Wanna Cry Ransomware
, , , , ,

Worldwide Ransomware Crisis – Self Inflicted?

Wanna Cry Ransomware

By now, most people would have heard about the Worldwide Ransomware attack that employed the virus called Wanna Cry.

Some 200,000 computers across many counties worldwide have been affected including the NHS in Britain, the National Railway in Germany, FedEx in the USA and Spain’s National Railway system.

It has caused mayhem among some very large Institutions like those I have mentioned.

How did this happen?

Well it would seem to me that this is largely self inflicted. Microsoft released a Patch back in March that addressed the vulnerability that allowed this virus to be effective. So all supported Operating Systems, Windows Vista and on, had they been patched, were protected. But there were many PC’s still running Windows XP that were targets. Now you tell me, when Microsoft ended support for Windows XP, there were plenty of warnings and messages that support was ending. So why in the world would you continue to use obsolete, unsupported software for Critical Systems?

Like I said, self inflicted. And I suspect that those in charge of IT at some of these places will have a lot to answer for and may well lose their jobs.

Let’s look at the Home User now.

Much the same applies. You must always download, and install the Patches released by Microsoft. They release these Patches for a reason. In addition, do not continue to use PC’s with outdated Operating Systems like Windows XP. Let’s face it, we had a pretty good run with Windows XP. It first appeared in August 2001, and it was supported right up until April 2014. So people certainly got their money’s worth. Now it’s time to move on.

But if you MUST have Windows XP because of some software you run will only work on XP, then at the very least, do not have it connected to the Internet. But if you absolutely and positively need it connected to the Internet, then please make sure you have good Security Software installed and you don’t go downloading dodgy things or visit dodgy websites, and certainly be very careful about opening or even using email on that PC.

Cyber Attacks
, , , , ,

Cyber Attacks – are you prepared?

Cyber AttacksI recently read a quote that was meant to apply to Businesses, but equally applies to anyone online. And it went like this:

When you are attempting to secure your business, you have to be right 100 percent of the time. The hacker only has to be right once.

This quote highlights the ever increasing issues we all have, but in particular businesses. A business that is the focus of a successful Cyber Attack can quickly accrue costs that can, at worst, send the business bankrupt. If you lose access to your data through a Ransomware Attack and you don’t have a recent backup, or even a backup at all, you will quickly find it difficult to run your business, and you will lose customers. Not to mention the costs involved removing the threat, and securing your systems.

Cyber Attacks are in epidemic proportions. Just in the last two weeks there were two high profile incidents. One was on the Queensland State Government, and more recently, the National Census Website. Although the latter is probably more about the websites inability to cope with the traffic, nonetheless, it was subject to what is known as a DDoS (Distributed Denial of Service) Attack, designed to bring down a website and potentially expose security holes.

The Cost of Cyber Attacks

The average total cost of a data breaches world wide is around $3.79 million. The costs from cyber attacks include, remediation costs, lost productivity, legal fees, lost data and lower stock prices.

When Pokémon Go was released, Hackers created bogus versions of the App that was infected with malware which enabled the Hackers to access mobile phones and accounts. Just imagine how many businesses were put at risk from the millions of compromised smart phones. In 2014, a WordPress Plug-in allowed an estimated 50,000 websites to be hacked that allowed Hackers to upload PHP files to the Server and control the website.  And it allowed the infection of all the other websites Hosted on the same Server. 

The total cost to the world economy for computer and network cyber crime is $445 billion!!!

So what can you do to protect your Business?

  1. Be proactive, not reactive. Don’t wait until something goes wrong. Have someone in your organisation that is responsible for ensuring that all PC’s have good Security Software, and that it is up to date. They must also ensure that all Windows Updates, Java, Adobe Flash and Adobe Reader updates are carried out as they become available.
  2. Talk to your employees. Make sure that all your employees are up to speed on doing, and not doing certain things. Things like not opening email attachments they shouldn’t, particularly if they are in .zip format. But any email attachments that seem odd or out of character. Train them to recognise what bogus emails look like. For example, the typical Phishing emails from the Banks, Australia Post, Courier Companies etc. Your employees are the first line of defence, but also the weakest component if they don’t understand what to look out for.
  3. Keep your website secure. If you have a Website, particularly if it is based on the WordPress and Joomla platforms, it is imperative that the platform, and all Plug-in’s, are kept up to date. Equally important is the use of security Plug-in’s to help mitigate any Cyber Attacks. Keep your website secure!!
Ransomware
, , , ,

Ransomware – What can you do about it?

RansomwareRansomware has been on the rise over the last six months.

I have noticed a huge increase in the number of inquiries from people who have been infected with viruses that have encrypted the data on their Hard Drives.

This article gives you some options for decrypting your data without paying the ransom.

These viruses, collectively know as “Ransomware”, encrypt your files (Documents, Photos and other files) and then attempt to extort you by requesting payment to unlock those files.

Up until recent times, my advice has been that there is little choice other than to wipe the Hard Drive and reinstall Windows and software, and if available, restore a backup of your files.

Recently however, a couple of other options have come to my attention.

Ransomware Decryption Tools

The first comes from AVG. They have released six Decryption Tools that (if you’re lucky) may help with decrypting your data.

The six methods of encrytion that these tools target are:

[unordered_list style=”tick”]

  • Apocalypse,
  • BadBlock,
  • Crypt888,
  • Legion,
  • SZFLocker, and
  • TeslaCrypt.

[/unordered_list]

You can access these decryption tools here.

The second option is in the form of other decryption tools from a website setup by Europol.

These tools attempt to decrypt the following:

CoinVault

The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab, have been working together to fight the CoinVault and Bitcryptor ransomware campaigns.

RannohDecryptor

The RannohDecryptor tool is intended to be used to decrypt files encrypted by:

[unordered_list style=”tick”]

  • Rannoh,
  • AutoIt,
  • Fury,
  • Crybola,
  • Cryakl, and
  • CryptXXX versions 1 and 2 (files encrypted by Trojan-Ransom.Win32.CryptXXX version 3 are detected, but not decrypted).

[/unordered_list]

RakhniDecryptor

The RakhniDecryptor tool is intended to be used to decrypt files encrypted by:

[unordered_list style=”tick”]

  • Rakhni,
  • Agent.iih,
  • Aura,
  • Autoit,
  • Pletor,
  • Rotor,
  • Lamer,
  • Lortok,
  • Cryptokluchen,
  • Democry, and
  • Bitman (TeslaCrypt) version 3 and 4.

[/unordered_list]

ShadeDecryptor

ShadeDecryptor can decrypt files with the following extensions: .xtbl, .ytbl, .breaking_bad, .heisenberg.

You can access these decryption tools here.

Prevention is better than cure

Of course it goes without saying that prevention is better than cure.

The reason you will get one of these viruses normally stems from opening an attachment in a Phishing email.

A Phishing email is one that is constructed to look like it comes from a reputable source.

Examples are:

[unordered_list style=”tick”]

  • The Bank;
  • An Energy supplier. ie. AGL, Origin etc;
  • Australia Post;
  • A Courier. ie DHL, Toll etc.

[/unordered_list]

Also, the prevailing advice is never pay the ransom.

By paying cybercriminals, you only confirm that ransomware works, but more importantly, there is no guarantee that you will receive the encryption key you need to unlock your data.

 

Never10
, ,

Don’t want Windows 10 forced upon you?

Stop Windows 10 upgrade notificationsSo over the last few months, I’ve had Lot’s, and Lot’s and LOT’S of people have been contacting me about Windows 10 automatically being forced upon them without specifically initiating the upgrade.

Well in my opinion, the word “forced” isn’t quite accurate.

Somewhere along the line, the End User has “Reserved” their copy of the free Windows 10 upgrade, which has subsequently set them on a path that, along with ongoing Windows updates, lead to an apparently automated upgrade to Windows 10.

Now whilst it is true that you can “Roll Back” Windows 10, there may be some consequences. The first of which is the time taken whilst the upgrade takes place, and the second is the time taken to roll it back.

The other consequence is the possible loss of data.

I had one customer who claimed to have lost all his Favorites.

So what to do if you want to stop those Windows 10 upgrade notifications?

Well I have come across a free little utility called Never10.

When run, it will disable the Windows 10 upgrade notifications.

So if you have had enough of the persistent Windows 10 upgrade notifications, give it a try.

You can download it from https://www.grc.com/never10.htm

Windows 7 to be retired
, , , ,

Only Windows 10 from the middle of next year

Windows 7 to be retiredThis will not please a lot of my customers, but it had to happen sooner or later.

Microsoft have given notice to its OEM (Original Equipment Manufacturer) partners that they must no longer sell PC’s or Laptops with an Operating System older than Windows 10 from the middle of next year.

According to Microsoft’s Windows Lifecycle Fact Sheet, Windows 8 sales must also end as of 1st July next year, and Windows 7 Professional and Windows 8.1 will no longer be allowed to be pre-installed on new PC’s and Laptops from 1st November 2016, .

The Home Basic, Home Premium and Ultimate editions of Windows 7 were retired by Microsoft on 1st November last year. 

Windows 7 launched in October 2009, and Microsoft has permitted it to continue to be sold substantially longer than Windows 8, and Windows 8.1 which both arrived in 2013.

So I guess the salient point here is that if you want a new PC or Laptop with Windows 7, you will need to purchase it within the next 7 or 8 months.

Charred SSD Hard Drive

The importance of having a Backup Strategy

Charred SSD Hard Drive - Backup or lose it!!I am constantly telling people and Business Owners of the importance of having a sound Backup Strategy. I cannot stress enough that if you have important data on your Computer, and if you or your Business lives or dies by that data, you need to have an effective backup strategy in place.

Well it’s just as well I followed my own advice, because yesterday I had a catastrophic Hard Drive failure.

I walked into my office only to be confronted with a room full of acrid smoke. It was coming from my computer, so I quickly removed the cover and immediatedly saw charred wiring, and melted power cabling that led to my SSD Boot Drive.

Having this happen could easily have been very detrimental to my business if wasn’t for the backup strategy I had in place. Happily, I was back up and running again in a relatively short time, and more importantly, without any data loss.

So what is my Backup Strategy?

Well I have various things in place to avoid disaster. The first revolves around the computer itself, and how often I upgrade to a new one, and what I do with the old Computer. I build myself a new computer every 3 years or so. Once I have setup the new Computer and transfer all the data from the old one, and install all the software and setup email etc, I retire the old computer and keep it. By doing this, if something happens with the new one, I have an existing computer with all the software pre-installed ready to go.

Backup or Lose it!!

But that doesn’t help with preventing Data Loss.

You also need to be backing up your critical data. There are many ways, means, and options available to do this. What I do is this. I have an external NAS (Network Attached Storage) device connected to my Network. The NAS box has two Hard Drives that operate in a Mirrored RAID configuration. In other words, one Hard Drive Mirrors (exact copy) the other Hard Drive. If one of those Hard Drives fail, I can replace it, and it will automatically “Mirror” itslef to the replacement drive. I have software installed on the Computer called “Syncback“, and Syncback it is setup to backup my data to the NAS Drive on a schedule specified by me.

In addition to this, I have an “Offsite Backup” using software called “Carbonite“. Carbonite will backup my data via the Internet to a secure Server in real time as files change, and has the added benefit of keeping revisions of the file changes so if I ever accidentally save a file and overwrite it accidentally, I can retrieve/recover a previous version of the file. Offsite backups are important to protect you from events like a fire or theft of physical backup devices. Let’s face it, if your office burns down, or someone breaks in and steals everything, it doesn’ty matter how many backups you have or how many devices your data is backed up on.

So after my calamitous Hard Drive failure, I fired up the old PC, did the appropriate Windows updates, Security Software updates, and accessed my data on the NAS Drive. Then I immediately ordered the parts I needed to build myself a new computer. The one that went up in smoke was due to be replaced anyway. I just wished I’d taken steps a week earlier to replace it 😉

 

Windows 8.1 installation media
, ,

Windows 8.1 Installation Media Creation Tool

Windows 8.1 installation mediaOK, so similar to our last Blog Post about a Microsoft Website that allows you to create a Windows 7 Install Disk, this Post is about another “Handy To Know About Web Page” from Microsoft.

This time however, instead of it being about the ability to create a Windows 7 Installation Disk, this website allows you to create a Windows 8.1 Disk.

So once again, if you have lost your original Installation Disk for Windows 8.1, or you never had one to begin with, or you need to make a bootable USB Drive, then you need to use the Windows Installation Media Creation Tool.

How to create your Windows 8.1 Media

When you click on the “Create Media” button, you will be prompted to download an executable file (which when “run”), will prompt you for your chosen Language, which Edition (ie. 8.1, 8.1 Pro etc), and what Architecture (ie. 32 bit or 64 bit). From here you will be asked whether you want to save to a USB Drive, or save as an ISO file. The file is quite large, so again be careful that you don’t exceed your plan data usage if you are on a Limited or Mobile Data Plan.

It is all very easy to follow, and the only issue I can see would be the End User’s ability to create a DVD from the ISO file.

So once again, as in our previous Blog Post, if you do not have the appropriate  software to burn a DVD from an ISO file, you can download the burning software from the Microsoft suggested website. Don’t forget that just as we mentioned in the last article, you will still need to download the Drivers from the manufacturers website for your specific hardware. If you have trouble doing this, or you are not sure how to go about it, Spotty Dog Computer Services can of course do this for you.

You may also be interested in how to Create a Windows 7 Installation Disk.

 

Windows 7 Recovery Medi
, , ,

Create a Windows 7 installation disk using the Microsoft Software Recovery website

Windows 7 Recovery MediWell here is a handy website to know about.

I don’t know how many times a customer has come to us, either wanting their Windows 7 PC or Laptop wiped and reinstalled, or it has needed repairing using Recovery Media, but they do not have their Recovery Media or a Windows 7 Disk.

Now this isn’t a particularly big problem for us because we have access to Windows OEM Disks, but for the End User, not having the Recovery Media is a huge problem that means they have no other choice but to pay someone to do it for them.

What to do if you don’t have Windows 7 Recovery Media

Help is at hand. By visiting the Microsoft Software Recovery website, the End User can download the ISO file required to burn their own Recovery Media disk. The size of the disk will be somewhere between 2GB and 3.5GB, so if you are on a limited Internet Plan or a Mobile Internet Plan, just be careful you do not exceed your download limit.

Microsoft even provide a link for software to burn a DVD from an ISO file if you don’t have suitable software installed to do that yourself. Once you have the software and a valid Product Key, you’re off and running.

The website also allows you to create a bootable USB drive with a copy of Windows 7 on it.

All-in-all, a very handy thing to know if you never had a disk, or you have damaged your disk. As we all know, it is impossible to reinstall or even undertake some really easy repairs without a Recovery Disk or Windows 7 Media.

Of course there will be some End Users that will still have difficulties installing Windows 7 even if they do have the disk. For example, you will still need to download the Windows Drivers from the appropriate hardware manufacturers websites. But if that is the case, Spotty Dog Computer Services can certainly do that for you 😉

, , , , ,

Ransomware – The do’s and don’ts to protect you and your business

ransomwareRansomware (viral infections that encrypt data on your hard drive), are becoming more prevalent. Cryptowall and Cryptolocker are two that are increasingly infecting computers world wide, with an estimated 545,000 infections from between Sep 2013 to May 2014. Ransomwares’ purpose is to attempt to extort money from the victim with the promise that your data will be restored after payment.

The Senior Manager of Symantec’s Cyber Readiness & Response, Bob Shaker recently stated, “We’ve seen a sharp rise in requests from customers with respect to Ransomware.”

Mr Shaker tells the story of trying to help a customer who, after being infected with a ransomware virus, could only sit and watch while his company’s data was wiped out, file by file. “I never want to have to go through that again,” he says.

Since then, Symantec has gone to great efforts to ensure that businesses understand the risks and have a clear picture of what to do, and what not to do, to protect themselves from becoming a victim of Ransomware.

Here are some Ransomware Do’s and Don’ts

1. NEVER pay the Ransom!

Your first response will undoubtedly be panic, and your first instinct will be to pay the Ransom.
Don’t do it. This will just encourage the attackers, and help fund further development of these types of attacks.
And even if you do pay, there is no guarantee that you will get your data back.

Instead, Do:

Remove the infected system from the network if you are on one, and clean the system of all viruses.
Then restore data from a known good backup. Restoring data from a backup is the quickest way to get back up and running.

2. Do install a quality security solution

A multi-faceted security solution (like Norton Internet Security for example) should be installed. Norton has protections for not just file-based threats (traditional Viruses), but it also includes download protection, browser protection, heuristic detection technologies, a firewall and a community sourced file reputation scoring system.

3. Do educate employees

One of the main ways you can be infected is through “Spear Phishing”. This is whereby an unsolicited email arrives from an unknown sender that incorporates an attachment that, when opened, executes a program (the virus).
If you have employees, you must take the time to educate them about these threats, and how to recognise suspicious links and attachments, and what they should do in such circumstances.

4. Do use content scanning and filtering on your mail servers

All Incoming emails should be scanned for known threats and should block any attachment types that could potentially pose a threat.

5. Do make sure that all computers and software are kept up-to-date with security patches and updates

Compromised websites are frequently used to spread viruses. Regular patching of vulnerable software like Internet Browsers, Java, and Adobe Flash is necessary to help prevent infection.

6. Do limit end user access to mapped network drives

Ransomware is capable of looking for and encrypting data on any mapped drives that a user has access to. Restricting permissions for shared folders and files of a mapped network drive will limit what the Ransomware virus will be able to encrypt.

7. Do make sure that you have a comprehensive backup solution in place.

The fastest way to get back up and running after this sort of attack is to have a backup of your data.

These Dos and Don’ts will not prevent an attack, but they can certainly reduce your risk level.

Microsoft Office Comparison Table
, ,

Microsoft Office Comparisons

Usually when we build a new computer, or supply a new Laptop, the question is asked, would you like Microsoft Office with that?

Invariably the customer will say yes, to which we would reply, which version would you like?

To which the customer will reply, I didn’t know there were different versions.

And we would then respond with, yes there are several versions. You have Office 365 Personal & Home Premium, and Office Home & Student and Office Home & Business and Office Pro.

The conversation would then turn to all the differences of one version over the other.

As you can imagine, that is time consuming, and potentially confusing for the customer.

So in an effort to decrease both the time and confusion, here is a brief description of the differences, supported with an image that graphically displays those differences.

Office 365

Office 365 is a subscription based offering from Microsoft.

That is to say, you pay a yearly subscription fee.

The advantage of this is that you will always have the most up to date version of the Office applications (Word, Excel, PowerPoint etc).

There are two versions of Office 365. They are 365 Personal and 365 Home Premium.

The only difference between Office 365 Personal and Home Premium is that the Personal version can only be installed on 1 PC/Mac and the Home Premium version can be installed on 5.

Both versions include Word, Excel, PowerPoint, OneNote, Outlook, Publisher and Access, and both have a 1 Yr subscription term.

Office Home & Student vs Office Home & Business vs Pro

All of these versions of Microsoft Office are Disk Based, with no subscription.

All can only be installed on 1 PC/Mac.

All include Word, Excel, PowerPoint and OneNote.

In addition to these Applications, Office Home & Business includes Outlook.

And Office Pro includes Outlook, Publisher & Access.

Microsoft Office Comparison Table

Microsoft Office Comparison TableIf you would like to purchase Microsoft Office, it is available in our Online Shop.