TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Why Is Ryuk The Most Dangerous Ransomware?

Ryuk is one of the most prevalent ransomware variants in the threat landscape, with infections doubling from the second to the third quarter in 2019.

Ransomware infections continue to increase in tandem with overall impact and monetary demands.

Furthermore, Ryuk’s ability to delete shadow copies and backups makes Ryuk extremely costly and almost impossible to remediate.

For instance, Ryuk operators demanded nearly $600,000 from one government agency after successfully encrypting nearly all files on the network.

Ryuk uses encryption to block access to a system, device, or file until a ransom is paid. It is often dropped on a system by other malware (e.g., TrickBot) or delivered by cyber threat actors (CTAs) after gaining access to the system through compromising Remote Desktop Services.

Once on a system, CTAs deploy Ryuk through the network using PowerShell, PsExec, or Group Policy, with aim to infect as many systems as possible. The number of infected systems depends upon how the malware is deployed as well as the CTA’s access and privileges.

This may be a local subnet, the list of computers in active directory, or the entire organization depending on the variability and process specific nature of spreading the malware.

Once the malware is pushed out to the network, it targets backups and begins the encryption process.

Researchers have observed an increase in Emotet or TrickBot infections leading to a Ryuk infection.

For example, TrickBot disabled the organization’s endpoint antivirus application and spread throughout the network, infecting hundreds of endpoints and multiple servers.

Since TrickBot is a banking trojan, it likely harvested and exfiltrated financial and other sensitive information prior to deploying Ryuk.

Once Ryuk is deployed network-wide, the CTAs encrypted the organization’s data and backups, and left ransom notes on the machines.

Ryuk ransom notes once contained a message and a ransom amount, but have since evolved over time.

Throughout most of 2019, the ransom note did not list a ransom amount and only contained a message and email address. However, now Ryuk ransom notes are very simplistic, with no price or message, only containing an email address, the ransomware’s name, and the statement “balance of shadow universe.”

The CTAs demands payment via Bitcoin cryptocurrency and direct victims to deposit the ransom into specific Bitcoin wallets.

The ransom demand is typically between $100,000-$600,000, which as of 12/19/19 is 14-84 Bitcoins. Notably the ransom demand is determined by the organizations’ assessed ability to pay and the sensitivity of the data affected.

It is highly likely the CTAs account for characteristics like industry, solvency, subscription to cyber insurance, and network saturation when calculating ransom demands. Furthermore, the CTAs have been known to negotiate with victims and adjust the initial ransom amount.

Ryuk’s main infection method is to be dropped on a system by other malware. The file will have a five-letter random name that is usually generated by the srand1 and GetTickCount2 functions.

Persistence
Once executed, the main payload attempts to stop antivirus related processes and services. It uses a preconfigured list to kill more than 40 specific processes and 180 services with taskkill and net stop commands.

This preconfigured list includes antivirus processes, databases, backups, and document editing software. Additionally, the main payload establishes persistence in the registry and injects malicious payloads into several running processes.

To increase persistence, Ryuk makes changes to the registry allowing it to run the payload every time the user logs on.

Ryuk’s anti-recovery techniques are more extensive and sophisticated than most types of ransomware, making recovery almost impossible without restoring from clean external offline backups.

Ryuk’s process injection allows the malware to gain access to the volume shadow service and delete all shadow copies, including those used by third-party applications.

Encryption
Ryuk uses unbreakable RSA and AES encryption algorithms with three keys. The CTAs use a private global RSA key as their base encryption model. The second RSA key is delivered to the system via the main payload and is encrypted with the CTA’s private global RSA key.

Once the malware is ready for encryption, the final key is created in their three-key encryption model.

Ryuk scans the infected systems and encrypts almost every file, directory, drive, network share, and network resource.

Ryuk attempts to encrypt all mounted network drives. As long as the drives are not CD-ROM types, the files will be encrypted.

Finally, once the malware is finished with the encryption process, it will create the ransom note, “RyukReadMe.txt”, placing it in every folder on the system.

What Are The Advantages Of Office 2019?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As an IT service company, we get asked this question almost every day. Now that it’s available, everyone wants to know what Office 2019 is all about. Office 2019 provides a subset of features that Microsoft has been adding to Office 365 over the past three years.

Office 2019 is a local version of Office software, rather than cloud-based. It’s a perpetual release, meaning that you purchase the product once and own it forever instead of paying for a subscription or subscriptions to use it.

Who Will Benefit From Using Office 2019?

Although anyone can purchase Office 2019, this version has been designed for business users. It comes with volume licensing and is best for companies that don’t want to use the cloud-based version of Office. You can also install the Office 2019 app on all your mobile devices, where you’ll have access to its basic features. [Read more…] about What Are The Advantages Of Office 2019?

Microsoft Contractors Listening To Recordings Made Via Skype Or Cortana

Jason Cooley is Support Services Manager for Tech Experts.

For years, Skype has been a big part of computer users’ experiences regardless of operating system. Whether voice calls, messaging, or video, Skype has a huge share of the user pool. Many Android users use Skype for video chatting in lieu of Apple’s popular Facetime app. It’s also popular among those contacting relatives or friends around the globe.

Skype even introduced an auto translate feature last year. The feature allows for translation between languages in (nearly) real time. Skype has made connecting with people easier than ever, no matter where they are from or their language.

Skype’s translate feature has been praised and for good reason. It is quite impressive that there is an application capable of translating so quickly, allowing people that don’t speak the same language to have a nearly flawless conversation. Of course, with software capable of such amazing things, it’s guaranteed that improvements will constantly be in the works so that it can reach its full potential.

Skype’s translator FAQ does state that calls are collected for data analysis, but that’s vague and may not raise any alarms.

What if I told you that some of those calls were being recorded? Not only that, but they are also being listened to in some cases.

With Skype, the data discovered shows that MOST of the Skype recordings gathered and reviewed are recordings using the translator. Again – that is MOST, not all. These calls contained all kinds of personal information: relationships being discussed, intimate conversations, arguments, you name it.

Skype claims that the information was gathered and listened to only to help improve the product. However, the problem will always go back to the fact that this information was not disclosed.

In fact, many people would say Skype was dishonest in the way that the privacy information was portrayed. Microsoft, who owns Skype, of course states that they only collected voice recordings with customer permission. Micro­soft also ensures that the data is treated as confidential information, but humans are still listening to personal conversations. The confidentiality of that seems suspect.

Then there is Cortana, Windows’ built-in digital assistance. Cortana can search for you, using voice commands. Much like more well-publicized assistants (such as Amazon’s Alexa), Cortana can help you by pulling up search results, maps, or other information you may need. Of course, Cortana also can remember some of your information for you.

So let’s think about Cortana being used in the real world. Asking Cortana about that embarrassing rash? Punching in your home address? Someone might be listening to that too.

The stance on the Skype calls (even though not ALL calls listened to were made with translator) is that Microsoft is collecting data for the purpose of improving its translator feature – so what about Cortana? Is listening to a person’s voice searches really improving any sort of programming?

Possibly, but that sort of testing could be done without the use of private recordings.

Five Benefits Of Virtualization For Small Businesses

Virtualization offers real and attainable multi-faceted advantages for small businesses. Here are some tangible benefits:

Low operating costs

A growing number of businesses are using virtualization because the technology helps reduce costs drastically.

For instance, server virtualization eliminates the need to have physical servers, which are typically costly to run and maintain. In addition, instead of purchasing separate licenses for each server, you would only purchase one license and host additional servers at no extra cost (some limitations and exceptions may apply). With fewer physical servers, you also save money on power bills, maintenance fees and data center office space and fees.

Increased efficiency

Server virtualization makes more efficient use of computing resources; it becomes possible to increase the utilization of your servers from 15 to 80 percent, eliminating the need for extra servers.

You essentially consolidate multiple physical servers onto one machine running a number of virtual servers. As such, you would cut your capital expenses.

Improved business continuity

Server hardware failure is the most common cause of data center failure. In a virtual server, live migration is a feature that helps maintain business continuity by eliminating downtime.

Faster deployment

Virtual devices allow faster installations of new server applications and/or routers as well as to switch software services, since you don’t have to order equipment.

Instead, all you need to do is configure a new virtual machine, router, switch or storage drive using your special virtualization management software tool. The process typically involves copying an image, significantly reducing setup, configuration and recovery times.

Improved disaster recovery

Backing up virtual infrastructure normally entails making copies of virtual machine file images – an easier process than working with different physical servers.

In addition, hosting virtual infrastructure doesn’t require much equipment, so companies can buy multiple servers and house them in different locations. This makes backups redundant and disaster recovery quick for higher uptime.

Administrators can seamlessly move live virtual machines between physical server hosts without turning them off and without downtime.

Tax Benefits You Should Reap Before The Year Ends

There are important tax benefits you can only gain by acting before December runs out. Preparing for taxes at the end of the year also puts you ahead of the game, eliminating the last-minute scramble to decipher receipts and new forms, so you can be calm and collected when tax season actually hits.

Perhaps the most important tax benefit small businesses should be aware of is that purchases like IT hardware or computer software that is purchased off the shelf are tax-deductible. Such capital purchases, however, must be dealt with before the new year, or they can no longer be used on your tax return. New special provisions dictate the cost of such equipment must be deducted within the year they were put into service, so you can’t afford to wait until the fiscal year ends and miss the narrow window for this tax benefit opportunity.

Small businesses should also be aware that many tax benefits are dependent on whether your activities are profitable or not. This is because the amount you can deduct for technological purchases changes according to your business’ total taxable income.

Be sure to reference Section 179 rules if you are showing a profit and Section 168 rules if you are in the red. You may even choose to consider if it is in your business’ best interest to be profitable at all, and adjust your inner workings to reflect your best tax advantage.

When making deductions for tech hardware and software purchased this year, make sure your record keeping is first rate. Keep all paper¬work that identifies the equipment, receipt for purchase, and anything that can point to when you actually put the equipment into service.

If necessary, you can then provide copies of that paperwork to the tax agency in the event that there is a question about your deduction. Before filing, if there is any doubt about whether a particular purchase is eligible for a tax deduction, consult with your tax adviser to be sure the necessary points have been met.

What’s The Best Way To Scan Old Prints And Negatives?

If you have old prints and you would like to share them with your family and friends you can choose from the alternatives listed below:

Flatbed Scanners
A flatbed photo scanner is a great option if you have a large number of photos rather than negatives. Your budget will pretty much determine the quality of those pictures if your intent is to print large-size photos.

However, if you intend to share those with family and friends over your social network sites, you may be ok with a low-cost scanner. Remember that scanning is time consuming, you will have to feed each individual print into the scanner and process the image, which might take weeks depending on how large your collection is.

Negative Scanner
If you would like to scan negatives only, you may be interested in acquiring a negative scanner. Negative scanners are meant to convert film into digital images in the most dedicated way possible. It will not only generate more accurate scans of your negatives, their software will speed up the process. Some scanners offer the comfortable feature of batch scanning, automating
the scanning of multiple 35mm films in a row, in as little as one minute.

Scanning Services
If you find that scanning your photos or films is very time consuming, you may want to try scanning
services that will do the work for you. These services are becoming quite popular. This can be a cost-effective solution for small jobs but may get expensive for larger jobs with higher quality requirements. It is best to research several options.

How To Protect Your Business From Phishing And Spearphishing

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the best ways to protect your business against these types of attacks is by educating your employees on the methods these criminals exploit to gain access to your employees and your sensitive information. But beyond that, there are some methods you can use in conjunction with education to help protect your business.

Pre-delivery
Using filters can help prevent malicious emails from reaching your employees’ inbox and is effective for preventing indiscriminate attacks but not targeted ones.

More useful, however, are solutions that not only filter emails before reaching the inbox but incorporating virus scanners, real-time intent analysis, reputation checks, URL checkers, and other assessments before any email reaching your employee. We have an offering that can help you prevent an attack before it even starts. [Read more…] about How To Protect Your Business From Phishing And Spearphishing

Windows Core OS: The Future of Windows

Jason Cooley is Support Services Manager for Tech Experts.

Microsoft Windows has been the leading PC OS for as long as I can remember. There have been many different versions through the years.

There have been favorites like Windows 3.1, XP, and Windows 7 – and less well-received versions, like ME (Millennium Edition) and Vista.

Windows tried a new approach with Windows 8, something they envisioned would take over mobile device platforms, and designed an OS that would be similar across many devices.

This never truly came to be as Windows 8 was generally not well received, and the mobile version wasn’t exactly a hit either.

Enter Windows 10. While there are problems from a technical standpoint, Windows 10 (as it currently stands) is a pretty user-friendly OS and continues to make improvements and security enhancements with the user in mind. Windows 10 spans many devices.

Smart TVs, cell phones, laptops, desktops, tablets, Microsoft’s Xbox One, and so many other devices have a version of Windows 10.

I stress the fact that these devices have a version of Windows 10 for a reason. These operating systems look and function very similarly, but each is a uniquely programmed version of Windows 10. Essentially, each device type has a custom operating system developed to look and run like Windows 10.

These operating systems are fine-tuned for the type of device they are running on. You wouldn’t have a great experience using Windows 10 for desktops on a cell phone. It would be much too resource-intensive and create a real battery use issue.

So what is Windows Core OS?

Windows Core OS is a new project underway by Microsoft. Windows Core OS would create a base version of Windows that could be installed on any type of device. This is great for users and developers alike.

While it will be a long time before Core OS is available, Microsoft is already using it for testing their new Hololens and other devices they’re currently showcasing. It is also a huge part of the development for operating systems that will thrive on foldable devices and mobile devices with more than one screen.

Currently, when a new type of device comes out, like a foldable screen phone, an all-new version of Windows 10 is written specifically for the phone.

It’s programmed from the ground up and works around the device specifications and limitations to create the closest thing to a normal Windows 10 experience as possible.

While many users who use Windows 10 on multiple platforms may not notice many differences, each version requires a lot of work and each device gets a lot of attention.

Windows Core OS would change everything. Microsoft is developing Core OS to be buildable and scalable.

It would allow for a base version of Windows that would run on any device.

Whenever devices are launched with new capabilities, features can be added instead of creating an entirely new operating system. This lightweight operating system will be used on every kind of device you could think of in the not too distant future and – sooner than you think – it will also be running on a lot of devices that you probably couldn’t dream of.

Top Reasons To Jumpstart Your Paperless Initiative

Want to “go paperless” with your company? See the many benefits of paperless business and learn how to jumpstart this initiative for effective results.

Many businesses toy around with the idea of “going paperless,” but what’s actually in it for the companies who decide to go through with it? To be sure, not all businesses are cut out to go paperless.

Certain documents in certain industries simply must be in paper form. Therefore, depending on your industry and unique company needs, you may end up unnecessarily complicating affairs if you try to do everything digitally.

At the same time, a great many companies will benefit significantly from making this change. Below, we’ll go over the specific reasons why it might be a good idea for your company. First, though, let’s define what going paperless actually means.

What does it really mean to “go paperless?”
The term “going paperless” simply refers to the shift from printed documents to digital documents. For example, instead of printing invoices, order forms, and tax documents, a company would issue all of these documents digitally, sending them via email or storing them as files.

What are the top reasons to “go paperless?”
You’ll save money. Cloud data storage is a lot less expensive than on-premise data storage. Moreover, on-premise data storage forces you to pay for the maximum amount of storage you may need upfront. With cloud storage, you can easily scale your storage capacity up or down, depending on your needs.

You’ll have document access from everywhere
Most businesses who go paperless store their documents in the cloud. When you do this, access to these documents is available wherever you can find an Internet connection.

This makes it easier to hire remote workers, send employees on work trips, and access important information even when you’re away from the office.

You’ll save time
Consider the time it takes to print, scan, copy, collate, organize, and store all of your paper documents. Additionally, remember that when you have a huge number of documents to contend with, protocols and systems must be developed, instituted, and monitored. Lastly, think about how long it takes to find a specific document within your files. All of these tasks are time- consuming, and in any business, time is money.

When you switch to a digital system of document storage, you’ll be saving an immense amount of time. Documents can be digitally created, copied, sent, edited, and stored.

There’s no need to run to the printer or search through endless boxes for the paper file you need. When searching for files, you can simply pop a few keywords into the search bar of your data storage system, and voilà — it will appear!

You’ll save space
Consider how much space you currently use to store paper documents. From old tax returns and invoices to printed data and memos, an accumulation of individual sheets of paper can actually take up quite a lot of room. Digital documents, on the other hand, are virtually invisible. As long as you have enough data storage capacity available, you’ll gain tons of physical space when you make the switch to a paperless system.

10 Tips For Navigating Microsoft Excel

Learn 10 tips to improve your mastery of Microsoft Excel, including tricks for navigating, adding, deleting, renaming and grouping worksheets within a workbook.

Microsoft Excel has become a powerful tool used in businesses of all types. What started (and is still used) as an accounting tool, the product now is ever-present in offices around the world. Mastering some key functions in Excel can help your users work more efficiently.

Here’s a look at 10 top navigation tips.

Use the arrow
If you have lots of worksheets open (Excel lets you have as many as 1,000) in your workbook, it can be difficult to find the one you need. On the bottom left are two black arrows that can be used to scroll through the different worksheets to find the one you need. Click on it and it becomes the active sheet.

You can also use the Ctrl key with the arrows to move to the first or last sheet. Right-clicking on either of the arrows brings up a pop-up window with a complete list of your worksheets. Click on the name and brings you to that worksheet.

Use the shortcuts
The following shortcuts can save you time moving through your workbook:

• Ctrl + Page Down: Go to the next worksheet
• Ctrl + Page Up: Go to the previous worksheet

Right-click to manage worksheets
Right-clicking on any worksheet brings up a list of helpful options. Here you can quickly change the worksheet color, rename a worksheet, or copy or delete it.

Insert a new worksheet
There are four ways to add a new worksheet to your workbook.

• Right-click on any worksheet tab and select the Insert option
• Shift + F11
• Click on the plus sign in a circle on the bottom right of the tab listings
• Go to the Home menu, go to the Cells section, click on Insert and select Insert Sheet

Delete a worksheet
Right-clicking provides you with the option to delete a worksheet. If there’s data in the worksheet a warning will appear.

You can also go to the Home tab in the Cells group and click on Delete and select Delete Sheet. A word of warning about deleting sheets. You cannot undo a sheet deletion.

Rename a worksheet
There are three options, from slowest to fastest:

• Go to the Home tab, click on the Cells group and the Format option. You’ll see a choice to Rename Sheet. This will activate the name box for the sheet
• Right-click on the worksheet tab and choose the rename option
• Double-click on the worksheet tab

Add a tab color
Large workbooks can make it difficult to organize and find a needed worksheet. Adding color tags to the worksheet tabs is a big help. Right-click on the tab, select Tab Color and choose the shade you want.

Move a worksheet
This is a simple tip. To move a worksheet, click the tab and hold. A mouse pointer will appear and you can move the tab to the spot you want.

Copy a worksheet
When you need to copy a worksheet within the same workbook, copying and pasting is not the best option. The copied data often does not look the same and can require a lot of time to fix.

Another option is to again click and hold the tab you want to copy, and hit the Ctrl key. Move to the spot you want to add the copied worksheet and a new tab will be added.

Group worksheets
When you want to add headers and footers or formatting to multiple worksheets, Excel does not have an intuitive solution. Using the Grouping function lets you handle several key tasks that apply to more than one sheet.

These tips will accelerate how fast work is done and give your employees more confidence and control of their Excel work.