PHISHING: Know Your Technology!

I received a call today from a bot reporting itself as Amazon and alerting me that a $1,000+ charge had been made on my Amazon account for a new iPhone 11 and to press “1” for a rep to discuss this charge. Naturally, I pressed “1” to play along and see where this went.  I was transferred to an agent purporting to be an Amazon customer service rep.  He asked me if I wanted to receive the phone and was surprised when I answered “hell yeah” since they’re expecting you to be shocked by this order and to scare you into giving up personal information or remote access to your computer.

When I answered yes, he proceeded with shipping information.  Is this going to “Ken Carmack?”

ME:  “Yes”.

REP:  “ Is the address 167…”

ME:  “No, that should be 167 Main Street”

REP:  “OK, is that going to Raleigh?”

ME:  “No, it should be Wilkesboro”

By then, he knew that he was being played and disconnected.

The bottom line here is that phishers are constantly whipping up new schemes such as this one, to scare you into thinking that you’ve been charged for a TV, iPhone, Norton antivirus or similar. In your panic, they hope that you will divulge personal information or provide access to your computer which they can then exploit.

A common tactic that I’m seeing lately are emails with an invoice or payment confirmation stating that your account has been debited $389.99 for McAfee or Norton renewals and to call their 800 number if you need assistance or have questions. One client of mine was scared into action by this, dialed the 800 number and provided remote access to his computer to an “agent”. BOOM! A win for the attacker!

Another common tactic is an email from “Microsoft” warning that the password to your Microsoft account is expiring in short order. The goal here is for you to click on the link, proceed to a page that looks like Microsoft where you enter user credentials which they can then use to login in to your actual Microsoft account. These emails sometimes look like they originated from Microsoft but are often sent from an email account or domain that bears no resemblance to Microsoft, such as billy@wescammedyou.com.

So how to spot/avoid phishing  tactics? There are several red flags or rules of thumb to keep in mind:

  1. KNOW YOUR TECHNOLOGY! Are you using McAfee or Norton, such that a renewal is in order? If not, don’t take the bait.  Most of my clients use BitDefender so be aware of your security suite.  I never use McAfee or Norton unless a client has purchased that on their own. Nevertheless, you should be aware of what is protecting your computer, not only to ensure you’re protected, but also as a defense against phishing.
  2. Does the sender’s email address resemble the soliciting company? For example, one McAfee renewal that I reviewed came from an @gmail.com account which raised a red flag. If the sender’s address is hidden, hover over the sender name/address to see the underlying sender’s account. If the sender presents as Microsoft, see if the underlying email address is actually @microsoft.com.  While this is not foolproof, you can quickly rule out many bogus emails that arrive in your inbox.
  3. Does the invoice address you by name or company name? If the renewal is addressed to “Dear Customer”, then they probably never had the original subscription.
  4. Is your address or last 4 digits of your credit card referenced? Once again, vague invoices/confirmations with scant specific details are a red flag.
  5. When in doubt, send the items to your IT department to verify for legitimacy.
  6. Under no circumstances should you reply to the email or call their 800 number. If you’re legitimately concerned that you’ve been charged, then log in to your banking or credit card account and scan for pending or completed charges. If the caller or email claims that the purchase was made in your Amazon account, log into that account and review your orders. When accessing financial or online accounts NEVER, EVER click a link in an email. Always open your web browser and navigate to your accounts as you normally do. Links in emails can send you to web pages that look like the real website but are designed to collect your user credentials. Also, enable 2 factor/multifactor authentication on accounts that contain financial or sensitive information.

One more phishing story and I will get back to work.  A few months ago a client called and stated that their company’s president’s (let’s call him “Fred”) phone had been hacked. A young employee (call him “Jimmy”) in the company received texts from the president asking him to run an errand and buy 15 @ $100 Apple gift cards to distribute to the staff as performance awards.  Oh, and don’t bother calling Fred because he’s in meetings and using someone else’s mobile phone since his battery is dead. Long story long, Jimmy followed the instructions to the tee, purchased the cards, scratched off the backing, shot photos and texted the images to “Fred’s” phone.  BOOM!

Bottom line, Fred’s phone was never hacked.  It was probably a burner phone that got trashed immediately after the successful caper. Further, my client contacted Apple to deactivate the gift cards.  I suppose that’s possible, but the hacker knew that time was on his side and wasted no time spending them. Jimmy was out $1,500 at the end of the day.

A few key rules of thumb that could have prevented this hack:

  1. Verify the sender using a different communication method. Don’t text Fred back to ask if it’s really him since the attacker will respond affirmatively. Call Fred on his landline or send an email. I have seen successful attacks where the hacker emailed the victim, the victim verified via the same email channel and the attacker confirmed “yeah, this is legit!”
  2. Run a smell test: Does this make sense for the president to reach out to a new employee for an errand like this?  If you don’t have the experience/context to answer that question, check with your peers.  If Fred is really in a meeting, what’s a few minutes to ask around to confirm that. Remember, these hackers use fear to kick you into quick action, which always works in their favor.
  3. Avoid mobile numbers on your company website. If you want to post phone numbers, add landlines that cannot receive texts. You can config most landlines to forward to a mobile phone so that you don’t miss calls. Many phishing attacks are via text message, so posting your mobile number on the web provides a very easy target.
  4. When in doubt: DON’T!

Over the years, we’ve all learned to ignore and delete emails from Egyptian pharaohs, lottery winnings, and all the other too-good-to-be-true trickery.  However, scammers are getting more clever, so it pays to be cautious and dial up your BS detector.

Be careful out there!

Additional resources on phishing methods, prevention and remediation:

Federal Trade Commission:  How to Recognize and Avoid Phishing Scams

PC Mag:  How to Avoid Phishing Scams

NC Department of Justice:  Phishing

Windows 11 is Here! Should I Upgrade Yet?

After much fanfare, Microsoft started rolling out the Windows 11 upgrade on October 5, 2021. The upgrade will be free to Windows 10 users and will be rolled out over the next few weeks.  When you visit Windows Update on your computer you may see a prompt offering the upgrade to you now or a message stating that “This PC doesn’t currently meet all the system requirements for Windows 11”.  Thankfully, unlike the Windows 10 upgrade, Microsoft is not planning to create chaos as they did with the forced Windows 10 upgrade on all Win7 and Win8 users. That rollout was extremely disruptive and resulted in many hours of lost productivity. This free upgrade is elective/optional.

Should you upgrade?

The quick answer is “Not yet”.  As with any update/upgrade, it’s always best to wait a few weeks and allow Microsoft to work out the bugs.  At that time some users desiring a refresh of their operating system may move forward with the upgrade.  If your computer is used mostly for web surfing, checking email and watching cat videos, the upgrade is pretty low risk. Just make sure that all of your important files/folders are backed up somewhere.

For business users, I recommend the “wait and see” approach.  Many routine updates sent out by the software giant have created problems, such as breaking printing to network printers, disabling the Start menu or frying network adapters.  Thus, for mission critical computers that are used to run your business, your home finances or your social life, wait a few weeks for the first few patches. There’s no need to worry about losing support for Windows 10 as that is good until October 2025.

What’s in the new Operating System?

I went ahead and installed the upgrade on one of my laptops on October 5 just to get a feel for the new version. So far, the changes are fairly subtle. The download/installation process took about an hour. A few reboots later and I was running Win11. A handful of initial observations:

  1. Hardware requirements:  Win11 is instituting some fairly rigid hardware requirements which will rule out the upgrade for many users with old or budget computers. Specifically, there are requirements for modern processors, BIOS/firmware and the TPM chip which is not available on many consumer-grade computers.
  2. The Start Menu and Taskbar are now centered on the bottom of the screen which is kind of annoying.  However, it is possible to left-justify both as they have been for decades. The Start Menu is a bit different but it seems mostly cosmetic and not functional.
  3. Android Apps will eventually run on Win11, but not in its current form. Expect the ability to run Android apps in Win11 in 2022.
  4. Widgets:  There’s now a widgets icon on the Taskbar that pops up a customizable grouping of widgets including weather, stock market performance, MLB, news, etc.
  5. Microsoft Teams Integration is now built in to Win10 making it easier for all Windows users to participate in Teams meetings.

Many other new features are available in the Win11 refresh and are covered in more detail in the articles below.

CNET:  Windows 11 review: Microsoft’s OS upgrade is subtle, but we like that

PC World:  You Shouldn’t upgrade to Windows 11 yet

PC World:  Windows 11 Review:  An Unnecessary Replacement for Windows 10

As always, please reach out if you have questions or need technical assistance.

Ken

Windows 7 End of Support

As we kick off the second half of 2019, it’s time to look ahead at emerging trends in the technology world.  More specifically, there is an important deadline on the horizon faced by many companies across the country. You are probably aware that the product lifecycle for Windows 7 comes to a close on January 14, 2020. Microsoft has been beating this drum for quite some time and many Windows 7 users have received pop-ups reminding of this impending deadline.

What this means for users is that Windows 7 computers will no longer receive security updates, patches, etc after January 14, 2020.  While the operating system will continue to function, users that remain on Windows 7 after the 14th of January are surfing the internet at their own risk.  

What many managers/users may not be aware of is that other major operating systems and product platforms are reaching end-of-life in 2020 as well, including:

  • Windows Server 2008 and 2008 R2 — January 14, 2020
  • Microsoft Office 2010 — October 13, 2020

Am I Running Windows 7 or 10?

Many people are unaware of their operating system version, but it’s pretty easy to determine.  The quickest way is to look at your start button in the bottom left corner of the screen. If you have a rectangular start button, then you’re probably running Win10. If it’s the round “orb”  then, most likely Windows 7. If you’re still unsure, click on the Start button and type System. You will get a System Information screen that shows the operating system version and edition at the very top. 

What Are Your Options?

Fortunately, there are several options, including a budget option:

  1. In-Place Upgrade:  Microsoft quietly kept the in-place upgrade option open, even after  supposedly closing the door on the free upgrades, back in the summer of 2016. While this is the “budget” option, users should proceed with care.  As with any Microsoft update/upgrade, it is not foolproof and may even fail – some users have reported inability to activate the Windows 10 license.  There’s also the possibility that the procedure will completely break your machine. Thus, it’s best to make sure you have a complete backup of your data as well as any software product keys needed to make sure you lose no data or software licenses if you decide to rely on this option. 
  2. Fresh Install of Windows 10: this is my favorite approach since you start with a clean install of Win10 rather than upgrading a Win7 installation that may have config problems.  If you really want to do it right and turbo charge your performance, pull that old hard drive out and replace it with a solid state drive (SSD). SSDs will dramatically improve your computer’s runtime performance and provide lightning-fast boot times.
  3. Replacement of your machine: Frequently, the most expensive option is the best. If you need high confidence performance to keep your business running, this is your best bet.  You’ll get a fresh warranty and may even find that the cost of a new machine is only nominally higher than upgrading.

Now, before proceeding with options 1 or 2, it’s important to evaluate the hardware that you’re upgrading. If you’re upgrading a newer Win7 or Win8 machine that’s just a few years old, you’re probably OK.  However, if you’re upgrading a machine that’s 5+ years old or considering an upgrade on a budget computer, it’s probably best to replace the machine. Take a look at this Lifewire article that weighs some of the factors to consider in this decision.  Another consideration on older hardware is that some of your internal components may not have updated drivers that are compatible with Win10.  Thus, proceed with caution when upgrading older hardware. 

I maintain an inventory of my clients’ computers and will review those over the coming days. Please be on the lookout for communications from me about devices in your fleet that need to be replaced or upgraded.  

Finally, if you decide to replace your machine, please make sure your old computer doesn’t end up in a landfill.  All computers contain harmful materials that should be properly disposed of.  Further, the components in a computer will likely remain in the landfill for decades or centuries, which is why I always make sure retired hardware ends up at the city recycling facility or at a commercial recycler such as Anything with a Plug in Raleigh, NC.

Weather Alert: Protect Your Data and Equipment NOW!

If you live in the southeastern United States, you’re undoubtedly bracing for the possibility of a major hurricane later this week.   Based on current storm trackers, forecasters are characterizing Hurricane Florence as potentially the most devastating storm to hit the Carolina coast in 3 decades.  Florence is currently expected to make landfall late Thursday/early Friday.  As such, the time is now to start protecting your electronics and important data.

Once you raid the grocery store for break, milk & beer, it’s a good time to protect your electronics and data from natural disasters. Thus, I have listed a few precautionary measures that users should take to protect data and equipment when the weather takes a threatening turn.

  • Backup your data – this goes without saying, whether weather is threatening or not. ALL of your data should be backed up to protect against data loss resulting from natural disasters, malware attacks, hacks and other threats to your data security.  If you backup to a hard drive, make sure you’re storing it offsite in the event of fire or flood. Best practice is to have combination of cloud and local (but offsite) backup.
  • Unplug your stuff – unplug power cords AND network cables. This applies to computers, televisions, servers, tablets, routers, mobile phones, etc.  Just take care to perform a normal shutdown of computers rather than putting them to sleep or hibernation before unplugging from the wall.

Fried circuit board

  • Use surge protectors – If your equipment must remain “up” during a storm, make sure it’s connected to surge protectors (NOT power strips) or battery backups to protect against mild electrical impulses.  While most surge protectors will not protect against a direct hit, they should absorb mild jolts. Even if your electronics are plugged into a surge protector, though, you should still shut down your devices and disconnect the surge protector from the wall when thunderstorms are near.
  • Charge phones, laptops & tablets BEFORE the heavy stuff arrives – as long as cell towers are unaffected, you should be able to communicate with the outside world even during local power outages.

People frequently ask me whether it’s best to put their computers to sleep at night or shut down completely.  I typically put my machines to sleep at the end of the day so that they start up quickly in the morning. However, during summer months when thunderstorms can develop rapidly or whenever foul weather is imminent,  I always shut my equipment down and pull the power and data plugs for extra peace of mind.

Finally, don’t wait until storms are on the approach to take these steps. If you’re leaving for the weekend, go ahead and take precautionary measures to protect your gear.  If you’re already on the road and your devices are connected to surge protectors, hope for the best.

Remember, an ounce of prevention can be the difference between protecting your assets/data and scrambling to recover it!

 

Seeking Yardi Contractor for 16 Week Project

I have a commercial real estate client that is onboarding to Yardi from Quickbooks and has asked me to manage the process. As such, I am looking for a contractor who has experience in Yardi, specifically in the accounting function, to assist with the process.  This is a fairly small development and property management company with a portfolio of about 10 properties, 5 of which are single tenant.  They have roughly 25-30 leases, all of which are abstracted but I expect that we will need to review and verify the abstracts.

The project will include:

  – Review Chart of accounts for all properties for consistency and make adjustments as necessary
  – Prepare ~10 Quickbooks company files for migration to Yardi
  – Setup vendors, customers, ownership structure, properties, units, bank accounts, leases, mortgages, etc.
  – Migrate security deposits, outstanding A/R, A/P, delinquencies, etc.
  – Prep for “Go Live”, first month billings, first month closing
  – Create account trees
Long-term (post migration) work may include:
  – Assistance creating expense pools for TICAM recons
  – TICAM recon assistance at the beginning of the year

 

Ideally, the contractor has significant experience with Yardi‘s accounting function.  The perfect contractor is someone who is seeking part time work and a fairly flexible schedule. I expect that much of the work can be completed remotely, but some time onsite (Triangle location) will be required.
Please let me know if you are aware of potential contractors and I will reach out to them with project specifics.

Fake Tech Support Scam

The phone conversation always starts the same way:

Me:  Hey, this is Ken.

Joe:  Hey Ken, it’s Joe. I think my computer is infected by a virus.

Me:  Oh man, what are the symptoms?

Joe:  Well, I was just browsing the web and suddenly I got a pop-up that said my computer was infected.

Me:  OK, then what?   (inside voice:  please tell me you didn’t call the 800 number)

Joe:  Well, I tried to close the browser, but it wouldn’t close and there was a voice playing through the speakers stating that the computer is infected and not to shut down.

Me:  So what did you do?  (inside voice:  please tell me you didn’t call the 800 number)

Joe:  There were these pop-ups that I couldn’t close, with a message to call Microsoft Tech Support at this 800 number.  Oh, and the recording told me to call Microsoft.

Me:  Yeah, this is a pretty common scam and it’s not really Microsoft (inside voice:  please tell me you didn’t call the 800 number)

Joe:  So I called the 800 number….and I got this Microsoft technician who barely spoke English …. who asked me a bunch of questions and walked me through some steps to see if my computer was infected.

Me:  Mmmm…..Did you provide remote access?  (inside voice:  please tell me you didn’t give them remote access)

Joe:  Yeah, he had me install this remote access tool and took control of my computer and showed me more viruses and infections.  

Me:  (Actual voice) Please tell me you didn’t give him your credit card number……

Joe:  So I gave him my credit card and he cleaned up the viruses and offered 2 years of support for $400.  Is this OK?

Wow!  Nailed again.  I have had this exact conversation a dozen or more times with clients and friends, each of whom have received shiny brand new credit cards or checking accounts as a result. That’s right. Not only is your computer security compromised, you have also given a scammer access to your credit card or checking account.

This is a very common scam and has various attack vectors. For a while, the most common approach was via phone call.  I used to receive a couple of calls a week from overseas callers claiming to be from Microsoft stating that they had noticed dangerous virus activity on my computer.  I typically strung them along long enough to find my trusty sports whistle, which I blew loudly into the phone.  This usually resulted in a prompt dropped call.

I also tried providing access to a virtual machine just to see what they would do but they usually got wise to me when I strung out the call.  Here’s a very entertaining fake support “technician” that called a seasoned security researcher at Malwarebytes who turned on his recorder and had some fun with the caller. This is a very long audio session, but is worth your time.  Heck, some readers will recognize the script from their personal experience. Ultimately, he angered the caller, who attempted to delete stuff off of his computer which is yet another reason that you should simply hang up on these guys.

My first exposure to this type of scam was a very bright friend of mine who ended up with 2 compromised machines and a new credit card!

Another attack approach is via email. However, the most common vector today seems to be via “drive by attacks” where the user either clicks a link, such as an ad, or clicks on a rogue search result and lands on a malicious website.  For example, say you search for WRAL and the top result is wral.net (a bogus link), and you inadvertently click on it, instead of WRAL.com.  Instead of seeing today’s headlines you get a gnarly web page:

browlockThese are extremely intimidating alarms, even for seasoned web users. Not only do they lock the browser, preventing you from closing Chrome, Firefox, Safari, or IE, but they also have a recorded message that seemingly cannot be silenced. The warning purports to come from Microsoft or another trusted tech company and provides a support phone number.  The user is warned NOT to close the browser without calling the number, as bad things will happen.  The secret here is that closing the browser will swiftly defeat the scam.  If you cannot close the browser by conventional methods or by using Task Manager, simply save and close your work in Word, Excel, AutoCAD, etc. and then reboot your computer. This solves the problem if you don’t navigate back to the same rogue website.

Now, once the computer reboots, you should run a virus scan using whatever virus protection suite is installed on your computer.  As a safety net, download and run Malwarebytes just to be sure.

These scams are more bark than bite, unlike the ransomware attacks that have monopolized headlines over the last year.  But, they are extremely profitable for hackers and a massive headache for victims. 

Remember:  Don’t be intimidated by these scary pop-ups, and never, never, never give your credit card or banking information to random callers.  When in doubt, call your trusted tech provider as we have seen these scams time and time again.

Oh, and one more thing:  Be safe out there.

 

Additional resources:

NC Attorney General Office alert

Malwarebytes article

Your Secure Wireless May Not Be Secure

News of a new vulnerability surfaced this week in an issue that will affect ALL users that access the internet using WiFi, whether on your laptop, desktop, tablet, phone, etc.  The vulnerability, named KRACK, is a weakness identified in the WPA2 protocol which, until now, has been deemed virtually bulletproof.  The WPA2 wireless protocol is configured on nearly every single home wireless device and a vast majority of small and medium business wireless devices.

The vulnerability allows hackers unauthorized access to your network without the WiFi password and can allow strangers to eavesdrop on your wireless connection, obtain passwords, credit card info, etc. Now, with that said, as long as you’re accessing secure websites (i.e. those that show https:// in the URL) your information should be safe.

The good news is that the hacker needs to be physically close to the wireless network that you’re using to exploit the vulnerability.  Thus, public WiFi is inherently more dangerous than your home’s wireless.  The bad news is that virtually every single WiFi device that you have is using WPA2 to secure your connection.   Thus, everyone needs to pay attention to this problem.

This is mostly a client-side attack, meaning that it’s most important to update your wireless endpoints than your wireless router.  Thus, keep Windows and Mac OS X updated on your laptop/desktop; download/apply updates on Android phones and iPhones, iPads and other tablets as well as readers such as Kindles.  While all of these endpoint makers are scurrying to update their software, manufacturers of wireless routers and access points are in the process of pushing out updates, many of which must be manually applied.  Check the BleepingComputer link for updates on your equipment.

How to Protect Yourself:

The best way to protect yourself is not breaking news, as we’ve heard this for years:   make sure that you install all updates and security patches on all of your devices.  Many manufacturers have already pushed out patches. In fact, Windows was patched in Microsoft’s October 10th Patch Tuesday release.  Other devices are reliant on their manufacturer’s software release schedules. For a list of updates by major manufacturers, take a look at BleepingComputer’s list.  

Other steps you can take:

  • Avoid public WiFi at all costs:  this is nothing new, but it is even more imperative with the KRACK vulnerability.  I have not used public WiFi for years, opting instead to use my Verizon hotspot.  Public WiFi includes coffee shops, hotels, free municipal WiFi, etc.

 

  • Only connect to secure sites:  as discussed above, avoid sites that begin with http:// and NEVER EVER enter your credit card info, social security numbers, passwords or any other sensitive information on websites that are not secure.  And if you encounter a website that shows a red slash through https:// , close the page and check back later.  9780789739735 3-11 4.16.9
  • Continue using the WPA2 wireless security protocol:  despite the vulnerability, it’s still the safest security profile for home and small business users and should be patched very quickly.
  • Use a wired connection if you can:  if your wireless router or switch is accessible and you can connect you laptop via ethernet cable, do this until the WPA2 protocol is fixed.  Devices that are connected via ethernet are not susceptible to this problem.  This is not always convenient, but it’s better to be safe than sorry.
  • Use a VPN if possible:  if you absolutely must use public WiFi, connect to your workplace using a VPN and send all of your internet traffic through the secure tunnel.
  • Changing your WiFi password will not help, unless your password is weak to begin with.  In the case of a weak password, strengthening that is never a bad idea.

Updating your wireless router’s firmware is not a simple task, so contact me or your network administrator for assistance in installing these updates.  

In summary, there’s really nothing new here needed to protect yourself as long as you’re keeping your systems/devices updated, avoiding public WiFi, only accessing sensitive information on secure (https://) sites, etc.  As long as you remain vigilant and get to know your technology a little better, you should be able to safely navigate the world wide jungle.

Stay safe out there!

****************************************************************************************************
Please feel free to pass this along to friends and co-workers.

For more information, please link to my sources for this article:

CNET Article:

https://www.cnet.com/news/krack-microsoft-windows-amazon-frequently-asked-questions/

 

CNET Article:  Steps to Take:

https://www.cnet.com/how-to/krack-affects-everyone-heres-what-to-do-now/

 

Hardware Vendor Updates:

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

Ransomware / Wanna Cry: Staying Safe in an Unsafe World

I attended a Technology Roundtable last week and one of the topics was “What keeps you awake at night?” My immediate response was “Ransomware”.  Two days later, news broke about the massive ransomware attack dubbed “Wanna Cry” which was wreaking havoc on computers and servers around the globe.

This is truly the kind of attack that keeps IT professionals up at night.

Many viruses, rootkits, and malware are annoyances and can be removed by tools that are readily available on the internet.  While some can be removed pretty quickly with killer apps like MalwareBytes, others may be more tenacious and require a recovery of your files and reinstallation of your operating system, a process that will take hours or days and cost a pretty penny. However, at the end of the day, all of your files can be safely restored either from your hard drive or a recent backup (you ARE backing up, right?)

The most devastating malware affecting users today is different.  It’s called Ransomware and it will ruin your day, week AND year.

Ransomware has been around for a decade or more. You may recognize some of the variants, including CryptoLocker, Locky, and most recently Wanna Cry .

Here’s what it does:

The infections search for and encrypt important files on your computer using common encryption algorithms. When the  file encryption process completes, the program displays a payment message prompting the user to send a ransom of $300+ to purchase the decryption keys to recover your files. The ransom frequently increases with time until you pay up.  Failure to pay the ransom results in  deletion of your encryption key and permanent file loss.

Ransoms must be paid using MoneyPak vouchers or Bitcoins which are not easily traceable by law enforcement to an organization or individual. Once you send the payment and it is verified, the program will send you the key to decrypt the files that it locked. (thanks to Lawrence Abrams on BleepingComputer.com for this summary)

How you Become Infected with Ransomware:

The infection is typically spread through infected email attachments.  In the past, the emails have posed as customer support notices from Fedex, UPS, DHL, etc. and the attachment was typically named Form_102213.pdf or Form_102213.pdf.exe (or some variant of these), but might also be disguised as a ZIP or other file type.  A key difference between prior infections and Wanna Cry is that once a computer was infected on a company network, it exploited a vulnerability in Windows that allowed it to spread from computer to computer on local networks.  Thus, it had a devastating impact within large organizations.

What if you get infected:

The first thing to do is disconnect your computer from the internet and power it off– QUICKLY! This will prevent encryption of additional files.  If you’re working wirelessly, disable wireless on your PC.  If connected via Ethernet cable, pull the plug. Next call your IT pro and start deciding how important your encrypted files are to you. Also, figure out where your most recent backup is and how recently it ran.  Most cloud-based backup services provide file versioning for a period of time.  For example, Carbonite saves previous versions of files for 3 months which could be your saving grace.

Removal of the malware is fairly straightforward.  However, without the decryption keys it is absolutely impossible to decrypt your files. Thus, if you cannot recover the files from a recent backup and need them restored, your only option is to act quickly and send the ransom money. There is currently no tool available (or IT Pro) that can decrypt your files.

How to protect yourself:

1.   Be vigilant about opening email attachments – never open an attachment originating from unknown/unexpected sources (i.e. if you’re not traveling anywhere, don’t open a travel itinerary from Delta!).  Also, be careful when opening unusual attachments from trusted sources as their email may have been hacked.  EDIT:  I rarely open email attachments even from known senders unless I am absolutely expecting it (i.e. a friend/client has explicitly stated that they are sending over an Excel spreadsheet on Monday — i will probably open this;  however, if I receive an attachment from a friend that I’m not expecting, I will text or call them to verify its authenticity.  NEVER send an email to verify the doc).  Further, do not open unexpected file shares through DropBox, Google Drive or other sync services unless you expect them. Even then, proceed with caution.

2. Keep all programs updated and Windows Updates applied.  The recent Wanna Cry ransomware exploited a security vulnerability in Windows.  Microsoft issued a patch for the issue in March, so if you’re keeping Windows updated then you should be safe. Windows 10 forces download/installation of updates, so unless you have “hacked” Windows 10 to deny the updates, you should be safe.  In fact, most accounts report that Windows 10 was not targeted by the most recent attacks.

3. Choose a reputable antivirus software and keep it updated. I recommend BitDefender.

4.   Backup, backup backup… and then Backup! to an external hard drive ($85 for 1TB) and disconnect it from your computer or use an online service that provides versioning.  I am a partner/reseller for BackBlaze and can help you get this up and running quickly.   When all other protections fail, a good/current backup will get you back in business without having to pay up to the bad guys!

5. Be very careful about free software you download from the internet.  Many seemingly useful programs such as PDF writers or video downloaders come with malicious “baggage”.

6.    Make sure you’re running System Restore on your PC.  This can help recover previous versions of files that have been encrypted.  While this is not a fail safe, it’s still a good idea to make sure this feature has not been disabled in Windows.

7.   Apply the Software Restriction Policies outlined in this article using Local Security Policy or Group Policy (domain computers) to disable the malware’s ability to execute on your system.  This is fairly advanced, so please let me know if you want assistance applying these policies to your PC.  Also, keep in mind that these policies will block the malware in its current form. As hackers modify the code to install from another location on your computer, these policies will not protect you.

8. Train your users to be vigilant about the emails they open, the links they click and the email attachments they open.

Is There any GOOD News?

As a matter of fact, yes.  Most of the recent attacks occurred overseas, mostly European computers and servers.  Further, a security researcher reviewed the code during the attacks and located/activated a “kill switch” which dramatically slowed the spread of Wanna Cry.  However, it was slowed, not stopped. The BAD news, though, is that this was a variant on a common malware attack pattern.  As long as there is money to be made in malware there will be plenty of future attacks to come.   AND, as any user of Windows knows,  there are plenty of security holes in the operating system as evidenced by the nearly constant interruption of Windows Updates.

If you want to geek out on more technical details about the threat, take a look at these articles posted on BleepingComputer.com, MalwareBytes and Microsoft.  Another good read comes from the blog of Marcus Hutchins who found the kill switch in the Wanna Cry code.

Stay safe out there!

Weather Alert: Protecting Your Electronics and Data

If you live in the southeastern United States, you’re undoubtedly bracing for a stormy Labor Day weekend, courtesy of tropical storm Hermine.  Where forecasters originally called for central and eastern North Carolina to take a fairly substantial hit, the storm’s projected track has moved eastward and we’re expecting a wet holiday weekend with a less direct storm impact.Hurricane-Rita-Satellite-NOAA

With that in mind, it’s a good time to think about protecting your electronics and data from natural disasters. Thus, I have listed a fewl precautionary measures that users should take to protect data and equipment when the weather takes a threatening turn.

  • Backup your data – this goes without saying, whether weather is threatening or not. ALL of your data should be backed up to protect against data loss resulting from natural disasters, malware attacks, hacks and other threats to your data security.  If you backup to a hard drive, make sure you’re storing it offsite in the event of fire or flood.

 

  • Unplug your stuff – unplug power cords AND network cables. This applies to computers, televisions, servers, tablets, routers, mobile phones, etc.  Just take care to perform a normal shutdown of the computer rather than putting it to sleep or hibernation before unplugging from the wall.

 

  • Use surge protectors – all of your valuable electronics should be connected to surge protectors (NOT power strips) or battery backups to protect against mild electrical impulses.  While most surge protectors will not protect against a direct hit, they should absorb mild jolts.  Even if your electronics are plugged into a surge protector, though, you should still shut down your devices and disconnect the surge protector from the wall when thunderstorms are near.Lightning damage

 

People frequently ask me whether it’s best to put their computers to sleep at night or shut down completely.  I typically put my machines to sleep at the end of the day so that they start up quickly in the morning.  However, during summer months when thunderstorms can develop rapidly, I frequently shut my equipment down and pull the power and data plugs for extra peace of mind.

Finally, don’t wait until storms are on the approach to take these steps. If you’re leaving for the holiday weekend, go ahead and take precautionary measures to protect your gear.  If you’re already on the road and your devices are connected to surge protectors, hope for the best.

Remember, an ounce of prevention can be the difference between protecting your assets/data and scrambling to recover it!

Internet Explorer Is Not Safe (AGAIN!)

Here we go again.  Microsoft’s Internet Explorer (IE) browser is on the hit list once again.  The Department of Homeland Security has warned computer users not to use Internet Explorer until Microsoft patches the vulnerability.  A timeline for the patch is not yet available.

If you want a faster, more stable and more secure browser, install and use Google Chrome.  Other options include Mozilla Firefox, Apple Safari and the little-known Opera browser.  Don’t know which to choose?  Download them all and see which one you like.  I have used Chrome exclusively for years and find it to be fast, stable and secure.  Plus, it’s built by Google so naturally works well with all of my Gmail and Google services.

If you absolutely must use Internet Explorer, due to company security policy or proprietary web-based databases such as Yardi or NetDocuments, disable the Adobe Flash plug-in since that is how the problem is exploited in IE.  You can also download a patch from Microsoft called the Enhanced Mitigation Experience Toolkit 4.1 which hardens systems against malicious attacks.

If you’re still hanging on with Windows XP, you’re stuck.  Microsoft is feverishly working on a patch for this vulnerability for Windows Vista and Windows 7 users.  However, following XP’s support sunset on April 8, 2014, there’s no relief in the future for XP holdouts.

Your best bet is to dump Internet Explorer for good and move on to a “big boy” browser!

Be safe out there.