TELSACRYPT and Friends

As if it wasn’t bad enough with CryptoWall now computer users have another Ransomware to be worried about. This one targets everyone but includes gamers as its primary goal. Similar to Cryptolocker or CryptoWall it encrypts all of the data on your hard drive and holds it until you pay for the encryption key. Sophos and many other antivirus firms are unable to stop this type of infection once it hits a computer. Computrs Inc has successfully found a batch file that will block the .exe file from launching but with newer types of Ransomware it’s only a matter of time before this batch file needs to be redone. TelsaCrypt is just one of the many new issues being thrown at computer users today. We strongly recommend taking a proactive stance. Begin backing up all of the data to the clouds. That’s the best solution and be safe. If something doesn’t look right trust your instincts, it probably isn’t.

Microsoft Patch Tuesday March 2015

Windows Updates are here again. Today we worry about not only the patch fixing the issue but will it create another problem. Microsoft, Java, Adobe, and a few other companies have addressed issues with patches or fixes only to create newer issue that caused IT people to look foolish. How often has your computer frozen just after the Windows updates were installed. If you answered "Too often" you also probably blamed your IT guy. I wish I had a dime for every time we got blamed when all were we doing was installing a patch that was supposed to fix all those annoying issue. Today Microsoft has a fix for the Freak security vulnerability. Hackers have been using the bug to break into computers with fairly weak or inadequate encryption. This month’s updates also address older bugs like Stuxnet which any computer consultant remembers was devastating a few years ago.

I can’t get a virus, I only open safe things

How could I have gotten a virus? I only open emails from friends and I never go to websites I don’t know. These are some of the most widely disputed issues everyone claims when they are informed their computer is infected with a virus. Avoiding spyware and virus infections is almost as difficult these days as it is to avoid a cold in the dead of winter. Fortunately there are things you can do to protect your computer. While no antivirus program is perfect no matter what they told you at the store or online you should know that all is not lost when fighting virus infections. I have put together a list of items to protect your computer. First and foremost install updated antivirus and antispyware programs. Make sure to confirm they are updated at least once a week and please use the programs no less than once a month. The next step is to make sure you have a backup of your data. One of my employees has a funny saying he uses;” if you only have one copy of something it’s not really that important”. Ideally you should backup the entire hard drive however if you can at least backup the important data files that would be better than nothing. If the drive dies or the virus infection causes your operating system to display the dreaded Blue Screen of Death you will still have your data. While you’re at it, why not backup those favorites from the browser. After all, you do like to see those websites everyday. When it’s possible, try to avoid email attachments. Pictures from friends and relatives seem safe but those PDF files or incorrect file extensions are often times virus files waiting to infect a poor unsuspecting computer. Never open an email attachment with a file extension VBS, SHS, PIF. These are almost never used by anyone other than people who write virus and Trojans. Other file extension such as NAME.BMP.EXE or NAME.TXT.VGS should also be red flags to you. Another good idea is to delete those pesky email advertisements and unsolicited emails. Don’t let curiosity kill the computer. I known it’s hard not to open some of those emails but you could be making a huge mistake which will lead you right to the computer repair shop. While you’re at it, try to avoid opening those ICON attachments. Worms often use executable files which have an icon resembling a picture to fool you. One final item, if you really need to insert someone else’s memory stick please scan it before you open it. I just had a father bring me two notebooks and two flash drives to scan at the office. His daughter had all these nice pictures from her European vacation on the memory stick. After it didn’t open on her laptop she proceeded to try it on dad’s laptop. Two days later I saved all of those wonderful pictures and data from the computers and flash drives. Too bad dad was a few bucks lighter but that’s what we fathers are there for, right? If you’re planning to be away from the computer for a few hours or days why not just shut the computer down. It saves energy, keeps you from having an issue if there is a freak thunder storm and keeps you off the internet where issues can develop. Now that school is back in full swing lets do our best to keep the computer running so the kids can do their homework. The old story that the dog ate my homework doesn’t get much use anymore. Today it’s “my computer had a virus so I couldn’t do my report”.

Ransomware – where is it going?

Great article on Informationweek from Bogdan Botezatu Below is his article Ransomware – The Worst Is Yet to Come How long before ransomware targets sensitive devices, including cars and medical implants? When reviewing the past year, anti-malware companies usually give supporting fdata such as the number of incidents, top threats, and the amount of money lost to malware. This year, unfortunately, we’re starting a new section in malware reports that counts the number of people who have paid the ultimate toll to malware: their lives. It began in March last year when a Romanian citizen ended his and his son’s life after he was informed that he had to pay fine in excess of $21,000 for watching pornographic content; the fine was bogus. Because there was no way for the single father to produce the money, he felt under pressure and killed his son and committed suicide. The story repeated earlier this year, when a 17-year-old college student took his own life after seeing a ransom message impersonating the UK police. At this point it has become clear that malware has moved well beyond our financial welfare; it is now claiming lives. The number of crypto-ransomware families is growing at an alarming pace, fueled by the success of crypto-ransomware such as CryptoLocker and CryptoWall. But, unlike CryptoLocker, next-generation CryptoWall developers learned their lessons: The new malware delivery and key management infrastructures of CryptoWall are so well developed and scaled that they could put a significant chunk of legitimate businesses to shame. These developers also learned that the weakest link in this ecosystem is now the command and control infrastructure that can be taken down by law enforcement. If there were a natural evolution in malware development, CryptoWall would be to CryptoLocker what Homo sapiens are to the Neanderthal. Evolution has trimmed out shortcomings that could make CryptoWall vulnerable: For example, paid ransom money is now split among individual, ad-hoc generated Bitcoin wallets so anti-malware companies and law enforcement can’t just look into one wallet and see the immense profit the operators have made. The command and control infrastructure has also been migrated to the Darknet via Web-to-TOR gateways. This not only prevents the sink-holing attempts that were once possible by reverse-engineering the DGA, but also makes it impossible for law enforcement to estimate the magnitude of the botnet. Nobody Is Safe CryptoWall comes with a variety of features that make it more difficult to detect or take out of business, but a particularly important feature is the polymorphic builder used to create a new virus for every potential victim. Over the weekend, we received more than 1,200 unique CryptoWall samples, and this is only a fraction of what happens on a global scale. Another tactic we spotted through the weekend is calibration: Hackers upload thousands of ransomware samples on antivirus engine aggregators such as VirusTotal, but they don’t show up in the malware telemetry, which means that they have never been sent into the wild. These samples are only used to test how many antiviruses detect it. It only takes one missed sample and your data gets completely owned without any chance of recovery. It has already been proven that ransomware can inflict huge financial damage on companies and users. It’s also a fact that ransomware has killed people in its wielders’ quest for money, although the incidents mentioned above are only collateral damage and not the hackers’ end goal. One question still needs answering: How long will it take ransomware to target more sensitive devices we use, including cars and medical implants?