Watch out for RATs (Remote Access Trojans)

By RMON Networks | July 12, 2017

Data Security for small businesses continues to be an issue. Ransomware attacks are wide spread in the media, and are projected to only get worse. I once heard someone say, “The one good thing about ransomware, is the hackers actually let you know they’ve infected your system.” But ransomware is only one of many viruses that exist, and most are not so nice. Recently team RMON encountered a pesky little RAT (Remote Access Trojan) at one of our customer sites. These RATS are not so nice, and they don’t want you to know they are on your systems. A RAT is a malware program that installs itself on your PC, then hides. It then begins to collect vast amounts of data from the infected machine.

Remote Access Trojans (RATs) are contracted like most other viruses. They could be from email file attachments, malicious links in emails or on websites, social engineering, it’s even possible someone gained temporary physical access to the PC. In this instance, we believe the virus entered through an email attachment.

Our customer first contacted us about one of their PCs displaying a blue screen error (see image). Tim Perreault was RMON’s responding technician. Tim immediately identified that this was not a traditional “blue screen error”, and immediately disconnected the machine from the network. He launched the PC into safe mode, and ran anti-virus and anti-malware programs, both came back clean. Luckily Tim’s experience led him to believe this system was not clean. “Once I started digging deeper I identified a rogue application and 3 new accounts. These were all created on the same day, at the same time. At this point, I knew this virus was a RAT!” Since the anti-virus did not catch the RAT, it was a good thing that the client was attentive and let us know of the infected systems immediately. Time is always of the essence in these situations. All logs were checked, and we don’t believe the RAT had the time it needed to gather any type of data from the systems. The machine was rebuilt and every password was updated on the client’s network.

Tim’s advice on how to stay safe:

Security is a twofold approach, you need the systems in place, but also well trained employees to prevent and identify vulnerabilities. I recommend always use a reputable anti-virus, at RMON Networks we recommend Sophos Endpoint Protection. However, even the top anti-virus providers cannot not catch 100% of threats, that is why it’s imperative to provide your employees with security awareness training programs. Awareness programs can be as simple as awareness information emailed to your employees, posters pinned up with info regarding password or internet safety, and can be as sophisticated as phish testing your own employees. As malware threats get more and more sophisticated it is imperative you look at the security you currently have in place, and increase it. In the IT industry, we call that “layering security.” You better believe the cyber criminals will keep improving their methods, which is why each year we need to improve ours too.

Contact us with your security questions, or to schedule a free consultation.

Leave a Comment

Your email address will not be published.