CryptoLocker Malware

What you need to know to keep your computer secure.

As technology and computer’s advance, so do the viruses, trojans, and malware that plague your operating systems. Perpetual updates to anti-virus programs, malware scanners, and firewalls usually keep up with these nefarious activities, but one such malware has proven to be resistant to security updates. The now infamous CryptoLocker is a ransomware trojan which targets computers using Microsoft Windows. The malware appeared in September of 2013.

A CryptoLocker infection can be acquired from various sources. The most common is from an email attachment. When a computer is infected and CryptoLocker is initiated, the malware encrypts files stored on your PC’s local, mounted, and even networked drives. Your files are encrypted by using an RSA public-key cryptography, which means that the key to access your files is stored on the CryptoLocker’s server. Visit bitcoin code German to see how it operates. When your computer is infected, a message will appear offering you the ability to decrypt your data with a payment through BitCoins or other types of coins and cryptocurrency (find more information at https://ethereumcodebot.com/). Additionally, you must pay the ransom by a deadline or risk losing the deletion of the private key and therefore losing access to your private files. If the deadline is missed, CryptoLocker offers to decrypt the data for a much higher ransom.

Here’s what you need to know:

– Always avoid email attachments from unknown senders.
– Back up your PC files consistently.
– Avoid storing passwords, sensitive financial data or other personal information on your computer.
– If CryptoLocker infects your PC, removing the malware itself will not give you access to your encrypted files.
– If your computer is infected, do not try to connect a storage device to recover your back up files.
– Most users report that paying the ransom will allow you to recover your files.
– Consult an IT professional if your computer has been infected with CryptoLocker.

With these general safety tips, most users can avoid common viruses and malware. In the event of a computer or network infection, please call our help desk immediately at 1-888-930-1117.

It’s Time To Say Goodbye To Windows XP

The year was 2001 when Microsoft released Windows XP to the world. Windows XP has been a part of our lives for almost 13 years. The original release of Windows XP was by no means perfect, and it required 3 Service Packs and 5 years before Microsoft built what will most likely go down in history as one of it’s most popular operating systems.

Over the past decade PC’s have moved from high-end equipment to be more comparable to an appliance; you need it, but once you’ve decided which one to purchase, you expect to use it until it breaks. Because of this, they are still millions of people still using Windows XP with no major issues. Now, Microsoft has decided that it’s time for users to move on and they have officially announced that as of April 8, 2014 that Windows XP will be considered ‘end of life’, will no longer be supported and they will no longer release security updates/patches for it.

Broken Windows
Image Credit: Deb Hultgren

Why Should You Care?
Both home and business users should pay special attention to Microsoft discontinuing security updates for Windows XP. No more security updates or patches means that any new vulnerabilities in Windows XP will not be fixed. To put this in perspective, Microsoft releases patches for Windows (XP, Vista, 7, 8) on the second Tuesday of every month and these updates almost always include security fixes for newly discovered issues. This means that there’s a very high chance that by the second Tuesday in May of this year all of your Windows XP machine will be vulnerable to exploitation. This will likely result in your PCs being infected and placing your entire network at risk. Due to the nature of these vulnerabilities its highly unlikely that anti-virus or anti-malware software will offer any protection.

What Can You Do?
Unfortunately there’s no way around it, the Windows XP machines must go, they will pose a significant and serious security threat to your network if they remain in use. If your organization currently has machines running Windows XP you should start purchasing new machines or plan a desktop infrastructure upgrade project with your IT department or provider. This should include replacing all Windows XP machines with newer systems OR upgrading them to at least Windows Vista (although you’d be much better off with Windows 7 or Windows 8). You may also take this as a chance to evaluate your entire IT infrastructure to ensure all of your equipment is current with the latest, updates and current support subscriptions.

If you need assistance in procuring and migrating to new desktops/laptops in your organization, Invizio provides IT support and desktop infrastructure roll-out services. Give us a call today.

Be Smart About Your Passwords – Part One

Being Smart About Passwords Part One Header
This is the first installation of a two part blog post that I will use to help our readers be smarter about how they use passwords. This is by no means a definitive guide on password policy or management but rather some tips and suggestions on how to make your life a little easier.

Passwords are EVERYWHERE. These days we need a password for our e-mail, for our bank accounts, another for Facebook, LinkedIn, our cellphone, our home computer, our work computer and the list goes on. It’s safe to assume that we have a less than optimal solution for managing these passwords; maybe we write them down, or worse we use really bad passwords (dates of birth, or simple, easy to remember words). That being said this post is about how you can use an application or service to help you manage the growing list of passwords you’re forced to create and remember everyday.

I implore everyone to follow my simple two step plan to get your password life in order. If you’re already using a password management tool, congratulations, you’re already being smart about passwords and you’re ready for part two. For the rest of you, let’s get to it.

Step One: Choose a Password Management Tool

There are a lot of options out there for password management tools and I’m not going to list or review them all. What you should keep in mind when choosing a password management tool is; what kind of computer do you use? And do you need it to work on more than just your computer or also a smartphone and/or tablet? Here are some password management tools that I’ve used personally or at least suggest you check out.

  1. LastPass is my password management tool of choice, it’s easy to use and it works with virtually every device you might want to use it with.
  2. KeePass is the other tool I use, it works on all the popular desktop systems and has support for most mobile devices as well, it’s not as elegant as LastPass but it’s functional and completely free. Check out this review of KeePass.
  3. 1Password is another excellent password management utility that’s known for its elegance and excellent Mac support. Here’s a review.

Step Two: Use It!

Well, that was easy. Seriously, the tool is only useful if you use it, and all of the tools mentioned above make it very easy to offload the task of remembering all these passwords to a system that’s built to do so.

The good thing about using a password management tool is that you can use a stronger password for very important accounts (like online access to your bank account). Now instead of having to remember passwords for each individual account you have, you only need to know your master password.

What’s Next?

Coming up in part two, we’re going to tackle how to create a strong easy to remember password for times when you can’t use a randomly generated password or you need to create a master password. Now go be smart about your passwords.

Is Your Copier Machine Telling Your Company Secrets?

Ever since the CBS Evening News Special exposing the security and privacy risks associated with data stored on copy machine hard drives, we’ve received a number of inquiries from our clients about the safety of their office copiers. So just in case you missed the news, let us bring you up to speed.

Modern digital copiers or MFPs (multifunction printers) are the equivalent of a desktop computer. They come equipped with processors, an operating system, and have memory (RAM) and storage drives to handle document storage, job queuing and image processing tasks. So every time you print, copy, scan or fax a document using your copier that document may spend some (albeit short) part of its life on the copiers internal hard drives. Once your print job is done the typical copier will remove the data from the disk. Sounds pretty safe right? Maybe not.

The latest hoopla surrounding information security on copier machines is related to the fact that many machines never delete this data from the disk, or only do so when the hard drive becomes full (which many never do). So when your copier lease expires and you send it back to your vendor, you may unknowingly be returning the hard drives filled with data from every document ever processed by the machine containing sensitive information about your company and your clients. With enough malicious intent, free publicly available computer forensic software and a few extra bucks anyone could potentially retrieve all that information from the disks.

While the outcome of the CBS investigation was pretty scary with medical records, credit cards and social security numbers retrieved from copiers purchased at random, the good news is that many vendors (as part of their standard operating procedure) actually destroy the data for you. Notwithstanding, if you rather not entrust your data destruction to your vendor you can still ensure your data safety before the copier leaves your hands. Here a few tips that will help.

1) Data Encryption & Overwriting

Many machines already come with security features that will eliminate the risk of data retrieval, but are often not enabled by default. Insist that your copier vendor or your IT consultant enable the data encryption and overwriting features on your machines.

2) Secure Data Wipe

Before returning or disposing of your copier, perform a secure data wipe of the machine’s storage drives. Some copiers allow you to do this with built in functionality and others may require that a hardware add-on be purchased in order to perform the task. It’s also becoming increasingly common for copy vendors to allow you to keep the hard drives and destroy the data at your choosing.

3) Become a Copier Snob

Avoid using copiers you have no control over (e.g. at someone else’s office or at a library) to scan/copy/fax sensitive information. There is no telling who has access to that copier or whether it is their policy to have the data properly destroyed. You may also wish to inquire about data security policies at copy centers your company uses.

So before you send your copier packing back to your vendor with your drivers license and tax returns, make sure you get cleaned up. If not, look on the bright side, your replacement copier might come loaded with secrets of its own.