Monthly Archives: June 2015

ACCESS DENIED!

David was unable to participate in  his regularly scheduled radio spot on WATD this morning because he was at the office of the client in the following article.  This contains an important warning that needs to be heeded.

Recently, we received a call from a client whose network had been hijacked by CryptoWall 3.0 . This was the 4th or 5th client to fall prey to this evil menace so we thought we knew the drill… Shut down the computer that was the source of infection to minimize the damage and then, restore their files from their offsite backup.

CryptoLocker Screen CaptureThis client had 2 MAJOR issues that made this a HUGE problem for them. First, the user who was the initial victim of the virus ignored the pop up that said that they had gotten CryptoWall and continued to work – for several days. This gave the malware the opportunity to infect all of their user folders and files including their server shares, One Drive and Dropbox accounts. They only called us when they were unable to work because their crucial data had been encrypted. With no reliable offsite backup to restore their data, they had 2 choices – PAY THE RANSOM or GO OUT OF BUSINESS!
This is where the story gets even more scary!   The ransom was $500 in “bitcoins” which are internet currency. Bitcoins can transfer money instantly between any two parties anywhere in the world and without the need for any financial intermediary. So, who’s to say that the evil ransomers would even give them they decryption code after being paid? Who could they complain to, the “Evil Hackers Integrity Guild?”
Paying in Bitcoins was VERY TRICKY. After lots of research, David recommended a New York Bitcoin reseller over the countless Chinese and other off shore suppliers. David was actually able to call them and talk to someone. They had very specific instructions to help make sure that the transfer went through by 7:30pm on Wednesday.
·         CASH had to be deposited in the Bank Of America account provided by the Bitcoin sellers – NO credit cards because a credit card transaction can be stopped.
·         DO NOT tell the teller that the deposit is for Bitcoins because the bank will hold up the transfer
·         The deposit was for almost $700 because there were two transaction / handling fees attached and, they had to guess the actual market value of the Bitcoins at time of transfer – if they were short based on the exchange rate, they would need to purchase additional bitcoins to complete the ransom payment.
At 7:30pm, the transaction was received and in process. It wasn’t actually accepted until sometime in the middle of the night. Both David and our client were on pins and needles until the acceptance and they received the de-encryption code. At 5:30 Thursday morning, David started decrypting files.
Once all the computer files are scrubbed, the infected first computer and the server will have to be formatted and reinstalled. Even though the files have been unencrypted there is no way to tell if the ransomware hackers included any special “extra’s” in the decryption file’s they sent.
The lesson for today’s story:
1: Protecting your business from this type of attack is more than simply having anti-virus software or a firewall installed. The weakest link in the security chain is the computer user who simply clicks on an e-mail attachment that they believe is legitimate. EVERY email attachment should be considered suspicious. Employee training and regular security reviews are critical for every business in today’s insecure internet environment. And, if anyone gets a pop-up window like the one above, STOP WORKING and TELL SOMEONE!
2: The ONLY way to insure you can survive this type of attack is to have a reliable offsite backup that is regularly tested and verified. Without this offsite component, you risk losing all of your critical business data in the blink of an eye. Consider for a moment that if the hackers system is taken offline by a law enforcement organization (which is exactly what happened with the first 2 Crypto variants) even if you paid the ransom there would be no way for the hackers system to generate the code necessary to decrypt your precious data.
Also – we NEVER recommend paying a hacker for this type of problem as it simply proves that they can make money this way so the ransomware problem continues and escalates. Unfortunately, in a case like this one with no offsite backups – they had no choice but to take their chances, pay the money and hope for the decryption code.

Meet The World’s Smallest PC



Intel has released the world’s smallest Windows PC, a tiny thumb-drive-sized device that converts any television or monitor into a functional computer. IntelComputeStick
Similar to the Google’s Chromecast or Amazon’s Fire Stick, the Intel Compute Stick can be plugged into an HDMI port. Though Intel says the Compute Stick can be used for streaming video, it can also do much more than that. The four-inch Compute Stick comes installed with Windows 8.1, 2 GB of RAM and 32 GB of storage. It connects to the Internet via Wi-Fi, and it has a microSD slot for additional storage if you need it. “It’s everything you love about your desktop computer in a device that fits in the palm of your hand,” says Intel.

Well … maybe not quite “everything”! Your desktop computer probably has a keyboard, a mouse, a lot more storage and RAM, and a much faster processor. But point taken, it is a full-fledged computer that’s the size of a pack of gum. That’s pretty neat. Intel suggests that the Compute Stick be used for “light productivity, social networking, Web browsing, and streaming media or games.” It also said small businesses might use it as an inexpensive computing solution. Microsoft has confirmed that this device will be eligible for a Windows 10 upgrade as well. Originally it was projected to sell for $149.00 but the market is looking like $169.00 right now via Amazon.com.

If you’re looking for a Windows 8 computer experience on your living room TV then the Intel Compute Stick just might be the answer. Just don’t plan on firing up memory and processor hungry 3-D games or animation programs. Get additional information from Intel: http://www.intel.com/content/www/us/en/compute-stick/intel-compute-stick.html CNET Video Review: http://www.cnet.com/products/intel-compute-stick/

Popular Password Security Company Hacked

LastPass, the Fairfax, Va-based company behind one of the most popular password management tools, announced Monday that it had suffered a security breach. Email addresses, password reminders and authentication hashes were compromised.’

CEO and co-founder Joe Siegrist said on the company blog that the LastPass team detected an intrusion on its systems last week. “We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network,” he wrote. “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

LastPass lets its users store encrypted versions of their passwords for all their online accounts on servers in the cloud, sealing them off behind one master password. The tool offers people the ability to rely on one super strong passcode, rather than having to remember dozens of such codes of across the web.

The LastPass team has urged the users of its service to change their master passwords as soon as possible. It also recommends that its users strengthen their authentication procedures by adding a device-specific step: “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. (Recently, the photo sharing app Snapchat announced that it would adopt two-factor authentication. And the car service Uber is reportedly exploring new verification measures, too.)

LastPass said that “encrypted user data was not taken,” and that “you do not need to change your passwords on sites stored in your LastPass vault.” For those who have reused their master password on other sites, however, the company recommends replacing those passwords.

“We are confident that our encryption measures are sufficient to protect the vast majority of users,” Siegrist wrote in his blog post. “Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email.”

Currently, the website is flooded with inquiries related to the breach. “Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement,” its contact page reads. “Please be patient while we try to respond to your questions and issues as quickly as possible. Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.”

To recap: If you use LastPass, go change your master password immediately and set up two-factor authentication. And if you happen to use the same password to lock your LastPass account that you use to secure, say, your personal email or other online account, you should change that immediately, too.

Upgrading to Windows 10

Don’t Do This Until You Check For Compatibility With  Other Essential Software Installed On Your Computer!

The following announcement from Microsoft explains how users of PCs running Windows 7 or Windows 8 can “reserve” their free upgrade of Windows 10:

http://www.microsoft.com/en-us/windows/windows-10-upgrade

Here’s the pop-up showing you’ll see on your computer:
Windows10

To reserve your free upgrade you’ll just click the Windows icon in the tray notification area of your taskbar, enter your email address if you want confirmation of your reservation, then click the Reserve Your Free Upgrade button. When you reserve your free upgrade basically what you’re doing is configuring your PC so it will automatically download a copy of Windows 10 once it becomes available on Windows Update on July 29th. Once your PC has downloaded Windows 10 you’ll be notified that Windows 10 is ready to be installed, and you can then perform the installation at the time of your choosing.

If you don’t see the icon offering you a free upgrade to Windows 10 then you don’t have Microsoft’s KB3035583 update installed. The update is called the “Get Windows 10” app and it was actually released back in April by Microsoft as an optional update for Windows 7 and a recommended update for Windows 8. That would mean that Windows 8 users WOULD get the update installed but Windows 7 users would have to manually select optional updates to get it. If you don’t see the free upgrade offer then you need to open Windows Update and install KB3035583.

The ability to reserve a free upgrade is only available for users of the Home and Professional editions of Windows 7 and Windows 8. In other words, users who have the Enterprise edition of Windows 7/8 installed on their machines won’t see the free upgrade offer.

If you’re a small business that has Windows 7 or 8 Professional installed on your PCs and you don’t want your users to be prompted to reserve a free upgrade of Windows 10? I suspect that there will soon be a way to block the free upgrade offer using Group Policy or by configuring local policy or even by editing the registry, but there has been no confirmation or comment about this from Microsoft. We’ll keep you informed as July 29th gets closer.

For more information on Windows 10 you can check out this post from CNN:
http://money.cnn.com/2015/02/22/technology/windows-10-review/index.html

 

ALERT: Is Your Network Infected With A Sleeper Ransomware Strain?

There is a new, challenging “sleeper” ransomware twist.

It’s called Locker and has been infecting employee’s workstations but sat there silently until midnight May 25, 2015 when it woke up. Locker then started to wreak havoc in a massive way.

Since this strain literally reared its ugly head, Reddit has a topic on it with over 600 comments. Bleepingcomputer has a support topic that is more than 30 pages long and they received 100s of emails from consultants all over the world. Based on their experience with cryptoware, they stated this strain has a large “installed” base, which does not bode well, Topics related to this new strain are suddenly being posted on all the major support boards, AV forums, etc.

It appears we have a new player in the Ransomware world, but they only charge 0.1 Bitcoin, something between 20 and 30 bucks. At the moment, it looks like the infection vector are compromised sports-websites that have exploit kits on them, and there is a compromised MineCraft installer out there.

Here is what it does:

  • A series of Windows services are used to install Locker on the computer and encrypt data files.
  • During the install process, Locker will check if the computer is virtual machine and terminate if detected.
  • Encrypts data files with RSA encryption, and does not change the file extension.
  • After the encryption it deletes your c:\ shadow volume copies and displays its ransom interface.
  • If your backups failed and you are forced to pay the ransom, once payment has been confirmed the ransomware will download the private key and automatically decrypt your files.

The files that are encrypted are the following types: .doc, .docx, .xlsx, .ppt, .wmdb, .ai, .jpg, .psd, .nef, .odf, .raw, .pem, .rtf, .raf, .dbf, .header, .wmdb, .odb, .dbf, and again. Locker does not change the file extension so users will get error messages from their applications that the file is corrupted.

LockerAs you see on the screenshot below, it presents a scary message in red at the bottom of the screen stating: “Warning any attempt to remove damage or even investigate the Locker software will lead to immediate destruction of your private key on our server!” This is just to force you into paying, not something to be too worried about. The amount is negligible, but the hassle and time is significant.

The initial discovery is very new and things are still somewhat murky, but we will keep you in the loop about any developments.

 

Best places to sell your old phones and electronic gadgets.

Your unwanted phones, tablets, video games and computers could be worth hundreds, but check around before you sell

Could that pile of old electronics gadgets cluttering up your office, attic, garage or basement actually be worth some money?

There are lots of companies offering to buy your old stuff; the best choice for you will depend on what you’re selling, its condition, and a few other factors. Prices can vary quite a bit and they can also change over time. There may also be certain “fine print” provisions with some of these vendors so read the terms very carefully. Here are a few of today’s options.

Amazon: Best for random gadgets Amazon lets you trade in a wide variety of electronics, including items you won’t find on many other trade-in sites, such as external hard drives, routers, and speakers. You can also sell a laptop, though if it’s older, you won’t get a big check.

Payment: An Amazon gift card is deposited to your account after the item is accepted, usually within two days of approval. http://www.amazon.com/b?ie=UTF8&node=9187220011

Glyde: Best for offering highest prices Glyde charges fees, but its quotes still often came out on top.

Gotcha: It takes a 12 percent fee on the first $100 and 8 percent on the rest. And you may pay shipping charges of $1 to $6.

Payment: You can choose to be paid with Bitcoins, a new digital currency. But to be safe, you might want to stick to traditional money. You can even opt for a good old-fashioned paper check (for an extra $2 fee) or direct deposit  into your bank account. http://glyde.com/

NextWorth: Best for easy drop-off You can send products to NextWorth or drop them off at some local stores including Target.

Gotcha: If you get an online quote and NextWorth decides your item is worth less once it actually sees it, you have only two days to change your mind. (Other services give you more time.)

Payment: Store credit for drop-offs, or check or PayPal. http://www.nextworth.com

BuyBackWorld: As Seen On….. BuyBackWorld: will buy back just about anything… They offer instant quotes and multiple payment methods as well as free shipping.

Their process is free and quick and they give you up to 30 days to send in your items. If after getting your instant quote and sending in your stuff you don’t like the price they offer you upon receipt and inspection, they’ll even pay the return shipping.

Payment: Options include payment by check or Pay Pal – whichever you prefer. www.BuyBackWorld.com

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: