CAll Us: +41225349016 Submit Ticket

Why purchase through a reseller

Most customers purchase directly from the manufacturer because they believe it’s safer and will be getting the best possible pricing vs support ration. This couldn’t be further from the truth.

all purchases done through Prima Secure are handled by the manufacturer according to their policies and procedures, you receive the exact same certificate with the following added value

  • Discount: You received up to 50% discount on selected products.
  • Your products issuance: Your order is pre-validated to ensure it meets the manufacturer standard to speedup delivery.
  • Support: you are not assigned to a support queue; all your issues are handled directly by your account manager who will ensure to contact the manufacturer on your behalf and solve any problems that might occur.
  • Single vending point: our product portfolio enable us to find the most cost efficient solution

Pricing.

Resellers deals high volume of products on an annual basis which entitle us to a significant discount we can extend to our customers. These discounts can go anywhere from a minimum of 10% to 50% of the direct price.

In most case, customers won’t be able to obtain such discount from the direct manufacturer sales team even when purchasing a high volume.

Support

One of the best advantages of purchasing through a reseller is the superior support. Unless you have an enterprise account, support becomes tricky as you will mostly have to resort to chat or phone support queue to have any issue resolved. Manufacturers don’t allocate an account manager for non-enterprise customers meaning you become a number in the queue.

On the other hand, Prima Secure as a reseller can assign a dedicated account manager who will ensure all your issues are processed and handled with priority and efficiency

Why choose us:

We currently secure offer our services to multiple banks and financial institutions and are growing on a daily basis.

Petya ransomware outbreak: Here’s what you need to know

Petya ransomware outbreak: Here’s what you need to know

A new strain of the Petya ransomware started propagating on June 27, 2017, infecting many organizations.

Top 20 countries.png
Figure 1. Top 20 countries based on numbers of affected organizations

Similar to WannaCry, Petya uses the Eternal Blue exploit as one of the means to propagate itself. However it also uses classic SMB network spreading techniques, meaning that it can spread within organizations, even if they’ve patched against Eternal Blue.

Initial infection vector

Symantec has confirmed that MEDoc, a tax and accounting software package, is used for the initial insertion of Petya into corporate networks. MEDoc is widely used in Ukraine, indicating that organizations in that country were the primary target.

After gaining an initial foothold, Petya then uses a variety of methods to spread across corporate networks.

Spread and lateral movement

Petya is a worm, meaning it has the ability to self-propagate. It does this by building a list of target computers and using two methods to spread to those computers.

IP address and credential gathering

Petya builds a list of IP addresses to spread to, which includes primarily addresses on the local area network (LAN) but also remote IPs. The full list is built as follows:

  • All IP addresses and DHCP servers of all network adaptors
  • All DHCP clients of the DHCP server if ports 445/139 are open
  • All IP addresses within the subnet as defined by the subnet mask if ports 445/139 are open
  • All computers you have a current open network connection with
  • All computers in the ARP cache
  • All resources in Active Directory
  • All server and workstation resources in Network Neighborhood
  • All resources in the Windows Credential Manager (including Remote Desktop Terminal Services computers)

Once the list of target computers has been identified, Petya builds out a list of user names and passwords it can use to spread to those targets. The list of user names and passwords is stored in memory. It uses two methods to gather credentials:

  • Gathers user names and passwords from Windows Credential Manager
  • Drops and executes a 32bit or 64bit credential dumper

Lateral Movement

Petya uses two primary methods to spread across networks:

  • Execution across network shares: It attempts to spread to the target computers by copying itself to [COMPUTER NAME]\\admin$ using the acquired credentials. It is then executed remotely using either PsExec or the Windows Management Instrumentation Command-line (WMIC) tool. Both are legitimate tools.
  • SMB exploits: It attempts to spread using variations of the EternalBlue and EternalRomance exploits.

Initial infection and installation

Petya is initially executed via rundll32.exe using the following command:

  • rundll32.exe perfc.dat, #1

Once the DLL has been loaded, it will first attempt to remove itself from the infected system. This is done by opening the file and overwriting its contents with null bytes before finally deleting the file from disk. Overwriting the file with null bytes is used as an attempt to thwart recovery of the file using forensic techniques.

Next, it attempts to create the following file to be used as a flag indicating that the computer has been infected:

  • C:\Windows\perfc

MBR infection and encryption

Once installed, Petya proceeds to modify the master boot record (MBR). This allows it to hijack the normal loading process of the infected computer during the next system reboot. The modified MBR is used to encrypt the hard disk while simulating a CHKDSK screen. It then displays a ransom note to the user.

MBR modification does not succeed if the threat is executed as a normal user but the threat will still attempt to spread across the network

At this point, a system reboot is scheduled using the following command:

  • “/c at 00:49 C:\Windows\system32\shutdown.exe /r /f”

By scheduling and not forcing a reboot, it provides time to allow Petya to spread to other computers in the network before user-mode encryption occurs.

File encryption

Petya performs encryption in two ways:

  • After Petya has spread to other computers, user-mode encryption occurs where files with a specific extension are encrypted on disk.
  • The MBR is modified to add a custom loader which is used to load a CHKDSK  simulator. This simulator is used to hide the fact that disk encryption is occurring. This is done after user-mode encryption occurs and thus encryption is twofold: user mode and full disk.

User-mode encryption

Once spreading has occurred, Petya then lists all files on any fixed drive (e.g. C:\) and checks for any of the following file extensions (skipping the %Windir% directory of that drive):

.3ds .7z .accdb .ai .asp .aspx .avhd .back .bak .c .cfg .conf .cpp .cs .ctl .dbf .disk .djvu .doc .docx .dwg .eml .fdb .gz .h. hdd .kdbx .mail .mdb .msg .nrg .ora .ost .ova .ovf .pdf .php .pmf .ppt .pptx .pst .pvi .py .pyc .rar .rtf .sln .sql .tar .vbox .vbs .vcb .vdi .vfd .vmc .vmdk .vmsd .vmx .vsdx .vsv .work .xls .xlsx .xvd .zip

If any of the file extensions match that of the file list, encryption occurs.

At this point, the system is rebooted and the modified MBR code loads the simulated CHKDSK screen and full disk encryption occurs.

FAQs

Am I protected from the Petya Ransomware?

Symantec Endpoint Protection (SEP) and Norton products proactively protect customers against attempts to spread Petya using Eternal Blue. SONAR behavior detection technology also proactively protects against Petya infections.

Symantec products using definitions version 20170627.009 also detect Petya components as Ransom.Petya.

What is Petya?

Petya has been in existence since 2016. It differs from typical ransomware as it doesn’t just encrypt files, it also overwrites and encrypts the master boot record (MBR).

In this latest attack, the following ransom note is displayed on infected computers, demanding that $300 in bitcoins be paid to recover files:

image_ransom_request.png
Figure 2. Ransom note displayed on computers infected with the Petya ransomware, demanding $300 in bitcoins

How does Petya spread and infect computers?

The MEDoc accounting software is used to drop and install Petya into organizations’ networks. Once in the network it uses two methods to spread.

One of the ways in which Petya propagates itself is by exploiting the MS17-010 vulnerability, also known as EternalBlue. It also spreads by acquiring user names and passwords and spreading across network shares.

Who is impacted?

Petya is primarily impacting organizations in Europe.

Is this a targeted attack?

It’s unclear at this time, however, the initial infector is software used solely in Ukraine, indicating that organizations there were the initial targets.

Should I pay the ransom?

Symantec recommends that users do not pay the ransom, particularly as there is no evidence that files will be restored.

Why Use SSL

SSL Certificates: Why Does Your Business Need Them?

A general understanding of SSL is that it is a layer of protection for your documents online. Personal and sensitive information need that layer of protection. Without that layer of protection, hackers can access information from your web server, your e-mail and your website. The technology involves encryption and secure data links to ensure data is safely conveyed to its online destination. Customers expect that your business will handle their personal information in a secure manner. SSL certificates show customers that their personal information is being handled in a secure way and gives them peace of mind when shopping online.

How do customers know if they are accessing secure websites?
The symbol of the closed lock and the https:// on your browser alerts customers that they can input their personal information securely. Your website can have both secure and unsecure web pages. Government agencies, non-profit organizations and utility companies often have both secure and unsecure web pages. Secure web pages also often ask you for a password and user name for added security due to the fact the hackers sometimes thwart secure websites. Customers and clients should avoid inputting sensitive and personal information on websites without the closed lock symbol and the https:// on the web browser.

Where can my business get a SSL certificate?
The certificate authority or the certification authority issues digital certificates to businesses that can verify that they are the owners of the public key and can reassure other parties using the certificate that information is being routed via a private key. For instance, companies like Mozilla use CA certificates to ensure their customers that their software is authentic.

SSL certificates then are only issued when the certificate authority can accurately verify the company owns the domain and all the company information is correct. Commercial certificate authorities that issue a bulk of certificates might use domain validation to check the validity of the domain or use an extended verification to check validity. Trusted certification authorities are Comodo, Symantec Group (with the brands Thawte, Symantec, Rapid SSL and Geotrust),  DigiCert.

How much does a SSL certificate cost?
The cost of an SSL certificate depends on how many domains you have; what type of security your business requires, what sub domains your business has and what communication server your business uses. Your business, for instance, may only need an individual SSL certificate for one domain and website. Banks, other financial organizations and government should invest in Extended validation as this is the highest and strongest SSL certificates that ensure customer’s personal and financial information isn’t compromised by hackers and identity thieves.

Please chat with our sales team to get more information on the right SSL for your business

Wildcard Certificates

A wildcard certificate is a digital security certificate which can be used with multiple sub-domains of a domain. Compared to conventional SSL certificates, using a wildcard certificate can not only be cheaper, but also more convenient than having a certificate for each domain. The principal use of wildcard SSL certificates is for securing websites with HTTPS (HyperText Transfer Protocol Secure), but there are also other applications in a variety of fields. The HTTPS encryption is intended to provide benefits like integrity, confidentiality and identity.

HOW DOES A WILDCARD CERTIFICATE WORK?

Wildcard notation consists of two elements that are inserted before the domain name – an asterisk and a period. The asterisk in the common name is the wildcard character that can take on any first-level sub-domain name. The assumed value must not have a period in it. For example, if you host your website at www.your-domain.com, a wildcard certificate for *.your-domain.com would allow you to secure first-level sub-domains such as:

– sales.your-domain.com
– mail.your-domain.com
– admin.your-domain.com

Nowadays, unlimited SSL server licenses are a standard feature for the full range of SSL certificates including wildcard certificates. This means that the owner is entitled to install the certificate to as many server machines as he or she wants at no extra cost. Please note that the above naming scheme remains the same for all additional servers.

WHAT ARE THE ADVANTAGES OF USING A WILDCARD CERTIFICATE?

The main advantage of wildcard certificates is that they help server administrators saving hundreds, sometimes even thousands of dollars on SSL certificates by enabling them to secure the parent and sub-domains over a single fully qualified domain name (FQDN) at no extra cost. Another great advantage is the feeling of security that comes from knowing your entire website is protected by the most trusted and reliable SSL management in the industry.

In addition, when using a wildcard certificate in conjunction with so-called Subject Alternative Names (SANs), you save even more money. SANs are also known as Unified Communications SSL Certificates (UCC SSL) and are mainly used for Unified Messaging and Microsoft Exchange, one of the leading business e-mail and calendar solutions. What’s more, most wildcard certificates use a strong 256-bit encryption, giving customers a secure environment to shop.

Prima Secure offers you wildcard certificates from leading certificate authorities like Thawte, Symantec and GeoTrust. Protect your online business from attacks from the outside and win your customers’ trust by providing them with a secure shopping experience. Our prices for wildcard certificates start at 390 USD per year. To learn more, please visit our website or contact us by e-mail (sales@primasecure.net) o

Why use an EV certificate

Certificates with Extended Validation (EV) are regarded as the highest class of all SSL certificates available on the market. They are the only certificates that trigger both the padlock and the green address bar in high-security web browsers. The certificate authority is displayed next to the web address, which adds even more credibility to your website. Your visitors can see at a glance that your site meets the industry’s highest standard for authentication.

Extended Validation was established years ago by the CA/Browser Forum, an association of web browser vendors and certificate authorities. Since EV is by far the most rigorous way of verifying identity information and the authority of companies or individuals that apply for an SSL certificate, an Extended Validation certificate provides a strong guarantee that the website owner passed a thorough identification process. The applicant has to prove not only exclusive rights to use the domain, but also its physical and legal existence.

What type of Website needs EV?

EV certificates are mainly used on public websites where people enter payment information (e.g. credit card details and bank account numbers) or other sensitive information. Studies show that online shops using Extended Validation have far lower purchase abort rates than businesses that use standard SSL certificates or even no security certificate at all. If you show your visitors proof of your website’s identity and encryption, you gain trust that translates into more transactions and higher revenues.

Another field where Extended Validation certificates are used is the financial sector. As banks, insurance carriers, credit unions and other financial institutions are favorite targets for phishing attacks and other cyber security threats, having an EV Certificate is the best way to give the customers peace of mind and tell them that the website they are visiting has passed the strict guidelines maintained by the CA/Browser Forum. As soon as the address bar turns green, they know that the site owner actually is who he says he is.

EV certificate: Ranking in searching engines

In 2014, Google announced that using an SSL Certificate is the easiest thing website owners can do to boost their search engine ranking. The Google search boost for using SSL certificates applies to all types of websites, regardless if they deal with personal information or not. This means that even if your site does not have a login page or a checkout section, you still get ranking benefits by having an SSL certificate.

This is especially true if you use an Extended Validation certificate from Prima Secure. It not only helps you to improve your conversion rate – it also increases the average visitor time (or “time on site“) which is known to be part of the Google ranking algorithm. If you are operating in a fiercely contested market, using an SSL certificate with Extended Validation can give you an edge over your competitors. Call us at +41225349016 (Swiss)  & +27218135974 (South Africa) or contact us by e-mail (sales@primasecure.net) to learn more.

SSL Reseller