updates are current and installed, and also checking over other software that you use on a regular basis for updates. Things to keep a keen eye out for, and PDF viewer (Adobe Acrobat, Foxit, Reader DC), Adobe Flash, M$ Office, Web browsers.

>Secure

Securing your PC from Ransomware is as easy as installing a known, tried and trusted AntiVirus software.
Other steps to look into include, adding a firewall to your network, or tighten your current routers firewall settings. Adding Malware protection, using a VPN, locking down user permissions, and a whole lot more.

>Backup

The key to recovering from an infection is a good backup strategy. Backing up is the single most useful thing you can do to prevent falling victim to a ransomware attack. With a good offline backup – or at least a backup to another PC, cloud or server location – the whole process of being infected is alot less of an issue.

There you have it, a very short and simple overview of ransomware in 2017 – if you want to know more on any of the three above steps, feel free to get in contact, or leave me a comment below.

Purge deleted users from Office 365 (O365)

On occasion you may have to force a deletion of a user, or perhaps a user has been deleted but you need to assign that old email address to someone else.

This is when you need to purge deleted users from Office365.

To do so you need to open up powershell and connect to your office 365 tennancy – you can use connect-msolservice to do so,

Next check which deleted users are currently in the recycle bin:

Get-MsolUser -ReturnDeletedUsers

If there is only one, or you wish to remove all users that have been listed:

-ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

If you only want to delete and purge a single user from the Recycle bin – you can use the below:

-ReturnDeletedUsers |Remove-MsolUser -UserPrincipalName “[user’s email address]” -RemoveFromRecycleBin -Force

Sorted, you can now re-use the smtp address or recreate the user. for other ways to Purge deleted users see future posts.

Change a computer name remotely – [SOLVED] Using CMD and psexec

There are multiple reasons you may wish to change a computer name remotely – here is one method:

I’m going to be using psexec to do this, if you don’t have it already, this great wee remote command tool is provided free from the SysInternalsSuite – or can be obtained on its own here.

Open a command prompt from whichever folder psexec.exe is in.

The command we are going to be using to change the computer name is the below wmic command:

WMIC computersystem where caption='currentname' rename newname

Put together with psexec it will looks something like this:

psexec \\PC_NAME_OR_IP -u "USERNAME HERE" -p "PASSWORD" WMIC computersystem where caption='CURRENT_NAME' rename NEW_NAME

Exchange usernames and pc names as appropriate.

There is a couple of great sites with all the psexec switches, ss64 is my favorite.
Now you can change a computer name remotely