Sudbury Computer Repair Blog

To keep your business  running smoothly, you need computer and network security. It is important to maintain your network and systems, making sure they are virus and malware free,  current with security patches, and running at optimal performance.

Ransomware is a type of malware that prevents you from using your computer or accessing your data until you pay a certain amount or "ransom" to a remote entity. There are two types of ransomware:

• Lockscreen ransomware, which displays a full-screen image or webpage that prevents you from accessing anything in your computer, and
• Encryption ransomware, which encrypts your files with a password, preventing you from opening them

Most ransomware displays a notification, saying that the ‘authorities in your location have detected illegal activity in your computer’. To avoid prosecution, and regain access to your files, ransomware demand payment from you in the form of a "fine".

Paying the "fine" does not necessarily return your computer to a usable state. We do not advise that you pay. With ransomware, the threat of prosecution does not come from the legitimate authorities.

FAQ’s about ransomware

Q: Is it true that the legal authorities in my area have detected illegal activities in my computer?

A: No. These warnings are fake and have no association whatsoever with the legitimate authorities. The operators of ransomware abuse the tone, images and logos of legal institutions to give their scam an air of legitimacy.

Q: I cannot access my computer or my files. Should I just go ahead and pay these people to regain access?

A: No. Do not pay, regardless of how legitimate or threatening the claims look. You will only end up giving money to criminals, who have no intention of giving you back access to your computer or files.

Q: What should I do if I've paid the scammers?

A: In all cases, you should contact your financial institution and your local authorities. If you paid with a credit card, your financial institution may be able to block the transaction and return the money to you.

Q: How did the scammers know my IP address?

A: There are publicly available tools online that can check a computer's IP address. Getting IP addresses is common behavior for malware - in the case of ransomware, it is used as another scare tactic.

Q: How did ransomware get on my computer?

A: Ransomware, like other malware, can arrive in a variety of ways. However, in most instances, it is downloaded automatically into your computer when you visit a malicious website or a website that's been compromised.

Q: How do I regain access to my computer or files?

A: Do not pay the fine. Ransomware have varying behavior and will have to be removed in different ways. Refer to How to remove a ransomware infection for steps on how to remove ransomware.

For computer system security, contact Sudbury Computer.

Excerpts - microsoft

It is important that Boston area company's computer system security is up-to-date. Your business computer system should be regularly and/or continuously monitored to make sure that you are up to date with the latest security, compliance, and disaster recovery standards.

Microsoft has long benefited from the bug bounty programs of other vendors. But it now has its own new programs to compensate researchers who spend their days hunting down fresh security flaws in Microsoft products. Microsoft is offering cash bounties to boost the "win-win" between Microsoft customers and security researchers.

Microsoft has reversed its longstanding ban on paying hackers for information about freshly discovered security holes and instead is now offering rich bounties for notice of new Windows bugs.

Microsoft has benefited from the bug bounty programs of Google and Mozilla. But it is now offering three new programs to encourage and compensate so-called gray hat and white hat researchers who spend their days hunting down fresh security flaws in Microsoft products.

Hackers can now claim bounties of up to $100,000, depending on the type of bug discovered. For instance, Microsoft will pay $11,000 hard cash for any bugs found in its upcoming Internet Explorer 11 browser software.

"Microsoft entering the game is a big changer because they are a large traditional software vendor," says Chris Wysopal, chief technology officer at application security vendor Veracode.  

Microsoft has come full circle in the hacking community's fractious "full disclosure" debate. Black hat, white hat and gray hat hackers have been relentlessly exposing new Windows bugs since the 1990s.

White hats argue that the intense scrutiny compels software vendors, like Microsoft, to take security more seriously and patch security flaws with more alacrity. Black hats hunt for bugs, too, but with criminal intent. Gray hats sometimes contribute to the cause of good, and at other times behave more like black hats.

Each newly disclosed Windows bug sets off a race to get the new vulnerability patched across the massive breadth of Windows PCs, laptops and servers -- before they can be taken advantage of.

That phenomenon now happens at such a frenzied scale that Microsoft has taken to issuing security patches on the first Tuesday of each month to maintain a semblance of order.

Bug bounty programs have been around for awhile in order to encourage gray hats and white hats to work with vendors to fix problems instead of disclosing new bugs without vendor coordination.

Bounties help "massively.” Cash is best when it comes to demonstrating that software companies who tend to rush products to market actually value the gray hat and white hat researchers who, essentially, perform a critical quality control function.

Now Microsoft is finally acknowledging gray hats and white hats -- with its check book. "The value comes from the business actually understanding the importance of security, and the downstream impacts and ramifications to their business and customers," Ford says.

Mike Reavey, director of Microsoft's Security Response Center, tells CyberTruth that in the past researchers willingly reported a vast majority of bugs directly to Redmond "so there wasn't a need to offer a bounty program."

Do you think you have a bug in your computer system? You may not be able to get cash for it, but contact Sudbury Computer to get rid of it and to help make your system more secure.

Sci-TechToday.com

Your email has been hacked. An E-mail worm is an infection that uses your system to send out mass mailings.  It will generally grab your address book and send an email to everyone you know. They expect that your colleagues will open mail if it comes from you.

The new generation of E-mail worms are getting trickier and using address spoofing to help hide the worm.  When a system gets infected, the worm sends out an infected E-mail to everyone in the address book.  The difference is that it uses a random address in the address book as the from address.  This makes it look like the infected mail came from someone totally different that may have a clean system.  This person generally gets blamed by everyone for sending out the infected E-mail when they actually had nothing to do with it thus making it more difficult to track down the actual infected system.

If you are accused of-, or think you may have an infected computer system, take these steps.

1. Run a virus scanner and a malware scanner to make sure that your system is actually clean.
2. Look at the headers of the E-mail to see where it actually originated from as this can help convince people that you are not the one who is infected.  Here is a good site to help you interpret E-mail headers.  http://www.mxtoolbox.com/emailheaders.aspx
3. Send a link to this article to your accuser so they can better understand how Worms and Spoofing work.

For more information or assistance, contact Sudbury Computer.

You will want to have reliable email security in place to protect your business network. If you are hosting email in house, you have a few options.  Use software on your mail server, use a device on your network to scan your mail before it hits your mail server or use a cloud based solution.

Using software on your mail server can be effective but it puts a lot of extra stress on your mail server as well as your network.  It also is not the best idea to allow infected mail to hit your mail server before dealing with it, although there are several decent products on the market that handle this fairly well.  This can be a fairly inexpensive solution up front with reasonable ongoing support/maintenance costs.

Using a hardware filtering appliance is a nicer solution although the upfront costs may be prohibitive.  You will also have ongoing support/maintenance costs with this solution.  The hardware appliance will scan all of the mail after it arrives on your network and will only hand it off to the mail server once it is certified virus/SPAM free.  One downside is that mail is still coming into your network stressing your routers, switches, etc.

Cloud based solutions check all of your mail on their servers, forwarding to your mail server after mail has been certified clean.  They will block infected email and SPAM before it hits your network keeping the load off of your routers, switches and mail server.  The online solution will prevent you from using extra bandwidth and unnecessary storage.  You will pay a monthly fee per user.  This is the preferred method of Sudbury Computer because with the massive amounts of SPAM coming in these days, this traffic can  be overwhelming to a network.

With any of these email security solutions you will have a method of scanning through blocked mail to see if anything was identified that wasn't SPAM (false positives) and will have the ability to release it.  You will also have the ability to create white lists for people that you always want mail to be allowed from.

For more information on email security options, contact Sudbury Computer.

Too many businesses still have unsecure networks. Fortunately or unfortunately it is easy for a small or medium sized business to have a wireless network. Unfortunately, those same companies may have unsecure wireless networks. In fact, the default settings on your companies Wireless Router usually come with no security. As a result, your wireless network can leave your business open to hackers who can ruin your computer, compromise your system, and steal information.

Did  you know that there are sites like http://wigle.net/ that are dedicated to mapping wireless networks and finding out whether or not they are secure? You can type in a zip code and see a map of all wireless networks in the area.

Hackers use these sites to practice their skills and try to access computers on a wireless network to see what they can steal.  They also use this technique to attack business systems and put viruses and SPAM sending applications on company computers.

It is essential that your company take the necessary steps to secure your wireless network. Why is your wireless network more vulnerable? With a traditionally wired network, a hacker needs physical access to that network. With a wireless network your system works with a radio signal, and it is easy for hackers to access this signal from outside.

When data is being transferred via this radio signal, it can be easily accessed or corrupted. With a hard wired network, the data travels and stays within the wires. A wireless network is an easy and economical way to set up a business network, however, they are not secure. The threat of hackers, viruses and spyware will only grow over time, set up a secure wireless network to keep your computer, data and company safe.

For a secure wireless network, contact Sudbury Computer.