Posts

Ransomware
, , , ,

Ransomware – What can you do about it?

RansomwareRansomware has been on the rise over the last six months.

I have noticed a huge increase in the number of inquiries from people who have been infected with viruses that have encrypted the data on their Hard Drives.

This article gives you some options for decrypting your data without paying the ransom.

These viruses, collectively know as “Ransomware”, encrypt your files (Documents, Photos and other files) and then attempt to extort you by requesting payment to unlock those files.

Up until recent times, my advice has been that there is little choice other than to wipe the Hard Drive and reinstall Windows and software, and if available, restore a backup of your files.

Recently however, a couple of other options have come to my attention.

Ransomware Decryption Tools

The first comes from AVG. They have released six Decryption Tools that (if you’re lucky) may help with decrypting your data.

The six methods of encrytion that these tools target are:

[unordered_list style=”tick”]

  • Apocalypse,
  • BadBlock,
  • Crypt888,
  • Legion,
  • SZFLocker, and
  • TeslaCrypt.

[/unordered_list]

You can access these decryption tools here.

The second option is in the form of other decryption tools from a website setup by Europol.

These tools attempt to decrypt the following:

CoinVault

The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab, have been working together to fight the CoinVault and Bitcryptor ransomware campaigns.

RannohDecryptor

The RannohDecryptor tool is intended to be used to decrypt files encrypted by:

[unordered_list style=”tick”]

  • Rannoh,
  • AutoIt,
  • Fury,
  • Crybola,
  • Cryakl, and
  • CryptXXX versions 1 and 2 (files encrypted by Trojan-Ransom.Win32.CryptXXX version 3 are detected, but not decrypted).

[/unordered_list]

RakhniDecryptor

The RakhniDecryptor tool is intended to be used to decrypt files encrypted by:

[unordered_list style=”tick”]

  • Rakhni,
  • Agent.iih,
  • Aura,
  • Autoit,
  • Pletor,
  • Rotor,
  • Lamer,
  • Lortok,
  • Cryptokluchen,
  • Democry, and
  • Bitman (TeslaCrypt) version 3 and 4.

[/unordered_list]

ShadeDecryptor

ShadeDecryptor can decrypt files with the following extensions: .xtbl, .ytbl, .breaking_bad, .heisenberg.

You can access these decryption tools here.

Prevention is better than cure

Of course it goes without saying that prevention is better than cure.

The reason you will get one of these viruses normally stems from opening an attachment in a Phishing email.

A Phishing email is one that is constructed to look like it comes from a reputable source.

Examples are:

[unordered_list style=”tick”]

  • The Bank;
  • An Energy supplier. ie. AGL, Origin etc;
  • Australia Post;
  • A Courier. ie DHL, Toll etc.

[/unordered_list]

Also, the prevailing advice is never pay the ransom.

By paying cybercriminals, you only confirm that ransomware works, but more importantly, there is no guarantee that you will receive the encryption key you need to unlock your data.

 

, , , , ,

Ransomware – The do’s and don’ts to protect you and your business

ransomwareRansomware (viral infections that encrypt data on your hard drive), are becoming more prevalent. Cryptowall and Cryptolocker are two that are increasingly infecting computers world wide, with an estimated 545,000 infections from between Sep 2013 to May 2014. Ransomwares’ purpose is to attempt to extort money from the victim with the promise that your data will be restored after payment.

The Senior Manager of Symantec’s Cyber Readiness & Response, Bob Shaker recently stated, “We’ve seen a sharp rise in requests from customers with respect to Ransomware.”

Mr Shaker tells the story of trying to help a customer who, after being infected with a ransomware virus, could only sit and watch while his company’s data was wiped out, file by file. “I never want to have to go through that again,” he says.

Since then, Symantec has gone to great efforts to ensure that businesses understand the risks and have a clear picture of what to do, and what not to do, to protect themselves from becoming a victim of Ransomware.

Here are some Ransomware Do’s and Don’ts

1. NEVER pay the Ransom!

Your first response will undoubtedly be panic, and your first instinct will be to pay the Ransom.
Don’t do it. This will just encourage the attackers, and help fund further development of these types of attacks.
And even if you do pay, there is no guarantee that you will get your data back.

Instead, Do:

Remove the infected system from the network if you are on one, and clean the system of all viruses.
Then restore data from a known good backup. Restoring data from a backup is the quickest way to get back up and running.

2. Do install a quality security solution

A multi-faceted security solution (like Norton Internet Security for example) should be installed. Norton has protections for not just file-based threats (traditional Viruses), but it also includes download protection, browser protection, heuristic detection technologies, a firewall and a community sourced file reputation scoring system.

3. Do educate employees

One of the main ways you can be infected is through “Spear Phishing”. This is whereby an unsolicited email arrives from an unknown sender that incorporates an attachment that, when opened, executes a program (the virus).
If you have employees, you must take the time to educate them about these threats, and how to recognise suspicious links and attachments, and what they should do in such circumstances.

4. Do use content scanning and filtering on your mail servers

All Incoming emails should be scanned for known threats and should block any attachment types that could potentially pose a threat.

5. Do make sure that all computers and software are kept up-to-date with security patches and updates

Compromised websites are frequently used to spread viruses. Regular patching of vulnerable software like Internet Browsers, Java, and Adobe Flash is necessary to help prevent infection.

6. Do limit end user access to mapped network drives

Ransomware is capable of looking for and encrypting data on any mapped drives that a user has access to. Restricting permissions for shared folders and files of a mapped network drive will limit what the Ransomware virus will be able to encrypt.

7. Do make sure that you have a comprehensive backup solution in place.

The fastest way to get back up and running after this sort of attack is to have a backup of your data.

These Dos and Don’ts will not prevent an attack, but they can certainly reduce your risk level.

, , , ,

How to Spot Fake Anti-Virus Software

fake-antivirusThis is a very good article on Fake Anti-virus software and it’s implications.

Take the time to read it and you may prevent the pain of Identity Theft and Credit Card Fraud!!!

Article by Sue Marquette Poremba

Fake anti-virus (AV) software is a pain in the rear. It’s annoying as all get-out. And it can do a lot of damage to your computer. Just when you think you’ve figured out that it’s fake, the bad guys make changes.

If you’re lucky enough to have never experienced fake AV, it usually arrives as a piece of malware that pops up on your screen with a dire warning that your computer is infested with viruses — a lot of them.

If you click on the button, it offers to download the AV software to “clean” your computer. But that’s not a good idea.

“There are many versions of fake AV currently circulating on the Internet today,” said Raul Alvarez, senior security researcher for Fortinet’s FortiGuard Labs in Sunnyvale, Calif. “While there are different variations, styles and names, they all share a common feature set.”

Anatomy of a scam

The first feature is a professional-looking graphical user interface that makes it look like a legitimate anti-virus application. Once the fake AV gets into a user’s computer system, it launches the interface and pretends to begin “scanning” the computer.

Once the “scan” is finished, fake AV typically tells the user that the system is riddled with malicious software

Next comes the crucial part: The fake AV wants payment in order to “clean” the system of all that bogus malware.

But don’t enter that credit-card information. Once you do, all that data gets shipped off to Eastern Europe or Brazil, and you immediately become a prime candidate for identity theft.

Even worse, some fake AV loads real malware, meaning you’ve just paid to have your computer infected, and others log your keystrokes or try to steal other information from your machine.

[8 Security Basics the Experts Want You to Know]

The new breed

Alvarez and his colleagues recently found a new variant of fake AV that’s got a brand-new look. They’ve given it the catchy name of W32/FakeAV.RA!tr.

“Once the malware is installed, an infected user receives a warning message that reads the software has discovered a spyware infection,” Alvarez said.

The warning balloon looks like it’s coming not from some random anti-virus software that you’ve never heard of, but from the real anti-virus package you’ve already installed. That’s pretty sneaky. 

The next part of the scam is par for the course.

“When a user clicks on this warning message, a new application window that resembles a legitimate anti-virus application appears, starts ‘scanning’ the system and begins displaying detected infections,” Alvarez said.

“Once the detection phase is complete, a new window appears that displays the number of infections the software has discovered. The window also includes an option for the user to remove the detected threats or ‘Continue unprotected.’ Common sense dictates a user selects remove the ‘threats.'”

If you continue to click through, you’ll next be asked for your credit-card information and you are taken to a checkout screen. Then things get bad.

“This version of fake AV displays a warning message whenever a user tries launching a program and is particularly nasty as it doesn’t allow a user to launch any applications from their computer,” Alvarez said.

How to protect yourself

Computers are infected with fake AV through infected email attachments, links within emails or social-media links that lead users to malicious sites that automatically infect PCs and Macs via drive-by downloads.

The trick to avoiding fake AV infection is to know what’s already on your system. You should already have genuine anti-virus software that you’ve personally bought or installed.

 Alvarez recommended being familiar with your anti-virus software and to know what it looks like when prompts you for an update, if it isn’t done automatically.

If an update or scan prompt doesn’t match your regular anti-virus software prompt, fake AV has most likely made its way onto your computer.

“Don’t forget, you already paid for the software on your computer,” Alvarez said, “so if you are being asked to pay for something, it is fake.”

If you do end up with fake AV on your system, be assured that you aren’t alone — this is a billion-dollar business for criminals.

First, scan your computer with your legitimate anti-virus software. If it’s blocked by the fake AV, reboot your computer in “safe” mode and scan again.

“In addition, it is advised to do an ‘offline scan,” Alvarez said. “This means a computer should to be scanned and cleaned outside of the full operating system to complete remediation.

“This requires a restart into the Windows Pre-installation Environment (WinPE) to run a scanning utility, such as Windows Defender Offline scan tool,” he added.

Article Source: Security News Daily

, ,

Apple removes “more secure than Windows” claims

Screen-Shot-2012-08-24-at-3.13.59-PM[1]by Kevin McLaughlin

Apple recently changed the wording in the “Why You’ll Love A Mac” section of its website, removing longstanding claims about Macs being more secure than Windows PCs.

For years, Apple’s marketing has centered on the notion that Mac users are immune to the malware that routinely causes headaches for PC users.

Here is how Apple used to phrase this: “A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.”

But sometime in the past few days, Apple changed this message to read: “Built-in defenses in OS X keep you safe from unknowingly downloading malicious software on your Mac.”

Apple also changed its description of OS X from “It doesn’t get PC viruses” to “It’s built to be safe”.

The original Apple web page, dated June 9 on Google cache, can be seen here.

The removal of Windows comparisons could signal a change in Apple’s security marketing strategy. Apple’s devilishly effective “Get a Mac” marketing campaign focused on the superior security of Macs over Windows PCs, and while researchers have warned that Macs are not inherently more secure, many Mac users still operate under that assumption.

Apple did not respond to a request for comment on the website changes. But security experts suspect that the increasing attention the company is getting from malware authors did play a role in its decision to remove references to Windows.

“Apple does not want to lose its image as a secure platform,” Andrew Plato, president of Anitian Enterprise Security, said in an interview. “A lot of people still see their Mac as fundamentally more secure than Windows. Flashback proved that Macs are just as vulnerable.”

Macs get more attention from attackers

As more iOS devices make their way into businesses through the bring-your-own-device phenomenon, Mac adoption in businesses is also rising, creating a more inviting target for attackers, according to Andrew Brust, CEO of Microsoft analyst firm Blue Badge Insights.

“Macs can’t keep that low profile anymore, and the bullies are starting to target it, with increasing frequency,” Brust said.

Apple has kept security under the same cloak of secrecy as the rest of its operations, but there are signs that may be changing. Next month, Apple is slated to take part in the Black Hat security conference for the first time. Dallas De Atley, manager of the platform security team, will give a talk there on key security technologies in iOS.

On Monday at the opening of its Worldwide Developer Conference, Apple offered insight into the security improvements in OS X Mountain Lion, which is slated for release in July. The big new feature is Gatekeeper, a security mechanism that allows OS X developers to digitally sign their apps, thereby preventing users from accidentally installing malicious software.

Article Source: This article originally appeared at crn.com

, , , ,

Tips For Avoiding Social Networking Disasters

If you are a business owner thinking about engaging in social networking as a tool for your business, take the time to read the following article from the North American Press Syndicate. 

Tips For Avoiding Social Networking Disasters

North American Press Syndicate

“Small businesses need effective, low-cost marketing strategies, and tools like Facebook and Twitter deliver megahits for microbudgets. Yet while many business owners are being advised to engage customers via social media, not all are informed of the risks.

Social network sites are fertile waters for Internet pirates who troll for unsuspecting victims, hoping to steal data by planting malware in the form of computer viruses, worms, Trojan horses and spyware.

If you are a small-business owner, work for one or hope to become one, these tips can help keep your business data secure:”

 

Avoid Social Networking Disasters

, , , , , ,

What Antivirus software do we recommend?

BX_N360_Y14_r_r_EN_342[1]Up until the last few months or so, I was of the opinion that AVG Free was as good as any Antivirus software, on the proviso that you didn’t do stupid things online like visiting porn websites, clicking on links in emails that were obvious phishing scams and making sure you kept Windows up to date along with Java, Adobe Flash and Adobe Reader.

Well all that still stands, but I have found there is an increasing number of really nasty viruses out there that are just getting past the AVG product, and as such, I have now changed my thinking and moved to the Norton 360 product by Symantec, and now recommend this as my preferred Security solution.

I had an experience recently that taught me a valuable lesson.  Being in the industry that I am in, I should have known better, but like all of us I got complacent.

I used a USB Flash Drive with some Virus Removal tools on an infected PC.  It had a nasty Rootkit among other things, and it transferred the virus to my USB Drive.  When I got back to the office I wanted to retrieve a log report off the drive and plugged it into my PC which was protected by AVG.  Well it turns out it wasn’t very well protected at all because the virus was instantly transferred to my PC without so much as a peep out of AVG or indeed any other sign.

The first I knew about it was when I started receiving 100’s of returned emails with the usual spam topics and a phone call from my web host telling me they had disabled my email accounts.  What followed was a time consuming effort to remove the virus and it was at this time I changed my recommendation from AVG to Norton 360.

Traditionally I haven’t been a fan of Security Suites, and I’m still not, but 360 is minimal in it’s intrusiveness and uses fewer system resources than some of the others, and more importantly it detects those nasty viruses that AVG didn’t and still doesn’t.

FYI we sell Norton 360 for $99.  This will cover 3 PC’s for 12 mths.

, , , , ,

How Can You Find Out If Someone Is Hacking Your Computer?

Computer-Hacker

 

Here is an interesting article about what signs to look for to determine whether you may be infected with viruses/malware that allow a hacker to take control of your PC. 

 

 

 

How Can You Find Out If Someone Is Hacking Your Computer?

by Gaurav Srivastava

Many of you become innocent victims of hackers who break in your computers and steal all they can from the credit card details, bank information, emails, passwords, to professional documents among other critical things. You cannot really avoid hackers, their viruses and malware software when you are online but yes you can certainly avoid being a victim. This free virus removal support guide discusses how you can find out if someone is hacking your computer.

Step 1

When you reboot your computer, it reboots twice instead of once. It happens because the hacker has to boot his server in order to keep accessing your Windows or Mac computer. Thus, your computer quickly reboots after you reboot it and the startup screen appears twice. Another symptom of being hacked or virus-infected is when your computer reboots or shuts down on its own time and again. It means it doesn’t seek for your mouse or keyboard prompts to be shut down or restarted. When you attempt to access a program on your computer, you are not able to do it. You cannot access Task Manager, the Start menu or anything on your computer.

Step 2

When you open your web browser, some other website loads up but not your regular home page. When you search for something in your search engine, you are being redirected to websites that you have never browsed or even heard of. These can be adult or malicious websites prompting you to download adult materials or fake virus removal tools. If your web browser has a new toolbar, add-in, or plug-in that you did not install, it indicates that your browser and computer has been hacked. You do not see your usually plug-ins, add-ins, or toolbars when the browser is hacked. Besides, if your internet speed is really slow, it indicates your computer has a virus.

Step 3

If your CD- or DVD-ROM drive opens up without your action. Your computer has missing icons like Network Places, antivirus, or Outlook etc. However, you see new programs like virus removal tool (that you didn’t even download), music file etc. showing up on your desktop. If you see that your computer clock shows a different date & time, time zone settings, and daylight savings etc. (unless you have changed them), it has a stubborn, dangerous malware.

Step 4

If you have a firewall program like ZoneAlarm installed on your computer, it can tell you if someone has tried hacking it. Open ZoneAlarm or the firewall program you have and check if it has logged any malicious program entry that was attempting a server setup on your computer. If your firewall or antivirus program takes forever to scan your computer, it indicates that it has been compromised. If your antivirus icon is missing from your computer and it does not even open once you have found it, it has a virus that has disabled it to prevent itself from being removed.

Step 5

If you run a virus scan from your antivirus software, it shows multiple infected files and programs that you never even downloaded to your computer. All of a sudden you have multiple files with weird names like mslove.exe, abcd1234.exe, or giaehi45.jpg etc. in your computer. all of a sudden your computer starts taking forever to open a small program like Run or Command Prompt etc. The CPU usage shows 100% (maximum) for a small process like explorer.exe.

Step 6

When your friends tell you about the new links or posts you have shared (that you have never actually shared) on your Facebook, Instagram, or Twitter profile. When your friends or relatives receive bogus emails containing adult or objectionable materials, link etc. from your email address. When your credit card or online banking does not accept your password despite that you have it correctly and have not changed it in the recent past.

The Author of this article is associated with V tech-squad Inc, V tech-squad Inc. is a cloud based technical support provider to consumers and small businesses. if you have any problem while performing the above steps and need technical assistance for online virus removal, You can reach V tech-squad online technical support at their Toll Free No +1-877-452-9201.

About V tech-squad Inc.

V tech-squad Inc. is a cloud based online technical support provider to consumers and small businesses. V tech-squad provides support to users for issues with their PCs, Mac’s, Tablets, Phones such as iPhone and Blackberry and devices such as MP3 players, Printers, Scanners, Fax, Wireless networking gear, Netflix, Roku boxes and TVs. With an obsessive focus on quality and building technical expertise, V tech-squad continues to maintain an issue resolution rate of more than 90%. V tech-squad’s credibility has been tested by more than 10,000 customers. Currently V tech-squad provides support services to consumers and small businesses in United States. For more information on V tech-squad, Inc. visit vtechsquad.com.

Article Source: EzineArticles.com

, , , , , ,

Why You Get Viruses

Viruses and MalwareThere is an interesting study by a Danish security firm that found the main reason people get viruses is because they don’t update their software.

The main reasons for getting infected are through old versions of Adobe Flash, Adobe PDF Reader, Java and Microsoft Internet Explorer. So if you use these, make sure you keep them up to date!

The conclusion of this study is that as much as 99.8 % of all virus/malware infections are caused by exploit kits and are a direct result of the lack of updating these five specific software packages.

As I always say, prevention is better than a cure, and as annoying as it is, it’s safer to keep your software up to date (and less annoying than getting a virus).

Microsoft recently published a similar study where they found about 90% of virus infections were through unpatched software.

, ,

How To Enable or Disable “AutoRun” for removable media

AutoRun can be enabled or disabled for all Removable media types, such as a Floppy or Zip disk, and USB Flash Drives. This is useful to know because removable media can easily be infected with viruses and spyware that is configured to install when removable media is inserted into the PC. Windows systems are configured to enable CD Notification, other removable media are by default disabled, but if for some reason they aren’t, then it is a good idea to disable them.

The System Properties User Interface only exposes the CD Enable or Disable option. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.

Notes:

1. Modifying the Registry is not for the inexperienced user. Anyone will tell you to, be VERY careful.

2. The modifications shown below use Hexadecimal not Decimal numbers. If you are unfamiliar with the Registry or Hexadecimal, looking into these topics prior to making these modifications is advisable.

To Modify the following Registry Settings, Use “Regedit” and navigate to the following Key:

HKEY_CURRENT_USER

Software

Microsoft

Windows

CurrentVersion

Policies

Explorer

“NoDriveTypeAutoRun”

The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.

, , , ,

Great Security Myth: I Don’t Need Anti-Virus Protection because I Bought an Apple Mac!

virus-detectedMelbourne, 28 May 2010 – AVG (AU/NZ) Pty Ltd warns that Apple Macs running the OS X operating system, or some flavour of Linux distribution, are not immune to viruses, malware and other forms of Internet-carried spambots, Trojans, hacking and phishing.

That’s right, Apple Macs running the OS X operating system, or some flavour of Linux distribution, are open to attack from cyber criminals.

Now of course hackers and spammers are not stupid and they know that Windows users represent the ‘low hanging fruit’ in terms of potential targets. The sheer weight of numbers that the Windows’ user base carries with it makes it the primary target for malware attacks – and it’s going to stay that way for the foreseeable future.

“But,” Lloyd Borrett, Marketing Manager, AVG (AU/NZ), says: “The web changes everything. More specifically, web services, social media and online applications change everything.

“Suddenly you are operating one step further away from your Mac’s desktop and you are at the mercy of live real-time contact from third parties and the World Wide Web in general. This levels the playing field in some senses, so that suddenly your Mac is not a Mac for a moment – instead it’s just a computer.”

With the growing popularity of web services from Twitter and Facebook and so on, the opportunity to spread malware hidden in a simple link has, arguably, never been greater.

So Mac’s do have vulnerabilities and people should be increasingly aware of browser security concerns. Without identifying specific security holes in Safari or Opera (or Firefox for that matter), the operating system is no longer the primary target for Internet-driven user attacks by cyber criminals. The target is the application itself and the user’s behaviour within it.

Apple’s popularity is growing all the time even if its market share is still somewhere around less than 10 percent globally. Just this year security researchers found eight fresh zero-day vulnerabilities in Apple’s Safari browser.

“What matters most is that viral attacks are constantly evolving and looking for fresh blood,” Borrett continued. “So, everyone needs to think about Internet security protection. It’s as simple as that.”

Technical Facts

Looking objectively at the Mac operating system and tools, there is arguably a larger total surface area of code open to potential attack.

Combining rich use of Flash and Java with support for multiple file formats does not exactly put up extra barriers. Digging deeper, Address Space Layout Randomisation (ASLR) has been around since Windows Vista as an anti-exploitation technology, yet it is only present in Mac OS X 10.5 in some library offsets and therefore does not offer complete protection in the way that the technology was designed.

Conclusion: Apple Mac, Windows or Linux, the fact is that regardless of the operating system each of us is using, we’re all in this together. Everyone needs to be aware of what they are clicking on and use their commonsense – if something doesn’t look quite right, it probably isn’t!

.