Schulz Consulting

Consulting and Upgrades

  • Home
  • Services
  • Contact

Sage 100 and CryptoLocker: Prevention, Best Practices and Avoiding “Cures” That Slow Your System

October 4, 2016 by Wayne Schulz

sage100_cryptolocker

 

Have you experienced a situation where your company’s Sage 100 data files are suddenly inaccessible?  And the only solution is either restore from a backup or pay ransomware for a vicious malware infection impacting every file – including your accounting software – on your network?

CryptoLocker (aka CryptoWall, ransom.CryptoDefense)  malware is probably the culprit. The fix is a little less certain although many users are moving their accounting servers off-site to avoid these malware problems.

Symantec defines this type of malware as:

 

Ransom.Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted.

The threat typically arrives on the affected computer through spam emails, exploit kits hosted through malicious ads or compromised sites, or other malware.

Once the Trojan is executed on the compromised computer, it creates a number of registry entries to store the path of the encrypted files and run every time the computer restarts. It encrypts files with particular extensions on the computer and creates additional files with instructions on how to obtain the decryption key.

This threat family attempts to convince the user to pay money in order to get the key to unlock their files. It uses a variety of different techniques in order to encourage the user to pay the ransom.

The CryptoLocker “Fix” Can Be As Bad As The Infection.

In an effort to avoid CryptoLocker infections many IT departments greatly increase the malware protection on the entire network – resulting in significant accounting software slowdowns.

Even then, there is no guarantee that the malware won’t creep onto the network and infect everyone – including your accounting files.

Unlike most computer viruses there is no easy fix to a CryptoLocker infection aside from preventing it from happening in the first place and ensuring that you have a very recent backup.

How Will I Know That I Have The CryptoLocker Malware?

Signs of Sage 100 infection by the Crypto Wall file-encrypting ransomware trojan program (or similar, related or copycat programs like Zepto) that targets Windows operating system machines and encrypts files:

  • All modules, tasks, and/or buttons are missing in the Sage 100 Desktop
  • Tab and Enter keys do not work in task windows.
  • Tab key will act as the Enter key when logging in or navigating tasks and panels
  • “Error #2: End-of-file on read or file full on write” when attempting to access Sage 100 Advanced
  • “Error #17: Invalid file type or contents” when attempting to access Sage 100 ERP Advanced
  • Various files such as Microsoft Office Word or Excel or Portable Document Format *.PDF or text *.TXT files are also encrypted and cannot be opened. This includes text files that Sage 100 ERP uses to display available modules, tasks, and toolbar buttons – and is the first sign users get that there is something wrong. Attempts to open these files may show that they contain random characters instead of legible text.
    • Note: More recent variants will add an extension after encrypting, such as *.aaa, or *.abc, or *.cpinf, or *.ZEPTO, etc.
    • Note: More recent variants have also been known to encrypt Sage 100 ERP *.M4T data files plus *.M4P and *.msi program files for ransom as well.

Additionally, inspect the “MAS90” directory and sub-directories to check for the existence of files purporting to offer instructions on how to pay a financial ransom in order to purchase a decryption program such as:

  • _2_HELP_INSTRUCTION.HTML
  • _220_HELP_INSTRUCTION.HTML
  • DECRYPT_INSTRUCTION.TXT
  • DECRYPT_INSTRUCTION.URL
  • DECRYPT_INSTRUCTION.HTML
  • HELP_DECRYPT.TXT
  • HELP_DECRYPT.HTML
  • HOW_DECRYPT.GIF
  • HOW_DECRYPT.HTML

Note: Files like BouncyCastle.Crypto.dll and SY_Crypto.pvc are standard program files within a Sage 100 ERP installation. They are not signs of a problem.

How Can I Prevent CrypoLocker Malware From Shutting Down My Accounting Department?

  • Make daily backups which you retain for two weeks
  • Segment your Sage 100 system from your network giving a 99.9% defense against inheriting a CryptoLocker infection on your Sage data.
  • Rotate 4 images of your Sage server
  • Locate accounting servers off-site away from your main network
  • Create an accounting environment where users cannot browse to an infected website or click on email attachments

Your Best Defense Against CryptoLocker?

The easiest way to implement the above suggestions it to take your Sage 100 accounting system and host it off-site on a secure network segregated from your primary network. Essentially cloud hosting for Sage 100.

In most cases, because you are not sharing local space with the rest of your company’s users this results in a Sage 100 system which runs significantly faster and is more responsive than one hosted locally.

 

If you are not browsing the web, opening email or opening outside files on your hosted Sage 100 system then your chances of catching the CryptoLocker malware can go down by as much as 99%.

As a bonus, your hosted system is also available for you to access from your office, your home or by salespeople while on-the-road.

If expensive accounting downtime is something that you’re seeking to avoid – please join me for a 30 minute introduction to cloud hosting solutions. We’ll cover the pros and cons as well as answer questions about what Sage 100 enhancements work on a hosted platform.

Learn More: November 16, 2016 Webinar – Sage 100 Cloud Hosting

 

When: November 16, 2016 – 1:00 pm EST to 1:30 EST

Where: Online ( click here to register )

Speakers: 

Wayne Schulz – Schulz Consulting

Robert Eppele – GotoMyERP – Sage 100 Cloud Hosting –

 

Share this:

Filed Under: Sage 100 ERP Tagged With: cryptolocker, cryptowall, malware

Secure cloud hosting for Sage 100
Call 1-888-244-6559 (toll-free)

About Wayne Schulz

Wayne Schulz is a Sage 100 Consultant located in Connecticut. He has worked with Sage 100 since 1986 and provides advanced support to companies located throughout the United States. If you are experiencing an issue with Sage 100 and would like to schedule a support session - please request assistance here or call 860-657-8544.

Access Sage 100 in the cloud today. 3rd party applications supported Available 24/7 from anywhere. Dedicated hosts

Call 1-888-244-6559 (toll-free)

Search Our Site

Sage 100 Newsletter

Sage 100 News

  • How To Edit 1099 Totals In Sage 100
  • How to Reconcile Sage 100 Accounts Payable Detail to the General ledger
  • Sage 100 Year-End 2022 Training Series
  • Minimum Sage 100 Versions for E-Filing for Tax Year 2022
  • What Are The Differences Between These Sage Fixed Asset Versions: Lite, Single-User, Network and Premier?
  • Sage 100 Paperless Email Electronic Delivery Failing With Rackspace
  • How To Check Sage 100 Compatibility with Avalara’s TLS 1.2 Requirement
  • Sage 100 TLS 1.2 Compliance Update ( Nov 2022)
  • What Are My Sage 100 Mobile Sales Options?
  • Sage 100 Payroll Tax Update Set for 10/27/22 for New York State Health Care Workers Bonus Program (HWB)

Contact Us

Schulz Consulting
Connecticut Office
Click Here To Contact Schulz Consulting
Email Us
Available remotely nationwide.
We are a local branch of DSD Business Systems Connecticut.

Copyright © 2023 · Parallax Pro Theme on Genesis Framework · WordPress · Log in