Ransomware

Crypto Blackmail: How To Protect Yourself

December 27, 2018

Frank DeLuca is a field technician for Tech Experts.

A criminal contacts you over email or snail mail and insists they have a webcam video of you watching “unsavory” videos or evidence you cheated on your wife.

To stop the release of this compromising information and to make the problem go away, the criminal asks for digital payment in Bitcoin or another form of cryptocurrency.

You should never respond or pay. All the criminals have are empty threats and they’re just trying to trick you.

What is CryptoBlack Mail?

CryptoBlackmail is any sort of threat accompanied by a demand that you pay money to a cryptocurrency address.

Just like traditional blackmail, it’s a “pay up or we’ll do something bad to you” threat. The difference is the demand for payment in online currency rather than traditional hard (and traceable) cash.

Why cryptocurrency? It’s not possible to “undo” a transaction and it’s hard for the authorities to track down the owner of a Bitcoin address.

With cryptocurrency, the money is gone as soon as you send it.

Some examples of CryptoBlackmail:
– Physical mail saying “I know you cheated on your spouse,” and demanding payment in the form of Bitcoin to a specified Bitcoin wallet.

– Emails claiming an attacker has placed malware on your computer and recorded you in a uncompromising position, along with a video feed from your webcam. The attacker also claims to have copied your contacts and threatens to send the video to them unless you pay.

– Emails including a password to one of your online accounts along with a threat and demand for payment to make the problem go away.
The attacker just found your password in one of the many leaked password databases and hasn’t compromised your computer. Keep in mind that the criminals almost certainly cannot follow through on their threat and they probably do not have the information they claim to have. It is simply a numbers game.

For example, someone may just send emails saying “I know you cheated on your spouse” to a large number of people knowing that, statistically, some of them will be tempted to act.

The important thing to note is that this not a personally targeted attack. Unfortunately, the scammers do trick some people, which then perpetuates this ongoing CryptoBlackMail scam as an easy payday for criminals with little to no work involved.

How to Protect Yourself

Ignore the scammers. Delete and forget the scam. Don’t try to negotiate or even respond with the scammer. Don’t pay a single cent.

Don’t re-use passwords. If a criminal sent you one of your passwords, it’s likely that password was from one of many leaked password databases available online.

Change your passwords. If you’re concerned a criminal might have your passwords, you should change them immediately.

Get a password manager. They can help keep track of those unique passwords. They remember passwords for you, letting you use strong, unique passwords everywhere without having to remember them all.

Disable your webcam. If you’re really worried about someone spying on you with malware on your computer, you can just disable your webcam when you aren’t using it.

The most important thing to do — aside from never paying the scammers — is to ensure you aren’t re-using passwords, especially if they’ve already been leaked. Use strong, unique passwords and you won’t have to worry about password leaks. Just change a single password whenever there’s a leak and you are done.

Colorado Company Taken Down By Ransomware And What That Means for Your Business

December 7, 2018

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

According to Statista, there were 184 million ransomware attacks in 2017 and the average ransomware demand is over $1,000. Individuals, organizations, and companies have fallen victim to these attacks.

Most people recognize the fact that ransomware is a danger, but they may not realize that it can actually destroy their company.

The recent closure of Colorado Timberline after a ransomware attack is a solemn reminder of the seriousness of the dangers of ransomware.

What Happened to Colorado Timberline?
Colorado Timberline, a printing company in Denver, was forced to cease operations for an unspecified amount of time after a severe cyber attack. [Read more…] about Colorado Company Taken Down By Ransomware And What That Means for Your Business

The Ransomware Threat Is Growing – Here’s Why

July 26, 2018

One of the biggest problems facing businesses today is ransomware. In 2017, a ransomware attack was launched every 40 seconds and that number has grown exponentially in 2018. What are the main reasons for this type of escalation and why can’t law enforcement or IT experts stop the growing number of cyber-attacks?

Ransomware Trends
One of the reasons involves the latest trends. The art of ransomware is evolving. Hackers are finding new ways to initiate and pull off the cyber-attack successfully.

Hackers rarely get caught. So, you have a crime that pays off financially and no punishment for the crime. The methods of attack expand almost daily. Attack vectors increase with each new breach. If cyber thieves can get just one employee to click on a malicious link, they can take over and control all the data for an entire company. [Read more…] about The Ransomware Threat Is Growing – Here’s Why

Ransomware Vs Atlanta: How To Protect Your Systems

May 23, 2018

Chris Myers is a field service technician for Tech Experts.

On March 22, the local government in the city of Atlanta, Georgia experienced a widespread ransomware cyberattack that affected several city applications and devices.

Ransomware is a type of malware that takes over a computer and locks out the user. The attackers then make contact with the victim and request payment. If the ransom is not paid, they may publish the victim’s personal files and data or just continue to block access to them.

In Atlanta, the attackers gained access to some of the city’s applications through a network vulnerability. Once they had locked the city’s systems with a ransomware known as “SamSam,” they asked for six bitcoins to unlock everything. Six bitcoins are currently worth around $51,000 US dollars.

Atlanta chose not to pay the ransom, as there is no guarantee that they would get their files back and they didn’t want to encourage any similar attacks. Instead, Atlanta officials awarded nearly 2.7 million dollars to eight private companies in the first couple days after the start of the attack.

The FBI, Department of Homeland Security, and Secret Service have also been assisting city officials in investigating the attack.

As you can see, the consequences of a ransomware attack can be severe. Nearly a month after the breach, nearly all city functions were still being carried out with pen and paper. With that in mind, what are the best ways to prevent them from happening in the first place?

How to protect yourself against similar cyberattacks

Ransomware attacks usually infiltrate organizations through their network. Therefore, maintaining good network security practices is a must. These can include:

Using strong, unique passwords. Both individuals and companies have a tendency to use shared passwords for different programs, even Windows logins.

If someone gains illicit access to your network or a specific computer, they can’t immediately gain access to all of your program logins and computers if you use unique passwords.

Staying vigilant for phishing. Phishing is another common method of attack for gaining entry to install ransomware. 91% of phishing attacks are targeted at specific people in a company, a technique known as spear phishing.

The attacker will study an organization’s email format, then send a simple email to an employee designed to appear as if it is a common email from a co-worker.

Most of these emails will look completely normal except for the full sender email address, which is usually something odd such as “ejhjsh@jk.cn.”

In many email management applications, the full address is automatically hidden behind the given name of the sender, so staff must be trained to interact with that name to confirm the address.

Securing your network. Ensure that a monitored firewall is in place and that all Wi-Fi networks are password protected with WPA2 encryption.

A VPN, or Virtual Private Network, is also a very good thing to have, especially if you have any staff working remotely.

Keeping operating systems and firmware up-to-date. Patches for known security vulnerabilities are released quite often.

Most of these are to combat specific new threats that are being used or about to be used in the wild. Staying up-to-date with security and operating system patches shores up your defenses against many common attacks.

Windows 10 Creator’s Fall Update to Bring Hardened Ransomware Protection

August 24, 2017

jared-stemeye — Jared Stemeye is a Help Desk Technician at Tech Experts.

2017 has seen some of the most high-profile ransomware and cryptoware attacks to date. These incidents have demonstrated that these types of attacks can have catastrophic effects that reach far beyond the ransom demands paid to these attackers.

The cost of downtime and damage control multiplies quickly. Even more damaging is being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, consequently costing much more than any monetary value.

Microsoft has stated that they recognize the threat that these cybercrimes represent and have since invested significant yet simple strategies that are proving to be extremely effective as new attacks emerge. These new security features are now coming to all businesses and consumers using Windows 10 with the Creators Fall Update.

These advanced security features are focusing on three primary objectives:

Protecting your Windows 10 system by strengthening both software and hardware jointly, improving hardware-based security and mitigating vulnerabilities to significantly raise the cost of an attack on Windows 10 systems. Meaning hackers will need to spend a lot of time and money to keep up with these security features.
Recognizing that history has revealed vastly capable and well-funded attackers can find unexpected routes to their objectives. These latest security updates detect and help prevent against these threats with new advances in protection services like Windows Defender Antivirus and Windows Defender Advanced Threat Protection.
Enabling customers and security experts to respond to threats that may have impacted them with newly updated tools like Windows Defender ATP. This will provide security operations personnel the tools to act swiftly with completeness of information to remediate an attack that may have impacted them.

Microsoft states this is a proven strategy that has remained 100% successful on Windows 10 S, the new secure version of Microsoft’s flagship operating system. Albeit, this version of the operating system does not allow any software from outside the Microsoft App Store to be installed.

Further, Microsoft states that even prior to the fall security updates rolling out, no Windows 10 customers were known to be compromised by the recent WannaCry global cyberattack. Despite this, Microsoft knows that there will always be unforeseeable exploits within their systems.

This is why the Windows 10 Creator’s Fall Update benefits from new security investments to stop malicious code via features like Kernel Control Flow Guard (kCFG) and Arbitrary Code Guard (ACG) for Microsoft Edge. These kinds of investments allow Windows 10 to mitigate potential attacks by targeting the techniques hackers use, instead of reacting to specific threats after they emerge.

Most importantly, Windows Defender security updates coming in this Fall will begin to leverage the power of the cloud and artificial intelligence built on top of the Microsoft Intelligent Security Graph (ISG) to promptly identify new threats, including ransomware, as they are first seen anywhere around the globe.

Though no exact date is set in stone, all of the amazing security updates detailed above will be available this Fall 2017 for free. For more information about the Creator’s Fall update beyond the security features, visit https://www.microsoft.com/en-us/windows/upcoming-features.

Another Major Ransomware On The Loose: Locky

June 27, 2016

Ransomware, a virus that essentially holds a computer user’s data hostage for a monetary reward, isn’t a new threat. It is in fact, becoming more prevalent with an estimated 35% increase of attacks in the past year alone.

One of the newest forms of this virus is known as Locky, which finds its way onto unsuspecting users’ devices through vulnerabilities in the Adobe Flash Player. This ransomware was detected by Trend Micro, and the type of operating system used seems to have little effect on risk. Locky has infiltrated systems through Windows, Mac, Chrome, and Linux.

Many of the Locky attacks, however, have affected Windows 10 users who are unknowingly using outdated versions of the Adobe Flash Player. Anyone running the 20.0.0.306 or earlier versions of Flash is at risk of Locky taking over data and holding it hostage for payment.

Therefore, the simplest way for people to protect themselves from this new ransomware is to ensure they are running the most recent version of Flash.

To do this, access Flash content within your browser and right click on it. Then, choose “About Adobe Flash Player” to view which version is being used. Alternatively, users can visit the Adobe website, which can automatically detect the installed version and also offer the option to upgrade to the most current one.

Locky ransomware isn’t just spread through Adobe Flash. It also can find its way onto systems through attachments in spam emails. In this case, the emails have most frequently been distributed through the same botnet responsible for sending out the online banking malware Dridex.

While actual numbers for how many people have fallen prey to Locky infections are not public, security companies have revealed that the majority of the ransomware attacks have taken place in the United States, Japan, and France.

The amount demanded to remove Locky from affected devices is usually around $100, but security experts suggest not giving in to such demands. Instead, victims are advised to create a backup of files and seek help from your IT provider.

The best defense against such attacks, however, is in prevention. Regularly update your operating system and frequently used programs, never open suspicious emails, and only log in as an administrator on your computer system when and as long as you absolutely must to prevent hackers from intercepting your login credentials.

Ransoming Your Business One Step At A Time

May 26, 2016

When it comes to business security, today’s climate is a careful one. It seems like every week the latest and most dangerous ransomware is coming for us.

These can come through a variety of ways, like employees, clients, and websites. The most recent threat we’ve seen is called Rokku. Built upon predecessors, it’s only the next step in the fight against business security systems. Ransomware is a dangerous thing. The main concept is a mix of fear tactics and file encryption. After the system is infected, the virus will normally lay dormant for a time.

Once every file is found and changed to an encrypted state, a message will display, stating the worst.

All of your files are locked until you pay whatever sum the developers demand. Once in this state, you are generally given only a number of hours before your files and content are deleted permanently.

In this instant, many people will jump up to pay for their files in order to save further expense and headache. Unfortunately, doing so rarely helps the issue.

After the ransom is paid, you are supposedly granted access to the files and everything continues on unhindered. That said, there are many times you can send the money in and receive nothing in return.

Your files will still have their encrypted extensions (e.g. *filename*.rokku) and you will be in an even bigger hole than before. Some of the older encryptions have programs made by third parties to help those infected, but this is also often not the case.

In the Rokku scenario, there is no progress made in decryption. No patterns have been found and files are completely distorted in comparison to their original state.

As if it isn’t already enough, there is still more to worry about. Rokku as well as other ransomwares will not stop at only the infected computer. Network shares are also subject to complete encryption.

In short order, your entire network is no longer your own. With this in mind, the question is simple. What can you do?

Ransomware is definitely a problem and is not going away anytime soon.

That said, there is more progress these days than when we first started seeing it pop up on systems. Using Rokku as an example, some newer versions are built off of older attacks.

As such, they can often follow the same patterns and can be taken care of. Anti-virus and anti-malware services are also more and more proactive against these threats.

User error can, however, still cause alarm and ruin things very quickly. Rokku and many of its predecessors are sent through email attachments. Once opened, they will start to run and everything will spiral downward from there.

It is important to know and keep others informed on basic safety practices when it comes to operating computers. Keep in mind to not trust strange sites, emails, or messages that you were not expecting or do not know the sender. Also, be aware of common spam signs.

Misspellings, exaggerated results, and poor grammar are often giveaways.

If you want to review your current computer climate, we recommend giving us a call. With preventive maintenance, business class protection, corporate antivirus, and monitors running to ensure a steady flow, we can ensure the safety and reliability of any network and the important files that it may contain.

The absolute best way to avoid a disaster such as Rokku and other ransomwares is to stop it before it happens.

Ransomware Now Targeting Mac Computers

April 18, 2016

While ransomware has been around for some time, it has never appeared to pose a threat to Apple’s Mac computers. That recently changed with the first attack of its kind last month. Ransomware is a malicious software that, once downloaded, essentially locks important files on a computer and then prompts users to pay a fee to have those files unlocked. There have undoubtedly been attempts to target Mac users in this way in the past, but this incident involving KeRanger software transmitted through the peer-to-peer file sharing network BitTorrent was the first successful one.

The attack affected approximately 6500 Mac users who downloaded the malicious KeRanger software. In the scheme of things, that number is quite low. The incident, however, proves that Mac users aren’t immune to this type of threat. As John Bambeneck of Fidelis Cybersecurity notes, “It’s a small number but these things always start small and ramp up huge. There’s a lot of Mac users out there and a lot of money to be made.” In this case, Palo Alto Networks detected the ransomware quickly, which is why Apple was able to neutralize the problem.

In the future, however, ransomware attacks on Macs may become more subtle. Apple reports that it has increased its security measures and revoked the digital certificate that was responsible for launching the KeRanger software.

Don’t Pay A Ransom To Get Your Data Back

January 15, 2016

Michael Menor is Vice President of Support Services for Tech Experts.

Requesting a ransom from victims is an unfortunate trend gaining momentum in the hacking world. This is typically done using ransomware (where hackers encrypt data and request money for the key) and distributed denial of service attacks (where hackers threaten to overwhelm a system with traffic, thus knocking it offline).

In both scenarios, hackers are looking for the victim to pay up…or else. Should they?

The answer should be obvious: absolutely not.

However, when a person’s valuable data becomes encrypted or they receive a legitimate threat to take down their servers, emotions often get in the way and they’ll end up “paying the piper.” Hackers know this, which is why their ransom methods employ fear tactics.

For example, ransomware like CryptoLocker will lock the user out of their computer while the screen displays a countdown to when their data will be deleted.

With DDoS attacks, a hacker may contact the victim mid-attack and promise to cease the attack for a fee. Both of these situations play straight into a person’s irrational fear, causing them to cough up cash.

Before reaching for your credit card to pay a hacker’s demands… stop, take a deep breath, and think objectively about the situation.

What guarantee do you have that these hackers will actually make good on their promise to turn over your data or cease the attack?

This guarantee is only as good as a hacker’s word, which is pretty worthless seeing as they’re, you know, criminals. Therefore, whatever you do, DON’T GIVE MONEY TO A HACKER!

By paying hackers money, you’ll only add fuel to the fire and help fund the spread of their devious acts.

Plus, there are several reported cases where a victim pays the ransom, only to still have their data deleted or the attacks on their site continue.

What’s it to them if they go ahead and follow through with the attack? They have your money, so who cares? It’s a classic case of adding insult to injury.

Need proof? There’s a recent example of this happening to ProtonMail, a Switzerland-based email encryption service.

On November 3rd, ProtonMail was threatened with a DDoS attack by the hacking group Armada Collective.

Like many companies would do, they ignored the threat, deeming it to not be credible. Soon afterward, their servers became overloaded to the point where they had to cease operations. After paying the ransom, the hackers continued the attack.

Now, consider your own situation. How much would it cost your company if you lost revenue for a full day of work, and you still had to make payroll?

For a medium-to-large sized company, losing a full day’s work would likely come to much more than a few thousand dollars. In fact, hackers understand how downtime can be so costly, which is why they feel justified asking for such an exorbitant fee.

What are you supposed to do if you were asked to pay a ransom by a hacker? The first thing you’ll want to do is contact the IT professionals at Tech Experts. We’re able to take an assessment of the attack to determine how bad it is and restore your data to a backed up version that’s not infected with malware.

When facing a hack attack, we can present you with all the options you can take – none of which will include paying a hacker money.

« Previous Page