Drive-by Crypto virus attacks on the rise.

This has been an issue for a little while, but is getting bigger every day.

http://arstechnica.com/security/2016/02/mysterious-spike-in-wordpress-hacks-silently-delivers-ransomware-to-visitors/

What does this mean for you?
In short, keep an eye out when browsing anything on the web. Lots of blogs and websites (including ours, and Ars Technica which I linked) are running on WordPress, and there are hackers out there using these sites to serve up crypto viruses and other malware. Most major websites, along with ours, are keeping up with the latest WordPress updates and have good security practices, so you’re likely to be safe there, but there is no guarantee.

Unfortunately, if the attacks are truly silent like the article says, there might not be any indication if you get infected.

So the question to ask is, how do I protect myself? There’s really only one way: keep everything as up-to-date as possible. This includes Java, Adobe Flash, Adobe Reader, and any browser you use (such as Google Chrome, Mozilla Firefox, or Internet Explorer). Little bugs in these programs are the primary way that website-based infections can get into your computer.
Another step to take? Make backups of anything of importance. That way, if your system gets encrypted, you can just restore your files from the backup.

If you’re unsure about anything you see online, feel free to give one of our stores a call!

Lenovo Battery Recall

We recently learned that Lenovo has issued a Battery Recall on certain ThinkPad models shipped between February 2010 and June 2012. Please visit the RECALL SITE, and click the link that says “Determine if your battery is being recalled” to see if you are affected by the recall. The process should be entirely handled by Lenovo at no charge to you, but if you are affected and have questions, feel free to give us a call for help!

Series on hold temporarily

Due to the holiday weekend this week, and the projects I’ve got scheduled next week, and my vacation the 2 weeks after, I’ll be holding off on posting the next part of our series until possibly August. If I have the time, I will post the week after next, but that may not happen.

Pieces of your Home Network Part 1 – “What is a network?”

In this series of posts I’m going to explain just what each little part of your home network is, how they work, and why they do what they do. Each device has a purpose, and those purposes are often quite specialized, even if they are combined into one plastic box that looks simple.

For starters, let’s talk about just what a network is.

computer-networking-5

 

At its most basic level, a network is simply a way for one computer to talk to another. Why you would do this will vary – in the earliest days of network design, it was mostly to prove it could be done and to build the foundation for future technologies, as research tends to go. In the 80s and 90s, as the internet got off the ground and became more popular, file sharing was the primary driving force; if everyone in your business could access the same documents without having to pass paper around, you had a leg up on the competition. At this point, dial-up modems and phone-based direct connections between sites were still the normal way to connect, but even though they used technology that is considered obsolete today, they were still “networks”. (As an aside, even a plain old telephone system can be considered a network, and the technologies share many functions despite the difference in usage.)

Nowadays, the primary reason to build a network, at least in your home, is probably to connect you to the internet. As the tech has marched forward, so the capabilities of the internet have increased nearly exponentially. The internet itself is a “network of networks”, and very much like the network of post offices here in the US, which each manage their own network of street addresses in their city, which each may have their own network of people inside, the internet is less a concrete thing and more a concept which grew out of the connections between individual homes and businesses in the early days of network research.

 

At their core, networks are actually quite straightforward. That’s not to say they’re simple, but the traffic follows a structured set of rules in order to do the job. Say you want to look at a web page, Facebook for example. In your web browser, you type “www.facebook.com” in the address bar and press the enter key. What happens next is always going to be the same basic flow, broken down and simplified here:

  1. Your computer asks the local DNS (domain name service) server  “I need to find www.facebook.com, what’s it’s address?” The DNS server replies with Facebook’s IP address. Your computer stores this in a cache so that it doesn’t have to ask the DNS server again for a while and is able to skip this step in the future.
  2. Your computer sends a request to Facebook’s IP Address, which is assigned to the web server for Facebook, asking for the default home page. This request (and all internet traffic, including the stuff in step 1) has both the source IP address (your router’s address, which I will explain in a later post), and the destination IP address, which is in this case the Facebook web server.
  3. Facebook’s web server sees that you have asked for the home page, and sends back several replies containing the home page. It knows where to send them because of the source IP address field in each request that you sent.
  4. Your web browser takes these replies and reassembles them into a page you can see on your screen.

There’s a lot more detail involved than this, but that’s the basics of an internet conversation. Facebook’s web server is a very specialized computer (most likely a cluster of networked computers, in fact), but in the most basic form it is just a computer, which is talking to your computer, in order to provide what you asked for (in this case, the home page).

All of this traffic (as its called) passes over the wires (and sometimes the air using wireless) of the internet through a massive web of interconnected routers. These routers are like the central distribution centers in the postal system, that determine where your traffic’s destination is and the most efficient way to get it there, and then forward it along to smaller routers/offices that can get it to your computer/mailbox.

 

So what is an IP Address?

Every device on a network has to have some sort of identification so that other devices know how to find it. There are two major systems in use for this purpose – MAC Addresses and IP Addresses. For simplicity, we’ll just ignore MAC addresses and move on to the most commonly referred ones: IP. An IP address is exactly that – an address. Like your home address, it can change (when you move, for example) – the IP address is not linked directly to the device.

An IP Address looks like this: 192.168.1.10. 4 groups of numbers, each group between 0 and 255. There are certain rules these numbers have to follow which I won’t bother explaining. The important thing to know is that there is a distinction between public and private IP addresses. Private addresses are used in businesses and homes that have a router. Public addresses are used on the greater Internet on the outside of that router. In order to connect to the internet, your computer essentially has a private address AND a public address, and this public address is actually what the aforementioned Facebook web server sees when you send a request to it. The router does a little magic to make this work that I’ll talk more about next week.

 

The meat of how networks work can be VERY complex, and this only touches the surface of what goes on in some of the computers that run the internet, but I hope it gives a bit of a window into just how much is happening in even your basic home network. Next week, I’ll jump into just what a router is, and how it does what it does in your home.

Net Neutrality

If an opinion happens to sneak into this post, please be advised that this is the opinion of the author, Ross Weseloh, and not of a-i Computer Solutions as a whole

What is it?

It’s been in the news quite a bit over the last couple of years, but as with any story covered by the media, things get skewed and the facts get lost along the way. What, exactly, is Net Neutrality?

In the interest of not being partisan as a company, I’m not going to go into major detail here. However, I will link a few places in order to raise a bit of awareness.

Links about Net Neutrality

Here’s the FCC’s information: http://www.fcc.gov/openinternet

Here’s a very informative article on the definition of net neutrality and some of the arguments involved from Techdirt: https://www.techdirt.com/blog/netneutrality/articles/20140901/16294128388/everything-youve-wanted-to-know-about-net-neutrality-were-afraid-to-ask.shtml

Here’s a site planted firmly on the pro-neutrality side of the fight: https://www.battleforthenet.com/

As I come across more information I will post more links.

Make sure to listen to every side of the story

I (Ross) have always thought that a person should form their own opinions on matters. While I personally am pro-neutrality, hopefully you can use the links here to make up your own mind.

Website Redesign

Those of you who have visited us before may have noticed the changes to our site.

We hope that it is even simpler to use and more readable than before! Please, if you find any problems with our site, send an email over to Ross at ross@34.133.205.163

New Premises

You may have noticed a lack of blog posts, and after only 4 were written in the first place. This is due to our Watertown store being moved to a new location – something we initially found out about in the middle of July. Now, after 2 months of planning, we’re finally in the middle of the move.

Hopefully we’ll be able to get back into the swing of things once we’re 100% moved in!

RAID

I hope everyone had a good holiday weekend last week!

 

I spent the majority of last week (and a portion of this week) working with Ryan on server installation and maintenance. This takes a bit of work with a technology called RAID. Those of you who have a server in your business may very well have heard the term, but not know anything about it, so I figured I’d talk a little about what RAID is in this week’s post.

 

RAID stands for Redundant Array of Independent Disks. It is a system used for, as the name suggests, redundancy purposes in data storage systems. Normally you’ll see it in use on a server, though a home computer may have it as well if it’s high-end or custom built. The system uses an “array”, which is a term meaning “a group of hard drives connected together”, managed by a RAID controller, to arrange data over said hard drives in specific patterns.

The pattern used depends on why you want to use RAID in the first place. There are several options – I will only list the most commonly used ones here:

  • RAID 0 is used to essentially turn two physical hard drives into one “logical” drive. As a result, once the computer is running they appear to be a single, larger drive. RAID 0 can also be used to almost double the speed of each individual drive due to how it handles reading and writing data. This array does not have any redundancy – if one drive fails, all your data will be lost because it stores parts of it on both drives.
  • RAID 1 is used for extremely basic redundancy. The hard drives are made into exact copies of each other. Any changes made on one are mirrored on the other. This array is able to lose one drive and still retain its data. However, it is only meant to be a failsafe, not a true backup.
  • RAID 5 is one of the most common arrays in use in small businesses. The drives are arranged in such a way that one can fail, and the system will keep running. This gives the system administrator (or your friendly neighborhood computer shop!) time to replace the failed drive without downtime or loss of data.
  • RAID 6 is an extension of RAID 5. Instead of one drive, the system can lose two before it will fail. This gives the administrators more time to get the equipment replaced.

There are a few other RAID options, but most of them are just combinations of the ones listed here, and don’t offer a huge benefit over one of these. I should also note that this is not a technical description – there are a lot more details involved in how it works! If you would like to read more, dig in to the Wikipedia Article on RAID.

 

It’s important to note that having a RAID does not mean your data is backed up. Yes, it’s more likely that you will be able to keep a server running if a hard drive fails. But recovering data from a failed server array is much, much harder than with a standard failure. In many cases it’s nearly impossible. So it’s still a great idea to have a dedicated backup set that keeps your information on a separate drive (or drives) in a safe place.

About Public WiFi

Have you ever been out somewhere and wanted to connect to a wireless network with your phone or laptop, only to be overwhelmed by the number of signals you find? The use of wireless exploded in the early 2000s as equipment got cheaper and simpler to set up. Nowadays, if you’re in any city you’re likely to see at least 10 wireless signals nearby, and very possibly more. While the majority of them are probably secured and unusable unless you know the password, there are still a few out there that are wide open for use.

That’s a good thing, right? Free internet sounds good to me! Especially if I’m not at home and wouldn’t have my connection otherwise!

Not so fast.

Networks that are left open are usually the result of someone who doesn’t know about wireless security, but this is a lot less of a problem in recent years as the hardware often has security already enabled. However there are some truly “public” networks available. Think Starbucks, or McDonald’s. Places like this may have free internet access, but there are some things to learn before you decide to connect.

What are the risks?

Open networks aren’t secure, by design.

An open network isn’t only open to you, and it’s definitely not only open to someone who has your best interests at heart. Anyone can connect, and anyone can see the wireless signals (which are actually radio waves) passing through the air. I’ll go into some details on the actual attacks that can be performed later, but for now the key to remember is that if a network isn’t secure, you aren’t secure. This isn’t necessarily a bad thing, if you’re sure that you’re connected to an actual legitimate network, and you’re careful about what you browse while you’re connected, but there are still many things to watch out for.

It’s also possible for a network to be “spoofed”, which means that despite the network being the same name as what you’re used to, it’s actually a fake network owned by an attacker. It may even act as a completely normal wireless network, with normal internet access. With this method, the attacker can see every bit of traffic that passes over their equipment.

Many modern devices use automatic connections.

There’s a good chance that if you take your smartphone out at home, it automatically connects to your home wireless. The problem is that this carries over to ANY wireless connection you use, not just your own. If you are near a network with the same name as one you’ve connected to previously, and it has no security enabled (or the same security as yours, though that is much more unlikely), your phone will connect to that one as well. The upshot of this is that your device is now online, and most mobile devices will do things like checking your email and Facebook when they see an internet connection. This means traffic, which an attacker could see and use given the right circumstances.It’s important to note that this doesn’t only apply to smartphones – tablets, laptops, and pretty much anything else that uses wireless could run into the same security issues.

There are many options for “free” WiFi, especially in bigger cities…

…and some of them have a glaring flaw: they’re designed to be fully automatic. If you’ve been to a store or restaurant that used AT&T, you may have seen a network called “attwifi”. This is a service provided by AT&T to put free WiFi in many places in the U.S., including McDonald’s and Starbucks stores, along with many others. Of course, as I detailed in the last few paragraphs, once you’ve connected to one of these, there’s a very good chance you’ll automatically connect to any others your device sees in its travels. And if that network happens to be one that’s spoofed and controlled by an attacker? Then you might have trouble.

What happens when I connect to an unsecured network?

If you connect to a network with no password, it’s about the same as if your computer was shouting the information across the room to the wireless access point. A computer that is playing by the rules will only look at and answer frames meant for its own traffic, but anyone with the right equipment could theoretically “listen in” on your conversation, and if the things you’re doing aren’t properly secured in their own way (I’ll go into this later), they’d potentially get sensitive information without much effort.

Of course, it’s even easier if the attacker has set up a spoofed network. This allows them to perform a “Man-in-the-Middle” attack. Since they control at least one of the devices in between your computer and the internet, they can see everything that passes through – without having to bother listening to the wireless signals and sorting them.

What sort of things are at risk?

There’s a lot of data on the modern internet that is unprotected. Let’s just assume that you are connected to an open wireless network, and someone is listening in. What can they see?

  • Any plain-text information is clearly readable. This includes most web pages, so someone could potentially figure out your browsing habits and form a more targeted phishing attack later.
  • Unencrypted passwords, such as those used by certain older email servers. This is most commonly found when a smartphone automatically connects to the internet and then decides to check your email for you. If you’re using a non-encrypted POP3 connection to retrieve your email, your password is probably sent in plain view. Fortunately, most email setups are using encryption nowadays.
  • Even encrypted traffic can have portions that aren’t encrypted – and sometimes it’s even the important bits. An example would be if a website has their credit card processing secured, but not the page where you log in with your password. Unfortunately this is entirely dependent on the website creators to design properly.
  • Some attackers will even go so far as to create fake websites on their fake networks, that ask you for a username and password. If you put your credentials in here, instead of logging you in to the website, it merely gives the attacker your information.

There are other ways for data to be intercepted, and other types of data that can be seen, but the details of that aren’t really the scope of this post. Suffice it to say that there are security risks.

How can I keep myself safe?

  • Simply enough, don’t do anything that would be unsecured on an open wireless network. This includes checking bank information and other things that have passwords you care about.
  • If you don’t need to, avoid putting things like your smartphone on a public wireless network. You’re already most likely connected to 3G or 4G data service. If you’re in a place with a secure network, you’re probably safe, but even then you should exercise caution.
  • Use a different, secure, password for sensitive sites. This way if someone does get a hold of your password on a certain website, they don’t have ALL your passwords.
  • If you absolutely have to check something like a bank account or the like while on public WiFi, make sure that the site supports secure connections. This is usually found with a “https://” in the address line, and normally a padlock icon somewhere on the screen. Google Chrome also makes the left side of the address bar green when you are on a secure site. As long as the page is fully secure, even if someone was to intercept your traffic it would be encrypted.
  • If you notice anything strange (like emails stating someone is trying to change your password), change your passwords immediately. This will prevent an attacker from doing any further harm, assuming you still have access to the account in question.

Well, another wordy column this week. Once again, if you have any questions, feel free to get a hold of us. I’d also like to note that this isn’t a comprehensive list of security risks – new attacks are happening all the time, and no list will ever be able to detail every little thing that could be discovered.

Encryption Viruses

In blog posts on our site, I will sometimes use Bold-Underline to indicate text that may need a bit of extra explanation. Hover over the text to see a definiton! -Ross

You’ve almost definitely heard about Cryptolocker. Even if you’re not sure, when it first hit it was all over the news, so you probably at least saw the name in a headline or two. We’ve posted about it on our Facebook page numerous times, since out of the malware we’ve seen so far, it is one of the most nasty, most debilitating infections, both for the home user and for businesses. Let’s go in-depth…

What is it?

Cryptolocker, and other encryption viruses like it, are ransomware viruses – that is, they hold your computer (or in this case, your files) for ransom, asking for money to unlock them. The virus is usually transmitted using a fake email, disguised to look like something legitimate. Examples we’ve seen include: an email from UPS telling you about a supposed missed delivery, an email from LinkedIn with an attached résumé, and an email from the IRS with “important information about your taxes”. All of these have an attachment, usually in the form of a Zip file. Inside the zip file is usually what appears to be a PDF document (or similar document file), but this is where the virus is hidden. Windows, by default, hides the File Extension. However, it doesn’t prevent you (or virus creators) from putting a fake file extension in the name of the file itself. The upshot is that you may think a file is “document.pdf” when in reality, because of the hidden file extension, it is “document.pdf.exe”. Thus, when you double-click on the file to open what you think is a document you need to read, it actually runs a program instead!

Once the virus program is running, it configures the computer to run it on startup (so that if you reboot, the virus still pops up), and starts talking to a Command and Control server on the internet. This server is run by the virus creators, and generates a 2048-bit RSA Key pair which is used to encrypt your files. What files are actually locked depends on the exact version of the virus – for example, most versions we’ve seen do not encrypt Quickbooks data files, but that doesn’t mean they won’t in the future. The virus generally follows the tree structure of your computer, so most of the time every folder will be scanned, including Mapped Drives that are shared from another computer.

Once it’s done encrypting your files, it will either display a window asking for money in order to fix the problem, or create a text file in each encrypted folder saying the same thing. Depending on the version of the virus, it can be anything from $200 to over $2000, and many varieties have a time limit after which you are charged extra to decrypt your files. At the time of this writing, the price is $500 for the CryptoWall variant, and can fluctuate often.

So what can I do about it?

The reason these encryption infections are so nasty is because they’re impossible to fix manually and paying the ransom would be “giving in to the criminals”.

So, what if you’ve already been infected? Unfortunately, there’s only two options from here: restore from backups, or pay the ransom and hope the operators unlock your files. While we’ve seen it work a couple times, we don’t recommend paying the ransom because there is no guarantee that you’ll get your stuff back – plus, you’re just proving to these criminals that their scheme works. Of course, if you’ve got critical information and no backups, that may be your only option.

On the other side, the problem with backups is that you have to have planned ahead and actually taken said backups. While some of you may say “well, yeah, that’s common sense”, the unfortunate truth is that many people don’t realize they should be backing up their important information.

How do I keep myself safe?

  • Be careful what you click on. Malicious email attachments are the most common way to get infected with a Crypto virus. If you’re not expecting an attachment from someone, don’t open it. ESPECIALLY if it’s a zip file and you aren’t darn sure you know what’s inside.
  • Always have one or two (preferably two) up-to-date, cold backup copies of your important data. That way, if you happen to accidentally get infected, you can just restore your backup and get on with your day.

In Conclusion

There’s a lot to take in when it comes to big viruses like this. The bottom line, and the one we’d like to drill in with this post, is: backups, backups, backups. Back up frequently, remove your backup drive when you’re done, and take it somewhere safe. It’s truly the only way to be sure you won’t lose your data if you get hit by an encryption virus.

If you’ve got any questions about what you’ve read, feel free to send an email using the contact form link here on our website, or find your local store page and give us a call. And if you suspect you’ve been hit with the infection, give us a call right away and we’ll be happy to help you out!