Are “Zombie” servers draining your precious resources?


Have you ever heard that loud rumbling noise coming from your server room?  Is it your IT infrastructure hard at work helping you to increase profits or is the sound of the “zombie” server?  A zombie, or comatose, server is a physical server that is running but has no external communications or visibility and contributes no computer resources; essentially it consumes electricity but serves no useful purpose.  For something you have most likely never heard of; it is a big problem.  An estimated one in three servers in North America falls into the “undead” category.  Given those odds, chances are most businesses are running servers that are no longer doing anything relevant and could be decommissioned.  IT is not only at the center of your organization’s operations it is also a key line item in your budget.  You certainly do not want to cut corners when budgeting for your IT needs; but are you wasting your money on equipment that is giving you no value whatsoever?  Enter the nefarious “zombie” server.  According to the Wall Street Journal, estimates show upwards of 10,000,000 unused servers remain plugged in and drawing power.  The 4 Gigawatts of power consumed by these undead machines is equivalent to the “power from eight large power plants; power used by 3,200,000 households, roughly the number in New York City”.
But these zombies are not just a drain on your electric bill.  There are a myriad of other costs you must consider.  These include but are not limited to: cooling/heating, data center space if applicable, Network Ports, SAN Connections, Back Ups, Monitoring, Operating System licensing, Database Licensing, Maintenance agreements, Administration and support.  In fact, according to the Federal Data Center Consolidation Initiative, the average cost to support a mid-tier server is $2,000 per year.
All business owners know that their IT needs change over time, as does their IT infrastructure.  With changes in IT, sometimes no one is really clear what the server does.  If an employee does know what a particular piece of equipment does and believe it can be decommissioned they often do not do so out of fear.  Fear of creating downtime, or interrupting something that may be relevant.  In reality, many servers can be re-purposed, licenses put back into the pool, and physical parts and storage space can be reclaimed.  The more servers you have, the more consolidation you’ve done, the more the risk that this is an issue in your organization!  Think about the efforts you go through to save a few hundred dollars here and there.  You cannot afford to continue to overlook this potential drain on your resources.  While you realize now that identification and eradication of zombies is important, even in a small business it could easily add up to many thousands of dollars.  But you do not have the time nor the expertise to go through and audit your servers, in search of zombies.  You need to get Net Works on your side.  As experts in the area of IT Cost Optimization we can not only identify where zombie servers are wasting your IT budget dollars; we can help you to strategically procure or negotiate your complex


Cyberattacks and the real impact they have on Small Business!!!

Most small business owners believe cyberattacks are the concern of large corporations, however nothing could be further from the truth. According to Verizon Data Breach Investigations Report 71% of cyberattacks occur at businesses with less than 100 employees.[1]  However smaller organizations are often not as concerned as they need to be, added Kevin Haley, a Symantec director in charge of relaying security information to Symantec customers. “They are also typically under the illusion that cyber-attackers are only interested in large companies, which we have found is not the case,” Haley said.

Even though it turns out SMB’s have a larger target on their backs than they realize, two thirds of SMBs surveyed by Symantec say they’re not concerned about cyber threats; and more than 80 percent have no formal cyber security plan. Although more than 95 percent of businesses are considered small or medium-sized, almost all security solutions are designed for enterprise businesses with large IT departments and big budgets. Many of these security products are just too complex and costly for a resource-strapped SMB. To protect themselves, many SMBs use a patchwork of multiple products that defeat separate elements of the threat. But these are often improperly managed because these small businesses don’t have the time or expertise to create a proper web of protection. The result is a disjointed and ineffective security network that puts IT managers and security budgets under even tighter scrutiny.

“Smaller companies are easier to hack,” said Clay Calvert, director of security at MetroStar Systems, a Virginia-based firm. “They don’t have the resources to set up protective barriers.” Big companies, which have the financial resources to upgrade their security, have become less vulnerable. But this needs to change! The average cyberattack costs a business $188,000! You can no longer wait for hackers to target you. The rise of organized cyber hackers is definitely a scary trend but it doesn’t have to be the end of the world. There are some things that a SMB owner can do to help:

  • The first step you need to take is to think like the hackers. Ask yourself: Who are my adversaries? Are they after my intellectual property and trade secrets? Do they want my customers’ credit-card information? Or do they view my business as the weak link in some larger application? This exercise can help you see where your vulnerabilities lie and also help you understand which measures you can take to protect your software.
  • Make sure your code is clean. Many commercial applications use open-source code as components. The National Institute of Standards and Technology’s National Vulnerability Database discloses more than 4,000 vulnerabilities in these components. Security software companies, can help you identify and fix any problems with your applications’ source code.
  • Outsource your security operation. While most small organizations can’t afford to build sophisticated IT security systems, has the scale and know-how to protect your operations and sensitive data.

At Net Works we have the knowledge base and the commitment to service to ensure that your IT security is up to date. We offer best in class cybersecurity protection. Unlike other managed service providers who rely on point of service solutions; we employ Unified Threat Management, an all in one security solution. UTM is a fully integrated, multifaceted approach to protect against network threats. Your IT infrastructure is too important to settle for a less than optimal cybersecurity plan. Contact us today to get started on your cyber security audit. Don’t take a chance and go it alone, get Net Works in your corner.

[1] Verizon Data Breach Investigations Report 2012. 2012 Accessed April 20, 2016

Holiday Hackers

The holidays are traditionally a season to enjoy time with friends and family, to exchange gifts, and to cheerily overindulge in food and drink. Unfortunately, there are Grinches out there that will do everything they can to spoil your holidays with ransomware and other threats.

Ransomware has become one of the most widespread and damaging threats that Internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from home users and businesses alike.

The current wave of ransomware families can have their roots traced back to the early days of fake antivirus, through Locker variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal – to extort money from victims through social engineering and outright intimidation.

Once all the files are encrypted, the ransomware displays ransom notes which give instructions about how to make payment. The text content is hardcoded in the binary itself and adds generated Tor links and user-specific ID to it. The identifier generated by the command and control server is unique to the infected user, in order to identify the user machine.

The same ransom demand text is written into several files with “DECRYPT_INSTRUCTIONS” in their file names, and is displayed in three different applications – the web browser, a text file and a png in the image viewer, as shown in the figures below.

Ransom message


NetWorks uses Sophos solutions to protect against CryptoWall and other ransomware and malware attacks.

If you suspect you’ve been compromised by ransomware, you can remove the malware using Sophos’ Free Virus Removal Tool. Sadly, there’s not much you can do to get your files back except to pay the ransom – the encryption is too strong to crack.

Apart from having your antivirus up to date, there are additional system changes to help prevent or disarm ransomware infections that a user can apply.

1. Back up your files.

The best way to ensure you do not lose your files to ransomware is to back them up regularly. Storing your backup separately is also key – as discussed, some ransomware variants delete Windows shadow copies of files as a further tactic to prevent your recovery, so you need to store your backup offline.

2. Apply windows and other software updates regularly.

Keep your system and applications up to date. This gives you the best chance to avoid your system being exploited using drive-by download attacks and software (particularly Adobe Flash, Microsoft Silverlight, Web Browser, etc.) vulnerabilities which are known for installing ransomware.

3. Avoid clicking untrusted email links or opening unsolicited email attachments.

Most ransomware arrives via spam email either by clicking the links or as attachments. Having a good email anti-virus scanner would also proactively block compromised or malicious website links or binary attachments that lead to ransomware.

4. Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.

We’ve seen many malicious documents that contain macros which can further download ransomware silently in the background.

5. Install a firewall, block Tor and I2P, and restrict to specific ports.

Preventing the malware from reaching its call-home server via the network can disarm an active ransomware variant. As such, blocking connections to I2P or Tor servers via a firewall is an effective measure.

6. Disable remote desktop connections.

Disable remote desktop connections if they are not required in your environment, so that malicious authors cannot access your machine remotely.

7. Block binaries running from %APPDATA% and %TEMP% paths.

Most of the ransomware files are dropped and executed from these locations, so blocking execution would prevent the ransomware from running.

Don’t get caught with this screen this Christmas!

Our partner, SophosLabs, has published new research examining the recent evolution in file-encrypting ransomware, in their paper titled The Current State of Ransomware. They look at the most prevalent variants including CryptoWall, TorrentLocker, CTB-Locker and TeslaCrypt – as well more obscure variants that employ novel or interesting techniques.