October 2014 - HCP Computers and Business Solutions

Archive for October, 2014

Banner Ads Spreading CryptoWall

Posted October 30, 2014 by Mark Holmes

A new threat to your computers can be contracted simply by visiting certain high-profile sites. Through a technique known as “malvertising,” banner ads are being used to spread a form of malware known as ransomware. In this case, CryptoWall 2.0, on such prominent Web sites as Yahoo, AOL, Match.com, The Atlantic, and MajorLeagueBaseball.com.

The websites themselves aren’t to blame. Rather these virulent ads are processed through advertising networks, including Rubicon Project, OpenX, and Right Media/Yahoo advertising, which have failed to carry out adequate checks for malicious content. CryptoWall 2.0 encrypts all the files on the hard drive on a victim’s computer and any attached network drives.

If the victim doesn’t pay a ransom by a deadline, those files are lost. Frequently the only way someone will know they have been infected will be telltale files in each directory titled “Decrypt_Instructions.” The latest version is memory resident, meaning it never installs on the hard drive but just runs in memory and disappears when the machine is shut down while the encrypted files remain.

An estimated 3 million people have been exposed to the malvertisements since the campaign was first detected in mid-September. The CryptoWall criminals earn an estimated $25,000 a day from this attack, using a complex bitcoin laundering method to hide their profits. An estimated one billion Android smartphones and tablets may be the next target as a version of the ransomware go on sale in underground web forums.

CryptoWall gets into the computer through a security vulnerability in Adobe Flash Player. Your options to protect your data are either to update to the latest version of Flash. Please see the directions in a recent blog entry or remove Flash from your computer altogether.

Firefox offers a plug-in called Ghostery that blocks third-party ads and trackers from loading when a site is launched. Chrome has a similar extension called AdRemover. Also, always back up your data on an external hard drive, either of your own that you disconnect after you back up, or it may get encrypted too, or a remote one (“the Cloud”).

If you are concerned that your system may be infected, please submit a request. We will be happy to help. Stay safe!

How To Upgrade Adobe Flash Player

Posted October 17, 2014 by Mark Holmes

Click on the following link to go to the Adobe site:

https://www.adobe.com/software/flash/about/

Click on the Player Download Center link. The following screen (or something similar) will come up. Make sure to uncheck the boxes in the middle “0ptional offers” section. Then, click Install Now in the lower right-hand corner of the screen.

If you are using a Windows machine, you must do Internet Explorer Browser. If you use another browser, you must do the same for them.

Be Sure to UNCHECK Optional Offers…

It will likely pop up with a query asking if you want to run or save the program as seen below. Click Run.

You may get a screen at this point that requires a YES to continue. The program will install. When done, click on the FINISH button in the lower right-hand corner, as shown below.

Close the window at this point.

Cryptolocker Virus Alert

Posted October 16, 2014 by Mark Holmes

In the wild, this month is a new version of ongoing cryptography-based viruses. This new version calls itself Cryptowall 2.0. From research, there are a few key differences in this new version.

In the original Cryptolocker viruses, the payments were to be made by using Bitcoin. In the way that the virus author crafted the payment gateway, if they knew enough, people could “steal” or fake the payments made by others and use these stolen payments as their own. In this new version, this is “fixed.”

Each infected computer is tied to a unique bitcoin wallet ID that the virus generates. You can’t steal someone else’s payment or send a fake payment anymore. The original cryptolocker code upon encrypting files would delete the originals.

The deletion process was similar to a user putting a file into the recycling bin and hitting “empty recycling bin.” In this way, most files are easily recovered as long as not much data has been changed or written to the hard drive in question. With Cryptowall 2.0, this bypass is no longer available.

This version issues a hard drive secure delete command to every file it encrypts. This means recovery is impossible via this avenue. The third change is with how the author is masking the activity back to them. This will make it tough for the authorities to make a break in this case where they were able to with the original cryptolocker virus.

If you are concerned that your system may be infected, please submit a request. We will be happy to help. Stay safe!

Wipe Old Data

Posted October 6, 2014 by Mark Holmes

You’ve upgraded your electronic devices. You’re planning to sell or donate your old equipment. Just make sure you clean out all your sensitive data before you do so.

The Naked Security blog recently offered up a cautionary tale of why it’s essential to take this important step. A Canadian used-computer dealer claims to have a pile of data that they pulled off servers originally belonging to an international professional services firm. Those companies are now in court, battling over the disposition of the data.

Need more convincing? USA Today reported that Robert Siciliano, an identity-theft expert for the security firm, McAfee, bought 30 used devices off Craigslist. Half the devices were thoroughly wiped clean, while the other half still maintained data, including bank accounts, Social Security numbers, work documents, and bank records.

A recent survey by Internet security company AVG revealed that nearly 60% of Americans use three or more Internet-connected devices at home across three different operating systems. Those collect a lot of sensitive data over a short period of time. What can the average person or company do when retiring an older machine?

Personal Computers

You’ve decided to recycle your old laptop or desktop. The simplest, most secure solution is to remove the hard drive physically. It can then be installed in your new computer or put in a USB hard drive enclosure to be used as a backup or portable storage. If that’s beyond your skillset, commit to a secure wipe starting with backing up anything you value from the hard drive on your old machine onto an external hard drive or an online backup service, generically known as “the cloud.”

Next, perform a secure wipe. Among the more popular data-destruction programs are DBAN, CBL Data Shredder, and ErAce. These programs not only delete the data but overwrite it a certain number of times, making the data much more difficult to retrieve.

This process can take hours, even days, depending on the size of the drives. Allow sufficient time for the process. Also, be sure to remove any portable storage like DVDs or flash drives. HCP can take care of all of this for you; please contact us about this service.

Mobile Devices

First, transfer whatever information you wish to save to your new device. Then, use the factory reset to wipe your old device. Second, remove or erase SIM and SD cards. Finally, double-check your phone book, call logs, voicemails, emails, text messages, downloads, other folders, search histories, and personal photos. For more specialized directions for your particular device, check your owner’s manual or look for such information online from the manufacturer.

Gaming Consoles

For gaming consoles, start with the standard factory reset. Then, remove or securely erase any media cards. Check your owner’s manual or go online for specialized directions for your console.

Remember, a little time invested in obliterating your precious information can save you time and money in the long run. Stay safe! For help with a computer problem, submit a request.

▲