Ransomware

Yes, You Can Still Get Infected – Even With Anti-Virus

January 15, 2016

Scott Blake is a Senior Network Engineer with Tech Experts.

With the sudden release of a new variants of malware and ransomware such as CryptoWall, users are wondering why their anti-virus programs are not blocking the ransomware infection from infecting their computer.

As with many other forms of malware, the infection needs to exist before a cure or way to detect the threat can be created. This takes time and during this period of R&D, the malware spreads like wildfire.

While there are several forms and classifications of infections, there are basically only two different methods in which infections are released into your system: User Initiated and Self Extraction.

User Initiated infections are caused by a user clicking on a link within a webpage or email or by opening infected email attachment. Once opened, the malware is released and quickly spreads throughout your system.

Because the user manually clicked on or opened the link/document, most anti-virus programs receive this as an authorized override by the user and either internally whitelists the link/document or skips the scan.

CryptoWall is spread through this method, usually contained within an infected Word, Excel or PDF document. The creators of these programs take advantage of the programming of the document to hide the infection.

With the world becoming a paperless society, we are becoming more and more accepting of receiving and opening attachments sent to us through email. It has practically become second nature to just click and open anything we receive, regardless of any warning.

Self-Extracting infections are exactly what they’re named. These infections require no outside assistance to worm their way through your system, infecting as they go.

The number one method creators of this form use to place their software on your system is through “piggy back” downloads.

Piggy back downloads occur when you authorize the download and install of one program and other programs (related or unrelated to the original program) are automatically downloaded and installed with it. The most common way is by downloading programs promising to speed up your computer.

Infections can also exist on your system and lay dormant for long periods of time, waiting for the computer to reach a certain calendar day or time. These infections are called “time bomb” infections. Just like piggy back infections, they require no outside assistance to infect your system.

They are mostly found buried in the registry of the system or deep within the system folders. Because they are not active on the time of placement, most anti-virus programs will not detect them. Active reporting through toolbars is another means of becoming infected over time.

When a user downloads and installs a toolbar for their browser, they authorize at the time of install that it is okay to install and all of its actions are safe. However, most toolbars are actively scanning, recording, and reporting back to the creator. They also act have conduits for installations of other unwanted programs behind the scene.

If left unchecked, those additional programs can become gateways for hackers to gain access to your system and spread even more infections.

To help stop the spread of malware/ransomware such as CryptoWall and its variants, we need to become more vigilant in our actions when either surfing the Internet or opening email and attachments.

The best rule of thumb to follow for email is: if you don’t know the sender, or you didn’t ask for the attachment, delete it. As for websites, read carefully before you download anything and avoid adding toolbars.

Top Signs Your Computer May be Infected

April 30, 2015

Ranging from minor spyware and adware to complete system lock-outs courtesy of ransomware, infections have become a standard in today’s high-speed electronic age.

Even when using the latest state of the art detection software, the most modern systems are prone to infection.

Some basic low-level forms of adware and spyware are add-ons called toolbars. A toolbar is an add-on to a web browser, putting another bar at the top of your browser window below the address bar.

They can come in several different forms and functions. Some are helpful and pose no threat to your system. Others serve as a reporting tool for the toolbar’s designer.

They can collect data on surfing habits such as websites visited and search topics used. This data is then transmitted back to the designer and sold off to advertisers who, in turn, use the information to start spamming you with their client’s websites and ads.

Building off of the spam generated from the data collected from the adware and spyware, you will start to see more and more pop-ups on webpages and possibly even on your desktop.

Sometimes, these pop-ups are harmless and very easy to remove, but more often, they are the beginning stages of an invasion of malicious programs.

The pop-ups use false and misleading information to scare the user into believing they are already infected and they need to download “their” software to clean the infections.

What ends up happening is that you think you are downloading one program to clean your system, but you are really downloading and installing additional programs in the background.

I have seen instances where one so-called program install downloaded nine additional programs in the background. None of the additional programs had anything to do with “cleaning” or “speeding” up your system. They just wreak havoc on your operating system.

Through these malicious programs, more dangerous infections can occur. High-risk level malware, trojans, and viruses become residents on your system.

From this point forward, you will start to experience extreme slowness or even a complete inability to browse the Internet. You will start to see an increase in spam email and email messages containing attachments or web links to strange web addresses.

The attachments are what you need to be very cautious about. A very high-risk level malware called Crypto is primarily transmitted through these infected attachments. Once infected, the Malware spreads though your system, encrypting all of your data.

After that, there is little hope of recovering any of your data.

Viruses, malware, trojans and malicious programs are lurking on the web at every turn.

The most important thing to remember is “knowledge is power.” Don’t fall victim to the overwhelming number of companies advertising that their products can and will clean your computer of these nasty bugs and speed up the performance of your computer at the same time.

The truth is that the vast majority of these companies will install a ton of “freeware” programs on your system that will bog down your CPU and eat up your memory resources.

Once these programs are installed, get ready for Pop-Up City. It turns into a giant game of Whack-A-Mole just trying to close all the windows and pop-ups generated by these programs.

Several of these programs will also inject a proxy server into your Internet settings. This will severely limit your Internet browsing and even redirect you to predefined webpages in an attempt to lure you into purchasing additional programs to remove the programs you already installed.

For additional information or if you think you may have a virus or spyware infection, contact Tech Experts at (734) 457-5000.

CryptoWall 2.0: Ransomware Is Alive And Well

February 12, 2015

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

CryptoWall is the latest strain of ransomware to rise to prominence, extorting more than $1 million from victims and wreaking havoc on thousands of police departments, businesses, and individuals across the globe.

On the surface, CryptoWall is similar to its better-known predecessor Cryptolocker, another strain of crypto-ransomware. But there are many differences.

Victims are typically infected with CryptoWall by opening a malicious email attachment, though drive-by-downloads on websites are also possible. The email attachments are often zip files that contain executables disguised as PDFs.

Once infected, CryptoWall scans all mapped drives and encrypts important files. That’s an important distinction: CryptoWall will scan your local drives, but also any server mapped drives, such as an S: or N: drive. [Read more…] about CryptoWall 2.0: Ransomware Is Alive And Well

It’s A Scary Time For Your Company’s Systems And Data

October 18, 2013

tlfheadshot_web — Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We sent out an email a few days ago alerting folks to a new and particularly nasty virus that’s making the rounds. It’s called CryptoLocker and, if your systems get infected with this particular kind of “ransomware,” it is, frankly, a nightmare.

CryptoLocker scans your system and looks for all of your file storage locations – your local C: drive, any USB thumb or external drives, and even network shares (if you save files on your S: drive, for example).

It then encrypts every file it finds using a sophisticated, spy-level type of encryption. Your files – Word, Excel, Powerpoint, etc. – all become unusable.

Pay up, or else
You’ll then get a pop up on your system, letting you know that your personal files are encrypted, and if you want the key to unlock them, you’ll need to pay the cyber crooks to get it. The ransom (thus, the term “ransomware”) is anywhere from $300 on up. And, there’s a deadline – 72 to 100 hours – after which, the key to your files is destroyed, and you’re simply out of luck.

Prevention
This nasty virus is spread by opening email attachments or through other “social engineering” means.

Spam/virus filtering are generally aware of the threat and actively block emails that contain elements of this and other malware.

We suggest notifying your employees immediately of this new virus and making sure everyone is following some basic preventive measures:

Do not click on attachments in emails from someone you don’t know or companies from which you haven’t expressed interest in receiving information.
Do not click on links, advertisements or pictures that pop up on your screen when visiting other websites.
Do not engage in social media games or click on links that appear on social media platforms.

The virus emails come in the form of a shipping notice from UPS or FedEx. It is obviously fake, but the scammers make it look very real.

Why aren’t you backing up your data?
I’ve been in the IT business for nearly 27 years and I can say I’ve pretty much seen it all. But I’m still astounded when we run across a business owner who isn’t backing up their data.

Studies show that only six out of every 10 people back up their computer files. The 40% that don’t said that it was because they didn’t think they needed to.

According to a report by PricewaterhouseCoopers, 70% of small businesses that suffer a significant data loss go out of business within a year.

These ransomware and other destructive viruses are becoming more and more prevalent. We work hard to keep your systems safe and protected, but no antivirus software catches 100% of everything.

More than ever, it is vitally important that your business have a solid backup system that is managed, monitored and tested. Too many times we’ve gone in to help a new client who is in the middle of a disaster, only to find out they were religiously changing tapes in a system that hadn’t successfully ran a backup in months – or years.

« Previous Page