Monthly Archives: July 2015

After Nine Long Months of Waiting, Windows 10 Is Here

Windows-10-Logo

After nine months of waiting, Windows 10 is almost here. Tuesday night at midnight, Microsoft will release the first full release of Windows 10, the biggest change in PC software in nearly three years. It’s kind of a big deal! We’ve been getting previews of Windows 10 since October, and the rollout of the actual software will happen in stages, but midnight will still be zero hour for answering a lot of the questions that have swirled around Windows 10 since it was first announced. How do you build a single OS for laptops, tablets, and smartphones? Tuesday night, we’ll find out.

First thing’s first: how do you get it? Microsoft is sending out Windows 10 in waves, starting with Windows Insiders and then moving through preorders gradually. The waves are designed to make the release more stable — issues that pop up in one wave can be fixed for the next one — but it means it could be days before you actually get the chance to download the new OS. The good news is that, unlike Windows 8, Windows 10 is designed to work as a straight upgrade, so as long as your computer meets the specs, you should be able to install it right away. Still, we definitely recommend doing a full system backup before you install. If you’ve got Windows 7 or Windows 8, you’ll be able to upgrade free any time in the next year. Otherwise, the official price is $119, although third party sellers like NewEgg are already offering cheaper versions for pre-order, scheduled to ship at the end of the month.

What will Windows 10 look like when it arrives? When Windows 10 does arrive you won’t have to wait days to find out. Many PC magazines and Tech Support forums are going to be putting the OS through its paces as soon as it becomes public, which means Microsoft fans will have a lot to piece through on Wednesday morning.

To start with, there’s a whole new interface to work through. Based on developer previews, Windows 10 seems to be a combination of the best features from 7 and 8, but it also comes with a lot of new ideas that have never been implemented at this scale. Cortana will be everywhere in Windows 10, available in the Start Menu and through voice commands. It’s also the first big stage for Microsoft’s new Edge browser, a fully revamped notification center, and for PC gamers, a deeper Xbox integration than we’ve ever seen before.

The biggest question of all: is Windows 10 ready for prime time? As recently as June, there were still some troubling and persistent upgrade bugs kicking around the developer preview. The Windows team had a lot of sleepless nights throughout June and July to ensure the quality is high across the vast amount of PCs out there. After Vista and Windows 8, there’s a lot of pressure to make sure this launch goes smoothly. Still, we won’t know for sure until Windows 10 goes live on Tuesday.

Finally – will the new Cortana outpace Siri? It seems like Cortana will definitely give Siri a run for the money. Obviously, you’ll need a microphone in order to communicate with Cortana – so if you want to join the voice revolution now would be a good time to pick one up…

Ashley Madison Site Hacked


A dating website that helps married people cheat has been hit by hackers who threatened to release information about millions of customers.

Ashley Madison, who uses the advertising slogan “Life is short. Have an affair,” said Monday it had been attacked and some user data was stolen.

So far, though, it isn’t easy to find the exposed cheaters online. That could change soon if the hackers decide to publish the information on a public website.

Brian Krebs, the blogger who first reported the breach, said the hackers were threatening to release all Ashley Madison’s customer records if the website isn’t shut down.

The hackers called themselves the “Impact Team,” and the potential release includes “profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”

In a statement, Avid Life Media, Ashley Madison’s parent company, said: “At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, who are investigating this criminal act.” Avid Life Media also said that it had hired “one of the world’s top IT security teams” to work on the breach.

Ashley Madison is a dating website, with one important twist: Instead of connecting eligible singles, it caters to married people interested in having an affair. The site claims to have 37 million members, and has in the past bragged about its data security.

The site is an obvious target for hackers. After all, its databases have enormous potential for use in blackmail schemes.

The hackers — or hacker, perhaps — appear to be upset over the company’s “full delete” service, which promises to completely erase a user’s profile, and all associated data, for a $19 fee.

“Full Delete netted [Avid Life Media] $1.7 million in revenue in 2014. It’s also a complete lie,” the hackers were quoted as saying in a manifesto published by Krebs. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.” On Monday afternoon, the company defended the service, and also said it would make it free.

This hack comes on the heels of a similar attack in March, when more than 3.5 million people’s sexual preferences, fetishes and secrets were exposed after dating site Adult FriendFinder was hacked.

Adult FriendFinder boasts 64 million members and claims to have “helped millions of people find traditional partners, swinger groups, threesomes, and a variety of other alternative partners.”

Included in the exposed personal information are customers’ email addresses, usernames, passwords, birthdays and zip codes, in addition to their sexual preferences.

CryptoWall Ransomware


What is CryptoWall?

CryptoWall is classified as a Trojan horse, which is known for masking its viral payload through the guise of a seemingly non-threatening application or file. Its payload involves encrypting the files of infected computers in an effort to extract money for the decryption key.

CryptoWall and viruses similar to it are also known as “ransomware” in that the infection offers the end user a means with which to remove the threat and recover all their files in exchange for paying a ransom. After they pay, the user is allowed to download and run a file and/or application to cleanup the infection or, in this case, decrypt the encrypted files to return them back to a working state.

Where does it come from?

Geographically speaking, that is unknown as of this writing. What is known regarding origins of infection is that CryptoWall is most typically spread through email as an attachment and from infected websites that pass on the virus — also known as a drive-by download.

Additionally, CryptoWall has been linked to some ad sites that serve up advertising for many common websites users visit on a daily basis, further spreading its distribution

How does it infect a computer?

The infection process, as stated previously, is pretty standard for a virus. However, once it gets a hold of the host computer, it begins by establishing a network connection to random servers, where it uploads connection information like the public IP address, location, and system information including OS.

Next, the remote server will generate a random 2048-bit RSA key pair that’s associated with your computer. It copies the public key to the computer and begins the process of copying each file on its pre-determined list of supported file extensions. As a copy is created, it’s encrypted using the public key, and the original file is deleted from the hard drive.

This process will continue until all the files matching the supported file types have been copied and encrypted. This includes files that are located on other drives, such as external drives and network shares — basically, any drive that’s assigned a drive letter will be added to the list. Also, cloud-based storage that stores a local copy of the files on the drive will be affected, and changes will propagate to the cloud as the files are changed. The automatic backup programs like Drop Box and One Drive will see that the local files have changed as they have been encrypted so it will automatically send the encrypted files offsite and there go your backup(s)

Finally, once the encryption process has completed, CryptoWall will execute some commands locally to stop the Volume Shadow Copy Service (VSS) that runs on all modern versions of Windows. VSS is the service that controls the backup and restoration of data on a host computer. It also controls file versioning, a feature introduced in Windows 7 that keeps histories of changes made to files. The file may be rolled back or restored to a previous version in the event of an unintended change or catastrophic event that causes the integrity of the file to have been modified. The command run by the virus stops the service altogether and also adds the command argument to clear/delete the existing cache, making it even more difficult to recover files through versioning or system restore. Then, CryptoWall simply deletes itself making it even more difficult to catch.

Will I know if my computer is infected?

There are two telltale signs that indicate CryptoWall has compromised a host computer.

When attempting to open certain files, such as .doc, .xls or .pdf, for example, the files are launched with the correct program; however, data may be garbled or not properly displayed. Additionally, an error message may be accompanied when trying to open infected files.

The most common indication will be the appearance of three files at the root of every directory that contains files that were encrypted by CryptoWall.

DECRYPT_INSTRUCTION.txt

DECRYPT_INSTRUCTION.html

DECRYPT_INSTRUCTION.url

Clicking on any of these files left behind in the wake of CryptoWall’s infection will lead the end user to step-by-step instructions necessary to carry out the ransom payment.

The HTML file will actually have a caption indicating the amount of time left on the ransom and how much money is being requested as payment. Typically, the ransom amount begins at $500 (USD), and the countdown timer provides for a period of three days in which to get payment to the requestor.

After the timer has reached zero, the caption will change. The new amount requested will double to $1,000 (USD) and the timer will provide a cutoff date and time. Usually, the timeframe is about one week, and it will indicate that if payment is not received before the cutoff time, the remote server housing the private key and decryption application to decrypt your files will be automatically deleted, making your files unrecoverable.

What are my options if my computer is infected with CryptoWall?

After having confirmed infection with CryptoWall, the next step for the end user is to decide if they are willing to pay the ransom to get their data back, or if they’re not going to pay and lose access to their data altogether.

Paying the ransom is an exercise in and of itself. Unfortunately, the ransom amount must be paid in Bitcoin, a digital currency that’s used to purchase goods and services, similar to US currency. However, due to its lack of regulation and general lack of acceptance, Bitcoin is a niche market and not as common as US currency.

Adding to the difficulty of procurement is that many exchanges that accept US currency for Bitcoins have limited purchases of larger Bitcoin amounts. There are also strengthened company policies that further restrict the accumulation of the necessary amount of Bitcoins to pay off the ransom. Many of these changes have come about as a direct result of the CryptoWall virus, with some exchanges known to cancel transactions and restrict accounts suspected of using their services to pay off the ransom. It’s definitely a Catch-22.

Though difficult, it’s still possible to open an account at an online exchange to begin funding the purchase of Bitcoins in order to pay the ransom in the time allotted. If neither time nor technology is on your side, another viable option is seeking out the services of an IT consultant with experience in this matter. They may be able to assist you in the overall recovery process of your data and may even be able to do so without incurring any penalty due to non-payment within the specified time frame.

Other Options?

Don’t just delete the encrypted files – save them somewhere for future decryption. In the recent past, government security experts have actually confiscated some of the Crypto servers and after working with them, they’ve been able to provide end users with the necessary decrypt codes and information to restore their lost data. Not a guarantee but still a possibility in the future.

Viruses, regardless of whether they’re attacking your files or stealing your banking credentials, are nuisances. We all need to contend with them as our connected lives stretch further out.

While there may be little recourse once infected, there are a lot of possibilities available to limit our exposure to infection and subsequent loss of data. We just need to be proactive enough to ensure that these fail-safes are in place and check on them from time to time.

As the old saying goes, “An ounce of prevention is worth a pound of cure” – Ben Franklin

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: