The first reports regarding the Odin File Virus started appearing on 26 September, and early signs point to the ransomware affecting mostly U.S. users. Unfortunately, there is very little doubt that the virus is going to spread like a wildfire in an old forest, if not already.
Odin could infect your computer in many diverse ways. For example, sometimes Trojans are used for finding a vulnerability in the operating system or another additionally installed program of your PC. After detecting its weakness, it uses it to sneak the Ransomware in. Another possible distribution tool is the so-called malvertising. This is the process of generating fake pop-ups and links, which lead to locations full of malware or directly download malware onto your PC. In this case, once you open the malicious ad, the virus gets injected into your system. Ransomware could also come from infected web pages that you come across, malicious torrents, infected emails.
Odin typically functions in the following way:
Everything begins with the assembling of a list of all the files that you regularly use. This list is the guideline for the encryption process – it shows the virus the locations and the names of the files. The encrypting then starts and all the data from the list gets locked up. In some very rare cases, some infected users might see a strange process taking place in their Task Manager, which will usually be responsible for consuming the largest amount of system resources. You can freeze the infection process by disconnecting your computer from all networks and to turning it off immediately. Then you should bring your computer to a professional for help and make sure not to switch your machine back on without a specialist. However, most infections go unnoticed and finish with the generation of a special message on your screen, which informs you about the demanded ransom and warns you about the future of your system and your files.
What is the best solution? So far, there’s no tool or strategy that will promise the full recovery of your files. We cannot tell you what to do in your case, but we can explain the possible solutions here and you can decide for yourself.
- You may pay the ransom. Just bear in mind that this is not very clever, because it doesn’t guarantee that the hackers will decrypt your data, it may just motivate them to encrypt somebody else’s files. However there are no guarantees of recovering your files are given.
- You can bring your computer to a professional and let them fix the problem.
Call 510.522.4921 for more information! No appointment needed.
Curious about who’s using your network, and if they’re slowing it down? It’s possible that your internet provider is just lying about the speeds that you should really expect on your network, but it’s also possible that there’s someone other than you using your Wi-Fi network. The best way to resolve the question is to take a look at what’s going on with your network, and check whether the devices that are connected to it are ones you recognize. There are a couple of easy ways to determine who is using your Wi-Fi network.
1) Check Your Router’s Administrative Page
One way to see what devices are connected to your Wi-Fi network is to log on to your router’s administrative page and check the list of “Attached Devices”. From there, you’ll be able to see all of the computers, smartphones, tablets, and any other devices connected to your wireless router. The website of your router’s manufacturer should explain how to log in to your router. Usually all you have to do is type the router’s Internet Protocol (IP) address into your web browser, and logging into the page with the administrator name and password.
2) Use an App to Scan the Network
If you don’t want to bother with logging in to your router’s administrative page, you can download an app that will do the dirty work for you. There are a number of apps that will scan your network for connected devices. In fact, your router’s manufacturer may have its own app. View the list of the devices that are connected to your network, and determine which ones are yours, and see if there’s anything suspicious going on with your network. It’s possible that all of the devices on the list will be accounted for, but if you find a device connected to the network that doesn’t belong to you, you know that someone else is using your Wi-Fi. It’s possible that the unauthorized user is connecting to your network only sporadically, so you may need to perform checks a few times to determine if the device is responsible for slowing down your Wi-Fi.
It should go without saying that you should ensure that your network is appropriately secured, but if your network is already encrypted and someone is still connecting, then the least you should do is change your Wi-Fi password immediately. After that, you should check on the network periodically to ensure that the only devices on the network are yours. If an unauthorized user manages to connect to your network again, you should return your router to factory settings and configure it again from scratch.
On the other hand, if you determine that no unauthorized users are connecting to your Wi-Fi network, and you’re still experiencing problems with the speed of your network, you probably have other problems to troubleshoot. You should test the speed of your internet via both ethernet and Wi-Fi, and if your Wi-Fi speed is much slower than your wired connection speed, that may indicate that you need to replace your router. If the problem persists, you may want to get in touch with your internet provider and see if there’s a problem that the company can help you resolve.
Right now, millions of hackers, spammers and scammers are hard at work. They’re after your Social Security number, bank account information and social media accounts. With any of these, they can steal your money or trick your friends into giving up theirs.
The scary part is that anyone can be a hacker. For as little as $3,000, you can buy a complete and fully operational exploit kit. This kit does most of the illegal work for you automatically. You get to sit back and rake in the cash, until you get caught.
Between semi-amateurs with automated systems and serious hackers who are masters of technology and trickery, how can you possibly hope to stay safe?
The best way is to know how hackers do what they do. Once you know that, you can counter their malicious acts. Here are five popular hacker strategies.
1. Phishing scams
Lucky you! A Nigerian prince has selected you to help smuggle millions out of his country. For a little bit of effort — a few simple wire transfers — you’ll get a substantial cut. What could be easier?
I bet you’re asking yourself, “Who would fall for that?” Well, tens of thousands of people do every year. That’s why Nigerian scams, known as 419 scams, are still very popular.
Other versions might say you won a contest or have a job offer. Maybe someone wants to meet you, or you can make money for shipping some goods.
The catch is that you have to send in personal or banking information, or pay a fee. Of course, your information and money is going straight to hackers.
Use common sense before reacting to any e-mail. Scams rely on making you act quickly. If you think about things long enough, you can usually see through them. Just remember the old saying, “If it looks too good to be true … ”
2. Trojan horse
Many hackers want to slip a virus on your computer. Once installed, a virus can record everything you type and send it back to the hacker. It can send out spam e-mail or attack other computers.
To do this, the hackers disguise the virus as something harmless. This is called a Trojan horse, or just Trojan.
One of the most popular ways to deliver a Trojan is a variation of the phishing e-mail scams.
For example, the e-mail might say it’s from a shipping service, bank or other reputable company. There’s been a problem with a transaction! To learn more, you have to open an e-mail attachment.
The attachment might look like a normal file, but it really contains a Trojan. Clicking on the file installs it before you can do anything.
Similar scams appear on Facebook and Twitter. You think you’re going to watch a funny video your friend posted. Instead, a popup tells you to update your video player. The “update” file it provides is really a Trojan.
The key to defeat this tactic, as with phishing e-mails, is common sense. However, up-to-date security software is essential as well. It should detect and stop most Trojans before they can install.
3. Drive-by downloads
Security software is good, but it isn’t always enough. Programs on your computer might have weaknesses that hackers can use to bypass security software.
To take advantage of these weaknesses, hackers set up websites embedded with viruses. You might get there by clicking a malicious link in a phishing e-mail or on social media. You can even find these sites in a search for popular programs or topics.
It isn’t just malicious sites, though. Hackers can sneak malicious code on to legitimate websites. The code scans your computers for security holes. If it finds one, a virus can download and install without you doing anything.
To stay safe, you have to keep your programs up-to-date. Every month, Microsoft releases updates for Windows and Internet Explorer. These updates close critical security holes that hackers exploit.
Other critical programs to patch are Adobe’s Flash and Reader, and Oracle’s Java. Using old versions of these programs is like sending hackers an engraved invitation.
You should also be using the latest version of your programs. Anyone using Internet Explorer 6, 7 or 8 needs to update or switch browsers immediately.
4. Bypassing passwords
In Hollywood movies, hackers are masters of guessing account passwords. In the real world, however, very few hackers bother.
Instead, they go around passwords. They might get your password from a data breach at a company or website you use.
It’s important that you use a different password for every account. That way, if a hacker discovers one, they can’t get in to every account.
Perhaps the hacker slipped a virus on to your system. It records your passwords and sends them to the hacker; no guessing needed.
As I mentioned above, you can stop viruses with up-to-date security software and programs.
A hacker might tackle your account’s security question. Most security questions can be answered with information people post publicly.
You should change how you answer security questions. Give a random answer that has nothing to do with the question. That way, no one can guess it.
5. Using open Wi-Fi
I’m sure you have a Wi-Fi network at home. Is it encrypted? If you don’t know the answer, then it’s probably, “no.”
That means hackers, and neighbors, can connect to your network from outside. They can see and record everything you do. They can surf to bad websites and download illegal files on your connection. You might be getting a visit from the police.
You need to take a few minutes and secure your network. Trust me; it’s worth it. The instructions will be in your Wi-Fi router’s manual.
PokemonGo is a mobile phenom unlike anything we’ve ever seen. Players are going out with the augmented reality app on their phones, finding Pokemon all over the real world. It was only a matter of time until some clever hacker decided to leverage Pokemon GO’s huge success to create Pokemon-themed ransomware.
On first glance, the PokemonGo ransomware infection looks like any other generic ransomware infection. It will scan a victim’s drive for files. When it encrypts a file it will use AES encryption and append the .locked extension to the encrypted file. When done a ransom note will appear directing the victim to email email@example.com to get payment instructions.
However, it appears that this developer has put in extra time to include features that are not found in many other ransomware infections. Most ransomware infections encrypt your data, delete itself, and then display a ransom note. The malware developers are there to do one thing; encrypt your files so that you pay the ransom.
he PokemonGo ransomware acts a little differently as it creates a backdoor account in Windows so that the developer can gain access to a victim’s computer at a later date. When installed, the PokemonGo Ransomware will create a user account called Hack3r and adds it to the Administrators group. It then hides this account from being seen on the Windows login screen by configuring the Windows registry. Another feature is that it contains a function that will create a network share on the victim’s computer. Lastly, the ransomware attempts to spread itself by copying the ransomware executable to all removable drives.
In case you have become the victim of this campaign, contact ABM Computers at 510.522.4921 and we will be able to fix your machine.
A new Windows Activation scam has been discovered. This is yet another Trojan from the Rouge.Tech-Support-Scam family displays a fake Windows activation screen when you login to Windows. The message on the screen says that your product key is invalid and that you need to enter it again. When that doesn’t work, the infection with actually speak the message “Please activate your Windows. Call us on 1-888-414-4284”.
When you call the number, you are told that your product key is invalid and you will need to pay $99.99 USD for a new one. The “Remote Tech Support” agent will then ask you to give him remote access so he can enter your new product key and remove the fake message. They will not give you the key, because it is actually a hard coded key that will work for everyone.
For anyone who is affected by this scam, please do not call them and do not purchase anything from them as the infection is easy to remove! This is because this variant has a hard coded password that you can enter into the product key to “activate” it and close it. Enter close-close-close-close-close into the Product Key field and then click on the Activate button.
If this procedure does not work, you can reboot your computer into Windows Safe Mode with Networking and scan your computer with your favorite anti-virus or anti-malware program. For those who have Malwarebytes installed, that will remove this infection.
Microsoft is making its digital assistant an essential part of the operating system, and by “essential,” I mean “mandatory,” because users will no longer be able to.
In the Windows 10, Cortana is one and the same with search. If you use the search box to look for a file on your device, you’ll be using Cortana. What this means is, that searches you perform will be filtered through the web, and usage data will be sent to Microsoft.
I know this probably sounds like an invasion of privacy, but it’s not actually a huge change from Microsoft’s mandatory data collection. You can, of course, refuse to sign into Cortana or Windows 10 with a Microsoft account. However, your data will still be collected, it will just be anonymous.
The good news is that we can stop Cortana from collecting information about your speech, handwriting patterns and typing history. You can stop her from saving your habitual usage data across multiple devices. She will function more like a simple search box than a nosy personal assistant!
JUST FOLLOW THESE STEPS:
- Disable Cortana’s Settings
Open Cortana and click the settings icon in the lower left corner to open Cortana’s settings menu. You’ll see several options with on/off toggles – turn all those toggles to off. This will prevent Cortana from sharing your usage history across devices and from syncing notifications and other settings across devices.
- Wipe Cortana’s Memory
Once you’ve disabled Cortana’s settings, you can clear the information she’s already collected about you by opening Cortana, clicking the settings icon, and clicking Change what Cortana knows about me in the cloud. Scroll to the bottom of the next screen and click Clear.You can also clear your Bing search history by going to Cortana settings > Change what Cortana knows about me in the cloud and clicking Search History page under Where else is Cortana saving data about you.
- Stop “Getting to Know You”
Cortana collects information about you — by listening to your voice and tracking your handwriting patterns and typing history — to help improve your personalized experience. To turn this off, open the Settings menu and go to Privacy > Speech, inking, & typing. Click Stop getting to know me to stop Cortana from collecting this info and to clear any information she’s already collected.
- Hide the Cortana button
If you don’t plan on using Cortana or search at all in Windows 10, you can hide the Cortana button from your taskbar. To do this, right-click the taskbar, go to Cortana and click Hidden.
The new OS was released nearly a year ago on 29th July 2015, and since then, one of the biggest factors people have taken issue with is Microsoft’s desperation to get you to upgrade. While you can now opt out of the messages and decline the free upgrade offer, Microsoft has started projecting full screen notifications onto PCs that are yet to upgrade. The message is clear – upgrade before July 29th as Windows 10 will no longer be free.
ONLY 3 DAYS left to get the free update. After July 29, 2016 the Windows 10 Operating System will be $119.00. Most Windows 10 install can go smoothly, however there has been a fair share amount of users running into issues. A lot of times the computer itself isn’t powerful enough to run the operating system, or it’s too old.
Call us at ABM Computers and we will make sure your computer has all the requirements to run the Windows 10 update. If we find that it’s not, we can discuss the options you have. We will be happy to answer any questions you may have. Call 510.522.4921 anytime. No appointment needed.
When you install Windows, you are shown the Windows license agreement that provides all the legal language about the responsibilities of Microsoft, and what you can and cannot do with Windows. Surprisingly, it can be somewhat difficult to relocate at times.
With that being said, below is a step by step guide to show you how to find the license agreements for all editions of Windows.
STEP 1: Identify the current version of Windows currently installed.
For Windows 7 and Windows 8, you can left-click on the Start Menu, then right-click on Computer, and the select Properties. For Windows 10, right-click on the Start Menu and then left-click on the System option.
STEP 2: Open the folder that contains all of the license agreements.
Now that we know what version of Windows we are running we can open the folder that contains all of the license agreements for this version of Windows.
To do this, click on the Windows key, and while holding it down, click on the R key to open the Run dialog as shown above.
When the Run dialog box opens, you want to paste the following in the Open: field so that it looks like the image above:
STEP 3: Find the folder that corresponds to your edition of Windows.
When ready, press the OK button and a folder will open that shows individual subfolders for every edition of the Windows version installed on your computer. Each of these folders contain the respective license agreement for that version of Windows. When the folder opens, it will contain a single file called license.rtf. This file is the license agreement for your version of Windows and you can double-click on it to view it in Wordpad or Word, if it is installed.
STEP 4: Read the agreement, print it, or email it as needed.
Heads Up Web Surfers: Look Out for the “Locky” Ransomware Virus!
On February 16, 2016, a new ransomware virus was discovered, spreading like wild-fire throughout internet users alike. LOCKY encrypts the files of trusting victims and any unmapped network shares. Locky doesn’t just rename your files, it scrambles them first, and then ask you to pay the ransomware for the decryption key.
In order to spread the virus, cybercriminals sent out mass emails with malicious files attached. This email will have an invoice attached, asking the users for payment.
Little does the unsuspecting target know, but the attached file contains a malicious macro. Since they believed the document was an invoice, they had no problem opening the file, and gave permission to run the Macro. Once opened the ransomware was installed and began to encrypt and scramble their files. It scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time, or network shares that are accessible, including servers and other people’s computers.
Locky also encrypts Bitcoin wallet files if users have them, making it impossible to access the Bitcoin users may have stored. While losing files is bad enough, the loss of a Bitcoin wallet makes victims even more willing to pay the ransom, particularly if the price of the ransom is less than the value of the Bitcoin stored in the encrypted wallets. Once Locky is ready to hit you up for the ransom, it makes sure you see the following message by changing your desktop wallpaper:
Inside the Locky ransom notes are links to a Tor site called the Locky Decrypter Page. Locky’s payment system for decrypting files is the same as that of numerous other ransomwares. Locky’s website is hidden inside the Tor network and the ransom can only be paid with BitCoins. Once a victim sends payment to the assigned bitcoin address, this page will provide a decrypter that can be used to decrypt their files.
Locky ransomware is currently a big player in the malware sphere. The authors of Locky are skilled and are developing Locky further.
The rise of ransomware attacks highlights the need for users of all kinds to take greater security precautions with their stored data. As always, don’t open suspicious attachments (e.g. .doc, .xls, and .zip files). Keep recent backup copies of important data in a secure place either online or offline. Security firm, Malwarebytes , maker of malware detection tools and anti-virus software, have been actively working on a new product that combats ransomware attacks.
At this point, there is only one method of removing the Locky virus and having files decrypted: paying the ransom.
The best advice we can give you is safeguard your computer. In order to best protect yourself against attacks by Locky and other ransomware, deactivate the automatic execution of Macro codes. General attentiveness is always a good way to go as well.
- Only open trustworthy e-mail attachments from reliable senders.
- If your computer becomes extremely sluggish – this could be an indication that the Locky encryption is already underway. Shut your computer down and remove the battery pack from your laptop if necessary.
- Back-up your data regularly, so that data that may be affected, can quickly be restored with as little loss of data as possible.
- ALWAYS keep your operating system updated to the latest version. Regular updates can generally can shut a lot of security gaps.
- Install Anti-Virus and Anti-Malware programs. It is also essential to keep this software up to date. We recommend Microsoft Security Essentials (Windows Defender) and MalwareBytes.
For more information or questions, please call: 5105224921.
HOW CYBERCRIME WORKS
The point of nearly all malware is to make money. Cybercriminals have many methods to monetize their activity. Fortunately, the criminals must take many steps for the entire process to work. Every step along the way is another opportunity for us to break the chain needed for their efforts to be profitable.
The first step for cybercriminals is to find victims. Here are the six primary ways cybercriminals ensnare unwitting victims in their nets and compromise their computers for criminal purposes.
Spam: The monetization of malware started primarily with email spam. Peddling pills, fake watches and Russian brides is still a profitable practice for many criminals. Although spam volumes have begun to drop, spammers send billions of messages every day hoping that just a small percentage will make it past spam filters and convince a few folks with their guard down to make a purchase. While malware is still sent attached to some messages, it has largely moved to the web.
Phishing: Attackers use email for more than just spam promoting products and services. Email is the preferred method to deliver phishing attacks. These can vary from emails pretending to be from your bank or email service providers in order to steal your account details, to targeted attacks attempting to gain access to your company’s internal services.
Social Media: Many spammers have migrated from email spam to social media spam. Users are more likely to click links in commercially motivated spam if it appears to come from a friend or colleague on services like Facebook and Twitter. Breaking news and popular features on these networks can lead curious victims to click on unsafe links.
Drive-By Downloads: The largest number of victims are delivered into the hands of these thieves simply by visiting websites containing exploits known as drive-by downloads. Everyday over 30,000 URLs expose innocent surfers to a variety of code attempting to exploit vulnerabilities in their operating systems, browsers, plugins and applications.
Malware: Worms, viruses and other malware files still serve their masters well. While they are less common today than they were 10 years ago, opportunistic crooks still exploit malware to infect exposed systems and recruit people’s computing devices for their own purposes.
MONEY BEHIND THE MALWARE
After a criminal hooks a victim or takes over a victim’s computer, there are many ways to make money. Here are five schemes that cybercriminals use to make money off their victims.
Selling products: The most basic way to make money from any sort of malware, spam or website compromise is to sell a product. Criminals simply set up a store and use infected websites and spam to deliver promotions and advertisements to drive traffic to a virtual storefront. Many of these operations are not just false-front businesses. They ship sham products pretending to be Viagra, Rolex watches, Gucci handbags and various pirated software packages.
Stealing Login Details: The purpose of phishing spam messages is to convince you they come from someone you know or trust. Criminals use social engineering techniques borrowed from real brands to collect usernames and passwords associated with high-value websites like PayPal, banks, Facebook, Twitter, Yahoo and web-based email services. It’s easy for criminals to imitate these companies as everything online is digital. They simply steal real communications from the victim companies and redirect the links to bogus webpages. As a percentage, phishing emails are an increasing threat taking advantage of a user’s lack of awareness of hacking attacks and data breaches.
Fake Security Software: Often referred to as fake antivirus, these programs are designed to behave in the exact opposite way of traditional malware: noisy, annoying and flashy. Fake antivirus works by convincing the user they are at risk of infection after visiting a compromised webpage that secretly installs the fake antivirus on their computer. The criminals typically charge around US$100 for the fake antivirus software to “clean up” the infected computer. But the fake antivirus doesn’t clean up threats—it is a threat. And the criminals can make even more money off the victim by offering extended support and multi-year offers. Fake security suites target Windows, Mac and even Android users.
Ransomware: Cybercriminals can use ransomware to encrypt your documents, boot sector or other important component of your PC and hold it hostage until you pay a ransom. The ransomware often uses modern cryptographic algorithms, and only the criminals possess the keys to unlock your files. If you want your stuff back, you have to pay up. Traditionally ransomware was almost exclusively Russian, but recently we’ve seen these gangs targeting North America, Europe and Australia. A new variation plaguing Internet users in 2012 is a fake law enforcement warning suggesting your federal police authority has detected child pornography on your computer. The warning tells the victim their computer has been locked and they must pay a $300 fine to unlock it.
Social Media Spam: Delivering email messages to our inbox is harder than ever. Spam filters block more than 99% of it before it can see the light of day. And users can spot the fake names on spam that gets through. Social media sites like Facebook and Twitter have been an attractive place for spammers to move. The criminals can purchase access to stolen user credentials or convince users to spread fraud for them. They benefit from your social capital—the more friends and followers you have, the more people can be spammed by the criminal using your account. Users are far more likely to click a message about winning a free iPad or losing 30 pounds on a miracle weight-loss plan if it comes from someone they know and trust.
HOW WE WIN
As long there is money to be made criminals will continue to take advantage of opportunities to pick our pockets. While the battle with cybercriminals can seem daunting, it’s a fight we can win. Although our adversaries have plenty of incentive to infect users, their schemes require a series of steps to be successful. We only need to break one link in their chain to stop them dead in their tracks. Simply deploying patches more quickly, eliminating unnecessary applications, and running as a non-privileged user will thwart more than 90% of these attacks.
Many attacks succeed when users let their guard down. Increasing employee awareness of the threat and providing examples can help keep your users from opening malicious attachments or clicking on links out of curiosity. Users need to understand that, while security tools enhance the security of the network, the user is the most important defense for protecting sensitive company information.
We must recognize our weak points and work together as a community to share the knowledge we need to defend ourselves. Reducing the threat surface by having fewer apps, educating your users, and restricting administrative rights can make the job so difficult for the scammers that they will look elsewhere for their victims.