Archive for October, 2014

Banner Ads Spreading CryptoWall

Posted by

Cryptowall

A new threat to your computers can be contracted simply by visiting certain high-profile sites.

Through a technique known as “malvertising,” banner ads are being used to spread a form of malware known as ransomware – in this case CryptoWall 2.0 – on such prominent Web sites as Yahoo, AOL, Match.com, the Atlantic and MajorLeagueBaseball.com. The web sites themselves aren’t to blame, but rather these virulent ads are processed through advertising networks, including Rubicon Project, OpenX and Right Media/Yahoo advertising, who have failed to carry out adequate checks for malicious content.

CryptoWall  2.0 encrypts all the files on the hard drive on a victim’s computer as well as any attached network drives, and if the victim doesn’t pay a ransom by a deadline, those files are lost.  Frequently the only way someone will know that they have been infected will be telltale files in each directory titled “Decrypt_Instructions.”  The latest version is memory resident, meaning that it never installs on the hard drive,  but just runs in memory and disappears when the machine is shut down, but the encrypted files remain.

An estimated 3 million people have been exposed to the malvertisements since the campaign was first detected in mid-September. The CryptoWall criminals are earning an estimated $25,000 a day from this attack, using a complex bitcoin laundering method to hide their profits.

An estimated one billion Android smartphones and tablets may be the next target as a version of the ransomware goes on sale in underground web forums.

CryptoWall gets into the computer through a security vulnerability in Adobe Flash Player. Your options to protect your data are either to update to the latest version of Flash (see directions in a recent blog entry) or to remove Flash from your computer altogether.

Firefox offers a plug-in called Ghostery that blocks third-party ads and trackers from loading when a site is launched, and Chrome has a similar extension called AdRemover.

Also, always back up your data on an external hard drive, either of your own (that you disconnect after you back up, or is may get encrypted too)  or a remote one (“the Cloud”).

If you are concerned that your system may be infected please submit a request at /support-request/ and we will be happy to help.

 

Stay Safe

 

Update Adobe Flash

Posted by

flash

How To Upgrade Adobe Flash Player

Click on the following link to go to the adobe site

https://www.adobe.com/software/flash/about/

Click on the Player Download Center link.  The following screen (or something similar) will come up. Make sure to uncheck the boxes in the middle “Optional offers” section and then click Install Now in the lower right hand corner of the screen.

If you are using a Windows machine you must do Internet Explorer Brower

If you use other browser, you must do the same for them.

adobe1

 

Be sure to UNCHECK Optional Offers….

Adobe2

 

It will likely pop up with a query asking if you want to run or save the program as seen below.  Click Run

adobe3

You may get a screen at this point that requires a YES to continue

The program will install.  When it is done click on the FINISH button in the lower right hand corner (as shown below)

adobe4

Simply close the window at this point.

adobe5

Cryptolocker Virus Alert

Posted by

CryptoLocker2

Cryptowall 2.0

In the wild this month is a new version of the ongoing cryptography based viruses.  This new version calls itself Cryptowall 2.0.  From research there are a few key differences in this new version.  In the original Cryptolocker viruses the payments were to be made by using Bitcoins.  In the way the virus author crafted the payment gateway, people if they knew enough, could “steal” or fake the payments made by others and use these stolen payments as their own.  In this new version this is “fixed.”  Each infected computer is tied to a unique bitcoin wallet id that the virus generates.  You can’t steal someone else’s payment or send a fake payment anymore.  The original cryptolocker code upon encrypting files would delete the originals.  The deletion process was similar to a user putting a file into the recycle bin and hitting empty recycle bin.  In this way, most files are easily recovered as long as not a lot of data has been changed or written to the hard drive in question.  With Cryptowall 2.0, this bypass is no longer available.  This version issues a hard drive secure delete command to each and every file it encrypts.  This means recovery is impossible via this avenue.  The third change is with how the author is masking the activity back to him or her.  This is going to make it very tough for the authorities to make a break in this case where they were able to with the original cryptolocker virus.

If you are concerned that your system may be infected please submit a request at /support-request/ and we will be happy to help.

Stay Safe

Wipe Old Data

Posted by

Old Data

You’ve upgraded your electronic devices, and you’re planning to sell or donate your old equipment.

Just make sure that you clean out all your sensitive data before you do so.

The Naked Security blog recently offered up a cautionary tale of why it’s essential  to take this important step. A Canadian used-computer dealer claims to have a pile of data which he pulled off servers originally belonging to an international professional-services firm. He and that company are now in court battling over the disposition of that data.

Need more convincing? USA Today reported that Robert Siciliano, an identity-theft expert for security firm McAfee, bought 30 used devices off Craiglists. Half the devices were thoroughly wiped clean, while the other half still maintained such data as bank account and Social Security numbers to work documents and bank records.

A recent survey by Internet security company AVG revealed that nearly 60 percent of Americans use three or more Internet-connected devices at home across three different operating systems. Those collect a lot of sensitive data over a short period of time.

So what can the average person or company do when retiring an older machine?:

Personal computers:

You’ve decided to recycle your old laptop or desktop. The simplest and most secure solution is to physically remove the hard drive. It can then be installed in your new computer or put in a USB hard drive enclosure to be used as a backup or portable storage.

If that’s beyond your skill set, commit to a secure wipe. That starts with backing up anything you value from the hard drive on your old machine onto an external hard drive or an online backup service, generically known as “the cloud.”

Next perform a secure wipe. Among the more popular data-destruction programs are DBAN (http://sourceforge.net/projects/dban/), CBL Data Shredder (http://www.cbldatarecovery.com/data-shredder/download) and ErAce (http://sourceforge.net/projects/erace/). These programs not only delete the data, but overwrite it a certain number of times, making the data much more difficult to retrieve.

This process can take hours and even days, depending on the size of the drives, so allow sufficient time for the process.

Also be sure to remove any portable storage, such as DVDs or flash drives.

HCP can take care of all of this for you. Contact us at http://www.hcp4biz.com/support-request/.

Mobile devices:

  • First, transfer whatever information you wish to save to your new device. Then use the factory reset to wipe your old device. For more specialized directions for your particular device, check your owner’s manual or look for such information online from the manufacturer.
  • Second, remove or erase SIM and SD cards.
  • Finally, double check your phone book, call logs, voicemails, emails and text messages, downloads and other folders, search histories and personal photos.

For gaming consoles, start with the standard factory reset, then remove or securely erase any media cards. Check your owner’s manual or go online for specialized directions for your console.

Remember, a little time invested in obliterating your precious information can save you time and money in the long run.

STAY SAFE!

For help with a computer problem, visit http://www.hcp4biz.com/support-request/.