TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

CryptoLocker

Anti-Virus: It’s Worth Protecting Yourself

Ron Cochran is a senior help desk technician for Tech Experts.

You can have any machine — from the latest and greatest, to the old dinosaur in the corner — but if you don’t have virus protection, your latest and greatest machine might soon run like that dinosaur in the corner.

All of your sensitive images, documents, billing information, and passwords are subject to infection. No matter how careful you are, there is always something that slips through the cracks.

Often, users say, “I have such and such subscription,” or “I don’t click on anything I don’t know,” but the people spending countless hours causing havoc on computer users will always find new and sneaky ways to infect computers.

Viruses can be attached to images or links on websites. They can also be renamed to look like something that you should install. Once inside your computer, they are hard to track down even by a seasoned computer technician.

Viruses very rarely remove anything from your computer. Instead, they have a tendency to add things that can record your activities on your computer. A person could install a silent program that will start recording your keystrokes triggered by keywords; it can also take a screenshot or record email addresses and passwords. Most of the time, they don’t need to even gain access back to your computer to report the data.

They can have an email sent from your computer and Internet connection without you knowing it. That email, secretly sent from you to them, would contain your information (keystrokes, clicks, etc.).

By now, you have heard of the “crypto virus” and all of its variants. There are many solutions out there, but select few offer “zero-hour” infection reversal, however it’s something that businesses can especially benefit from. Let’s say you accidentally encrypt your machine; it would then be inaccessible until you pay the ransom to unlock your files.

Protection that offers infection reversal can revert your system back to its state right before you were infected and it would be like you never infected by the virus at all. This feature is part of Webroot Secure Anywhere, which is something we can provide.

Viruses not only help people steal your data, but they can also delete or corrupt files, degrade system performance, and make your computer run slower.

Viruses can also prevent programs from working and they can use your email to send out copies of itself to your contacts and other users. Sometimes, they can disable your computer from starting up by corrupting your BIOS firmware.

A couple of the main things that you’ll notice once you’re infected is that your system could run slower and you’ll receive all kinds of fake pop-ups, ads, warnings from “Microsoft,” etc. These type of files are referred to as “scareware” and the makers feed on the fear that you might lose your data, so you’ll pay them to “unlock” your system or “remove” the virus.

Again, we go back to protection. If you had virus protection, then it’s likely that would stop it before it even established itself inside your computer.

There are a few things you should do, if you haven’t already: get some sort of whole computer protection (such as Webroot), have restore points saved on your operating system, have a backup of your operating system install saved on some sort of external media, and save your documents, pictures, and videos to an external source.

When you find yourself in a predicament where you have to wipe an entire computer to remove an infection, you’ll be glad you took the time to prepare for the worst.

Yes, You Can Still Get Infected – Even With Anti-Virus

Scott Blake is a Senior Network Engineer with Tech Experts.

With the sudden release of a new variants of malware and ransomware such as CryptoWall, users are wondering why their anti-virus programs are not blocking the ransomware infection from infecting their computer.

As with many other forms of malware, the infection needs to exist before a cure or way to detect the threat can be created. This takes time and during this period of R&D, the malware spreads like wildfire.

While there are several forms and classifications of infections, there are basically only two different methods in which infections are released into your system: User Initiated and Self Extraction.

User Initiated infections are caused by a user clicking on a link within a webpage or email or by opening infected email attachment. Once opened, the malware is released and quickly spreads throughout your system.

Because the user manually clicked on or opened the link/document, most anti-virus programs receive this as an authorized override by the user and either internally whitelists the link/document or skips the scan.

CryptoWall is spread through this method, usually contained within an infected Word, Excel or PDF document. The creators of these programs take advantage of the programming of the document to hide the infection.

With the world becoming a paperless society, we are becoming more and more accepting of receiving and opening attachments sent to us through email. It has practically become second nature to just click and open anything we receive, regardless of any warning.

Self-Extracting infections are exactly what they’re named. These infections require no outside assistance to worm their way through your system, infecting as they go.

The number one method creators of this form use to place their software on your system is through “piggy back” downloads.

Red button on a dirty old panel, selective focus - virus

Piggy back downloads occur when you authorize the download and install of one program and other programs (related or unrelated to the original program) are automatically downloaded and installed with it. The most common way is by downloading programs promising to speed up your computer.

Infections can also exist on your system and lay dormant for long periods of time, waiting for the computer to reach a certain calendar day or time. These infections are called “time bomb” infections. Just like piggy back infections, they require no outside assistance to infect your system.

They are mostly found buried in the registry of the system or deep within the system folders. Because they are not active on the time of placement, most anti-virus programs will not detect them. Active reporting through toolbars is another means of becoming infected over time.

When a user downloads and installs a toolbar for their browser, they authorize at the time of install that it is okay to install and all of its actions are safe. However, most toolbars are actively scanning, recording, and reporting back to the creator. They also act have conduits for installations of other unwanted programs behind the scene.

If left unchecked, those additional programs can become gateways for hackers to gain access to your system and spread even more infections.

To help stop the spread of malware/ransomware such as CryptoWall and its variants, we need to become more vigilant in our actions when either surfing the Internet or opening email and attachments.

The best rule of thumb to follow for email is: if you don’t know the sender, or you didn’t ask for the attachment, delete it. As for websites, read carefully before you download anything and avoid adding toolbars.

Data Security: Why You Should Be Concerned

by Michael Menor, Network Technician
All businesses, big or small, have client data which is the life blood of their company. Losing this data can prove deadly; even worse having this data held hostage.

The purpose of this article is to explain the importance of data security with encryption and also viruses like CryptoLocker which purposely encrypts your data and requests that you pay a ransom to release this data. This nasty little virus is no joke, many companies have fallen prey to it and have paid the ransom which ranges anywhere from $300 and upwards to $2000.

Let’s talk about this CryptoLocker virus. “What is it?” you ask. This is a piece of ransomware that targets computers with the Windows operating system. This virus is spread as an email attachment and has been seen to pose itself as a voicemail message.

Once CryptoLocker is installed on your computer, it encrypts all documents on your local computer, as well as ones that are stored on network drives and external storage. The encryption used is strong, 2048-bit, cracking this level of encryption is impossible.

It would take approximately 6.4 quadrillion years to break. Even if you were using a super computer it would take a very long time to break.

Hard drive encryption should be the first step in ensuring data integrity. Microsoft has their own encryption technology called BitLocker, which is only available on Windows Enterprise and Ultimate editions.

TrueCrypt is a free alternative. The only problem with this is that once you authenticate the drive that is secured with either software, it is ready for use and allows the user to freely read and write to the drive. Which in turn lets other programs on the computer do the same.

In regards to TrueCrypt, it has no supporting management infrastructure, and no key recovery system. If you forget your password, or something goes wrong with the TrueCrypt file, there is no way to get your data back. You must therefore keep separate backups. Another alternative to hard drive encryption is backing up your important data to the Cloud. You don’t have to worry about maintaining a storage server or carrying around an external hard drive. Everything is available to you wherever you go as long as you have an Internet connection.

Talking about all this data security will not stop the standard user from opening email attachments without verifying the sender of this file. Having proper net etiquette training can be very useful, you want your employees to understand the risks of these attachments and the possible risks involved when they’re viewing their email or even browsing the Internet.

Before users open any email attachments they should ask themselves. Is the email address trusted? Were you expecting an email from them? Is the spelling and grammar consistent with what you’d expect from the sender?

Security Expert, Nick Shaw has created software that can prevent CryptoLocker. This software prevents CryptoLocker from ever executing and has been proven to work on Windows XP and Windows 7 workstations.

Contact us for more information on how to prevent viruses or if you have any questions regarding data security and backups.