Step all employees through a strong password training module ASAP |||| New ransomware attack hits Russia and spreads around globe

Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.

The outbreak started Tuesday and froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks.

Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.

Russia’s Interfax news agency reported on Twitter that the outbreak shut down some of its servers, forcing Interfax to rely on its Facebook account to deliver news.

Bad Rabbit Starts With Social Engineering

The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.

Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.

Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer’s memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

The hardcoded creds are hidden inside the code and include predictable usernames such as root, guest and administrator, and passwords straight out of a worst passwords list. (Note To Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)

As for Bad Rabbit, the ransomware is a so-called disk coder, similar to Petya and NotPetya. Bad Rabbit first encrypts files on the user’s computer and then replaces the MBR (Master Boot Record).


Be Careful of installing any Software on your Computer or Network System

Got to know or be reminded about Default Windows computer usage advise for security purposes, Do not install any software who developer prove to be a security software or other secure apps as Hackers are busy developing spywares, adwares, Malwares and viruses to exploit individual, Small and Medium Size computers system.
Microsoft have it’s build in security future to protect their customers from intruders like hackers and hijacking activities, Malwares , Adwares and Sypwares.

“A computer maintenance job I did for one of my colleagues.When she call me over that her computer was behaving funny, the funny thing was we could not install any business software”

Install and Enable Free Antivirus from Microsoft

I Protect Her PC firstly by installing and enabling free Microsoft Security Essentials. You can use Microsoft Security Essentials to help guard against viruses, spyware, and other malicious software. It provides free real-time protection for your home or small business PCs, and you won’t need to install any additional software.

Microsoft Security Essentials offers free, world-class, award-winning protection against viruses and intruders without getting in your way. Once you have installed it, the software updates automatically once a day. We’re constantly tracking new threats and Microsoft keep your PC updated to help protect you. You don’t have to do anything. Microsoft Security Essentials runs quietly and efficiently in the background so you don’t have to worry about interruptions. You’ll only be alerted when there are specific actions to take.

Learn more about Microsoft Security Essentials | Privacy Statement | License Agreement

Install and enable free Adobe Acrobat Reader DC to view PDFs

Install and enable Acrobat Reader DC software for your Windows PC to easily view, print, and comment on PDF files. Click here to verify the system requirements.

By clicking the “Install now” button, you agree to the automatic installation of updates to Acrobat Reader, and to the Adobe Software Licensing Agreement.

Turn ON Windows Firewall

Protect your PC when you are connected to the Internet – free. A firewall is software that helps prevent hackers and some types of malware from getting to your PC through a network or the Internet. It does this by checking the info that’s coming from the Internet or a network and then either blocking it or allowing it to pass through to your PC.

You only need one firewall app on your PC (in addition to the firewall that’s probably built into your network router). Having more than one firewall app on your PC can cause conflicts and problems by slowing down your system performance.

Choose a Firewall App wisely.

Windows Firewall comes free with Windows and is the default firewall to keep your PC safe.

Turn ON Windows Update

Keep your PC up to date with Windows Update, it’s easy—and free. There’s an easy, free way to help keep your PC safer and running smoothly. It’s called Windows Update. All you have to do is turn it on, and you’ll get the latest security and other important updates from Microsoft automatically, quickly and reliably.

When you turn on automatic updating, most updates will download and install without you having to lift a finger. We recommend that you use automatic updating—but if you choose not to, be sure to check for updates at least once a week.

Set IE as the Default Browser

Set Internet Explorer as your default browser. Your PC running Windows comes with Internet Explorer already installed. Internet Explorer makes it easier to get where you want to go on the web, and helps you see amazing content at its best. Please note: If you make a different browser your default, links won’t automatically open in Internet Explorer. Microsoft recommends you set Internet Explorer as your default browser.

IE Performance and Safety Check/Repair

Diagnose and repair common Internet Explorer problems that may cause the browser to become slow, unresponsive, unstable or crash, caused by add-ons not working correctly or by inappropriate security settings. The Microsoft diagnosis and repair tool will check and resolve:

  • Defective Internet Explorer add-ons. Disables defective add-ons.
  • Phishing filter is turned off. Turns the phishing filter on.
  • Pop-up blocker is turned off. Turns the Pop-up blocker on to block pop-ups.
  • Security settings are not set to Microsoft’s recommended settings. Resets security to recommended settings.
  • Internet Explorer does not update cached pages or updates them inefficiently, causing launch to be slow. Resets the page sync policy to automatic.
  • Cache size is too small or too big, causing slow performance. Resets the cache size to be within 50-250 MB of the default range.
  • Concurrent server connections set too low or too high causing slow performance. Restore IE concurrent connection settings to defaults.
  • Pop-up blocker is turned off allowing pop-up screens. Turns the Pop Up Blocker on.
  • Resets Internet Explorer security settings to the default (recommended) levels.
  • Enable the Phishing Filter.

Others Softwares you will want to install for your daily work will be Microsoft Office Suit , WinRar for Opening Zip files, Printers and Scanners drivers, etc…

Consult an IT Professional just incase you do not understand what you are doing and you are not sure you are doing it the rightful way.

Contact Us        About Us

Mikrotik Training In Liberia

Routing The World!!
Mikrotik Training Event is coming up in Liberia.
Start Date: 2017-09-01 | End date: 2017-09-07.

Seats are running out, you can register for a seat on MITS( Mikrotik Certify Training Partner) website.

To view the Courses Click Here

To book a seat now Click Here

See you during the Course Session!

“Think Before You Tap” (0.1)

As we use the internet for our day do day activities, be it what you intend to use the internet for, if it’s use for Work, Internet Banking, Collaborating with Colleagues or Communicating with Family and Friends.

You always want to stay save with your credentials once navigating the Internet.

“Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam. 

Always, when you get a text, remember to “Think Before You Tap“, because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.  Here is a short video made by USA Today that shows how this works:


Protect yourself against DNS hijacking

DNS hijacking (sometimes referred to as DNSredirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogueDNS server, thereby invalidating the default DNSsettings.

As we all know, the “Domain Name System (DNS)” is mainly responsible for translating a user friendly domain name such as “” to its corresponding IP address “”. Having a clear idea of DNS and its working can help you better understand what DNS hijacking is all about. If you are fairly new to the concept of DNS, I would recommend reading my previous post on How Domain Name System Works.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.


But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings, so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!.

What are the Dangers of DNS Hijacking?

The dangers of DNS hijacking can vary and depend on the intention behind the attack. Many ISPs such as “OpenDNS” and “Comcast” use DNS hijacking for introducing advertisements or collecting statistics. Even though this can cause no serious damage to the users, it is considered as a violation of RFC standards for DNS responses.

Other dangers of DNS hijacking include the following attacks:

Pharming: This is a kind of attack where a website’s traffic is redirected to another website that is a fake one. For example, when a user tries to visit a social networking website such as he may be redirected to another website that is filled with pop-ups and advertisements. This is often done by hackers in order to generate advertising revenue.

Phishing: This is a kind of attack where users are redirected to a malicious website whose design (look and feel) matches exactly with that of the original one. For example, when a user tries to log in to his bank account, he may be redirected to a malicious website that steals his login details.

How to Prevent DNS Hijacking?

In most cases, attackers make use of malware programs such as a trojan horse to carry out DNS hijacking. These DNS hijacking trojans are often distributed as video and audio codecs, video downloaders, YoTube downloaders or as other free utilities. So, in order to stay protected, it is recommended to stay away from untrusted websites that offer free downloads. The DNSChanger trojan is an example of one such malware that hijacked the DNS settings of over 4 million computers to drive a profit of about 14 million USD through fraudulent advertising revenue.

Also, it is necessary to change the default password of your router, so that it would not be possible for the attacker to modify your router settings using the default password that came with the factory setting. For more details on this topic you can read my other post on How to Hack an Ethernet ADSL Router.

Installing a good antivirus program and keeping it up-to-date can offer a great deal of protection to your computer against any such attacks.

What if you are already a victim of DNS hijacking?

If you suspect that your computer is infected with a malware program such as DNSChanger, you need not panic. It is fairly simple and easy to recover from the damage caused by such programs. All you have to do is, just verify your current DNS settings to make sure that you are not using any of those DNS IPs that are blacklisted. Otherwise re-configure your DNS settings as per the guidelines of your ISP.

Contact Us to check your network for Venerability and Treats and How to Secure them. 


MikroTik RouterOS v6.39.1 [current]

Mikrotik have release a new current version of RouterOS

  • Download Version 6.39.12017-05-03

    What’s new in 6.39.1 (2017-Apr-27 10:06):

    *) defconf – discard default configuration startup query with RouterOS upgrade;
    *) defconf – discard default configuration startup query with configuration change from Webfig;
    *) smb – fixed external drive folder sharing when “/flash” folder existed;
    *) smb – fixed invalid default share after reboot when “/flash” folder existed;
    *) upnp – fixed firewall nat rule update when external IP address changes;
    *) dns – made loading thousands of static entries faster;

New Mikrotik Updates to fix Bugs

Upgrade your Mikrotik RouterOS and System Firmware
Mikrotik Have release new Software Updates Which Improve lot of Features in RouterOS and RouterBoard Performance.

To upgrade, click “Check for updates” at “System/Package” in your RouterOS configuration interface, or head to The Mikrotik Official download page:

Current System Firmware is v3.10

What’s new in 6.37.5 (2017-Mar-09 11:54):

!) www – fixed http server vulnerability;
*) chr – fixed problem when transmit speed was reduced by interface queues;
*) dhcp – do not listen on IPv4/IPv6 client to IPv6 MLD packets;
*) dude – (changes discussed here:;
*) export – do not show “read-only” IRQ entries;
*) filesystem – implemented procedures to verify and restore internal file structure integrity upon upgrading;
*) firewall – do not allow to set “time” parameter to 0s for “limit” option;
*) firewall – fixed import of exported configuration that had updated “limit” setting;
*) graphing – fixed graphing crash when high amount of traffic is processed;
*) hotspot – fixed rare kernel crash on multicore systems;
*) hotspot – fixed redirect to URL where escape characters are used (requires newly generated HTML files);
*) hotspot – show Host table commentaries also in Active tab and vice versa;
*) interface – do not treat multiple zeros as single zero on name comparison;
*) irq – properly detect all IRQ entries;
*) l2tp-client – fixed IPSec policy generation after reboot;
*) lcd – show fan2 speed only if it is available;
*) leds – fixed defaults for RBSXT5HacD2nr2;
*) mmips – improved general stability;
*) rb3011 – fixed noise from buzzer after silent boot;
*) switch – fixed crash when trying to configure second master port on the same chipset (RB3011, RB2011, CCR1009-8G-1S+);
*) userman – allow access to User Manager users page only through “/user” URL;
*) userman – show warning when no users are selected for CSV file generation;
*) winbox – added “add-relay-info” and “relay-info-remote-id” to DHCP relay;
*) winbox – added H flag to “/ip arp” ;
*) winbox – added missing “use-fan2” and “active-fan2” to “/system health”;
*) winbox – allow shorten bytes to k,M,G in bridge firewall just like in “/ip firewall”;
*) winbox – do not hide “power-cycle-after” option;
*) winbox – do not hide 00:00:00:00:00:00 MAC address in unpublished ARPs;
*) winbox – fixed matching “connection-state=untracked” connections;
*) winbox – fixed typo in “/system resources pci” list;
*) winbox – hide advertise tab in Hotspot user profile configuration if “transparent-proxy” is not enabled;
*) winbox – make “power-cycle-after” show correct value;
*) winbox – make “power-cycle-interval” not to depend on “power-cycle-ping-enabled” in PoE settings;
*) winbox – properly show BGP communities in routing filters table filter;
*) wireless – fixed scan tool stuck in background;
*) wireless – improved compatibility with Intel 2200BG wireless card;
*) wireless – update Thailand country frequency settings;

What’s new in 6.38.5 (2017-Mar-09 11:32):

!) www – fixed http server vulnerability;

What’s new in 6.39rc49 (2017-Mar-09 12:33):

!) www – fixed http server vulnerability;
*) capsman – improved CAP status querying;
*) defconf – fixed default configuration generation when wireless package is disabled;
*) ike2 – check child state before allowing rekey;
*) ike2 – send EAP identity as user-name RADIUS attribute;
*) lte – added LTE signal level reading for Cinterion modems;
*) queue – fixed reboot loop when queues were used (introduced in 6.39rc42);
*) rb3011 – added partitioning support;
*) tr069-client – added “Device.Hosts.Host.{i}.” support;
*) userman – fixed rare crash when User Manager requested file does not exist on router;
*) wireless – fixed RBSXT5HacD2nr2 small channel support;

You could also follow Professionals and Consultants on the Mikrotik Forum Page

v6.37.5 forum topic discussion:

v6.38.5 forum topic discussion:

v6.39rc49 forum topic discussion:

Holidays – Network Monitoring against Hackers

Thank you for reading our Post:
Holidays have come and gone and to those of you who celebrated either, I hope you had a good one! Holiday events can bring extra challenges when it comes to keeping networks running securely and efficiently.

Cyber criminals exploit times like this with anything from fake purchase invoices to malware attached to shipping notifications.  One way to keep your network secure is to monitor network traffic so you can see what is happening on your network.

Once you start monitoring network traffic, you need to watch out for suspicious traffic patterns or new devices connecting to your networks. The best way to do this is via network packet capture. If you are unsure where to start,

Contact Kattiehs ICT Solutions for help

Upgrading to RouterOS v6.36.2 [current]

Mikrotik RouterOS v6.36.2 [current]
How to Upgrade:
To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to Mikrotik Official download page:

v6.36.2 forum topic discussion,

What’s new in 6.36.2 (2016-Aug-22 12:54):

*) arm – show cpu frequency under resources menu;
*) capsman – fixed upgrade policy;
*) ccr/crs – fixed SFP+ interface ddmi info reporting function. Info is now refreshed on regular intervals;
*) conntrack – fixed ipv6 timeout display;
*) conntrack – fixed removing icmpv6 connections;
*) dns – avoid unnecessary dynamic server address saving in storage;
*) dns – allow to set query-server-timeout and query-total-timeout only greater than 0s;
*) dns – fixed lockup when dynamic dns server address was received;
*) export – updated default values in /system routerboard settings menu;
*) partitions – fixed crash on repartition when there is not enough free space;
*) sstp – fixed disconnects on transmit for multicore systems;
*) switch – fixed configuration reload on CRS switches;
*) winbox – make queue tree default queue type default-small;

What’s new in 6.36.1 (2016-Aug-05 09:39):

*) address-list – allow DNS names with “_” symbol;
*) address-list – check for duplicates when domain name is used in address field;
*) bridge – fixed kernel failure when set-priority action was used in bridge firewall;
*) dns – avoid unnecessary static entry saving in storage;
*) email – increased time which email tool can spend while sending message;
*) export – removed unnecessary “log-prefix” on firewall export;
*) firewall – fixed time based rules on time/timezone changes;
*) log – logs loaded from disk after reboot didn’t have correct topics;
*) lte – fixed access technology update;
*) ovpn – add special exception route for tunnel itself when using add-default-route;
*) ping – fixed freezing on “not running” interfaces;
*) resource – fixed free-memory reporting after disk eject;
*) snmp – fixed packet corruption when multiple trap-targets were used;
*) tile – fixed rare kernel crash when fastpath is being active;
*) traffic-flow – fixed kernel failure when traffic-flow target uses small mtu;
*) upnp – fixed nat rule dst-port by making it visible again;
*) upnp – updated to make it work with more UPnP implementations (for example, latest Skype);
*) vrrp – fixed transition to backup state when ipv6 mode and equal priorities are used;
*) webfig – allowed user password changing (broken in v6.36);
*) x86 – fixed crash when igmp-proxy interface becomes “not running” while passing traffic;

Additional information:
there will be only one “wireless” package in the next RouterOS v6.37.
If you are not using “routeros” bundle package and have two wireless packages installed, uninstall one wireless package before upgrade to 6.37. For other cases simply upgrade to 6.37 version.
Hire a remote Consultant