IT consulting and tech support blog
The CryptoLocker virus is spreading!!!
Published November 11, 2013
There’s a new type of malware that has been spreading like wildfire over the past couple of months called CryptoLocker. Most security researchers are claiming that this is one of the nastiest and most successful computer viruses ever: CryptoLocker is currently infecting Windows operating systems all across the United States and in other parts of the world. The virus is part of a generically named family of malware called “ransomware,” and its main function is to encrypt your files and “hold them hostage” until you pay a fee to have them decrypted.
How does CryptoLocker infect computers?
The CryptoLocker virus is passed around in emails that include attachments. The criminals send emails claiming to be from well-known companies like UPS, USPS, PayPal or FedEx in order to trick users in to thinking that they are legitimate and safe to open, but of course they aren’t safe at all. Instead, when a user attempts to open up the attachment, the computer becomes infected and the virus locks files on the system until the ransom request is paid. Most often the attachments will be disguised as JPEG images, ZIP files, PDF files and various types Microsoft Office files (mostly Excel and Word documents).
After a computer becomes infected, users are given 100 hours to pay a fee between $100 and $700 to get the files decrypted. The version of the virus that we’ve been seeing on infected machines have been asking $300 dollars for the decryption key. So far, it appears that the virus only encrypts data files with certain extensions, including Microsoft Office, OpenOffice and other documents, pictures, and AutoCAD files.
How to prevent your computer from becoming infected by CryptoLocker
The file paths that have been used by this infection and its droppers are:
- C:\Users\
\AppData\Local\ .exe (Vista/7/8) - C:\Users\
\AppData\Local\ .exe (Vista/7/8) - C:\Documents and Settings\
\Application Data\ .exe (XP) - C:\Documents and Settings\
\Local Application Data\ .exe (XP)
In order to block the CryptoLocker and Zbot infections, certain Path Rules have to be implemented within the system so that they are not allowed to execute. There is a manual process to create these Software Restriction Policies easily, but thankfully a company called FoolishIT has created a utility called “CryptoPrevent” that automatically adds the appropriate series of Software Restriction Path Policies to a computer in order to prevent CryptoLocker and Zbot from being executed.
If you get an email that includes any type of attachment, use extreme caution and make sure you know who the sender is BEFORE opening it. If you don’t know who the sender is, or if it appears to be from one of the companies mentioned earlier DO NOT OPEN IT!!! Just delete the email. If you start seeing the CryptoLocker demand screen, please shutdown your machine immediately and call your IT administrator for further assistance. If you’re a current New River Computing client, please contact us ASAP if you see the CryptoLocker message on your screen.
Below is an example of what the CryptoLocker demand screen looks like.
How to use the CryptoPrevent Tool
One important feature to make use of in CryptoPrevent is the option to whitelist any existing programs in %AppData% or %LocalAppData%. This is a useful feature as it will make sure the restrictions that are put in place do not affect legitimate applications that are already installed on your computer. To use this feature make sure you check the option labeled Whitelist EXEs already located in %appdata% / %localappdata% before you press the Block button.
It is available from the CryptoPrevent download page.
Once you run the program, simply click on the Block button to add the Software Restriction Policies to your computer. If CryptoPrevent causes issues running legitimate applications, then remove the Software Restriction Policies that were added by clicking on the Undo button.
More Information:
For a detailed analysis of the CryptoLocker virus please check out this excellent Bleeping Computer CryptoLocker article .
Detailed information on the CryptoPrevent tool developed by FoolishIT's CryptoPrevent page.
NRC is Now Offering CrashPlan Managed Backup Solutions!
Published November 06, 2013
Backups are arguably one of the most important things you can do to protect your important data.
Two of the biggest obstacles most users face with backups are:
- Complicated, confusing and unreliable backup software.
- Remembering to run it, or change the backup disc and take it offsite.
Who has time to deal with all of that hassle? Don’t worry, New River Computing can deal with the hassle FOR you!
We’ve spent a lot of time researching and testing numerous solutions to these problems and have found (what we consider to be) the best “cloud backup” file based backup solutions for our clients. What is this “Cloud Backup” you speak of? Well, if you’re asking this question, please check out the “Beginners Guide to Cloud Backup” before reading the rest of this post!
CrashPlan PROe isn’t ONLY a cloud-based backup solution, it is also a “hybrid” solution because it utilizes a multi-destination backup method. User data can be backed up to the cloud AND to external drives, local server shares or a NAS at the same time.
CrashPlan PROe runs silently in the background, continuously protecting the critical business data that lives on your machines. There’s no need for users to change their work habits because CrashPlan backs up data automatically, without any user effort or intervention required. New River Computing clients that use CrashPlan PROe enjoy significant productivity gains; it allows us to easily support the backup needs of thousands of clients, while enabling end users to quickly and easily restore data on their own.
It’s a great solution and we encourage all of our clients and users to contact us and give it a try!
Why did Microsoft make the decision to retire the TechNet Subscriptions service?
Published July 24, 2013
On July 1, 2013, Microsoft announced the end of the 15 year program, TechNet Subscriptions. Microsoft’s TechNet Subscription Program is a paid program which allows partners to download full copies of most software titles to be used for lab or testing purposes. In an email announcement to partners, Microsoft said “In recent years, we have seen a usage shift from paid to free evaluation experiences and resources. As a result, Microsoft has decided to retire the TechNet Subscriptions service and will discontinue sales on August 31, 2013″. Many have tried to guess the real reasons behind Microsoft’s decision to end the program because the substitutes Microsoft left in place, though free offerings, are just not adequate.
IT pros are now going to have to struggle with time-limited versions and will be more likely to lose interest when reviewing and testing newer products because, like me, most of us never know how busy we’re going to be. To have to go through the bother of tracking when a particular piece of software was installed or to fire up a program only to get an error that it expired, may not make it worth it.
So, why did Microsoft make this decision? Many believe that Microsoft is shutting down TechNet subscriptions to force IT professionals and companies towards “cloud based” solutions like Office 365, Hosted Exchange and Windows Azure, where profits are based on subscription models rather than one-time purchases.
I know this is crummy news, but their might me a glimmer of hope. Thomas Lee and Jonathan Medd pointed out that Microsoft tried closing the MVP program once. The announcement caused uproar leading to MVPs organizing. They fought closing the program by writing Microsoft directly. Inboxes of Bill Gates, Steve Ballmer, and vice presidents soon flooded as supporters expressed the value of the MVP program. Three days later, Microsoft recanted and reinstated the MVP program. The event is chronicled here.
The similarities between the MVP and TechNet cancellations are very similar. Despite what skeptics say, it just might be possible to convince Microsoft to keep TechNet open. Microsoft is always listening, believe it or not (Just look what happened with the Xbox One). Microsoft is watching online, and collecting data for evidence that customers are unhappy. Many, many people have taken to blogs and articles to voice their anger. A quick Google or Bing search for “TechNet subscription” will give confirmation. Microsoft just HAS to notice all of this backlash.
If you feel compelled to act, please write Microsoft. Start with Steve Ballmer. His email address should be steveb@microsoft.com. Outline in your own words reasons for keeping TechNet open and its importance to you. Also, a public petition, entitled, “Continue TechNet or Create an Affordable Alternative to MSDN”, is attempting to gather enough signatures to get attention from Microsoft so they will consider reinstating TechNet subscriptions, or at least, provide an affordable alternative.
The petition has over 6,500 signed supporters from all over the globe. As the word continues to spread throughout the IT community, I expect the number of signatures to keep growing, especially when subscriptions start to run out. If this news is reaching you for the first time, I highly suggest showing your support by signing the petition.
You can sign the petition at Continue TechNet Or Create An Affordable Alternative To MSDN.
Cyber Crime vs. Cyber Defense
Published June 03, 2013
After reading an article on the Huffington Post the other day, I started thinking about the fact that we really ARE now living in a world where BIG DATA = BIG BUSINESS = BIG MONEY. With more and more people paying bills, shopping, banking and socializing on the internet, there are going to be obvious financial losses to individuals and organizations. The article prompted some further sleuthing, which led to some eye-opening statistics.
Below is a brief summary of data showing the difference between what cyber criminals are estimated to steal in a given year and the money being spent to protect against their digital crimes.
Cyber Crime:
Fake Antivirus - $97M
Users get a message warning them that their computer has been infected with malware. When they click on a link to download antivirus software, their machine is infected. An analysis of financial records from three criminal gangs found that from 2008 to 2010 they collectively earned $97 million annually.
Stranded Traveler - $10M
Hijacked e-mail accounts are used to ask friends for money, claiming to be stranded traveling abroad. According to an analysis from several major e-mail service providers, criminals receive between 1-5 payments a day, on average.
Online Banking Fraud: Malware - $370M
Cyber criminals target businesses and individuals using malware to capture passwords, account numbers, and other data to get into online banking accounts. As of September 2011, the FBI was investigating 400 cases of “corporate account takeover” where criminals stole $85 million.
Online Banking Fraud: Phishing - $320M
Online banking fraud is sometimes carried out in a phishing attack, in which criminals impersonate websites to get unsuspecting users to provide their login credentials.
Cyber Defense:
Bank Countermeasures - $1,000M
Banks often hire companies to conduct penetration testing to ensure that their IT infrastructure is up to the standards of being secure. They also many times pay companies to search for and eliminate bogus websites used in phishing attacks. There are also additional internal security costs, such as authentication programs, UTM appliances, Firewalls, AV software and systems for generating one-time passwords.
Antivirus - $3,400M
It’s currently estimated that between 74-88% of all households with a broadband subscriptions use some form of antivirus protection.
Patching Vulnerabilities - $1,000M
Software companies constantly patch their products against vulnerabilities that can be exploited by malware. Some evidence suggests that the development cost of a single patch for key enterprise software can run up to $1 million. Deploying that patch is equally costly.
User Cleanup - $10,000M
When antivirus programs fail, aren’t updated regularly or are just used incorrectly (if at all), users often times have to call on the help of a professional computer technician to clean up their PC. This type of service usually costs between $99-$300 dollars depending on the severity of the infection.
Business Security - $10,000M
Companies use a variety of tools to fight cyber-crime including firewalls, intrusion detection systems, software maintenance/patching, deployment, and user training.
Law Enforcement - $400M
The U.S. spends nearly $200 million a year to fight cyber-crime. This accounts for half the law enforcement work worldwide.
These number are staggering to say the least. I think it’s extremely important for end users and organizations to work together with security experts and IT professionals to put all of the necessary security measures in place to combat against system vulnerabilities. Also, it’s important that folks “in the know” educate other users on how to stay safe online. Through collaborative efforts and commitment to deploying aggressive multi-layered security policies, there is hope that the cyber-crime epidemic can one day be contained.
Will Microsoft bring back the Start button?
Published April 18, 2013
When Microsoft first revealed Windows 8, complaints started rolling in almost immediately. The lack of the traditional Start Menu and the fact that Windows would no longer be booting directly to the Windows desktop were just a couple examples of the many complaints that continue to trickle in regarding the new OS.
Rumor has it that Windows 8.1, codenamed Blue, will possibly offer preferences that will enable booting directly to the Windows 8 desktop and the ability to bring back the Windows Start Menu. On April 14th, MicrosoftPortal.net blogged about how the twinui.dll file found in the leaked Windows Blue Build 9364 contains code that controls whether the computer will boot directly to the desktop. As previous builds of Windows Blue did not contain this option, it’s pretty clear that Microsoft may be giving in to customer complaints and are working to fix them.
As we all know, Microsoft is unpredictable when it comes to making changes. These are just rumors at this point, so we can’t count on these fixes to actually happen. We won’t know until 8.1 is released in August 2013. If you can’t wait for the Windows Blue, programs like Start8 from Stardock may be your answer. Start8 allows users to tweak the Windows 8 experience to more closely mimic that of Windows 7 and XP. You can boot straight to the desktop, skip the new (and sometimes confusing) tiled start menu and bring back the start button.
Windows 8 has some great new features that make it more secure and easier to troubleshoot than previous versions. Bringing back the Start Menu and the ability to boot directly to the desktop will (in my opinion) make Windows 8 the best Microsoft OS yet!