ALERT:  CryptoLocker, and More!

 

CryptoLocker is attempting to gain strength after the CryptoBit and CryptoDefence ransomware have been developed and attacking.

 

The latest strain of CryptoLocker is being sent by email to companies that have job postings on websites like CraigsList. CyberCriminals are looking for job postings and sending resumes with the CryptoLocker malware attached. The moment these resumes are opened, the ransomware kicks in, and begins to encrypt the computer. The computers that are being used to open these resumes are usually some of the most important in the company, like that of the owner, the CEO, HR, or department heads.

Another kind of ransomware is also becoming more popular. This kind uses shock in order to get people to pay. This kind of ransomware first displays child pornography, before copying it to the victim’s hard drive, encrypting the system, and holding it hostage.

Major losses and downtime can be avoided with proper backups. Regular scheduled backups help restore any kind of data that is lost or encrypted.

Proper backups would have prevented the need to pay paying hundreds, even thousands of dollars for an encryption code.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:

Mobile Scams

 

Heads-up to mobile device users! There are two mobile scams that have just begun to make themselves known.

 

CyberCriminals are trying to trick people into clicking on links, often exploiting trust in order to do so. If they are successful in making you believe the message is from a trusted source, chances are that you will click on it. CyberCriminals use email, instant messaging, social networks, and even SMS text messages to try to trick you into becoming a victim.

One way CyberCriminals use to create more victims, is using messages from “trusted” mobile apps to install malware onto PCs. The bad guys will duplicate the look of a mobile app, and make it seem as though that app is trying to get ahold of you through email. This email will contain a link or file that is completely infected with malware, which could then be transferred to your PC. It is important, even when on your mobile device to watch what you are clicking on; both online and in emails.

A second way CyberCriminals try to get victims is the first type of mobile ransomware (like the CryptoLocker) for Android. Although it is not as malicious as the PC version (so far), it scrambles your phone, and asks for about $500 as a ransom for the files. This sort of ransomware is actually manually downloaded through a type of software claiming to be a video player from a website other than the Google Play store. The way to avoid this kind of mobile ransomware is to only purchase apps from the Google Play store, and even then to be aware of what you are downloading. Check the reviews, people will often try to warn each other about slow apps, apps that do not work, or apps that cause problems.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

 

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  CryptoBit

 

CrypoLocker and CrytoDefense were making enough trouble for users, and now there is a third strain of Ransomware?

 

This strain is called CryptorBit, or HowDecrypt, and it follows a similar attack to CryptoLocker, but instead of corrupting certain types of files, this malware corrupts the first 512 or 1024 bytes of any data files it finds. It also seems to be able to bypass Group Policy settings that were put in place to defend against this kind of Ransomware injection.

This strain of Ransomware also installs a “cryptocoin miner” software which uses the victim’s computer to mine digital coin such as BitCoin, which then gets deposited into the malware developer’s digital wallet, earning them even more money.

Once the CryptoBit malware has had a chance to infect your files, it asks for a ransom of about $500 in BitCoin in order to decrypt the files. If the ransom is not paid, the files on your computer will remain corrupted and unusable.

Technology by Design recommends regular backups in order to ensure your files are saved in the event of a Ransomware attack. If a backup was made before the files were corrupted, it might be possible to save yourself $500+ dollars! Ask Technology by Design about how scheduled backups can help you, and how you can protect yourself from Ransomware!

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Heartbleed Bug

Internet security experts are scrambling to patch an alarming encryption vulnerability that has exposed millions of passwords and personal information, including credit card numbers, email accounts, and a wide range of online commerce.

 

Some reports as many as two-thirds of sites on the internet are using OpenSSL – the encryption code that we now know is flawed and vulnerable to so-called ‘Heartbleed’ attacks.

What Sites You Should Be Worried About:

The Canada Revenue Agency website is shut down, and not expected to be open again until at least the weekend.  The CRA says this move was precautionary, because there is no evidence of a breach.

Canadian Banks, airlines, and online retailers such as Amazon.ca, Walmart, and Indigo Books all said they were NOT affected by the bug.

The online new site Mashable has an extensive list  of other affected sites.  

They suggest you should immediately change your password if you use any of the following:

• Facebook
• Gmail (or other Google services)
• Tumblr
• Yahoo mail
• GoDaddy
• Intuit (TurboTax)
• Dropbox
• LastPass
• OkCupid
• Soundcloud

Wondering about a site not on the list?  The Web developer resource Github has been testing sites, here’s a working list of the vulverable, not vulnerable and no SSL sites:  Heartbleed-Masstest.  The caveat for this information is that there is no central “is my internet broken” government agency that can verify these checks; Githrub’s community of volunteers appears to be our best resource, but maybe think of it more like Wikipedia than a peer-reviewed journal.

There are also a few services, such as filippo.io/Heartbleed, that let you test a website yourself.  We recommend doing this for any lesser-known site you use regularly.

As Toronto-based password-managing site 1Password says “The time to change passwords is after sites patch vulnerability *and* update certificates.”

How Do You Make Your Passwords Safer?

The smartest thing to do at this point is diversify your passwords, so that if someone hacks your OKCupid account they can’t get into Google with the same password.  My rule of thumb is that no site that connects to my credit card shares a password with any other site that I use.

Most people use terrible passwords.  There are a number of reasons for this.  One is the sheer variety of password-enabled devices we have to deal with every day (how many of you will admit to still having the default “1234” as the password on their vehicle’s Bluetooth connection…?).  Another is the fault of certain products and websites that either don’t care what sort of password you choose, or force you to jump through a bunch of hoops that result in the creation of a convoluted password you end up forgetting a week later.  The most important determinant of password strength is entropy.  Basically, the more stuff there is to guess, the better the password.  So choose a long password.  And if you don’t think you can remember multiple passwords and don’t want to use a password manager, at least memorize a strong password and use it exclusively for your most important digital transaction.  The last thing you want is your banking login compromised because someone hacked into a gaming forum you frequent and stole your password.

Is This A Virus?

No.  A virus is a piece of malicious code that seeks to infect your computer systems.  Heartbleed appears to be a mistake, a flaw in the encryption code that many websites use to protect passwords they ask you to use to log in, as well as other information.

How Long Has This Been Going On, And Whose Fault Is This?

According to researchers that found the problem (and let’s be clear, this is a gaping hole that words like “flaw, bug, and vulnerability barely describe), the bad code was introduced two years ago.  To quote Codenomicon (who found and named Heartbleed): The affected code is called OpenSSL and “is the most popular open source cyptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.”

The OpenSSL Software Foundation and the developers who maintain this code are having a lot of pointed finger wagging at them.  According to the Wall Street Journal, there are only 4 staffers to maintain the open-source libraries…and only 1 is full-time.

“There is no question more effectively applied manpower would be a good thing,” said Stever Marquess, President of the foundation.  “Formal code audits would be a good thing.”  Really…

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

 

 

ALERT:  Employee Recruiting

There is a new cyber attack being aimed at companies looking at recruiting new employees through the internet.

 

 

The malware attack, called Gameover Zeus, comes in two stages. In the first stage, a phishing attack takes over the workstation using social engineering, and infects the machine with the Gameover malware. The malware then grabs information from website forms, such as usernames and passwords, as they are typed. In the second stage, the attackers try to get the HR employee to give out the information they are missing in order to take over the (usually Monster or CareerBuilder) account. They use a bogus security check form and ask for the answer to their security question.

Why would an attack target HR departments? The first reason for this is the ability to take over the HR computer, create fake “employees”, and cash in on these employees. The second reason is that if the computer is tied to a bank account, and has a spending budget, it can then be made to be a target for banking Trojans.

It is important for everyone, especially HR, to pay attention to emails and websites for red flags. If something does not look right, it probably isn’t.

Technology by Design can help with virus and malware protection and removal, in order to save your information. For more information, give one of our technicians a call at (204) 800-3166, or email helpdesk@tbyd.ca.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Blood Test Results

 

Cybercriminals are stooping lower (we didn’t think that was possible) and using the threat of cancer to fool people into unknowingly infecting their computers. They are sending emails with the headline “IMPORTANT: Blood Analysis Results”, and the message is along the lines of:

Technology by Design uses, and sells, an antivirus software as well as a spam filter that will register this file as being malicious.  TbyD’s customers have been targeted with this virus, but our antivirus and spam filter has blocked it from reaching the intended recipients.  For a low fee, you can ensure your computer network is safe.  For more information, call Bob at (204) 800-3166.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

 

ALERT: Fanbox

If you receive an email in your inbox saying “you have earned $__” from a website you do not recognize, it is not a good idea to go to the website. Even if the email says someone you know has signed you up for it, or has referred you to their site. An email has been circulating from “Fanbox” which says you’ve made some money, but need to go to the website to sign up.

On the website, it will take your email address, password, and cell phone number in order to spam you continuously and then spam all of your contacts. It will use the phone number you provided to send you texts that may or may not COST YOU to receive. Your phone number and email address may even get more spam after “Fanbox” sells your information to other people.

Once the spamming has started, it is almost impossible to stop. Even though there is a “stop these emails” link on the bottom of the email, clicking that will only verify that the email is active, and the spam will continue.