Malware holding data ransom
Malware holding data ransom

Cryptowall Becoming The Most Destructive Malware of 2014

Network, Office IT, Security, ,
11
Nov 2014

Malware holding data ransom

Cryptowall, Cryptolocker and Cryptodefence; all malware looking to hold your computer ransom. Here’s what you need to know about these viruses.

Cryptowall is one of the worst malwares out there that can maliciously encrypt your network and system files, holding them ransom in exchange for a Bitcoin payment. Typical Bitcoin payments can vary between $500 to $1000. Since there’s many hacker groups in existence in the wilderness, Cryptowall  has evolved from Cryptolocker to practically do the same thing. And to confuse matters even more, there’s another variant like Cryptowall known as Cryptodefense.

Cryptowall Decrypt Message

The ransom message from a Cryptowall infection

Cryptowall in a nutshell

  • Cryptowall works by using encryption to change all of your network files, making them unreadable.
  • It affects Windows XP to Windows 8 Operating Systems.
  • It also cleverly deletes Shadow Volume Copies to stop any admins from restoring encrypted files.
  • Only the attacker holds the key to decrypt the files that makes them readable again.
  • The ransom increases after 7 days to nearly double the amount and is only payable with Bitcoin.

With this angle of attack, it’s no wonder why hackers are using this hostile method to forcibly siphon Bitcoin payment from their prey.

Examples of attacks

Durham Police

Durham Police Department hit with Cryptowall

  • One prime example that has gained recent media coverage is Durham town police in New Hampshire. As a typical response from any law enforcement agency, the police refused to pay the ransom to cooperate with the cyber criminals.
  • It had impacted 1500 of their own computers, with most of their police e-mail system, spreadsheets and word processing functions being affected. It had bypassed their spam and AV filters, and was masked as an attachment in an email.
  • The danger lies in that the police receive plenty of emails with attachments to notify them of complaints such as potholes from residents, which of course, aren’t to be ignored. For this very reason an infected email attachment was opened, executed and it ran through the system.
  • Fortunately for them, they were able to stop the attack from spreading to other company functions and police networks in other towns by isolating their network and recouping their system from offline back-ups.

Business Decisions

Another example of an attack came from a client of Stu Sjourwerman’s security training firm knowB4.  The attack happened after an administrator opened an infected file, which ran through onto their 7 mapped server drives, encrypting all 75 GB of data held there.

There were many negative factors against them:

  • Firstly, they had unverified backups, which would take time to see whether they worked or not, a risk which would be costly to the time in terms of extended downtime with no guarantee of a successful restore.
  • Secondly, setting up a Bitcoin account involves a lengthy process to set up with society checks that can take days to complete.
  • In desperation with shortening their downtime, they decided to pay the ransom. It was a business decision, meaning either losing out $500  in Bitcoin or thousands for operation downtime.
  • The problem was, they didn’t have the Bitcoin to pay the ransom.

The turning point:

Bitcoin

  • Luckily, they had sought Stu Sjourwerman’s help, where he had Bitcoins at hand, ready for such an event like this one.
  • This company’s IT admins had, prior to this event, taken a security awareness course lead by ex- hacker Kevin Mitnick and with Stu Sjourwerman.
  • Contrary to the police case, this company had taken the advice from the course, and with Stu Sjourwerman’s Bitcoins, they managed to pay the ransom to avoid further downtime.
  • In the end they did recover their files; however there was corruption to one of their databases, which all in all took another painstaking 18 hours to return to normal.

Not all cases end well and not all ransoms release the files as promised. It’s really at the discretion the criminal cyber gangs controlling the attack.

For more ways to strengthen your office security and IT policy enforcement, contact your local IT professionals.

Read More
Windows CVE-2014-4114 Exploit
Windows CVE-2014-4114 Exploit

Zero-day Microsoft Windows Exploit CVE-2014-4114

Internet, Office IT, Security, , ,
20
Oct 2014

Windows CVE-2014-4114 Exploit

A Zero-day Microsoft Windows Exploit CVE-2014-4114 has been found which impacts all versions of Windows. Here’s what you need to know to protect yourself.

The Russian espionage group, known as the “Sandworm team”, are the prime suspects believed to have launched a campaign to exploit a range of Microsoft Windows vulnerabilities.  The exploits are classified as Zero-Day, meaning they are so new that no anti-virus companies have figured out how to detect them yet. The ultimate goal is to inject and execute malicious code into systems and networks to leach data from computers.

Sandworm Team Logo

Their targets have involved NATO, US academic organizations, Western European Union and Ukrainian government agencies, European energy and telecommunication companies.

Systems are infected from files being attached to legitimate looking emails and extended through to social engineering methods. Most versions of Windows are affected – including server 2008 and 20012, but excluding Windows XP.

Sandworm CVE-2014-4114 Vulnerability Timeline

iSight has provided a timeline of the Sandworm infection campaign.

The cyber intelligence firm, ISight, has been monitoring Sandworm’s activities. After alerting Microsoft, a patch was released called MS14-060 which is found in Window’s Automatic Updates. The fix is still an on-going work in progress.

The vulnerability explained

Here is a high level overview of what the CVE-2014-4114 Zero Day exploit entails:

  • The vulnerability allows a computer to have code executed remotely through a file that is initially opened by an unsuspecting user via an email attachment.
  • Within most software installation files, you’ll find a component called OLE (Object linking and Embedding) Package Manager.
  • An OLE package allows applications to share files and functionality.
  • The OLE package manager contains a file which permits it to download and run INF files.
  • This is where a computer is vulnerable since a hacker can run any program, virus or malware on a system.
  • Any acquired arbitrary code can then run from the downloaded INF files, which is presumed by the system to be associated with the application’s package.
  • This package will run from the logged-in user’s credentials, such as an administrator or anyone with admin rights.
  • The danger then rests from specific commands given to the file during the execution of the application.
  • It has been observed that unsuccessful attempts from this exploit can also lead to a denial of service, which can lead to service disruption.
  • As mentioned previously, the usual mode of target is through fake emails with attachments and social engineering, where the user would need to be convinced and tricked into opening the file.

Proactive measures to prevent an infection

Follow these guidelines to protect yourself or to quickly recover from a compromised system.

If you find your system compromised

For more details about the Zero-day Microsoft Windows Vulnerability CVE-2014-4114 issue and other security issues putting your business and private data at risk, contact your local IT professionals.

Read More
43 Percent of Companies had a Data Breach Last Year
43 Percent of Companies had a Data Breach Last Year

Report: 43% of Companies had a Data Breach Last Year

Office IT, Security,
24
Sep 2014

43 Percent of Companies had a Data Breach Last Year

A recent report from the Ponemon Institute shows 43% of companies had a data breach in the last year. Here’s how you can harden your office security.

The report cites data breaches affecting as many as 20 million people in one incident.  Criminals can use many different avenues into a company’s systems to steal client, proprietary or private information which then gets sold on the black market.  Here are some ways to harden your office security:

Keep an Eye on your Hardware

Data breaches often occur in the form of viruses, trojans or malware being installed on office computers.  These infections give criminals full control of the computer, even if it doesn’t look like it on the surface.  One of the first signs of infections are high hardware usage:

Patches, Updates and Security

When Microsoft releases updates to fix security holes, anyone is able to look at the update and determine exactly which weakness was fixed.  This is why it’s important to keep your system and anti-virus updated and patched:

IT Policy Enforcement

The first line of defense for any office or individual is a proper IT policy.  This means putting in place rules on systems or as policy to office staff on how to manage data to prevent infections and data breaches.  Here are some best practices we recommend:

For more information on managed IT services that can provide 24/7 monitoring, maintenance and IT management to prevent data breaches in your office, contact your local IT professionals.

Read More
How to check if your email account has been stolen
How to check if your email account has been stolen

Check if Your Email has Been Stolen

Office IT, Office Network, Security, , ,
22
Sep 2014

How to check if your email account has been stolen

With corporate data theft happening frequently, your email may have been stolen without you even knowing. Here’s how to check if your email has been stolen.

What Exactly is at Risk?

The simple answer is data. The power behind stealing data from a company means that your information can get into the wrong hands for malicious use. One prime example is Adobe, who had a large number of their users’ accounts exposed to the public domain. The interesting thing was that these same accounts were being targeted time and time again with the same user credentials, which puts their other accounts at risk. Other sites that have been compromised are mail.ru, Bitcoin Security Forum, Gmail dump accounts, Yahoo accounts, Sony, Tesco and many more.

Compromised information can include your email address, usernames, credit card details and password hints. People often use the same information on other websites as they would have done on their compromised email account making them, yet again, another easy target.

How to Check if You’ve Been Infiltrated

As much as we take precautions with our passwords, secret questions and the like, one needs to check periodically that their details have not already been accessed by unsolicited activity.

How to check if your email has been stolen

We suggest you check out this free public service, developed by Microsoft professional Troy Hunt, to check if your email or username has been compromised:

https://haveibeenpwned.com

If your email has been compromised, you will be advised on this site that it has been “pwned”.  Being “pwned” is slang for having your email or other personal information stolen. You can also set up notifications in the event of being “pwned” in the future.

What if I have been “pwned”?

We suggest changing your password ASAP. The best practice is to use different passwords on different accounts.  This is especially important for your primary email account, banking, shopping, and whatever else you would consider critical if someone were to steal.  If keeping track of your various passwords is a challenge, there are free and secure password managers out there to help.

You can find a good FAQ and a list of other compromised networks as well.

For more tips on securing your privacy and office network, contact your local IT professionals.

Read More
How to remove toolbars
How to remove toolbars

How to Remove Toolbars

Internet, Security, Software, , ,
12
Sep 2014

toolbar

Browser toolbars entice you with safety and promised convenience.  In reality, they should be avoided as much as possible. Here’s how to remove toolbars.

Hopefully, your web browser doesn’t look like the one above. If so, something drastic is in order to restore an smooth web browsing experience.

Though initially designed to enhance a user’s web browsing experience, the reality is toolbars are piggy- backed by malware, data mining or browser hijacking to steal the user’s information. In addition, they burden your processor and memory with an extra, unnecessary application.

Here are three ways to remove toolbars.

1.) Uninstall them as applications from the Control Panel

start-control-panel-windows7

After selecting Control Panel from the Start menu, choose either Programs and Features or Uninstall a Program, depending on the menu you are presented with.

ProgramAndFeatures_Win7_1

uninstall-correct

From the list of programs that appear, find the one that looks like the toolbar. Sometimes it can be tricky, as the name can be different.

uninstall (1)

Click Uninstall from the top menu. If you are presented with a User Account Control warning, click OK or Yes to allow Windows to uninstall.

2.) Toolbars in browsers can be disabled

In Internet Explorer, click either the gear icon or Tools and select Manage add- ons.

ie_manageaddons

In the Add-on Types menu on the left, choose Toolbars and Extensions.

toolbars-and-extensions

Select each toolbar and click Disable in the bottom right corner.

In Google Chrome, select Settings or Tools then Extensions.

Chrome_step_1

Select the extensions that are the toolbars and click Remove.

chrome-extension-settings-small

For some Chrome browsers, there will be a trashcan icon insread of the Remove prompt.

In Firefox, select Add- ons then Extensions.

add-ons-extension

You navigate there by typing about:addons in the address bar. Click the toolbar you wish to remove and click Remove.

Extensions_Options

3.) Browsers can be restored to their factory default states

You are best advised to backup your bookmarks or any other setting you wish to retain from the browser.

In Internet Explorer, select Internet Options and the Advanced tab.

gear-options

internet options - advanced tab 1

Click Reset and click to confirm.

ie-tools-internet-options-advanced-reset

In Google Chrome, click Settings and show advanced settings.

Settings2

Click Reset browser settings.

reset-chrome

In Firefox, select Help denoted by the icon.

Firefox-Menu-on-Windows-en-US-600x454

Select Troubleshooting Information.

Firefox-Troubleshooting-Information

Click Reset Firefox.

reset-firefox-step-3

For more information about toolbars or other issues affecting your PC, consult your local IT professional.

Read More
1 42 43 44 45 46 49