ALERT:  New Ransomware Strain Encrypts Files From RAM

Security researchers at Invincea have discovered a new Russian ransomware strain called “Fessleak” which delivers its code straight into system memory and does not drop any files on disk.

This means that almost all antivirus software is not able to catch this malicious malware.

The infection is spread through malicious ads on popular websites.  

The Cybercriminal setup a short-lived burner domain (disposable domain) directing to a landing page where the exploit kit (malware infector) is hosted.  Then they post a legitimately paid-for ad on legitimate major sites such as HuffingtonPost, Answers.com, Thesaurus.com, and Match.com.

The ad is usually similar to “Granny opening a new iPhone video”.

When you click on the link, you are redirected to the malicious domain, which infects your workstation.

You are then presented with a full screen image that announces all personal or business files, photos, and videos have been ecrypted and to get them back you need to pay a ransom in Bitcoin.

Invincea states:

“We continue to see new innovations in ransomware.  More advanced versions use file-less infections, and communicate via the TOR network…they are also able to check to ensure the host is not running on a virtual machine to frustrate security researchers and analysis.  

At this time, there is no detection for the malicious code, which rotates its hash value to avoid Anti-Virus detection.“

How do you pre-plan for a possible attack?

1. BACK UPS!   All malware and virus effects can be prevented by having all important data backed up.  Take a weekly copy off-site.
2. Keep your attack surface as small as possible, and religiously keep all OS and third-party patches up-to-date.  All our monthly service plans do this automatically.
3. Disable Flash in your browser, or at least set Flash to Click to Play.  This way, you can activate only the ads or videos using Flash that you want to see, and the others will remain disabled.
4. Run a multi-layer security system, block ads centrally rather than machine by machine.  If that’s not possible, AdBlocker plugins for each browser.
5. It is increasingly clear that effective security awareness training is a must.  End users need to be on their toes, and need to keep security in mind at all times.

Cyber-Security Issues?

Call 1-204-800-3166

For Cyber-Fortress Security

Batteries – To Drain Or Not To Drain…

Everyone, from your neighbor to your great-aunt’s dog-walker’s niece, has their opinion on this.  Some say to drain it completely before re-charging, some say that you should keep it between 40% and 80% at all times.

But which is the truth?

A lot of this is confusion over how batteries used to work, not how they work today.  Luckily, most or all of your gadgets today run on Lithium Ion batteries, which are easy to take care of.

The short answer – – Charging incorrectly can decrease their lifespan.  Most lithium batteries should last you a few years, and batteries have a finite life, no matter what, so your efforts will only help to extend the life so much.  However, improper care can decrease that lifespan, meaning your battery will be unable to hold a charge – or unable to hold as big a charge as it used to – quicker.

Here’s some guidelines to help to extend your battery’s health as much as possible:

1. Perform shallow discharges.  Instead of discharging to 0% all the time, lithium ion batteries do best when you discharge them for a little bit, then charge them for a little bit.  Discharges to 50% are better for your battery’s long-term life then small discharges to 90% or large discharges to 0%.
2. Don’t leave it fully charged.  Lithium ion batteries don’t need to be charged 100%.  In fact, they prefer not to be.  So the 40%-80% rule is a good guideline.  When possible, keep it in that range to prolong its life as long as you can.  And if you do charge it 100% – don’t leave it plugged in.  If you charge it overnight, use something like the Belkin Conserve Socket to stop it from charging after it’s full.
3. Fully discharge it once a month.  While lithium ion batteries shouldn’t be discharged 100% regularly, most modern batteries are what’s called “smart batteries”, which means that they can tell you how long you have until your battery dies.  This feature can get mis-calibrated after a lot of shallow discharges.  Manufacturers recommend fully discharging your battery once a month to make sure this stays accurate.
4. Keep it cool.  Excess heat is not only bad for your processor, but your battery as well.  A hot battery will degrade in health much quicker than a cool one.  For this reason, we highly recommend not using your laptop on a soft surface like a bed or your lap (does not allow for sufficient air intake), and we highly recommend using a laptop stand with cooling fans built-in.

If you follow these tips, your battery should last.

Computer problems?

Call 1-204-800-3166

For Cyber-Extermination!

CD/DVD Drive

Not Reading Discs?

If your CD/DVD drive stops reading disks, the 1st thing to check is another disc.  If it’s still not reading them, ensure that you are caring properly for your discs.  CD/DVDs are affected by excessive heat, scratches, bending, or twisting.

The following steps will help you properly care for your disks:

1. When removing a disc from a hard protective case (a “jewel” case), push down on the centre hub, then remove the disc by handling only the outer edges of the disc.  Never remove a disc by prying upwards on the outer edges.
2. Make sure when you place a disc into the drive, that it is placed properly into the drive.  If it is not properly seated, when the drive’s carriage is closed it will bind up on the disc and possibly gouge or scratch the disc.
3. The single-sided disc is inserted into the drive with the title/artwork facing upwards.
4. Keep your discs away from extreme heat.  Never store a disc in direct sunlight, such as on the dashboard of your car.
5. Clean your discs with a soft cloth slightly dampened with water.  Never use any abrasive materials on the disc.  When wiping, use straight-line strokes, from the inner circle to the outer edges of the disc.  Never wipe in a circular motion.  Be sure that the CD/DVD is completely dry before returning it to its protective case, or inserting it into the drive.
6. Do not stack discs on top of one another.  Store them in their protective cases.

If the problem is not with the disc itself, try the following steps:

1. Go to “Start”.  Right click on “My Computer”, then “Properties”, “Hardware” tab, “Device Manager”, “DVD/CD-ROM Drives”.
2. Right click on the correct drive, and select “Uninstall” from the menu.
3. Restart your computer.

This will uninstall, then reinstall the drive.

If this does not correct the problem, you will need to bring your computer in to have it correctly diagnosed.

Got Computer Gremlins?

Call 1-204-800-3166

Get Gremlin-Free!

I admit it.  I get lazy sometimes.  You’re logging onto a new site, and it asks you to create a password.  ANOTHER ONE!  I have so many passwords it’s not funny anymore.  Not at all.  I feel the urge to rebel and punch in “1 2 3 4 5”.

But I resist.  Because I know that’s one of the most used, and worst passwords.  AND most likely one of the 1st ones that hackers will try.

When hacking into a personal computer, Cyber Criminals usually don’t have to break a sweat trying to guess our “clever” password, that’s so secretive no one will ever guess it!

Here is the complete list from SplashData’s Annual “Worst Passwords” List.    This list was compiled from a list of 3.3 million leaked passwords.  Superheros and fantasy sports entered the list for the first time.  However, some of the top ones have staying power – “123456” and “password” have occupied the top 2 spots for the past 4 years.

1. 123456, no change from 2013
2. password, no change from 2013
3. 12345, up 17 spots
4. 12345678, down 1 spot
5. qwerty, down 1 spot
6. 123456789, no change from 2013
7. 1234, up 9 spots
8. baseball, new
9. dragon, new
10. football, new
11. 1234567, down 4 spots
12. monkey, up 5
13. letmein, up 1 spot
14. abc123, down 9 spots
15. 111111, down 8 spots
16. mustang, new
17. access, new
18. shadow, no change from 2013
19. master, new
20. michael, new
21. superman, new
22. 696969, new
23. 123123, down 12 spots
24. batman, new
25. trustno1, down 1 spot

This list shows that many people continue to put themselves at risk by using weak, easily guessable passwords.

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” says Morgan Slain, CEO of SplashData.  “Any password using numbers alone should be avoided, especially sequences.  As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”

Tips from SplashData:

• Don’t use sequences on your keyboard, such as the letters on the top row, for your password.
• Don’t use a favorite sport as your password.  “baseball” and “football” are in the top 10, and “hockey”, “soccer” and “golfer” are in the top 100.  Don’t use a favorite team either.  Many are in the top 100.
• Don’t use your birthday, or especially just your birth year.
• Don’t use your children’s names for picking passwords.  Many common names are in the top 50.