Technology by Design

Technology news, reviews, and how to keep your technology running fast and smooth!

ALERT: New Ransomware Also Steals Your Bitcoins

by Leave a Comment

Bitcoins

ALERT:  New Ransomware Also Steals Your Bitcoins

 

With the rash of new ransomware strains out there, you knew they were going to up the ante somehow…

 

CryptXXX is built by the same CyberCriminals that are behind the Revelton malware.  It is an attempt to one-up the release of the Locky ransomware by their CyberCriminal Competitors.

CryptXXX currently spreads through the Angler Exploit Kit which infects the PC with the Bedep Trojan, which drops information theft software on the PC, then adds professional-grad encryption adding a “.crypt” extension to the filenames.  

This ransomware encrypts files locally, and on all mounted drives, and demands $500 Bitcoin/PC to unlock the encrypted files.  However, they continue to add insult to injury by also stealing Bitcoins, as well as a large range of data.

CryptXXX tried to avoid detection through “random delayed” execution (which attempts to easily connect the infection to the delivery vector), anti-Virtual Machine, and anti-analysis functions (eg. checking CPU names in the registry, monitoring for mouse events).

CryptXXX Ransom Note

The CyberCriminals behind this ransomware is highly skilled and experienced, which means this is professional-grade ransomware.  Proofpoint researchers report “Those [ransomware infections] associated with more experienced [CyberCriminals], (such as Locky) have become widespread quickly…Given Revelton’s long history of successful and large-scale malware distribution, we expect CryptoXXX to become widespread.  Based on the large number of translations available for the [Bitcoin] payment page, it appears that the Revelton team shares those expectations.”

The ransomware will initially be spread through drive-by downloads, but a deluge of phishing emails can be expected to follow shortly.

What Can You Do to Avoid Becoming a Ransomware Victim:
  1. Backups.  Backups.  Backups.  Maintain current, and reliable backups of all pertinent files.  Nothing beats a good, reliable backup!  Backing up your data now can prevent a lot of expensive headaches in the future.
  2. AntiMalware Software.  Regularly run AntiMalware software to block known strains of ransomware.
  3. Update.  Update.  Update.  Keep all hardware, software, and Operating Systems up-to-date.  
  4. Educate.  Educate.  Educate. Make sure employees and coworkers know about current viruses/malware, and what to look for.  Print & post our “Red Flag Emails” for easy reference on what to look for in scam emails.
  5. Install Ad Blockers When Possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
  6. Block Extensions via Email.  A good spam blocker will usually handle this for you.
  7. Limit permissions.  Allow “Read/Write Access Only” when necessary.
  8. Avoid mapping network shares.  If you have to use them, hide them whenever possible.  This is sometimes as simple as appending a “$” to your share name.
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Prince’s Last Words

by Leave a Comment

Prince

ALERT:  Prince’s Last Words

Yesterday, news broke that Prince (aka Prince Rogers Nelson) was found dead in his home in Minneapolis at age 57. 

CyberCriminals eager, as always, to take advantage of any tragedy, are up to their same tricks.  A series of email scams are currently being circulated, one of which is most likely to be a supposed video of Prince’s last words caught on video (this is a frequent scam to use after an especially unexpected celebrity death).

Whatever ploy is being used, you can be sure to end up with either infected computers at home or in the office, giving out personal information, or unleashing ransomware on the network.

Beware of any email, attachments, any social media, texts on your phone…anything.

Another heads-up:

With the recent eqrthquakes in Ecuador and Japan, there are charity scams rearing their ugly heads.  If you want to make donations, please go to your favorite charity website directly by opening your browser and typing in their link in the address bar.  DO NOT click on any links or open any attachments in emails.

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Jigsaw Sinks to New Low…Even for Ransomware

by Leave a Comment

Jigsaw Ransomware
ALERT:  Jigsaw Sinks to New Low…Even for Ransomware

Being infected by ransomware is bad enough.  Add in being taunted by old horror movie pictures while it slowly deletes your encrypted files, all while increasing the ransom demand, until you pay for the decryption key.  And if you reboot your PC, you’re punished with the instant deletion of 1,000 of your files.

Jigsaw, a new strain of ransomware tries to increase the pressure on victims to pay, by referencing the horror movie “Saw”.  In fact, the ransomware is named after the film’s fictional serial killer John Kramer’s nickname the “Jigsaw Killer”.  The ransomware, still drawing motivation from the horror movie, communicates with victims using a puppet called “Billy”, and uses the red clock to count down to deadlines imposed, which are both used by the killer in the movie.  However, in the case of the ransomware, the clock shows victims how much time is left before more files get deleted, and the ransom demand increases.  After 72 hours, the ransomware deletes every encrypted file on the PC.

Jigsaw Note

How the ransomware attack unfolds, as seen on an infected PC. (Source:  Forcepoint.)

This latest version, in a long list of versions, “appears to have been coded on March 23 and to have been used in live attacks by the end of the month” states Andy Settle, head of special investigations at Ryatheon’s cybersecurity business Forcepoint.  “This malicious program starts encrypting your files while adding, with no irony, the ‘.FUN’ file extention.”  

“Using horror movie images and references to cause distress in the victim is a new low.”

Jason Sumalapao, malware analyst at Trend Micro, states in a blog post that the ransom note exists in both English and Portutuese-language versions, and that the lowest possible amount that victims can pay, before the demand starts increasing, ranges from $20 to $150 USD in bitcoins.

Jigsaw appears to be distributed through adware and “grayware” (potentially unwanted applications, such as free toolbars), as well as through ‘adult content’ sites, reports Trend Micro.  

Forcepoint states that the producers of Jigsaw attempted to prevent detection by writing the ransomware in ‘.NET’ code.  However, this attempt failed, and security researchers have been able to recover the encryption key, as well as 100 different bitcoin payment addresses.  This information has since been shared with authorities.  Since the encryption key was discovered, security researchers have been able to publish instructions on how to remove Jigsaw infections.  However, it’s probably not long before Jigsaw producers correct their coding error that lead to the discovery of the decryption key.

How to Avoid Jigsaw and Other Ransomware:
  1. Backups.  Backups.  Backups.  Maintain current, and reliable backups of all pertinent files.  
  2. AntiMalware Software.  Regularly run AntiMalware software to block known strains of ransomware.
  3. Update.  Update.  Update.  Keep all hardware, software, and Operating Systems up-to-date.  
  4. Educate.  Educate.  Educate.  Keep all employees and coworkers informed about current security threats, and what to look for.  Check out our ‘Red Flag Emails‘ for tips on what to look for in scam emails.
  5. Install Ad Blockers When Possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
  6. Block Extensions via Email.  A good spam blocker will usually handle this for you.

 

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Ransomware: What You Can Do to Prevent It

by Leave a Comment

Ransomware

Ransomware:  

What You Can Do to Prevent It

We’ve seen a huge increase in Ransomware not only in our service area, but around the globe.  The processes being used to spread it are getting more and more sophisticated in their delivery.

Ransomware:  the future of Malware…and it doesn’t look good.

In the past, Malware would infect your computer and was relatively easy to remove.  With Ransomware, the infection is easy to remove.  The problem is, by the time you realize you have it, your files are already encrypted and the hackers have issued their demand for ransom.  AND, unless you have good, reliable backups…paying the ransom may be the only was to get your files back.

There are a few things you can do to prevent Ransomware, and limit your risk. 
  1. Avoid mapping network shares.  If you have to use them, hide them whenever possible.  This is sometimes as simple as appending a “$” to your share name.
  2. Limit permissions.  Allow “Read/Write Access Only” when necessary.
  3. Block extensions via email.  A good spam blocker will usually handle this for you.  Call TbyD at 1-204-800-3166 to ask us how!
  4. Install ad blockers when possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
  5. Educate!  Make sure employees and coworkers know about current viruses/malware, and what to look for.  Print & post our “Red Flag Emails” for easy reference on what to look for in scam emails.
  6. Backup.  Backup.  Backup.  Nothing beats a good, reliable backup!  Backing up your data now can prevent a lot of expensive headaches in the future.
Call Technology by Design at 1-204-800-3166
We’ll help you immediately, and make sure you’re doing everything possible to avoid becoming a victim!
We Make I.T. Work!

 

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Emergency Flash Patch Battles Ransomware

by Leave a Comment

Adobe FlashALERT:  Emergency Flash Patch Battles Ransomware

Active CyberCriminal attacks are occurring that exploit a zero-day flaw in the Windows version of the Adobe Flash to install ransomware.

Security experts are warning all Adobe Flash users to either update Adobe Flash, or uninstall the browser plug-in software if you don’t use it.  Recent versions of Flash for Mac OS X, Linux, and Google ChromeOS are also at risk.

Adobe has released updated versions of Flash that fix the flaw, which has been named “CVE-2016-1019”.

Adobe states:  “Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.”

Adobe’s latest Flash update includes fixes for 24 flaws.  Adobe reports that many of the fixed flaws are considered “critical vulnerabilites” that “could potentially allow an attacker to take control of the affected system”.

The latest (fully-patched) version of the Flash Player Desktop Runtime is 21.0.0.213.  Adobe recommends all users upgrade immediately.

Remember to install updates regularly.  Updates plug known security holes that could be putting your computer system (and your business!) at risk!

 

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Number of Manitoba Victims of Ransomware Increasing!

by Leave a Comment

MB

ALERT:  

 

Number of Manitoba Ransomware Victims Increasing

For those of you that still think that ransomware, viruses, or malware doesn’t happen here, or that your business is too small or insignificant to warrant CyberCriminals’ attention…I’ve got news for you!  The number of Manitoba businesses being hit with ransomare, malware, viruses, spyware, and just about anything else that CyberCriminals can dream up, has exploded in recent weeks.  AND the methods that CyberCriminals are using to trick computer users into opening scam emails, infected files and/or attachments, or providing personal/financial information are getting more and more advanced.

What Is Ransomware?

Ransomware is a serious security threat that basically kidnaps your data.  It limits access to files and/or system functions, sometimes even renders systems completely useless.  They then force their victims to pay ransom to regain access to their files and/or systems.

How to Protect Yourself & Your Business:
  1.  Admit You’re a Possible Target:  The #1 step to stepping up your defenses, is to admit that your business could be a target.  If you are still in denial about this, you’ve probably already stopped reading, and there is nothing more I can do to help you.
  2. EDUCATION.  EDUCATION.  EDUCATION.  The #2 key to avoid becoming a victim is, you guessed it…education.  Most new scams are being spread by social engineering and phishing scams, which are designed to trick people into thinking the emails are legit, and into opening the emails, and links or attachments.  The links and/or attachments then infect the workstation, and usually quickly spread through the network to other workstations.  Educate yourself and your employees about the dangers out there, and what to look for!  This means anyone in your business that even looks at a computer should be informed what scams are currently out there, what to look for, and how to avoid them.
  3. Know How to Recognize a Scam Email:  Read our ‘Red Flag Emails‘ for clues on what to look for in suspect emails.  The general rule of thumb is:  If it looks suspect, and you can’t confirm that it’s the real deal…DELETE IT. 
  4. Install Updates:  In spite of knowing the importance of installing software/hardware updates, a lot of people either put them off or skip them all together.  Either the re-boot that your computer needs after installing the updates is ‘inconvenient’, or there are always ‘glitches’ after installing updates, etc etc.  We’ve heard all the excuses.  The bottom line:  Is a 3 minute inconvenience to re-boot your computer, or putting up with potential glitches, or any other potential ‘inconveniences’ worth plugging any security holes in your computer system.  I say yes, but that’s just me…
  5. Keep Hardware and Software Up-to-Date:  Outdated hardware and software is often no longer supported by the manufacturer.  You’re thinking, “So what?  I don’t need their support!”.  This is a frequent misconception.  Periodically, a manufacturer decides that it will no longer “support” older software and/or hardware, in favor of concentrating on newer, better releases.  When a manufacturer no longer supports a piece of hardware/software, this means that they are no longer releasing the updates to plug known security holes.  This means HUGE security risk for your company!  This could also mean litigation, if you handle client information, payment information, etc.
  6. Do Not Click Links Within Emails:  If you receive an email that has a link to a website and/or webpage on it, especially if the link does not match the tone of the email, or if it is to something that this person (if you know them) would normally send you — DO NOT CLICK!  A good trick:  hover the mouse over the link (Do NOT Click!!).  If the ‘box’ that appears does not match what the link states — it’s a fake and will cause you & your business some trouble if you click on it.  
  7. Do Not Call Companies From Phone Numbers in Emails:  If you receive an email asking you to contact ‘Tech Support’ (or anything else for that matter!), get the phone number to call directly from their website.  Lots of scams involve fake phone numbers directing you to a legit-sounding department, then proceed to ask for personal information, credit card information, log in info, etc.
  8. Spam Filter:  Tens of trillions of spam email is sent every year, to inboxes across the globe.  A spam filter stops 95% of spam emails from ever reaching your employees’ inboxes in the 1st place…for less than a cup of coffee..  Because all it takes is one careless click, and your business could be compromised.
  9. Backup, Backup, Backup.  If everyone had reliable backups, ransomware wouldn’t even be an issue.  If you have a reliable backup, you don’t have to pay the hundreds or thousands of dollars in ransomware (and put an even bigger target on your business, because CyberCriminals now know that don’t have backups!) to get your own files back.  Instead, your files can be retrieved from your last backup, and you’re up and running!  

Not sure how secure your network is?  Ask us about our Network Security Assessment!  Mention this post & get it FREE!

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

How to Take Better iPhone Photos

by Leave a Comment

iPhone Photos1

How to Take Better iPhone Photos

The camera in the newest versions of the iPhone is greatly improved (no more instant-red-eye syndrome!).  So there’s no reason why you shouldn’t use it like it should be used.  These tips will help take your photos from “cellphone” quality, to VSCO worthy.

Composition  

These tips not only apply to the iPhone, but to any picture you take.

  1. The Rule of Thirds:  This is pretty easy to implement this, because the iPhone has a iPhone Rule of Thirds Gridtool built right in for this.  Go into “Settings”, then “Camera”, and turn on “Grid”.  Once you do this and go back to the camera app, you’ll note that there is now a grid on your screen that divides the screen into 9 squares, 3 row up and 3 rows across.  The rule is simple – instead of placing the subject of your photo in the centre of the frame, try placing the subject more towards on one side or the other.  Using the grid, place the subject in the area where the lines intercept, using a third of the screen.  This makes the photo more visually interesting and appealing, and pulls the viewer into the picture.
  2. Don’t Use Zoom.  Move Around Instead:  The iPhone only has 1 lens, and the digital iPhone Close Upzoom is horrible, so you shouldn’t use it.  Although it’s easier just to stand in one place and zoom into the subject of your photo, it doesn’t always (hardly ever) results in the photo you want.  You should instead, physically move closer to your subject (if it’s far away, move closer.  If it’s higher up, move higher).  This is a much better way to get the results you want.
  3. Use Panorama Mode:  If you’ve moved yourself closer and still can’t get everything in the frame, try using this mode.  You don’t have to make a wide sweep, but by moving it just a little bit, you can ensure everything that you want in the picture is in there.  iPhone Panorama
iPhone Camera Tips

Now that you’ve mastered some of the basic composition rules for any photo you take, there are tools built right into the iPhone to help you increase the quality of your iPhone photos.

  1. Use HDR:  Turning the camera on auto will ensure that the camera uses HDR when it iPhone HDR Comparisonneeds to.  A camera usually ‘averages’ the brightness of the photo between the really bright spots and the really dark spots in the photo so that everything has the same exposure.  What HDR does is it takes the really bright spots in the photo and the really dark spots in the photo, and allows them to have more detail.  How it does this, is that it takes multiple pictures, and take the best of each, and combines them into one picture.  This allows you to have much more detail throughout the whole picture.  
  2. Tap to Focus:  The little yellow box that pops up on screen when you’re taking aiPhone Tap to Focus picture, is the best tool in the camera app.  This allows you to tap anywhere on the screen, and have that part of the picture be both in focus and properly exposed.  For example, if you have a subject that is really bright & close up, you can tap on it and it will place the yellow box around it and set the focus, and expose it based on where you tap.  So that bright, close up image will be in focus and be properly exposed.  
  3. Manually Change the Exposure:  Sometimes you use the ‘Tap to Focus’ tool, and the iPhone Manual Exposureobject still appears too bright or too dark.  If this happens, simply tap and slide your finger up and down on the screen (after you ‘Tap to Focus’), and you can change the exposure (up for brighter, down for darker).                                     
  4. Lock in Your Photo:  If you have your photo exactly how you want it, and don’t wantiPhone AE AF Lock anything to change, simply hold your finger on the yellow box, it will lock the exposure and focus settings to make sure nothing changes.  
  5. Turn off Your Flash:  For 99% of pictures, the flash is going to ruin the picture.  Using the tips above will help you get the desired effect without using the flash.  So unless it’s really dark & the flash is the only way you’re going to be able to get the picture, don’t use it. iPhone Flash

With the tips above, your iPhone photos should no longer look like they were taken with your iPhone. 

Got a question for our Resident Geek?  Email:  geek@tbyd.ca
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: ‘Locky’ Gaining Momentum…and Victims

by Leave a Comment

Locky

ALERT:  ‘Locky’ Gaining Momentum…and Victims

 

This new CryptoLocker strain isn’t more sophisticated than any of the other versions of the malware, but it is spreading rapidly.  The FBI has released a statement in a recent Wall Street Journal article, stating that the threat from ransomware is expected to grow exponentially.

Forbes claims that ‘Locky’ CryptoLocker is infecting approximately 90,000 computers per day, and is costing victims approximately .5-1 Bitcoin (approx. $420US) to unlock their systems.

Locky is spread through phishing emails containing Microsoft Word attachments.  The last few days, Locky creators has sent at least 4 million phishing emails with a zip file as the attachment.  The zip file contains a JavaScript file which downloads and installs Locky.  

How to Protect Yourself:
  1. Block any and all emails with .zip extensions and/or macros at your email gateway level.
  2. Disable Adobe Flash Player, Java, and Silverlight if possible.  These are all used as attack vectors.
  3. Educate your employees and coworkers to the danger, so they can recognize the red flags related to ransomware attacks.
  4. Check out our Red Flag Emails for clues on how to spot a spam email.  Print it, and pass it out to all employees and coworkers so they can post it at their workstation as a reminder.
  5. Ask us about a Spam Filter for your company.  More affordable than you think, and a very reliable way to eliminate 90% of spam from ever entering your inbox!
  6. Back up your data!  Now, more than ever, backups are an everyday essential for every business!  Ask us for a FREE quote!
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Netflix At No Charge

by Leave a Comment

Netflix

ALERT:

Netflix At No Charge

 

With their recent globally launched streaming service, Netflix’s popularity is gaining steam.  
Unfortunately, in today’s world popularity equals hacker target.

There are active malware and phishing campaigns targeting Netflix users with several scams:

  1.  One scam claims you need to update your payment informationNetflix update info

2.  Another claims that there has been “unusual” or “unauthorized activity on this account”

Netflix unauthorized activity

3.  Still others try to trick you into downloading software for a cheaper version of Netflix

Netflix special offer

These are just a few of the scams currently circulating.  

How To Protect Yourself:
  1. If you receive an email that looks like its from Netflix, and claims you need to update payment information, DO NOT CLICK on any links or open any attachments.
  2. Do not download anything from a MMS or a email.  Only download Netflix software directly from the Netflix website or official app stores.
  3. ALWAYS go to the websites yourself, instead of clicking on a link in an email.
  4. If you want to be 100% sure, call their customer service directly, using the 1-800 number you find on their website.
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: MS Word Ransomware

by Leave a Comment

Ransomware

ALERT:

MS Word Ransomware

 

 

Over 400,000 workstations were infected within a few hours of it being released.  
24 hours after being released, only 3 very specialized AntiVirus detected the ransomware.  
Now, most major AntiVirus products now detect the ransomware
…but only if the user is updating their AntiVirus.

It was only a matter of time before some CyberCriminal figured out how to insert ransomware into a MS Word document.

Some professional CyberCriminal finally did it.

The new ransomware called “Locky”, was first reported in the UK by Kevin Baumont, is causing major headaches for companies all over the globe, and have been received by companies in Canada, and even here in Manitoba.

Emails contain the subject line “ATTN: Invoice J-98223146”, and a message like “Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice”, or something similar.  The email looks similar to the one below:

Locky email

When opened, the attachment is a MicroSoft Word document that looks like the content of the document is scrambled.  The document will display a message stating that you should enable the macros if the text is unreadable.  The attachment will look similar to this:

Locky attachment

Once the victim enables the macros, the macros downloads an executable file from a remote server.  This file will be stored in the “%Temp%” folder and, when executed, will encrypt the files on the workstation, then both mapped and unmapped network drives.

Once this has happened, you receive the message below:

Locky message

Similar to CryptoWall, Locky also completely changes the filenames for encrypted files to make it more difficult to restore the right data.  At this time, there is no known way to decrypt files encrypted by Locky.

How to Defend Yourself:

Have your I.T. person hunt for this Group Policy Setting, and set it to “Disable all except digitally signed macros”.

Group Policy Setting

Now check out Trusted Locations:  User Configuration/Administrative Templates/Microsoft Office XXX 20XX/Application Settings/Security/Trust Center/Trusted Locations

Set your shared folder location URL in here, e.g. //blah.local/public/office

More details at Microsoft Tehnet here.

The user won’t see a prompt to enable the macro, nor can they from the Office options.

There is a still a small risk that the user will save the malicious email attachment to the network and open it.  However, it is a much smaller risk than before.

Here is a very small sample of how far & fast Locky has spread:

Locky infected networks

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutionspackage!
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks