CryptoLocker victims may have some hope

Some victims of the CryptoLocker ransomware / malware / trojan may have hope for recovering their files thanks to a site that has gone live in the last few days.

The way CryptoLocker works is that once it has run on your computer, it will begin encrypting the files on it (and potentially on file shares on your servers) and then tell you that you have 72 hours to pay the ransom and get the encryption key which allows you to unlock / decrypt your files. If you don’t pay up, the key is supposedly deleted and all hope is lost.

However, thanks to an effort by FireEye and Fox-IT’s InTell, there is a service that victims can go to online, upload an encrypted file,  and get the encryption key to unlock your files – FREE OF CHARGE….

Before you get your hopes up, it is important to note that there are a plethora of CryptoLocker variants and not all supported.

Go check the DecryptCryptoLocker site here:

https://www.decryptcryptolocker.com/

Good luck!

If you need assistance with security issues for your business in the Greenville or Upstate SC area, please do not hesitate to call upon Homeland Secure IT at 864-990-4748

 

Stolen computer from Greenwood hospital may contain unencrypted patient data

Notebook computer thief

Here we are in 2014, with operating systems which feature built-in data encryption, and in the news today over on WYFF’s site is a story titled “Hospital: Patient info at risk after laptop is stolen“.  It was just a couple years ago that I wrote on this blog about a similar incident HERE.

The long and short of today’s story is…  A laptop was stolen. Said laptop has not been recovered. Laptop MAY contain patient data. Data is not encrypted.

That pretty much covers it.  From that, we can conclude that if someone recovers the laptop, which was supposedly thrown into a lake, that data could be recovered.

Would this even be newsworthy if the hospital had used encryption? I don’t think so. And if they had decided to use that encryption, it would not have cost them a penny more if they are using a modern OS (such as BitLocker full disk encryption on Microsoft Windows 7 Professional and Windows 8 / 8.1 Professional).

If you have notebooks that contain sensitive data, consider utilizing encryption. If you have no idea where to start and you are in the Greenville or Upstate SC area, feel free to call upon us. We will be happy to evaluate what you have, and help you implement a plan to protect your data.

Homeland Secure IT can be reached at 864-990-4748 or you can use our CONTACT FORM.

 

Holiday Hours for Computer / Network Service & Sales

Homeland Secure IT is closing in observance of Independence Day 2014 and so we can spend time with our families!

We’re walking out the door on July 3rd at 2pm and will return on Monday, July 7th ready to tackle any project you may have.

Should you have an emergency such as your server go down over this holiday weekend, it’s okay – go ahead and contact us!  Voice mail left at 864-990-4748 will get to us and we will return your call quickly.

We hope you have a safe and happy Independence Day!

Apple iCloud ransomware is a real threat

People are being locked out of their iPhones and iPads due to an attack that is taking place where the devices are locked and you can only gain access to your files if you pay a “ransom”.

This is mainly in Australia but it has been reported in other locations.

You should backup your data so that in the event this happens to you, you will not lose much and can just have your device wiped and start fresh then restore the data.

Another real issue that is happening is spoofed email is being sent out that says your iCould has been locked, and that you should visit a website. It looks like it is authentic, that Apple was the sender, but in fact, it is not.

These emails look like this:

Apple iCloud password reset email

Bogus email from Apple

If you have any issues related to this type of ransomware or malware, please give us a call at 864-990-4748 and we will try to assist you!

Homeland Secure IT provides computer, server and network support, service and sales to the Upstate of South Carolina.  Our focus is primarily small and medium business.

Internet Explorer being actively targeted – Why are you using IE?

This is from our partners at WatchGuard, taken in its entirety from their blog for your reading enjoyment:

Advanced Attackers Exploit IE & Flash 0days in the Wild

by Corey Nachreiner

Over the weekend, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability in Internet Explorer (IE), which attackers are exploiting in the wild. Around the same time, Kaspersky also noted an attack campaign leveraging a new Adobe Flash zero day flaw, which Adobe patched today. I’ll discuss both issues below, starting with the IE issue.

IE Zero Day in the Wild

According to this blog post, researchers at FireEye discovered advanced attackers exploiting this zero day IE flaw as part of a persistent attack campaign they are calling “Operation Clandestine Fox.” The attack targets IE 9-11 and also leverages a Flash flaw to help bypass some of Windows’ security features.

Shortly after FireEye’s post, Microsoft released a security advisory confirming the previously undiscovered flaw in IE. The advisory warns that the flaw affects all versions of IE (though the attack seems to target IE 9-11). While Microsoft is still researching the issue, the vulnerability seems to be a “use after free” class of memory corruption vulnerability. In short, if an attacker can entice you to a web page containing maliciously crafted content, he could exploit this flaw to execute code on your machine, with your privileges. As usual, if you have local administrator privileges, the attacker would gain full control of your machine. It’s interesting to note, the attackers also leverage a known Adobe Flash issue to help defeat some of Microsoft’s Windows memory protection features.

Zero day IE vulnerabilities are relatively rare, and very dangerous. Attackers are already exploiting this IE one in the wild, so it poses a significant risk. Unfortunately, Microsoft just learned of the flaw, so they haven’t had time to patch it yet. I suspect Microsoft will release an out-of-cycle patch for this flaw very shortly since this is a high-profile issue. In the meantime here a few workarounds to help mitigate the flaw:

  • Temporarily use a different web browser – I’m typically not one to recommend one web browser over another, as far as security is concerned. They all have had vulnerabilities. However, this is a fairly serious issue.  So you may want to consider temporarily using a different browser until Microsoft patches.
  • Install Microsoft EMETEMET is an optional Microsoft tool that adds additional memory protections to Windows. I described EMET in a previous episode of WatchGuard Security Week in Review. Installing EMET could help protect your computer from many types of memory corruption flaws, including this one. This Microsoft blog post shares more details on how it can help with this issue.
  • Configure Enhanced Security Configuration mode on Windows Servers – Windows Servers in Enhanced Security Configuration mode are not vulnerable to many browser-based attacks.
  • Disable VML in IE – This exploit seems to rely on VML to work. Microsoft released a blog post detailing how disabling VML in IE, or running IE in “Enhanced Protection Mode” can help.

Make sure your AV and IPS is up to date – While not all IPS and AV systems have signatures for all these attacks yet, they will in the coming days. In fact, WatchGuard’s IPS engineers have already created signatures to catch this attack. We are QA testing the signatures now, but they should be available to XTM devices shortly. Whatever IPS system you use, be sure to keep your AV and IPS systems updating regularly, to get the latest protections.

Adobe Patches Flash Zero Day

Coincidentally, Adobe also released an emergency Flash update today fixing a zero day exploit that other advanced attackers are also exploiting in a targeted watering hole campaign. The patch fixes a single vulnerability in the popular Flash media player, which attackers could exploit to run arbitrary code on your system; simply by enticing you to a web site containing specially crafted Flash content. This exploit was discovered in the wild by Kaspersky researchers (one of our security partners). According to Kaspersky’s research, the exploit was discovered on a Syrian website, and seems to be designed to target potential Syrian dissidents.

The good news is there is a patch for this flaw. So if you use Adobe Flash, go get the latest update now. By the way, some browsers like Chrome and IE 11 embed Flash directly, so you will also have to update those browsers individually. Finally, though the IE zero day I mentioned earlier does rely on a Flash issue, this particular zero day Flash flaw is totally unrelated.

So to summarize, if you use IE, disable VML, install EMET, and watch for an upcoming patch. If you use Flash, updates as soon as you can. I will be sure to inform you here, as soon as Microsoft releases their real patch or FixIt. — Corey Nachreiner, CISSP (@SecAdept)

Should you need assistance with these security needs or any others for your business or home computers, please do not hesitate to reach out to us at 864-990-4748 or use our contact form on the www.HomelandSecureIT.com website.

Kevin Mitnick demonstrates a Microsoft Word document exploit

Did you know that most successful computer exploits that we encounter are because the user simply clicked a link, or opened a document without giving it a second thought?

I think we’re all guilty of receiving an email from someone we know, or assume we know, then opening the email and following that link. I know I have done it, in fact, I did it just this week… And to think, I consider myself smarter than the average bear.

It goes without question that you should use a supported operating system, such as Windows 7, Windows 8 or 8.1 (or one of the newer versions of Mac OSX, or whatever flavor of Linux you love), but you should also keep the latest updates on that operating system, and you should put all the security updates and patches on the helper applications such as Adobe Flash, Microsoft Office. You should also run trusted anti-virus, like Trend Micro Worry-Free or Titanium.

However, even with all that, it does take a solid does of common sense to protect yourself.

Famed hacked, turned whitehat, Kevin Mitnick, demonstrates in this video what might happen if you open a Word document from an untrusted source:

KnowBe4 has the “Security Awareness Training” course that you can take online at www.knowbe4.com, and they even have a free Phishing Security Test which companies can sign up for, then share the link with their employees to test their phishing IQ.

If you need assistance with any security related issues in the Greenville, SC area, give us a call at 864-990-4748

1

And the winner of our Jabra Freeway giveaway is….

Jabra FREEWAY hands-free bluetooth device

We have a winner in our giveaway!  Olga Bannister, simply for being awesome and subscribing to the Homeland Secure IT blog, you have won this cool device that may keep you from getting a ticket in the City of Greenville.

Stop by and pick it up most any weekday between 8:30 and 5:30.  You might call ahead to make sure we are here though!  864-990-4748.

In the interest of full disclosure, Olga was not the first person who’s name was selected, the first was someone who had unsubscribed from our blog a bit ago, so I let Random.org select another for us.

Should you want one of these awesome Jabras to help protect yourself or your company from the legalities involved with using a phone while driving in Greenville, or maybe you need a hundred of them to protect your business, simply give us a call, our price is fair and we can provide you a quote for one or one thousand!

Also, don’t go away mad if you didn’t win, we’re going to be giving away more cool stuff in the very near future on our blog!

 

2

Internet Spring Cleaning Day 2014 is upon us! Read Immediately!

What ever you do - don't panic!

Whatever you do – Don’t panic…

It’s that time of year again when ISPs (Internet Service Providers) from around the globe perform their yearly scheduled maintenance. This is dubbed “Internet Spring Cleaning”.

In case you have missed the stories on the news and the countless emails flying around for the last week or so, then this may come as a total surprise to you. Newcomers to technology may also be taken by surprise.

In previous years, Internet Cleaning Day has taken place over an entire 24hr period, but due to new techniques, ISPs have managed to narrow it down to only 1 hour which they have conveniently scheduled for 12pm to 1pm in each time zone.

So today, at noon, before you leave your office for lunch, you should take some precautions to protect your electronics and fine furnishings from the chemicals that are blown through the lines. We have found that simply unplugging the CAT-5 network cable from the back of your computer and placing it into a trashcan with a liner is best, but you can use an empty water bottle or even a coffee cup in a pinch. If using a coffee cup, or bottle though, you may want to put a layer of newspaper or other papers under it in case of any splashes or spills.

While normal analog phone systems are not going to be affected, VoIP systems WILL be… This is often overlooked! You should follow the same procedure if your business is using Voice over IP technology. If you are unsure, it is best to disconnect the cables and place in the same container as your network cables.

If you are using wireless devices, simply turning off the radio or disconnecting from all access points should work, but to be on the safe side, it never hurts to turn it off completely.
As always, if you require assistance with computer, server, network or even your internet spring cleaning in the Greenville, SC or Upstate, SC area, please call us at 864.990.4748
Sign up for our blog to receive it via email and be entered to win a Jabra FREEWAY bluetooth in-car speakerphone!
1

Don’t risk a ticket – get a hands-free system for your car (Win a JABRA here)

Jabra FREEWAY hands-free bluetooth deviceAgree with it or not, Greenville South Carolina has a new law that states that if you even appear to be using a hand-held device while behind the wheel, you risk a $100 ticket. Not only that, as the old saying goes, “third time’s the charm” applies here because your device can be confiscated and destroyed if so ordered by a judge upon conviction of three infractions of this ordinance.

So what’s a person to do? If your car and phone are equipped with bluetooth, you’re good to go!  Just pair the two and be able to talk without even touching your phone.

But what if your car does not have bluetooth support? Simply purchase one of the many bluetooth speakerphone adapters out that are on the market.

Homeland Secure IT is proud to be a partner with JABRA, one of the largest and most respected bluetooth device manufacturers, and we are recommending one of their units in particular. The JABRA FREEWAY.

The FREEWAY is a tiny hands-free speakerphone and surround sound music player that easily links with your smartphone (up to two of them). It will clip to your visor, and with its built-in battery, it doesn’t even require a cable.

Using the JABRA FREEWAY, you can make phone calls without touching your cell phone.  You can play your music from your smartphone over the built-in speakers, or you can use the built-in FM transmitter to send the audio of your calls and music to your car stereo.

The audio is crisp, the background noise is minimal. The cost is affordable – costing less than a ticket!

For more information about the JABRA FREEWAY – visit their page at
http://www.jabra.com/products/speakerphones/jabra_freeway/jabra_freeway

Want to know about the law here in Greenville, SC?  Go here:
http://www.greenvillesc.gov/CityCouncil/DistractedDriving.aspx

Want to BUY a JABRA FREEWAY?  Use our contact form or call us at 864-990-4748

If you want to WIN a JABRA FREEWAY, subscribe to our blog by looking for the “Subscribe to this blog!” section here http://www.homelandsecureit.com/blog/  – Everyone subscribed will be entered to win our April 15th “Tax Day Giveaway”. There are a couple of restrictions: You must be able to pick up the device in person at our Greenville office. Only one entry is permitted.

Microsoft FixIt for Word / Office should be applied without hesitation

Yesterday’s Microsoft Security Advisory announced a vulnerability in Microsoft Word which could permit remote code execution.

The summary of this advisory simply states that people are being exploited due to a vulnerability. It happens when someone opens, or even previews an RTF in email using Microsoft Word as the email viewer.

While Microsoft has not released a full patch at this time, they have a “FixIt” that will help protect you. You should apply that FixIt ASAP… Find it HERE.

Affected software:

Microsoft Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 & SP2 (both 32 and 64 bit versions), Word 2013 (both 32 and 64 bit versions), Word 2013 RT, Microsoft Word Viewer, Microsoft Office Compatibility Pack SP3, Microsoft Office for Mac 2011, Word Automation Services on Microsoft SharePoint Server 2010 SP1 & SP2, Word Automation Services on Microsoft SharePoint Server 2013, Microsoft Office Web Apps 2010 SP1 & SP2, Microsoft Office Web Apps Server 2013.

If you need assistance with this, or any Microsoft related security issue, please do not hesitate to call us here in the Greenville South Carolina area!  864-990-4748 or use our CONTACT FORM.