Sophos Stops Petya Ransomware

As with the recent WannaCry Ransomware attack, organizations around the world have again been affected by a new ransomware variant known as the Petya cyber-attack.

MedCo Data customers using Sophos Endpoint Protection are protected against all known variants of this ransomware. We first issued protection on June 27th at 13:50 UTC and have provided several updates since then to provide further protection against possible future variants.

In addition, our customers using Sophos Intercept X were proactively protected with no data encrypted from the moment this new ransomware variant appeared.

Find out more about Intercept X and how it can protect your customers from ransomware like Petya and Wanna:

Please contact your MedCo Data Solutions Engineer if you have any questions. We will continue to update you as more information becomes available.

Our Business World Under Attack

By now you’ve probably heard of the new nasty cyber-bug that is wreaking havoc across the globe. WannaCry slammed into the internet last week and continues to proliferate through under protected PCs and networks worldwide. This new tactic is not “phishing” related and we can’t blame our staff or each other for opening something we shouldn’t. Instead this one slipped out of NSA and is targeted at a known exploit in Microsoft’s operating systems.

Microsoft’s president, Brad Smith responded, “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem”. No matter what side of the fence you stand on, the stark truth is we need to protect ourselves.

Behind the scenes MedCo Data has been running scans on all our clients to find anyone missing updates and pushing the needed patches to any weak points we find. Building layers of security and monitoring the integrity of our systems is the core of our strategy. Over the past couple of years you’ve seen more mass communications from me relating to ransomware than anything else. I don’t see this threat diminishing anytime soon. We must keep our defenses high.
Our entire team is standing guard. Please let us know if you need us.


Dan Rodgers, CEO
MedCo Data

Microsoft Warns of Ransomware with Self-Propagation Features

“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior,” Microsoft’s Malware Protection Center alert reads. “This ransom leverages removable and network drives to propagate itself and affect more users.”

Microsoft has released an alert today warning about a new ransomware variant called ZCryptor, which comes with the ability to self-propagate via removable and network drives.

A security researcher named Jack, behind the MalwareForMe blog, first discovered and wrote about this threat on May 24. Three days later, Microsoft ‘s security team also took note of the new wave of infections.


Be Prepared for Ransomware Because You Will Get Hit Eventually

It has happened again. Another hospital system has been attacked by a ransomware. A malicious software that locks down our systems, encrypts our files and will only release them once a fee has been paid. This time It’s MedStar Health in the Baltimore area.

Tennessee Orthopedic Alliance, Presbyterian Medical Center in Southern California, Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital have all been in the headlines for ransomware attacks recently. Thousands of infections go unreported and the nefarious programmers who designed this are making serious money. One FBI agent is quoted during a cyber security conference as stating “the easiest thing may be to just pay the ransom… the ransomware is just that good.” –

As the CEO of a national IT firm, I’ve watched my team battle with the rise in virus and ransomware attacks over the past couple of years. I’ve even found myself standing in front of a teller at a national bank, transferring money into a total stranger’s account for an express bitcoin purchase to pay the ransom for a client who had no other choice. Trust me, the entire exercise is unnerving.  The reality is we do have a choice, but only before the infection. We have to educate, plan and protect to avoid falling into a situation where the only options left are to either sacrifice the data or pay these cyber thugs.

The primary point of entry for ransomware is through an unsuspecting employee who really thought there might be a FedEx tracking number attached to that email, or Amazon was truly rewarding them for being a loyal customer with a gift certificate. The lures are getting smarter and so should we. Sound the alarm.

Warn the team that we all have to be incredibly conscientious when opening emails. Unless you know the sender and you are expecting it, do not click on a download, link or attachment. If its suspicious, ask administration or your IT support to take a look. Additionally, we need appropriate security measures in place as well as a solid backup solution. Onsite backup strategies with multiple generations as well as offsite snapshots of our data is a must. No data that is important to us should be stored on individual machines that are not backed up. Centralize the files for simplified backup and security. Reevaluate your disaster and recovery safeguards to include contingencies for malicious software attacks. At the rate this epidemic is spreading, the question is not IF you will face this challenge, but WHEN will it happen.

Fortunately, 98% of our clients who have endured ransomware infections have been prepared. We were able to avoid paying the ransom by tracking down the installation, removing the threat and restoring valid data from backups. Pre-planning and strategic preparation is the only way to currently protect our businesses. We’ve helped hundreds of businesses, like yours to put these preparations in motion. If you have any concerns about how ready you might be for a ransomware infection or disaster of any kind, I invite you to schedule a call with one of our security specialists. We’d be happy to review your current strategy and help plug any holes we find.

Ransomware Virus Alert

As you know MedCo Data manages medical practices and businesses all across the United States. We’ve witnessed an alarming rate of ransomware infections over the past several weeks.

Ransomware is a malicious application that is usually introduced into the office via email, or a website that, “you” the recipient believes to be safe. Once launched, it encrypts all files on you PC and shared drives where all the important stuff is stored. The only options are to restore from a backup, forgetting what might be lost because it wasn’t backed up, or pay the ransom, over the internet with bitcoins to a foreign maleficent organization.  Please be cautious and aware.

If you don’t know who it came from, do not open any attachments. Walmart,, Target, etc.… are NOT sending you gift certificates or awards of any kind for being loyal. You do not have a personal message from the IRS, even though it is tax season. You have not won the lottery, or even a scratch off. There is no package with a tracking number attached.

There may be a yes or no choice attached to the message. Both mean yes, so either way you are infected. It doesn’t matter what you select, it invites the infection. Close the message, delete and move on. If it’s a popup from the web, do not click any choice. Best bet is to shut down the PC and start it back up if you don’t know how to open task manager and close the browser.

At work or at home, the game has changed. Be very, very careful. There is a cost if you make the wrong decision.