October 22nd, 2014
A new Android ransomware threat is spreading fast thanks to it adapting to become a worm spread through text messaging. The Koler Android trojan was discovered by AdaptiveMobile in the United States and managed to affect hundreds of users in just one day. John E. Dunn of TechWorld explained how the Koler trojan is spreading so rapidly.
Koler began infecting victims who visited untrusted websites like porn and gambling sites. Many examples of mobile malware stays quarantined to those areas and never becomes a large scale problem for the general public. Koler, however, transformed into an SMS worm, which means it sends a shortened and disguised link via text message to everyone in an infected user’s contacts. That link appears to be from the user, which results in many of their contacts clicking on it and being infected themselves.
Those that click on the link are sent to a Dropbox page and asked to install a photo viewing app in order to see some photos that “someone” has uploaded of them. Agreeing to this download results in the Koler trojan to take quick effect.
Almost immediately, the user’s screen is blocked by a message supposedly from the FBI. A ransom is demanded to unlock the phone. Meanwhile, that same link is sent to the user’s contacts.
The good news is that if the default security options are enabled on your Android device, the download of the malware should be blocked because it stems from a third-party. However, many users have already discovered that their security settings aren’t configured correctly to protect them from a threat like this.
The make-up of this attack isn’t complicated, which means it’s also fairly straightforward to disable it. Dropbox has already been asked to remove the download from its servers and disable to link. Attackers could easily move their malicious files elsewhere and continue to victimize Android users, however.
If your device becomes infected by malware, Geek Rescue will fix it. Stop by or give us a call at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 18th, 2014
Cryptowall is the latest ransomware malware to be claiming victims. Much like CryptoLocker, Cryptowall encrypts the files on a victim’s computer and demands a payment to decrypt those files. This malware is usually spread as an attachment on spam emails. A post at Spyware News details the Bank of America email scam that’s currently spreading Cryptowall.
If you’re not a Bank of America customer, it’s easy to ignore messages claiming to be from the bank about your account. Those that do have active accounts find the messages more believable, however.
Users are reporting seeing emails claiming to be from Bank of America with an attachment. The emails are from “Andrea.Talbot@bofa.com” and advises the user to open the attachment because it contains information about their account. The email contains an office phone number and cell number with an 817 area code and even includes a standard confidentiality notice at the bottom. The email appears to be legitimate except for the fact that no bank, much less on the size of Bank of America, would send confidential account information to customers this way.
The attached file is named “AccountsDocument.zip” but those that download it quickly discover that it’s malware. Specifically, it’s the Cryptowall virus that encrypts files.
For the time being, be extra cautious about opening any emails from Bank of America and don’t download any attachments. If you have questions about an email, always contact the institution named in the email directly, rather than downloading attachments or following links provided.
Unfortunately, if you’ve become infected by Cryptowall, or a similar virus, there’s often no easy way around it. If you’ve recently backed-up your system, you can restore the encrypted files after the malware has been removed. Otherwise, you may not be able to recover the encrypted files.
If your device is infected with malware of any kind, call Geek Rescue for help at 918-369-4335.
For business solutions needs, visit our parent company JD Young.
July 15th, 2014
Since 2013, Cryptolocker, a particularly nasty form of ransomware capable of locking users out of their own files, has been terrorizing its victims. The US Department of Justice, however, has announced that the malware is no longer a threat. Robert Westervelt has more details at CRN.
The DOJ has been working on a global operation to track down those responsible for Cryptolocker and the associated Gameover Zeus botnet. They believe they’ve found the responsible party, a 30-year old Russian computer programmer. He remains at large, but the infrastructure used to operate the malware has been dismantled, which has made Cryptolocker incapable of encrypting files on computers it infects.
All told, the ransomware and botnet were able to infect hundreds of thousands of devices and cost victims more than $100-million.
While Gameover Zeus infections fell by 31-percent over the past month, spurred by a law enforcement seizure of servers used to communicate with the botnet, there remain over 100-thousand infected computers.
Unfortunately, Cryptolocker was far from the only ransomware infecting users. Copycats and other forms of the malware are still a threat to infect a user’s system, encrypt files then demand a ransom payment in exchange for decryption. Victims of ransomware of this nature have little defense once they’re infected. The best course of action is to make full back-ups of your files regularly so that you can restore them in the case of an infection.
Ransomware has actually been on the rise recently thanks to kits being made available for sale by hackers. These kits automate attacks so that those with less expertise are able to execute them.
If any of your devices are suffering from a malware infection, or other issues, call Geek Rescue at 918-369-435.
June 9th, 2014
Ransomware has surged in popularity for attackers over the past year. In a ransomware attack, a user’s files are encrypted and only released once a ransom is paid. Usually, this type of malware finds its way onto a user’s device through a malicious email attachment, or phishing website set-up specifically for infection. Neither of these methods are particularly efficient for criminals, however. That’s why, as Jeremy Kirk reports at TechWorld, ransomware attacks have begun appearing in conjunction with malicious advertisements on trusted websites.
Disney, Facebook and the Guardian Newspaper’s website were all found to be hosting malicious ads by Cisco Systems, who called the practice “insidious”. Also known as malvertising, legitimate websites are tricked into displaying ads that redirect users to malicious domains. While advertising networks are working hard at protecting websites against malvertising, their security is far from perfect, which leads to attacks like these.
For users, not only is the website trusted, but so is the ad. The advertisement of legitimate and trusted companies is shown, but while the user is expecting to visit that company’s website, a click actually delivers them to a site that downloads malware to their device.
In the attacks noticed by Cisco, an exploit kit on the malicious site checked for any vulnerabilities in a user’s version of Flash, Java or Silverlight. Those who hadn’t patched vulnerabilities were exploited and a ransomware relative of Cryptolocker, called CryptoWall, was installed. CryptoWall then encrypted files and demanded a ransom. The longer a user delays, the higher the ransom gets.
The group behind the attacks hasn’t been identified yet and no real protection is being offered. To avoid infection, you could avoid clicking on any advertisements online, but even that doesn’t protect you against attacks that only require the display of malvertisements. A better course of action would be to ensure that all of your applications are fully updated and patched. Then, be aware of what you’re clicking on and what website you expect to load.
If any of your devices are infected with malware, come to Geek Rescue or give us a call at 918-369-4335.
May 27th, 2014
Apple devices are extremely popular, which unfortunately makes them a target for theft. To combat this as much as possible, Apple includes features to help users find lost or stolen devices, but these features contain security vulnerabilities of their own. The latest reports, as noted by Loek Essers of TechWorld, center around the “Find My iPhone” feature and a form of ransomware.
When ‘Find My iPhone’ is enabled, users are able to track it to see its current location or lock the device and display a custom message. Users are reporting that their iCloud accounts are being hacked and ‘Find My iPhone’ enabled on their own devices, however. A message informing them that they’ve been hacked by “Oleg Pliss” is displayed and a $100 ransom is demanded.
Users have also reported that while they’re able to log-in to their Apple accounts, they’re unable to disable Lost mode and unlock the device on their own.
At least for some of the victimized users, the problem may stem from the eBay hacking from earlier this month. Some users admit they use the same passwords for their Apple account as they did for eBay.
For now, Apple has been silent on the issue and hasn’t officially suggested a way to unlock hacked devices. The only fix to be found so far is to restore the device to factory settings.
It’s not just iPhones that have been affected either. All Apple device have a similar feature to help find them when they’re lost or stolen and all are vulnerable to this same ransom tactic. So far, users in Australia, Great Britain and Canada have all reported being hacked, but no users from the US have had the same problem.
Before the problem spreads to the US, it’s a good idea to change your passwords, especially if you held an account at eBay that may have been compromised.
If any of your device are hacked, infected with malware, or break, bring them to Geek Rescue or call us at 918-369-4335.
April 1st, 2014
Ransomware is a particularly troubling form of malware. It’s capable of encrypting your files and preventing you from accessing them until you pay a fee. In many cases, the encryption used in these attacks is so strong that users are forced to decide whether to pay or lose the affected files forever. As Jeremy Kirk reports at Network World, one ransomware program makes a mistake that allows users an out.
Late last month, a ransomware program called CryptoDefense began victimizing users. It features the same characteristics as other ransomware. For example, it encrypts your files, specifically using a 2048-bit RSA key. It then takes the key needed to decrypt the files and sends it to the attacker’s server. The difference is that, while CryptoDefense asks for a ransom payment, you don’t need to make one to get access to the key.
The makers of CryptoDefense designed the malware with a critical hole. The key needed to decrypt the files is sent to the attacker’s server, but it’s also stored on the victim’s computer in a file folder. Users with some know-how are able to find the key and unlock their files without making any payments.
Most commonly, CryptoDefense finds its way onto computers via spam email messages. Those that mistakenly open the messages and download the attachment, usually a file disguised as a .PDF, are actually installing the ransomware.
The attackers behind CryptoDefense have collected more than $34-thousand in payments with victims in dozens of countries. With this news, users need to understand that they hold the information they need to defeat the ransomware.
If you’re infected with CryptoDefense, don’t pay the ransom.
If your computer is infected with any type of malware, bring your infected device to Geek Rescue or call us at 918-369-4335.
March 10th, 2014
A common piece of security advice is to regularly update your antivirus program to protect against the latest threats. New malware is formed every day and it’s difficult for security applications to keep up, but it’s impossible if they aren’t updated daily. Alastair Stevenson illustrates the need for up to date definitions with his report at V3 that three new threats emerge every second of every day.
That statistic comes from security company McAfee’s Threat Report from the fourth quarter of 2013. Part of that report reveals that McAfee learned of 200 new attacks every minute, which likely means that the number of new attacks being launched is actually even higher.
Overall, in just the fourth quarter in 2013, 200-million malware variants were found by McAfee. That’s 90-million more than was found during the same time span in 2012. Experts believe one reason for this significant increase in malware production is the increase in “Point of Sale” malware, which refers to variants that are available to be purchased online by anyone and used without a need for expertise. This allows nearly anyone to launch an attack.
Malware isn’t targeting PC users alone, however. The report states that nearly 2.5-million new forms of malware targeting Android mobile devices was collected. That’s significantly lower than the amount of malware targeting PC users, but it’s nearly double the output of mobile malware from just a year prior.
Ransomware, the malware that encrypts or locks down files on your PC and demands payment to give you access to them, also saw a large jump in number of attacks in 2013. After 1-million observed forms of ransomware attacks in 2012, 2013 saw about 2-million.
The clear lesson here is that security on your personal devices and your company’s network is becoming even more important as more attacks are being produced and those attacks are becoming more intelligent.
For help improving security or help recovering from an infection or attack, call Geek Rescue at 918-369-4335.
March 7th, 2014
A recent survey on computer security revealed not only alarming numbers of victims of cyber crime, but also high numbers of users who have little to no security in place. The University of Kent, which is located in the UK, surveyed about 1500 adults in their study. Admittedly, it’s a small sample size so the numbers could be a little skewed. Even so, there are surprisingly high rates of malware infections, specifically with ransomware, as John Hawes of Naked Security reports.
CryptoLocker, a headline-making form of ransomware that encrypts files on victim’s computers and demands payment to release them, one in 30 of the survey’s respondents. Even worse, about 40-percent paid the ransom to have their files decrypted.
Those figures only pertain to CryptoLocker specifically. For all forms of ransomware, about one in 10 respondents confirmed they’ve been a victim. Even if you assume those numbers are slightly inflated, that’s a shocking amount of ransomware cases.
It’s particularly troubling when you combine the amount of cyber attacks with the amount of users who fail to put proper security measures in place. The survey also found that more than half of users weren’t using an up to date anitvirus or anti-malware program. About a third of respondents reported they had no firewall in place on their network and about the same number failed to use proper password practices for maximum security on online accounts.
With that in mind, it’s no surprise that about a quarter of users in the survey were identified as being the victim of some sort of “cyber-dependent crime” with malware infections and phishing scams being the most popular.
Unfortunately, when it comes to the number of malware incidents, the actual number of infections is usually higher than what is reported. This is because malware, by its nature, stays hidden on most systems particularly those with less than ideal security. Users may report that they’ve never been the victim of a malware infection, but in reality it’s difficult to say for certain.
The takeaway from this study and others like it is that no one is immune from cyber attacks. Malware can strike any of us, but those with less security in place are asking for trouble.
If you’ve been infected with malware, or would like to improve security at home or at your business, call Geek Rescue at 918-369-4335.
February 11th, 2014
One of the biggest mistakes made in security by local businesses is a belief that they won’t be targeted in an attack because they have less to offer than larger enterprises. That mistake leads to weak security, which attracts attacks and leaves you susceptible to untargeted attacks. Take the latest news of a Cryptolocker victim for example. John E. Dunn of CIO reports that a local law firm in Charlotte recently lost critical data after Cryptolocker infected their network.
Cryptolocker found its way on the law firms computers after an email and its malicious attachment were mistakenly opened. An employee believed the email was from the firm’s phone answering service. After that, Cryptolocker couldn’t be stopped from encrypting thousands of legal documents critical to the law firm’s operations.
The nature of law firms makes them enticing targets for Cryptolocker and similar attacks because they can’t afford to lose access to their documents. Any business with money to spend, but no time to waste is likely to pay the ransom associated with decrypting files.
In the case of the Charlotte law firm, their IT team first attempted to unlock the files and work around the malware. When their efforts were unsuccessful, the firm attempted to pay the $300 ransom, but they were informed that the deadline had past and the files were permanently locked.
The law firm notes that had an attack stolen the important documents, rather than only encrypting them, the damage could’ve been much worse. Still, they lost access to every file stored on their main server, which prevents them from serving many of their clients.
For any size business, it’s important to educate employees about this type of threat in order to avoid infection in the first place. Regular back-ups of files will also save you from a disastrous loss of data.
Small business owners need to stop believing that an attack of this nature will never happen to them. Malware infections are costly to any business and statistically just as likely to strike small, local companies as they are large enterprises.
For help improving the security at your business, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
January 14th, 2014
Even with security measures in place, the most cautious internet user can suffer a malware infection. Not all malware infections are created equal, but it’s advised that you find and eliminate malicious files as fast as possible, regardless of what threat they actually pose. Some malware, like the well publicized CryptoLocker, encrypts your files, which effectively locks you out of your own computer. Lincoln Specter of PC Advisor has some tips for how to overcome an invasive malware infection.
Ideally, you’ve been regularly backing-up your important files. If that’s the case, get rid of infected files and restore the copies you’ve saved. Regular back-ups make recovering from an attack easy, but many of us don’t back-up our computers as much as we should.
It’s important to know exactly what your computer is infected with and how it will affect your system. Some malware opens pop-ups, or hijacks your browser, but doesn’t infect or encrypt other files on your hard drive. Those types of malware are important to remove, but can usually be solved with a good antivirus program. Malware that falls under the umbrella of ransomware is trickier. Files are either hidden or encrypted and a ransom is demanded to restore them. It’s important to research what type of malware you’re infected with so you know what the next step should be.
If you’re infected with a less complex form of ransomware, you may be able to restore your files without paying a ransom. First, reboot your machine in Safe mode. For Windows 7 users, this means pressing F8 repeatedly before Windows loads. In Safe mode, go to Windows Explorer, select ‘Organize’ and ‘Folder’ then ‘Search Options’. Click on the ‘View’ tab and enable the “show hidden folders, files and drives’ option. Now, go see if the files that you were missing are available. If you find them, you can right click, then select ‘Properties’ and unselect ‘Hidden’. Now your files should be available when you reboot into normal mode, but be sure you go through and completely remove any malicious files still on your machine.
Unfortunately, if this method doesn’t work it probably means you have a more complex form of ransomware that has encrypted your files. While some encryption can be broken, criminals are using more and more complex methods to ensure that the only way to get your files restored is to pay them.
If you find yourself with any type of malware infection, call Geek Rescue at 918-369-4335 for help.