Another Day, Another Ransomware Attack: “Nyetya”

The Bad Guys know no shame. It appears they’re going to try every one of the tricks that was leaked from the NSA tool kit. Oh, goody. I’m saying “nyet” to “Nyetya”.

If you have servers (or even one server) you need to make sure you have all the latest patches from your Server Software Vendor — besides Microsoft that also extends to Linux (and all the variants) and even Apple products. There is no “safe” operating system from these latest attacks. Your computer (workstation) is the perfect delivery mechanism for the server attack so it’s important you keep whatever Security Suite you have up to date and fully patched. (I’m assuming you’re already keeping up with all the Microsoft and other Operating System Vendor updates regularly, right?!?)

We can provide assistance with patching all of your equipment and we also sell the Trend Micro Security Suite. We can cover your servers and your workstations (even your mobile devices) with some of the very best protection available on the Internet. You can book us online at http://connect.daviestrek.net and we’d be happy to assist you in keeping the Bad Guys at bay.

Want to know more about this latest round? Here are a couple of really good informational sources.

From Trend Micro: https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/?mkt_tok=eyJpIjoiWkdJMk16WXhOVFkyTkdFMCIsInQiOiJyTUtqZlJldHVOMVZIQjZMZDd1VGhzYVwvWTFLdGQ2Ym5CQWpIT2xPVUlJRTc4blRBdGVwelVFR1pPUW1RM0hocDYyS2loUnBPMXN0TWQ3V2hRbjl2WFwvRE9mRTd6OXJrT1dMTWQ5bmdxNGdzaWphTFwvWW5rV2tJUDNUMzZFbE1YSiJ9

From Cisco’s Talos Intelligence Group’s Blog: http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

The New Normal? The Bad Guys and You Part 2: The Smack Down

In Part 1 we talked about what the Bad Guys could potentially gain from targeting you and your “nothing worth stealing.” But I think you saw that maybe you do have something worth stealing after all.

“Great, guess I’ll throw out the computer and no more email!”
Probably not a good idea and certainly not practical. It’s better to understand what you can do to protect yourself. Please allow me to digress for a moment into an analogy. It used to be that one could leave their doors unlocked and not worry about getting robbed. You can still leave your doors unlocked, but if you do get robbed — what do you think is the first question the Police and Insurance Company will ask? How much help do you think they will really be?
So we all put locks on our doors. That involved us carrying keys. The hassle!! Some decided to leave them under the mat or in a fake rock (or fake dog poo) near the door. That’s pretty handy. The criminals think so too. That turned out to be almost as useless as just leaving the door open.
So we get fancier locks. Something with a punch code. That’s pretty great until the battery dies in the unit (you forgot to replace it) and you still need the key to get in. (Did I leave it under that suspicious looking dog poo?…)

“There’s no way to win so why bother?”
For the same reasons you still lock your door and hassle with the key, you should be taking the time to create yourself a password scheme that includes upper and lower case letters, special characters (!@#$%^&*), and numbers. Have a minimum of nine characters — 12 and above is much better. Having a passphrase is often quite helpful. Don’t include personally identifiable info in your password (e.g. names — yourself, significant other, kids, etc.) but make it meaningful to you. TheRock!3Mount@1ns is an example of an extremely simple passphrase. (Don’t use it — I just gave it to you and all the Bad Guys. I’m sure it’s in a list now used to crack passwords. If you were using it, I’m really sorry. I didn’t know!) The absolute BEST passwords are the randomly generated ones but that can get really hard to manage.

“I have too many passwords to remember as it is and now you want me to make them harder?! Are you CRAZY?!?!”
Well, I’m not quite right, but I wouldn’t call it crazy. 🙂
There are lots of ways to manage passwords. If you are like many of my home clients, you have a workstation or laptop that stays pretty much in one place and that’s where you go to access the Internet. I’m going to suggest something totally radical for you to use as a password manager: a small notebook kept in a drawer somewhere near (but not next to) the machine. Keep each site on a single page so you have room to change the password as you need to. I just made security nerds everywhere scream out in pain. Take heart security nerds, I’m suggesting the electronic solution next. This recommendation is playing the odds — I’m making the assumption that the chances of a physical break in and the criminal specifically looking for and taking that notebook is fairly low. (You had the door locked, right?!?) Way lower than the online Bad Guys.

“Fancy passwords are a real hassle”
There is an electronic management solution — lots of them actually. PC Magazine recently reviewed and proclaimed “The Best Password Managers of 2017“. Don’t want to invest in a management solution? There are free options like a product called Password Safe. Another even more secure option is presented by Felicia King at Quality Plus Consulting making use of Password Safe and a product called YubiKey. She outlines the strategy here.
If you use a product like Password Safe you will be able to randomly generate passwords and electronically store them in an organized fashion. It’s that notebook on your machine. Of course, you’ll want to keep a backup of your password file — but you’re backing up the important data on your machine regularly anyway, right?? Right??

“I’m still confused and need more help.”
You’re in luck — we can help. You can schedule an appointment online here.

The New Normal? The Bad Guys and You Part 1

“How did this happen to me?”
I’m often asked “how did this happen to me?” when cleaning up a machine infected with whatever Bad Guy stuff that was installed. It happens often. Way too much really. The Bad Guys are ramping up their efforts as they find more success. It’s easy and quick to do. Like most criminals, they actively target the easy grab. Too much work is left to more motivated criminals.

“I have nothing worth stealing”
Another popular refrain. Obviously you do, or the effort to trick you into installing the Bad Guy stuff or infiltrating your network wouldn’t exist.

E-Mail: The EUREKA! moment
You likely are using your machine for e-mail. It’s pretty much mandatory these days for all sorts of services and communication. A valid, functional e-mail address might be worth $0.01 (I’m strictly guessing). Get 10,000 or 100,000 or 1,000,000 of those valid e-mail addresses and you’re talking real money that they can get from spammers and the Black Market. If they’re slightly more motivated, they can lock you out and take over your email account.

You just became way more profitable.
Now that they have access and control of your email they also have control of all those other accounts. If you didn’t have them before you can bet you will now. They’ll spend time posting and creating as you so that they can sell off those accounts as well. A Facebook account might be worth $2. An iTunes account maybe worth $5. It’s starting to add up.

It gets worse
Now that they have your e-mail account, they can start REALLY stealing your identity. They can steal credit card info and make fraudulent purchases or simply sell off that information to the highest bidder on the Black Market. They can pose as you and spam any contacts in your email client and possibly trick those contacts into also becoming a victim.

“What am I going to do?”
Check back for “The New Normal? The Bad Guys and You Part 2: The Smack Down”