Anything you post can and will be used against you

Most of us have applied for a job.

The traditional application process starts off with the candidate seeing an ad placed by an employer for a position that the candidate is interested in.  The candidate follows the instructions for applying for the position, which usually involve a resume and/or an application.  These are sent to the employer who reads them, and then narrows down their list of candidates based on what they’ve received.

Once the candidate list has been narrowed down, the employer requests an interview.  The candidate will sit in front of the employer and the employer will ask questions, and the candidate will reply with answers that hopefully will please the employer.  This process then narrows the list down again to the point of the employer choosing one candidate and offering them the position.

Sounds simple enough, right?  But let’s look at some of the items that this process requires.  First, the application and/or resume.  Let’s be honest here.  This application has to look good.  After all, we’ve all heard the importance of the first impression.  This piece of paper is your first impression.  There’s nothing on it that is negative.  In other words, if you were fired for constantly being late for a job, the reason you put for leaving will most likely be something along the lines of “Took position with Company Y”.

Applicants today know that companies have been told by their legal staff that they should not say anything negative when someone calls for a reference about a former employee.  They should limit their information to the time the former employee worked there, and, if asked, if they would rehire the former employee.  Anything more can open them up for a potential lawsuit.

The next phase of the process is the interview.  If you know anything about a job interview, you know that you should be punctual, dress professionally, be polite, bring an extra copy of your resume, make eye contact, and make yourself look good.

That’s really what it boils down to.  You want TO MAKE YOURSELF LOOK GOOD.  You’re basically selling yourself.  You have become a product that you would like the employer to buy.

Those who want to sell their products go to great lengths to make their product look good.  Ever look at an ad for a hamburger?  Looks great, doesn’t it?  Yet when you arrive at the restaurant, the item you get in the bag or on your tray doesn’t quite look like the item in the ad.  Here’s why:

You can do the same thing with yourself.  You can hire someone who will write your resume for you.  They will make it, and basically YOU, look great by what is written.

The end result is that you will be the one chosen by the employer to fill the position they have open.

Yet social media has changed all that.  Social media allows the employer to see the REAL you.  The REAL you who may have posted something that included several profanities.  Or several disparaging remarks against different races or religions.  Yup, you can be labeled a racist or homophobe or anti-Semite simply based on your social media content.  Probably not something you’d put on your resume, but something the potential employer will find simply by looking at your Facebook feed or you Twitter account or your Instagram pictures.

But “Wait” you say.  “I don’t allow just anyone to look at my social media accounts.“.  You don’t?  That’s good.  You shouldn’t.  But what if the interview process includes them asking you to friend them?  If you say no, you might be excluded from the list of applicants.

So let’s say that your posts are not bad in content.  What about your friends’ posts?  Aesop once said You are known by the company you keep.”  Guilt by association is another way to put that.  The employer might think (correctly or incorrectly) that you feel the same way that your friends feel about certain topics.

Now, let’s go beyond the employer realm.  Let’s go to the world wide view of social media.  Governments today are using social media as a vetting tool to see if a particular individual should be granted access to their country.  Are you interested in travelling to visit certain countries?  Is your church planning a “tourist” trip to China?  How about visiting Cuba for vacation?  One wrong post in your Twitter feed and you’re not going to make that trip because their government may think that you’re going there for purposes other than what you’re stating and will not grant you entry.

Not planning to go on a trip anytime soon?  How about applying for college?  That college application is probably one of the most important pieces of paper (or online applications) that any person under 19 is ever going to fill out.  They’ve worked on their grades to make that 4.0.  They’ve studied hard to make that 32 on the ACT.  They’ve done hundreds of hours of community service.  Their community involvement is impeccable.   And there seems to be a pattern in their social media feed that they are all about the legalization of marijuana and have every beer logo as their profile background.  That should be an interesting conversation with the admissions counselor to that prestigious school.

But what about in the normal world?  After college and after you already have a job.  How can social media impact your then?

Yes.  And Yes.  And Yes one more time.  People have lost their jobs because of social media.  Money.com came up with 10 Mistakes people made on social media that cost them their jobs.

10 Social Media Blunders That Cost a Millennial a Job – or Worse

Facebook, Twitter, and even blog posts can lose you a job, and the bar for what counts as a social media “mistake” is lower than you’d expect. Here are the ten worst stories, ranked from least to most painful, of young people getting fired (or nearly fired) because of social media activity.

But there’s other ways that social media can impact your in negative ways.

Recently an individual began to post on a Facebook group that we belong to about local politics.  This individual was very caustic in their posts, and began to attack people for their views.  In the pre-Facebook days, this would be done in an anonymous way, since the individual would have a “screen name” which may or may not identify them as to who they are.  Today, though, it’s pretty simple to identify who they are since they are using their name.

Don’t Feed The Troll

Within 15 minutes of doing some searching using paid and free tools, we were able to find out everything about this individual that they probably wouldn’t want everyone to know.  One tool searches 61 social media sites in under 30 seconds and the results can be less than flattering.  We were then able to inform those people who were engaging with this individual in the group that this individual was nothing more than an old fashioned troll.

Rule #1 about dealing with an internet troll is don’t feed the troll.  In other words, don’t engage with the individual because all they want is attention.

Your information is out there.  It’s not hard to find if you know where and how to look. Anything you post in social media can and will be used against you, as the following article shows.

Anything you post can and will be used against you

Everybody’s freaking out over the Wikileaks revelations that the Central Intelligence Agency can hack Apple and Android smartphones, major PC operating systems — and even TV sets. The news is causing ripples in international relations and got companies like Google and Apple to patch holes and issue fixes.

 

How the Massive Yahoo Breach Could Affect You.

On December 14, 2016 Yahoo revealed that 1,000,000,000 (that’s 1 billion) user accounts had been compromised in 2013, a year before they reported another breach that affected 500 million user accounts.

That’s 1.5 billion accounts that were hacked.  A company that employs 13,600 people in their IT department was hacked and user accounts from enough people to equal the population of North America, South America, Central America, Australia, Russia, Germany, and a few smaller nations, were compromised.

Yahoo engineer in server farm.

Why would hackers be so interested in the e-mail accounts of all these people?  They’re not.  Just like they are not interested in the Chicken Stamp accounts that were breached recently at KFC.

So what are they after?  Lax password security by those Yahoo and KFC account users.  If you’re like many people, you’ll use your e-mail account as a user name for most, if not all, of the web sites you frequent.  And if you’re like most users, you also use the same password for most of these sites.

By the way, Yahoo and KFC aren’t the only companies that have been hacked.  Our sister site, DontBecomeAnotherTarget.com keeps track of all major breaches.

So suddenly those Chicken Stamp accounts and those e-mail accounts begin to have more value, especially if those same user names and passwords are used at financial sites.

Some security sites are recommending that if you have a Yahoo account, it’s time to close it, including if you have an account that Yahoo administers (@att.net, @bellsouth.net).  You also need to change all of your passwords that are similar to your Yahoo/.att.net/.bellsouth.net. Now.  And you need to begin to practice safe online behavior.

What’s safe online behavior?  It’s

  • not using the same password at all web sites
  • using complex passwords that include upper and lower case characters, numbers and symbols
  • changing your password a few times per year (it’s recommended every six weeks, but a few times per year is better than not at all)
  • not writing your passwords down on a Post-It and sticking it to your monitor.  Use a password manager, like LastPass, Dashlane, eWallet
  • not clicking the little box that says “stay logged in” at sensitive sites
  • not going to dangerous web sites (adult content, gaming sites)
  • not opening attachments from people you don’t know
  • making sure your computer is patched with the latest updates
  • making sure you have a good anti-virus program.  And keep it current.

If you own a business and you’re doing your own IT support and security, you’re doing a disservice to not only your clients, but also your clients security, and your own security.  Studies show that 61% of people will not go back to shop at any business that’s been breached.  Contact us today to see how affordable expert IT support can be.

If you take credit cards, you’re required to be PCI Compliant, and that doesn’t mean checking all of the Yes boxes on the Self Assessment Questionnaire (SAQ), even if the answer is No.  It’s actually being compliant by making sure all of the items meet requirements.  Most businesses we visit to do our free PCI Compliance assessment are not even close to being compliant.  Most fail in every one of the 12 PCI DSS categories.  Contact us today if you would like to see if you’re compliant.  It costs you nothing to find out.

Regardless of whether you’re a business or a home user, this Yahoo breach should not be taken lightly.  You need to act on it today.

Contact us today if you need help.  Our engineers are the some of the most experienced in the Southeast when it comes to not only cybersecurity and SMB (Small Medium Business) IT support – it’s what we specialize in.  And PCMDX is one of the top PCI Compliance firms in the country.  If you’re a home user, we can help you as well by making sure your network is protected (yes, if you have a broadband router and multiple devices, you have a network), and all of your devices are protected.

Updated 12/15/16 10:56am CST to update link.

 

Ransomware being distributed as fake Adobe Flash Player Update

Ransomware is some of the most destructive malware in the cyber world.

cyber-security-1784985_640

For those not familiar with it, ransomware is software that will encrypt all of your documents, photos, music, and other types of files, then demands a ransom in order to get them decrypted.  Normally there’s a time limit in getting sending the ransom.

A complete description of how ransomware works can be found in this PCMDX Blog post.

The bad guys are always looking a new ways to take advantage of computer users, but this latest attack is worth taking a look at because it’s one of the more legitimate looking attacks.

In the past, we’ve warned you to look at the page for grammar and spelling errors, as well as phrases that don’t sound right, before clicking on any links.  The majority of the attacks originate in other countries where English is not the native language.  Because of that, the bad guys sometimes resort to Google Translate to write their web pages and programs.  Google Translate can sometimes have some flaws in how it translates, especially when it comes to technical terms.

The latest ransomware attack is a perfect example of this.  You may click on a link that takes you to a page like this:

fake-flash-player-update_test

Fake Adobe Flash Player update page. (click for larger image)

 

For the most part, this page looks legitimate to most users.  But there are two obvious errors, and one not so obvious, that should warn you immediately that it’s fake, and possibly a threat.

First, look at the instructions for “1.”.  You’ll see it instructs you to locate a file “named like”.  An obvious grammar error.

Second, look at the URL (the web site).  http:// fleshupdate. com …flesh is not flash.  The not-so-obvious error is the phrase that reads “Your Flash Player may be out of date”.  Adobe products will not use the term “may”.  It’s either out of date or it’s not.

Fake Adobe Flash Player update page with errors highlighted.

Fake Adobe Flash Player update page with errors highlighted. (click for larger image)

 

The Adobe Flash Player update page is https://get.adobe.com/flashplayer/

The “https” means that it’s coming from a secure site.

You’ll notice there’s much more information on the update page.

real_-flash-player-update_test

Authentic Adobe Flash Player update page (click for larger image)

 

For clients who have PCMDX do their IT support, you’ll never see the Adobe Flash Player update page, as we have it set to update in the background.  If you do see an update page, it’s absolutely fake, and you should not click on any links.

Please share this information with everyone who uses your computers.  Once ransomware infects your system, there’s no reversing it unless you pay the ransom, which is rather costly, both in money and time.  Since ransomware is constantly evolving, most anti-virus products will not protect you from the damage.

The best way to prevent getting struck by ransomware is to follow these guidelines:

  • Never open attachments from unknown senders or known senders where the message is vague.  If in doubt, contact the sender to verify they sent it.
  • Always keep you system up-to-date and patched
  • Although anti-virus products may not protect against ransomware, they do protect against other malware, so always have your AV product installed and up-to-date.
  • BACK UP YOUR DATA.  We recommend a three step backup program, which includes imaging, data, and off-site.  The three combined are optimal, but have at least one.

PCMDX can assist you with all of these items.  We specialize in providing cybersecurity and computer support for Small-Medium Businesses that have under 15 PCs and don’t have the budget for a full time IT person, but want IT level support.

 

 

 

PCI Compliance – An Ongoing Process

Recently Computer World published what’s most likely the very best article dealing with PCI Compliance.  Not so much what it entails to be compliant, but what it takes to remain compliant.

The ultimate unanswerable question: Are we PCI-compliant?

PCI compliance is Zen-like. It’s hard to determine, and even when a letter declares a company PCI-compliant, that declaration can always be retroactively reversed later – such as if you’re breached. Yes, when you most need to be able to say that you are PCI-compliant is when it’s taken away.

 

The issue with PCI compliance is that the business network and the business environment is constantly changing and evolving.  There are 12 requirements in the PCI DSS.  In order to be compliant, all of these must be current all of the time.  Some remain static, meaning they don’t change.

Let’s take requirement No. 1: Install and maintain a firewall configuration to protect cardholder data. firewall-156010_640 Your PCI specialist installs and configures a firewall.  Once it has been configured properly, you’ve met the first requirement, right?  Well, sort of.  Assuming the firmware is current, and nothing changes in the network environment, the answer would be Yes, you’ve met the requirement.

Let’s go down to requirement No. 11:  Regularly test security systems and processes.  Inside this requirement is 11.1, which requires that a hardware inventory be kept up to date of all devices on the “protected” or POS network.  This is the network that handles all credit card transactions (your guest wi-fi, or any other network should NEVER be on the same sub-net as your POS traffic).  You just replaced or added a POS terminal.  Did you log it in the inventory, including the model and serial number?  If the answer is No, then you’re not compliant.

On that very same replacement terminal, you need to make sure that you have met requirements 5 and 6: Use and regularly update antivirus software; Develop and maintain secure systems and applications.  If you’ve added a location on the network for this terminal, the network diagram also needs to be updated.

Now let’s move on the the human factor in being compliant.  Each individual who handles credit cards must be trained in the methods of handling cards safely and securely, which is part of requirement 12:  Maintain a policy that addresses information security.  If you’ve hired a new employee, they must first be trained and sign-off acknowledging that they’ve been trained.  A copy of the signature page must go in their employee file.

The article in Computer World makes some outstanding points.  First,  you’re only compliant on the date that you last checked and updated (successfully) the requirements:

The reason why compliance is tied to the date the assessment was wrapped is that, in theory, any change at all to anything on the network could make that merchant noncompliant. I get that. It makes sense. But what good is PCI compliance if a retailer never knows if it is compliant? 

This is where PCMDX comes in.  We take it off your shoulders and put it on ours.  We let you worry about the prime purpose of your business, and we take care of the things that we’re good at:  Keeping you compliant.

Further more, as the article states, it’s the human factor that makes you (and keeps you) compliant:

But it (software) can’t track PCI compliance — which is a human-dictated state — any more than it can declare a system “secure.” 

PCMDX is the only company in our service area (Alabama, Mississippi, Western Tennessee, Florida Panhandle) that creates a plan for your company to become, and remain, PCI Compliant.  We will visit your site, examine your existing network, create a plan to make your network compliant, implement the plan, and then keep it maintained on a regular schedule.

Contact us today for a free, no-obligation consultation.  You’ll be glad you did.

 

 

 

Analysis of a Scam

Scams can happen to anyone, including IT companies like PCMDX.

Let’s look at a recent scam that someone tried on us and how we were able to determine it to be a scam.

On 8/17/16 at 2:59pm we received a text from 12025564828 that read:

“+12509000912 – Are you available to repair computers and please let me have your email so I can email you all details of my request.Contact Robert Gates on (737) 210-7809 & rg757711@gmail.com.”  (quotations put in by us).

Seemed OK, and we receive e-mails requesting repair quotes often, so we replied with our e-mail address.

On 8/19/16 at 12:09pm we received the same e-mail with one addition:

“+12509000912 – Are you available to repair computers and please let me have your email so I can email you all details of my request.Contact Robert Gates on (737) 210-7809 & rg757711@gmail.com.”

On 8/18/16 we received this e-mail from Robert Gates:

Hello,
 Thanks  for your  reply. I have some Hp PCs(Intel Pentium M) since we currently have a major breakdown on most of our systems and I thought it was best to have a general upgrade and maintenance. (I will be providing the software needed). Below are the things needed to be done one 
on each laptops:
1 Format Hard Drive
2 Install Window 7 with Service Pack 1 (sp1)
3 Install Microsoft Office Package
4 AVG Virus Software  (Free Lifetime Updates)
5 Adobe Acrobat Reader
6 Laptop Cleaning of the keyboard, screen and other case.
7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc.
The Laptops are in California  and will be shipped over to you from there.I am contacting you because we are about to have a  branch office there in  your  city 
We will move the  Computers to you  and after  fixing, they will be shipped to out branch office there this is why i’m  searching local  Computer expert  to fix it there. 
I have a reliable shipper whose service I’ ll employ to bring down the laptops. The shipper will bring down as well as pickup the laptops when you are done with fixing them. My shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers .  Also the windows CD’s are licensed and i have all the other software mentioned available.
So the question is can you really carry out this task from your place presently?Get back to me with your total cost for the services of 6 units of Hp PCs(Intel Pentium M). Please note that i have all the software with the licenses available with me for the job.I await your urgent response so that i can put the arrangement in order. Hope to read from you at your soonest convenience.
Best Regards,
The language seemed a little strange.  Let’s break it down:
Hello,
 Thanks  for your  reply. I have some Hp PCs(Intel Pentium M) since we currently have a major breakdown on most of our systems [this makes no sense] and I thought it was best to have a general upgrade and maintenance. (I will be providing the software needed). Below are the things needed to be done one 
on each laptops [again, this makes no sense]:
1 Format Hard Drive
2 Install Window 7 with Service Pack 1 (sp1) [Should read “Windows”]
3 Install Microsoft Office Package
4 AVG Virus Software  (Free Lifetime Updates)
5 Adobe Acrobat Reader
6 Laptop Cleaning of the keyboard, screen and other case. [Probably meant “outer” instead of “other”.  Punctuation errors]
7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc. [This is done before 1-6, not after]
The Laptops are in California  and will be shipped over to you from there.I am contacting you because we are about to have a  branch office there in  your  city We will move the  Computers to you  and after  fixing, they will be shipped to out branch office there this is why i’m  searching local  Computer expert  to fix it there. [This is riddled with punctuation and grammar errors.  Where is the city? ]
I have a reliable shipper whose service I’ ll employ to bring down the laptops. The shipper will bring down as well as pickup the laptops when you are done with fixing them. My shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers .  Also the windows CD’s are licensed and i have all the other software mentioned available.  [This is riddled with punctuation and grammar errors. Why make a point of the license?]
So the question is can you really carry out this task from your place presently?Get back to me with your total cost for the services of 6 units of Hp PCs(Intel Pentium M). Please note that i have all the software with the licenses available with me for the job.I await your urgent response so that i can put the arrangement in order. Hope to read from you at your soonest convenience.  [This is riddled with punctuation and grammar errors. Again, the point of the license.  Urgent?]
Best Regards,
Warning Number 1 when suspecting a scam is taking place:  Grammar.  Spelling.  Punctuation.
These scams are perpetrated by people who’s native language is not English.  Since English is their second or third language,  or perhaps their Google Translate version of English, there will be mistakes.
A legitimate company will NOT make this many errors.
Warning Number 2:  Vagueness
Where in California is he based?  Where is the city where his “new office” is opening?  A Gmail address with letters and number?  Too vague.
Next step to confirm a scam is to check the wording by Googling a sentence.  These people use a template, often changing just a couple of items, so it’s possible to find a report of a scam that occured in the past.
We Googled: Get back to me with your total cost for the services of 6 units of Hp PCs
which returned this page:
https://www.scamwarners.com/forum/viewtopic.php?f=43&t=24038&start=30
One post in this forum showed the following e-mail had been sent to the reporting person on 6/12/12:
Hello, i want to know if you still repair computer because i have issues which i need you to resolve.

Second email:

Thanks for reply I’ve got some Pentium-D dell laptops that needs to be fix. Below are the things needed to be done one on each laptops.

1. Format Hard Drive
2. Install Win XP with Service Pack 3
3. Microsoft Office Package
4. AVG Virus Software (Free Lifetime Updates) 5. Adobe Acrobat 6. Diagnostics of the entire system ( i. e. check hard, cdrom, floppy, etc.)

The Laptops are ten 10 in number and will be shipped over to you from there I have a reliable shipper whose service I’ ll employ to bring down the laptops. The shipper will bring down as well as pickup the laptops when you are done with fixing them.

Also the windows CD’ s are licensed and i have all the other software’s mentioned available. So the question is can you really carry out this task from your place presently? Get back to me with your total cost for the services of 10 units. Please note that i have all the software with the licenses available with me for the job.

Regards.

Hmm…coincidence?  We think not.
The above link shows that in fact it is an ongoing fraud.
On 8/23/16 Mr. “Gates” attempted to find out the status.  We replied with the link.  Hopefully he’s moving on.
If you suspect something fraudulent, don’t give ANY information out.  If you need a cybersecurity specialist, contact us today.

The Art of the Trojan

“Hi, I think my computer has been hacked.  Can you help me?”

This is probably the most common call we receive from PC clients on a weekly basis.  The correct term is most likely not “hacked”, but “infected” with some sort of malware, or malicious software.

Malware comes in many different varieties, including viruses, worms, and Trojans.  The main difference between these is that a Trojan needs your help in doing its job.  Without you doing something, like clicking on a link or opening an e-mail, the Trojan is completely harmless.

Here’s a great article detailing what a Trojan is, and how it works.

Now, how do you stop a Trojan?  The easiest way is to NOT DO WHAT IT WANTS YOU TO DO.  Over the past few days a Google Chrome Trojan has been making the rounds.  If you’re using Chrome, you’ll go to a web site and a second window will open displaying the Chrome logo along with “Urgent Chrome Update”, and a download button.

Chrome_scam_8-1-2016 1-43-21 PM_half

Chrome won’t update this way, however, the bad guys are hoping you don’t know that and will simply click on the blue button.  Before clicking on any link, look at the address bar, or hover over the link to see where it takes you.  If you’ll look at the red arrow, you’ll see that it’s on a site called ahtaeeredidit (dot) org.  Does that sound like Chrome or Google (owners of Chrome)?  So what do you do?  First, don’t click on it.  Second, close the window or tab.

If you do click on it, the result will be that you’ll get infected with the Trojan, which can be something that you won’t even realize is happening (your computer becomes a surrogate sender of Spam), to all of your important files becoming encrypted and, unless you pay a ransom to the sender of the Trojan, losing your files.  This is called Ransomware.  As always, we recommend a good backup of your system.

Remember, by hovering over a link you can see where it wants to take you before you click on it.  If it looks garbled, confusing, or simply suspicious, DON’T CLICK ON IT!

PCMDX specializes in both malware removal or, even better, malware prevention.  Using the right software, we can prevent most malware from even happening, including Trojans.  We say “most” because there are new attacks being developed daily, so the second thing we highly recommend is doing a good backup.

We recommend two types of backup.  First, an image backup, and second a off-site cloud backup of your files.  Ask yourself this question:  “Is there anything on your computer that you absolutely, positively cannot live without?”  If the answer is yes and you don’t have a backup plan, contact us today.  It’s cheaper than you think and far less costly than if you lose your files to computer failure or malware attack.

 

 

Windows 10 Automatic Upgrades Getting Aggressive

Over the past month Microsoft has been getting aggressive with their Windows 10 “auto-upgrades”.  We call it an auto-upgrade because the user doesn’t seem to have a choice on the upgrade.  They will walk away from their PC and when they come back they’ve been upgraded without doing anything to start the process.

We’re sticking with your recommendation:  If you have Windows 7, stick with Windows 7 until 2020, when Windows 7 comes to end-of-life.  If you have Windows 8, go ahead and upgrade to Windows 10.  Microsoft is giving a deadline of July 29, 2016 as the date of the upgrade being free, so do it before then.

There’s been some adverse consequences for Microsoft for the auto-upgrades.  Some might say these were costly in nature for Microsoft.  Because of this, Microsoft has throttled back on their forcefulness in installing the upgrade, however, this is not been 100% true so far.

Remember, you do have 30 days to go back to the previous operating system, but the reversal doesn’t always work.

Because of this, we’re recommending the following install:  Go to www.grc.com/Never10.htm and select the green “Download Now” button.  Download the small file, and then go open it.  This will open up a window that will have to options on it.  The writing initially will be in a ref font and will read “Windows 10 Upgrade is ENABLED for this system!”.  Click on the button at the bottom of the window that reads “Disable Win10 Upgrade”.  The writing will change to “Windows 10 Upgrade is DISABLED for this system!” in green font.  By saving the file, you can always go back if you want to upgrade to Windows 10.

If you’ve been upgraded, and things aren’t working anymore, give us a call.  Some programs are NOT compatible with Windows 10, so be prepared to upgrade if you’ve been upgraded and you can’t go back.

Ransomware: Time to Pay Attention or Pay Big Bucks

This post is a very long one, but it’s important you read every word if your data is important.

If you follow us on Facebook.com/pcmdx you know we’ve posted twice over the past month about ransomware attacks that we’ve been called to.

The attacks usually use the same method.  The user will receive an e-mail from an unknown sender and it will have the subject line of “Invoice Attached” or something similar.  The word invoice is the common denominator.

The user will look at the e-mail and see that it asks them to open the attached Word document, which is the “invoice”.  When they open the document, the ransomware attack begins, however, it is not noticeable to the user.

These particular attacks encrypted all of the users Office files (Excel, Word, Powerpoint, Access, Outlook PST) files.  It did not encrypt any PDF files or any image files, which usually would have been encrypted as well.

The user will notice that the attack has taken place when they attempt to open one of the files and the Windows program selector launches.  This is the Windows feature that comes up when you attempt to open a file and no program is associated with it, meaning it doesn’t know what program to use to open the file and it asks you to choose one.  In this case, there’s no program to launch an encrypted file.

We were called to attempt to recover the files and to remove the malware that encrypted the files.

The ransomware senders (we’ll call them the “bad guys”), usually have the ransomware program generate a text file that it leaves in each directory that has files that were encrypted.  We found this text file in all of the directories with Office files, as well as the Desktop.

The text file is the “ransom note”.  It explains what happened to the user’s files, and details how the files can be decrypted back to a usable state.

In a nutshell, the bad guys want a payment made via Bitcoin, usually ranging from a few hundred dollars to several thousand.

Although not always the case, once the ransom is paid, the decryption code is sent via e-mail.  Once the code is entered, the files are decrypted and are usable again.  It should be noted that this is some of the time, not all of the time.

In two of the cases, the ransom was not paid and the users accepted the fact that the files were gone.

In one of the cases the user felt that they needed the files, there was no backup, so they agreed to pay the ransom, although we recommended against doing so.  The payment process took about three hours to complete.

It included opening a Bitcoin wallet, which is a software based wallet.  Once the wallet was created, Bitcoin needed to be purchased.  We found a seller in Tennessee who would sell the amount of Bitcoin needed (B 0.74, which was about $350, the amount of the ransom).  Since there’s a trust issue between seller and buyer, the only way to pay the seller was to go to a Western Union type facility and wire the money.  In this particular case, the Walmart 2 Walmart method was chosen.  For those of you who don’t know what that is (and we didn’t know until this episode), you go to Walmart, fill out a form with the recipient’s name, address and phone number, give Walmart the cash amount, they then wire it to the Walmart closest to the recipient, who then picks it up.

Once the seller has been paid, he places the Bitcoin in an electronic escrow account, which the Bitcoin buyer then accesses and sends to his electronic wallet.  Once this has been completed, he sends the ransom Bitcoin amount to the wallet of the bad guys, which is given to him in the ransom note.  Once the bad guys confirm receipt, they provide a program to decrypt the files.  If this sounds complicated, it is.  Very complicated.

With this client, we received the decrypt program, ran it and it responded that the ransom had not been paid, therefore it shut down, without decrypting any files.

As odd as this may sound, the bad guys did have a “support” form on their web site where one could ask for help if the files didn’t decrypt.  We used this form and they responded by asking that we submit five of the encrypted files to them and they would send a new decrypt program.  Based on the timestamp of the response, we determined that they were in western Europe.

They provided a web site address to send the files to, but it required their e-mail address in order to send, which they refused to give, so we were unable to send the files.  After a back and forth requesting their e-mail address, they blocked any further conversation, so the episode was closed.

The client lost his files.  The client lost his ransom money.  The moral of the story is DON’T PAY THE RANSOM AND MAKE SURE YOUR FILES ARE BACKED UP! (PCMDX had recommended that they do not pay the ransom, however the client insisted).

The latest type of ransomware goes a step further.  It doesn’t encrypt the files.  It encrypts the entire hard drive, so nothing is usable.  Unless you have an backup image of your hard drive, you won’t even be able to log into Windows.

So what can you do to prevent ransomware from ruining your day, or your year?

First, ask yourself one simple question:  “Is there anything on my computer that I cannot absolutely, positively live without?”  If the answer is “Yes”, then you need to take steps to protect yourself against malware (including viruses, ransomware, Trojans, worms, rootkits, etc), hardware failures,  data theft, and other data losing issues.

The very first thing you need to do is to make sure you have a backup of your system.  PCMDX uses and installs two backup strategies, an image based backup and a file based backup.

An image based backup consists of an image, or “picture”, of you hard drive.  The backup software makes an exact replica of your hard drive.  In the event of failure or loss, the backup software recreates the hard drive onto another hard drive.  Think of it like cloning your hard drive.

PCMDX believes this to be a better system for one main reason:  time savings.

A conventional backup copies only the data from a hard drive.  Let’s say there’s a failure of the hard drive.  Here’s the recovery steps:  reinstall the hard drive, reinstall the operating system, reinstall the updates and patches,  reinstall the programs,  copy the data from the backup.  This could take hours, perhaps days until completed.

If there’s a hardware failure on a computer with an imaged backup, here’s the recovery steps:  reinstall the hard drive, insert rescue disk, point to image location, begin restoration.  45-60 minutes later it’s like nothing happened to the computer in the first place.  Everything is as it was when the image was created.

Depending on the software used, individual files can also be recovered from an image.  This is great if a user accidentally deletes a file.

The cost of setting up a backup system is less than what would be paid if there’s a ransomware attack.

We cannot emphasize the two following points enough:

  1.  Have a backup plan in place.  If you don’t know how to implement one, call PCMDX today.  We’re not talking about backing up one or two files on a thumbdrive (although that’s better than nothing).  We’re talking about backing up your system, and other systems in your network in case of disaster.  Again, if you answer the question “Is there anything on this computer that I cannot live without” with a “yes” answer, and you don’t have a backup plan in place, you need to create one today.
  2. NEVER open any attachments from senders you don’t know, from senders you’re not expecting anything from, from e-mails that are vague in nature or have spelling and/or grammar errors in the body of the e-mail.  If in doubt, call the sender and ask them if they sent you an attachment.
  3. If you’re hit, DON’T PAY THE RANSOM.  Our latest experience proves that even after you pay it, you’re dealing with people who have no ethics, no morals, no sense of right and wrong, and very poor command of the English language.  Your files are lost and paying the ransom simply adds to the cost of fixing the problem without recovering your data.

One other bit of information:  If your PC is on a business network, and you have networked drives (places on a server where you can access your files), including Dropbox, OneDrive, and Google Drive, those files can be encrypted as well.  Make sure they are also part of the backup plan.

Feel free to share this with your friends.

 

 

What exactly is “the cloud” and why should you care?

So many of our clients have heard of “the cloud” buy don’t know what it is, how it works, and why they should care about it.

Let’s take a look at the answers to these questions.  First, what is “the cloud”?  When a network diagram is drawn, one of the items on the diagram is the Internet.  The Internet is represented on the diagram by a basic drawing of a cloud.  So, anything that is not on the local network, inside the building(s) is considered to be on the internet, hence the term “the cloud”.  Anything not local (on the PC, or on a server located in the building) is on “the cloud”.  We can have software running on the cloud (Google Docs, Microsoft Office 365, Adobe applications, etc.).  We can also have storage on the cloud (Dropbox, OneDrive, Google Drive, iCloud).

How does it work?  Simple.  You install the client software from the cloud provider, enter a user name and password and you’re on the cloud.  Now, whatever you place into the folders on your cloud drive is on the cloud.  If your computer were to stop working, anything stored on the cloud would still be accessible from another computer.  If you have more than one device (a device is anything that can access the internet including a computer – PC or Mac, smartphone, tablet, game console, etc.) you can access your cloud data from any of these, provided you have the user name and password.

So is it safe to store things on the cloud?  It’s probably safer on the cloud than it is on your local device.  Malware Bytes just wrote an exceptional article outlining the safety of storing things on the cloud, which is well worth the read.

Here are some tips from the article:

If you’re ready to store data on the cloud, we suggest you use a cloud service with multi-factor authentication and encryption. In addition, follow these best practices to help keep your data on the cloud secure:

  • Use hardcore passwords: Long and randomized passwords should be used for data stored on the cloud. Don’t use the same password twice.
  • Back up files in different cloud accounts: Don’t put all your important data in one place.
  • Practice smart browsing: If you’re accessing the cloud on a public computer, remember to log out and never save password info.

What’s multi-factor authentication?  Probably one of the very best methods of protecting yourself.  If you own a smartphone, you give the cloud provider the number.  If someone logs into your account from an unknown device, and you have two-factor authentication enabled, before it allows them to log in, a code is sent to the smartphone via text.  Prior to gaining access, the code must be entered.  If the code is wrong or not entered, no access is granted.  It can be done via e-mail also.  Two-factor authentication should be used for any and all sensitive data and sites, including banks and credit card sites.

What’s encryption?  Encryption is where the data stored is encrypted, meaning that it’s useless unless the public and private keys are used to decrypt it.  Anytime you see the “https://” before a web site URL, the data is encrypted.  This prevents the bad guys from taking a hard drive containing data and simply hooking it up to a computer and reading it.

Hardcore Passwords:  In Alabama the most popular password is : rolltide.  Second most popular is: wareagle.  If you’re using either one of these, or variations of them, change them.  Now.  Don’t use your spouses name, your child’s name, your pet’s name, your birthday, or any word that can be found in the dictionary (combining words is OK).  Your password needs to be at least 8 characters long, contain both upper and lower-case letters, at least one number and one symbol.  The longer, the better.  We prefer passphrases instead of  passwords.  RedDog12! meets the minimum security, however it won’t take long to crack to an expert.  “The red Dog was running on the land with 12 friends!” won’t be cracked anytime soon and meets all of the requirements.  Yes, a space is considered a character.

Different Cloud Accounts:  We use all of the major cloud accounts.  We don’t store all of our data on each.  Some data on one, other data on others.

One neat thing that some cloud providers, like Dropbox, provide is sharing capabilities.  Person A can grant access to a folder in their cloud account to Person B.  Both A and B can look at the files in the folder, but only those files. Person B cannot see anything else on Person A’s account.  This is very useful for parents who have kids in college.  Instead of e-mailing something as an attachment, simply place it in the cloud folder and within microseconds the other person has the file.

This post only touches the very surface of the capabilities of the cloud.

Should you ever need help with your cloud account, or just need help setting one up, contact PCMDX today at pcmdxal@gmail.com or via phone at 205-201-0389.  We’ll service both business and residential accounts, and specialize in security.  And don’t forget to like us on Facebook so you can get updates on important computer and security information.

Wendy’s 4 for $4 may hit more than your waist line

wendys

In January 2016 Wendy’s restaurants reported that they had suffered a breach in their network that handles credit cards.  The report included the following: “As reported in the news media in late January, the Company has engaged cybersecurity experts to conduct a comprehensive investigation into unusual credit card activity related to certain Wendy’s restaurants. Out of the locations investigated to date, some have been found by the cybersecurity experts to have malware on their systems.”

What this basically means is that someone had installed software designed to harvest credit card data (“malware”) on Wendy’s network, which is the same thing that happened at other retailers and restaurants over the course of the last few years.  Our sister site, DontBecomeAnotherTarget.com has a list of many of these merchants.

Some credit unions, according to the article, have said that this breach has already exceeded the fraud that the Target breach caused in 2013.

The worst part?  According to the article, “the restaurant chain hasn’t yet said how long the breach lasted — or indeed if the breach is even fully contained yet.”  What does that mean?  That means you don’t use your credit or debit card at Wendy’s.  Period.

It’s unknown if Wendy’s had passed their latest PCI DSS (Payment Card Industry Data Security Standard) prior to the breach, however post breach they are not compliant, since the malware should have been discovered during the required scans.

If you’re a merchant that takes credit cards, you’re required to be PCI compliant.  We’ve encountered so many merchants who don’t have their own IT department who are under the false impression that they are compliant because they’ve signed (or “attested” online) a form from their credit card processing company indicating that they are compliant.

The credit card processing companies, like every other portion of the credit card chain (Merchant>Processor>Bank) have to be compliant, but each entity is required to do their own PCI Self-Assessment Questionnaire (SAQ).  The credit card processors will have the merchant sign/attest a form that indicates that the merchant knows they have to be PCI Compliant, even if the merchant has no clue what that is.  Once the merchant attests to this, the credit card processor has fulfilled their obligation.  If a breach occurs with the merchant, all the credit card processor has to say is “But you signed that you were PCI compliant” and they’re off the hook.

PC Medics of Alabama (PCMDX) specializes in SMB (Small to Medium Businesses) PCI Compliance.  If you process under 6,000,000 transactions per year, PCMDX can make sure you’re compliant.  If you’re not compliant, we’ll take the necessary steps to make sure you become compliant.  We then take care of your SAQ, and we make sure you remain compliant.

Our client base includes restaurants, dentists, doctors, and various other merchants, so our experienced staff can handle any merchant that takes credit cards.  Call us today for a free visit and estimate on how you Don’t Become Another Target. And if you don’t have a dedicated IT department, we can handle that for your as well, which let’s you concentrate on your business, while we take care of your IT needs.