old methods cant stop ransomware

Why Old Methods Can’t Stop Ransomware

During the American Revolution, sentries guarding encampments reportedly shouted, “Halt! Who goes there? Friend or foe?” As far as we know, there are no statistics that indicate how many foes identified themselves as such – or lived to tell about it.

Ransomware is not easily identified

As of this time, conventional anti-virus software is about as effective at identifying ransomware as Revolutionary War sentry was at identifying friend or foe. We do have some statistics for the current day.

A recent survey of 500 companies found that

  • 33% had been attacked by ransomware in the previous 12 months
  • More than half of those companies were operating multiple anti-virus software at the time.

old methods cant stop ransomware

Think about that.

  • Of 500 companies,165 had been attacked by ransomware
  • Of those 165 attacked, 87 were employing multiple lines of defense.

That’s like having multiple perimeters of sentries, none of which would identify the foe.

There’s a reason for that.

The common approach is called blacklisting. Software already identified as “foe” is blacklisted. The problem is that the software cannot be identified as evil until it has permeated someone’s defense perimeter. Once identified as malware, conventional anti-virus publishes, in effect, “Wanted” posters so that computers can recognize software already known to be malicious.

There’s a solution for that

The solution is in implementing the opposite of blacklisting. Computer techies call it “whitelisting.” Instead of issuing wanted posters, a whitelisting approach allows only known friends to pass.

Pernicious thinkers amongst our readership might be thinking that ransomware can disguise itself by wearing someone else’s clothes. Not so. If ransomware producers think that they can masquerade as a friend, they will be sorely surprised to discover that they are wearing the proverbial Emperor’s New Clothes. The ruse will be discovered, and the attempt at ransom will fail.

Are you adequately protected against ransomware? Don’t think so. Know so. Contact us and let us show you how you can be sure that you are protected.

Ransomware Myrtle Beach

Why Backups Aren’t Enough

Perfect backups will not always prevent the consequences of a ransomware attack, but backing up is vitally important.

Myrtle Beach Ransomware

 

The Problem with Ransomware:

A high-profile ransomware attack hit a well-known transportation agency over a recent holiday weekend.  This attack was a major eye-opening event, to say the least.  For the first time, a major transportation agency has been shut down by a ransomware attack.  To give you a few details, they estimated that approximately 900 of the computers in this agency were affected.  They were using backups and this provided them with the ability to restore data with no intentions of paying the ransom; so one would assume all was well.  Not exactly…

The transportation agency’s use of backups prevented them from losing all their customer and internal data.  The use of a simple backup prevented a major catastrophe for this agency.  Without the backups, they would have been faced with paying the ransom in this case, or been faced with heavy financial losses.  It took approximately 2 to 3 days in order for most of the computers to be restored and the rest followed within the week.  A large portion of their workforce was inaccessible for several days and some parts were down for almost an entire week.

The inability to work and work properly is going to cost any business money and valuable resources.  With the transportation agency’s computers inaccessible, they had to shut down the terminals and payment systems, allowing the public to ride the metro for free.  Many local articles stated that the systems being down was costing the agency $500K for every day that they were down and not working. This ransomware attack cost this transportation agency over a million dollars in the time they were down and not running.  Backing up a system can save data and is very important, but many times it is not quick enough to get you back online without losing valuable time.     

The Solution:

The story of the transportation agency demonstrates the vital importance of prevention when it comes to ransomware attacks.  In order to eliminate this problem before it begins, it’s important to put your emphasis on prevention instead of detection and recovery.  We believe that prevention is the only way to protect your business investment, and that is why we use global application whitelisting. Whitelisting allows you to avoid organized attacks and targeted areas because unknowns are always blocked no matter how new they are.  We have no way of knowing what antivirus protection the agency was using, but even with their backups they suffered huge financials losses due to downtime.

Prevention is key!  If you have any questions about ransomware attacks and how to keep your business protected, please give us a call at 843-282-2222 TODAY!

Malware Takes Hackers to Terrifying New Roles

You may not be familiar with the term, but there is a new breed of hackers out there known as “nation-state attackers.” They are an evil bunch who use malware to create upheaval and harm to people on a material level. They are life-threatening, rather than just being a financial threat. We think of people who use malware as only being after the money of their victims, but that’s not the case any longer. Their role has now taken a terrifying turn…

It’s scary to think of, but nation-state hackers are now able to hack our systems of infrastructure, such as power grids, water supply and even transportation systems. How would a failure of power or transportation affect us? Malware has the potential of bringing down the infrastructure of a major metropolis at any time, making it a terrifying enemy. In the age of modern technology, our world faces modern threats. Malware is a big part of it.

Ransomware has been a big part of the malware problem and is quite the money maker. It’s growing out of control. Hackers have altered the lives of ordinary citizens by hacking into the systems that control everyday life.

As scary as it is, it’s unfortunately not a new problem. In the Ukraine last year, more than 225,000 people had their power shut down by a sinister group known as the Black Energy Group. Just last week, a nasty form of malware manifested itself in yet another energy company in Europe.

It had the ability to give hackers backdoor access to the system and obtain all the data that would allow them to create havoc. When the system is in the early stages of being rebooted, that’s when a lot of the automatic security software kicks in.

Backdoor

This malware can get in at these early stages of a reboot and do its damage, gaining the info and access it needs. What makes it even more sophisticated is the ability for it to go undetected by removing itself automatically should it get sandboxed in by one of these security systems.

Hackers are using increasingly dangerous malware and ransomware. It’s never been more important to protect yourself than now and there’s never been a better way to do it than with Tech Sentries.

Call us today 843-282-2222 and sign on for the best protection you can buy!

Scareware

Scareware – What Is It? Should You Be Concerned?

According to IN Homeland Security, the probability of scareware, a software developed to be the solution to a nonexistent problem, is going to make a huge return. The possibility of these forecasts being true seems rather high.

A security specialist recently got in touch with the Spiceworks IT platform for help on a possible scareware infection. The IT expert reported that after running multiple scans, nothing was suggesting there was an internal problem. It is believed these messages were scareware, utilized to trigger the user to call the number within the message for “assistance.”Scareware

In an effort to avoid falling for incorrect information or alarms meant to scare you, contact Tech Sentries if you receive any messages on your computer about a malware infection. If you call the phone number noted in the malware alert, there is an excellent chance you’re calling the hackers. This can be a significant problem, as you might be offering payment information or remote access to an individual who is most certainly not looking out for your best interest. As I stated, it is best to call your security software application business directly.

This results in another question. What about phones and tablets? Do you have security software on them? If so, you may need to use it if you’re a part of the most recent Pokémon Go trend. Reports made by Huffington Post stated the app “Guide and Cheats for Pokémon Go” included scareware, which potentially includes ransomware. So, to be clear, not only could you possibly get messages for concerns that are nonexistent, you might likewise be infected with ransomware ! Your best option for this particular case—avoid this app completely.

Call us today (843-282-2222) or contact us at www.techsentires.com and see how we can keep you safe, all while you sleep or work. Never worry about scareware or being held hostage by ransomware.

ransomware sidekick

Ransomware Has a New Sidekick

ransomware sidekick

Ransomware is nasty no matter how you slice it. And now it has a sidekick called ranscam. In this article, we want you to know what it is and how to keep from becoming a victim of it.

The very term “ranscam” sounds like what it is—ransomware that gets wormed in to your computer system and creates a ransom demand that it sends to you. It does not cause your files to be encrypted but it does actually delete them! In the ransom demand, you will be told what they want you to do to retrieve your files, but you can rest assured it involves collecting money from you.

ransomware ranscam

Many cyber security experts believe this particular strain of ransomware will not last very long since its reputation is very negative. Other ransomware is far more sophisticated such as that in the series called Crypto. The only reason these viruses exist is for their creators to turn a very quick profit. This poses the question of how you can tell if your computer has been affected by either ransomware or the ranscam virus.

Read on….

If you are wanting to know if you have either ransomware or ranscam, unfortunately, you can’t really know. And if you pay the ransom demand, there’s no guarantee that your files will be recovered. Remember—it’s a criminal asking for the money so you’re not paying a normal person. They could care less about your personal pictures, movies and other files. They only want your money. Even if you pay what they demand, they really don’t care about your stuff so you probably will never see your files again.

If you think you’ve been victimized by ransomware, you need to understand and follow the following steps:

  • Don’t pay any ransom money! All you’re doing is funding these hackers to continue on to their next criminal act.
  • Restore your system by using your back-up files. Do NOT pay anything!
  • Let the FBI know. The FBI needs to know about these hackers in order to bring justice through legal proceedings.
  • Report all cyber-criminal activity you see to IC3, which is a federal agency. It is here so you can file any complaints.
  • ALWAYS notify your security company!! They MUST know if they’ve missed a huge security threat or they won’t be able to protect against it in the future.
  • Keep in mind you are helping to protect others by reporting any breech of security.
  • Educate yourself! Simply doing one webinar or meeting is not enough. You must keep up with some continuing education on the matter and really know what you’re dealing with.

Tech Sentries has the latest and greatest cyber security technology on the market today!

Call us today (843-282-2222) or contact us at www.techsentires.com and see how we can keep you safe, all while you sleep or work. Never worry about being infected with crazy ransomware again!

ransomware alert 090716

Ransomware Alert – 09.07.16

In yet another case of “Don’t believe everything you read,” a new ransomware attack has been discovered.

If this image shows up on your computer, the first thing you need to know is that THERE IS NO GOVERNMENT CENTRAL SECURITY TREATMENT ORGANIZATION. You and your computer are being held for ransom.

(843) 282 - 2222 info@techsentries.com
According to one reliable source, the “new ransomware that pretends to be from a fake organization called the Central Security Treatment Organization has been discovered by security researcher MalwareHunterTeam. When the Central Security Treatment Organization ransomware infects a computer it will encrypt a victim’s files and then append the .cry extension to encrypted files. It will then demand approximately 1.1 bitcoins, or $625 USD, in order to get the decryption key.”

The new CryLocker ransomware will

  • send information about the victim to the Command & Control server using User Datagram Protocol (UDP).
  • use social network site to upload and host information about each of the victims.
  • query the Google Maps API to determine the victim’s location using nearby wireless SSIDs.
  • stay persistent despite continual reboots
  • require a victim’s personal ID information with payment

For those who are wary, but not quite vigilant enough, this ransomware has a special feature designed to “prove” that the organization can unencrypt your computer files. It includes a user demo decryption of a single file. They apparently think that if you don’t fall for trick number one, you might fall for trick number two. These guys are good at understanding human nature too. Then again, we would remind you, “Fool me once, shame on you. Fool me twice, shame on me.”  Our goal is for you not to be fooled – ever.

Bleepingcomputer.com has detailed information about CryLocker. KnowBe4 has a free Ransomware Hostage Rescue Manual available to educate consumers and businesses on how to deal with these growing threats.

For fast, effective, and reliable protection against ransomware and other computer threats, contact Tech Sentries at 843-282-2222.

malvertising

Guard Your Technology Against Malvertising

malvertising

When you juxtapose “malicious” or “malware” and “advertising,” you get the portmanteau “malvertising.” Although malvertising has existed for about 30 years, it is not yet a household word, even among many computer techs. That is probably going to change following a malvertising attack discovered on Google June 2, 2017.

The attack caught users unaware as they innocently clicked on a sponsored AdWords search engine response to the big box retailer, Target. Expecting to land at Target’s website, users were unwittingly redirected to another URL where they were greeted with a Microsoft look-alike site that warned them to call a phone number to remove an infected file on their computer. The file itself was non-existent.

Malvertising typically works because the malware is not on your PC. It is propagated by inserting malicious codes into ads on trusted websites. Malvertising is particularly pernicious in that neither the site nor the advertiser are aware of the code that redirects users to a malicious server. According to the Center for Internet Security, “The software could allow the attacker to perform a number of actions including,

  • allowing full access to the computer
  • exfiltrating financial or sensitive information
  • locking the system and holding it ransom via ransomware, or
  • adding the system to a botnet so it can be used to perform additional attacks.

This entire process occurs behind the scenes, out of sight of the user and without any interaction from the user.” Because all of this activity takes place “behind the scenes” and because internet ads are changed at a rapid pace, malvertising is unusually difficult to combat. The New York Times and NFL websites have already been malvertising victims.

The best practices for guarding your technology against malvertising are to ensure that all of your software and extensions are up-to-date, disable the automatic use of Flash, and close windows not currently in use when connected to the internet.

Tech Sentries is always on duty helping you “GUARD YOUR TECHNOLOGY” at all hours of the day and night. Don’t wait. Contact us today. (843-282-2222).

Petya-Mischa Ransomware

Authors of Petya-Mischa Ransomware Leak Decryption Keys From Competitors

The people behind the ransomware Petya-Mischa have leaked decryption keys from their competitors. You might be wondering why. So are many of us!

Petya-Mischa has now released a “service” for their ransomware called RaaS. Oddly enough, it was released only a matter of hours before the decryption keys were leaked to the ransomware called Chimera. Some might question whether this is really about rivalry between competitors and an attempt at drawing more awareness to RaaS.Petya-Mischa Ransomware

If you aren’t aware, RaaS was created as a service to allow hackers anywhere to have access to specific ransomwares. They then have the option to act as a “distributor” for that ransomware, thus making money by getting a percentage of the ransoms that come in. These ransoms are paid by bitcoin. According to many of the top security forums, this will release of Petya-Mischa RaaS will lead to a huge increase in attacks of ransomware.

To protect yourself, we highly recommend employing a strong anti-virus service that can keep you secure through application whitelisting. They should also be up-to-date in training dealing with cyber security. Tech Sentries provides all these services and features and we stay on top of all the latest threats so you don’t have to.

Call us today and let us keep you safe online! 843-282-2222.

Google Phishing Scam

Don’t Take the Google Docs Phishing Scam Bait

Google Phishing Scam

When your Daddy taught you to fish, he taught you how to bait the hook. The secret is to make the bait so alluring that the fish doesn’t sense the hook. Sometimes it works. Sometimes it doesn’t. Kind of makes you wonder if some fish didn’t pay attention when they were swimming in their schools.

When it comes to phishing online, we must realize that we are the phish. We have got to be “fin”nicky about what we bite on, especially if it looks really, really good.

Online scam artists – we’ll call them “phisher”men – know that not everyone of us is going to bite. They are happy to catch a few. The objective from our point of view is to not get fooled. When we get fooled, we get caught.

The Google Docs Scam

Here’s how the scam works.

  1. You receive a message from someone you actually know, inviting you to access a Google Doc.
  2. The trick is to get you to bite by clicking on an “Open in Docs” button. It’s not that the message is too difficult to pass up; it’s that it just looks so real.
  3. Once you bite, you receive a request for access to your Gmail account. At this point, you may as well jump into the boat. You been snagged.
  4. Once you have granted access to your Gmail account, the “phisher” sends a similar message to everyone in your contact list.
  5. What really gets your gills is that all traces of the messages sent from your Gmail account are removed.

The cycle keeps repeating itself over and over.

Now What?

As far as experts have been able to determine, no information was stolen and used in any way that smelled fishy. The scam was – or is – someone’s twisted sense of fun. Willie Sutton robbed banks because they were there. Seems to be the same motivation with the Google Docs scam.

We should be concerned because any “phisher” with the capability of pulling off this scam most likely has the ability to do great and widespread damage.

Very real threats exist. Even though you may not be able to see them, they could be lurking right before your eyes. Knowing this,

  • Be vigilant.
  • Think before you act.
  • Make sure you are protected from phish bait before it hits the proverbial water.

You can be vigilant and you can think before you act, but you are going to need help protecting yourself. Tech Sentries is the logical source of your protection. We guard and protect your PCs, laptops, and other connected devices against the dangers that lurk in cyberspace.

Don’t wait to get hooked. Contact us right now. Let us show you how we can help.

ransomware Myrtle Beach

Cerber Ransomware Kicks Into High Gear During Post-Holiday Shopping

ransomware Myrtle BeachAfter a relatively calm period, the researchers at Microsoft are warning that the ransomware known as Cerber has resurfaced stronger than ever. The target audience? Holiday and post-holiday shoppers. It also targets the data files of enterprise businesses.

Most of us are a little more aware of the need for cyber security during the holidays, but the need is equally important after the holidays! The Malware Protection Center at Microsoft has reported that the cyber attackers have amped up their game during this post-holiday season. One reason is the number of online shoppers looking for great deals after Christmas.

Top security researchers are now aware of a couple of new campaigns and spam that pinpoints all the consumer transaction during the post-holiday season. Cerber ransomware is constantly changing, causing user files to be encrypted while holding them for ransom. Just in the last several weeks the authors of Cerber ransomware are now attacking critical applications of major business files.

The newest version of this ransomware has been programmed to target the database files of Microsoft Acess, Oracle and MySQL. It’s not unusual for these files to be shut down as they are encrypted by malware.

As with so many other viruses, attackers are going straight for your inbox and flooding them with malicious links and downloadable attachments. As soon as you click on the link, the virus moves in, installing the ransomware. What’s worse is that it creates what looks like zip files that are password protected. The body of the email often contains the password, making this another huge red flag for malware. It usually states that order and delivery details are in the email.

Vulnerabilities found in previous Adobe Flash websites can also be used to exploit Cerber. If a person happens to be on this site, they will unknowingly download the malware to their computer. What’s more, any information on the version of Cerber ransomware has been scrubbed, which makes it even harder to track.

Unfortunately, an even wider net has been cast by Cerber and it’s now targeting dozens more types of files. Executing .exe, .cmd, and .msi files is now happening for the first time with Cerber ransomware.

Cyber criminals have to constantly be changing and updating their versions of ransomware in order to go undetected by antivirus software programs. Ramping up the malware complexities tells us how determined these criminals are to destroy and attack your personal files. Don’t become a victim—never click on unfamiliar links in your email! Use common sense and close out any ads or emails with suspicious links.

For more information on cyber criminals and how to stay safe from ransomware, call Tech Sentries today! (843) 282-2222.

1 2 3