FBI Ransomware Now Targeting Apple’s Mac OS X users has received a lot of attention. Perhaps because we seldom hear about Mac users having to deal with malware; not that it does not happen because it certainly does. When it occurs, everyone wants to know about it.
Although this post is regarding Mac malware, just as a side note:
PC users need to be very careful, There is more mentioned in the Q&A section below.
It still manages to appear as though it did in fact block your computer and will generally be convincing enough to make you want to pay several hundred dollars to get your data back
Now, let’s answer your questions.
Q. Why did you call it ransomware for the Mac? It also works on Windows?
A. That is correct, it will run on pretty much all browsers Windows or OS X. However, Windows users are normally served a drive-by download and getting a full (and real) computer lock. Currently Mac users do not have to worry about that. The bad guys are using social engineering to convince you to "pay up".
Q. Does this ransomware actually infect my Mac? Is it an exploit?
Q. If I get rid of the ransom page, is my computer still infected after that?
A. At least for Mac users, once it’s closed, you’re good to go. Of course, doing a backup of your data, cleaning up of unused apps and files, and running security scan is always a good idea. Currently Windows users may have more to worry about. There is ransomeware for Windows which is very real, although, once again, the first iteration of that specific page appears to be exploit-free for both windows and Mac.
Q. Are Macs finally vulnerable to malware?
We always tell our clients. You are your first line of defense, your antivirus is just your assistant. There is malware out there for Mac, although nowhere near the amount for Windows. There were many more Windows computers than apple for a long time so the bad guys tend to target where they are going to get the best and fastest results Apple products are gaining in popularity. Guess what the bad guys are going to do.
Q. Does this work on other browsers as well, beside Safari?
A. Nothing really. The same code is published on multiple web developer forums. The bad guys simply copied, pasted it and made a few adaptations.
Q. How can I avoid this attack?
A. You can reduce the likelihood of it happening by avoiding sites serving pornography, torrents, game cracks, live streaming of copyrighted movies, etc. There is no guarantee you will avoid it but better surfing practices will greatly reduce your risk.
Q. Could this have been blocked by an anti-malware product?
A. Simply put. Probably not. This generally isn't a problem with your anti-malware product. More research on why not all malware / viruses not blocked can easily be found doing a Google search - too large a topic for this thread.
A. Are there ways of getting rid of the ransom page?
Q. Where are these sites hosted?
A. Malwarebytes has traced them back to an IP address (126.96.36.199) in Russia
A. Will this ransomware work on iOS?
Q. Not as far as we can see. Please remember this info is at the time of this post We tested it on an iPhone and iPad using the site's address and could not replicate the same behavior.
What to do if you spill a drink in your notebook.
First and foremost,remove ALL power sources first and most importantly, you must unplug your laptop. This may seem obvious, but many people panic and forget. If this just happened, unplug that laptop now! Also, remove the battery. Some newer notebooks removing the battery isn't such an easy option, in that case at least make sure the power is off and again unplugged. This will disconnect any source of power that might lead to electrical problems inside your laptop.
Down to business...
Open the laptop and turn it face down (keyboard and screen facing down toward the table / desk. Oh did I say leave your laptop face down? LOL.. the importance on this I can't stress enough! This alone can greatly increase the chances of saving your computer! The reasons for this are quite obvious :)
The likelihood your computer will recover depends on a variety of factors. The most important factor is the kind of liquid you spilled and the action you take right after the incident. If the liquid is water or tea "without" sugar your chances of recovery in most cases are much better. If the beverage is sugary, such as Coke or Pepsi, your chances may be greatly reduced. The reason for this is that when sugary or milky beverages dry, they leave a residue behind that will effect or cause damage to the electronics inside your computer.
As silly as it may seem, carry the laptop in to your tech the same way as to avoid any moisture from getting further down inside the laptop if it hasn't already. A technician will have a better look at it as well as get inside the laptop and dry out the unit more quickly again further reducing the risk of damage and often saving your computer.
If you find this information helpful please share.
Dan and the Microdyne Team.
This was an add floating on the side on my FB this morning. (in with the ads to the right).
This site claims to use software to "digitally repair your computer from the inside out" with 3 easy clicks. The site also tells you NOT to go to your local tech if you are having problems.
BE WARNED: Don't go downloading this software. These scammers as well... as many others use what's called social engineering to trick you into downloading their software. If you read on the page, they say PC's are designed to fail - This may true to a certain point and many of us have heard this before.
The reality is budget. To meet the demands of all consumers including those who choose a less expensive route, most of these budget computers are built less robust. Higher reliability computers generally cost more because they are more costly to produce.
There is NO SOFTWARE that can repair for example - blown capacitors, shorted mosfets or repair a hard disk that has physical damage to it. Any advertisement that simply looks too good to be true generally is. Always consult your local computer tech if your not sure, they will be happy to help you.
***This particular software doesn't even scan your computer. it runs a flash video that makes it look like it's scanning your computer and of course finds lots wrong. Analysis shows running the scan on a different computer will come up with the exact same results. Those files don't even exist on your computer***
A simple search shows that the owner of the website is using a service to hide their identity. Also this website has been newly registered with a short life expectancy, which follows the pattern used by many fraudulent and fake selling websites.
I have removed the link to the site as with people sharing this post, my comment isn't following, just the malicious link. So you can recognize the link or software is is speed-fix-dot-com <posted this way so not click able.
"Hi tech support? I think I have an infected USB port, can you help me"?
What is the most common I/O port used on a computer?
Yep USB .. Take a look at this Interesting read. Oh by the way, my stethoscope isn't infected :)
Gone for good.
Do you have an old computer and not sure how to dispose of it. Are you concerned about your data getting into the wrong hands? Exclusive to Microdyne Computers in Medicine Hat, We have the solution. We offer secure destruction of your old electronics where your data can never be recovered. Your sensitive data is put through a shredder and turned into recyclable material. This is a very cost effective approach and is the most secure way of ensuring your data will never resurface. We also do x-ray film, microfiche, old floppy disks, flash drives and much more. Average cost per PC with 1 hard drive in it is $12.00. For inquiries give us a call: 403.580.5652. We also Repair most makes and models of computers, custom builds for office, home or gamer, data recovery and much more
The web is littered with traps for novice users when downloading software, from fake “Download” buttons that are actually advertisements to installers full of bundled toolbars and other junk software. Learning how to avoid the junk is an important skill and in most cases not technically challenging at all. A little knowledge goes a long way.
As geeks, we know how to dodge all the junk when downloading free software for our Windows PCs (Most of the time, but we can be fooled sometimes too), but not everyone knows how. People must be falling for these tricks or they wouldn’t still be in such wide use.
Here are some things you can watch for that will save you from most of this frustrating infestation.
Fake Download Links - Looking for that cool software? – There it is!
When downloading free software, the first trap you’ll encounter may be a fake download link — or in most cases nowadays, multiple fake download links — on the software’s web page. You’ll often find large, brightly colored buttons with text like “Free Download” or “Download Now.” These are often just advertisement banners designed to mimic real download links, tricking you into clicking them and installing different software. Most fake download links are the very large buttons where the actual link is often quite tiny.
Be aware that such advertisements are trying to trick you — that’s the first step. To identify fake download links, you can generally hover your mouse cursor over the link and look at where it leads. This makes it easy and quick to discover that this is not what you want.
Additional Software Bundled on Web Pages
Even legitimate, popular software providers want to trick you into installing additional software you probably don’t want. These providers are paid or sponsored in some way in return for adding the additional software to their installers.
Ethics 101 even for the big guys?
For example, when trying to download the well known Flash Player from Adobe’s official download page, you’ll find McAfee Security Scan Plus is checked by default. Users who accept the default option or don’t read it will end up with this additional software on their computers. McAfee is clearly paying Adobe for this inclusion.
***To avoid this sort of thing, be careful on download pages — uncheck any additional software you don’t want to install before downloading the intended installer.
Many of these unwanted installs literally dump viruses or Trojans onto your computer when you try to uninstall them. You think the software is gone simply to find you are even further infected. In most cases there is a lot of infection “hidden” that needs to be removed by a technician due to its ability to evade traditional methods of removal.
Junk Selected By Default in Installers
Software installers often bundle browser toolbars and other junk software. The developer distributes their software for free and makes some money by including this junk. Some installers may even try to change your browser’s home page and default search engine to a different home page or search engine — almost always a clearly inferior one with a worse user experience.
Don’t be fooled — the installer may say the developer “recommends” the software, but the only reason they recommend it is because they’re paid to do so. The bundled software is probably fairly bad — if it were good, you would seek it out and install it on your own. Always choose advanced or custom install and again, uncheck the unwanted software. If the bundled installer is honest with your choice (most cases to date it is), then you won’t end up with the additional junk software.
When installing software, always be careful to uncheck any toolbars, junk software, or home page and search engine changes. It’s usually possible to disable this stuff during the installation process. Read carefully — sometimes you may have to check a box saying you don’t want to install the software or click a Decline button instead. Developers are hoping you’ll quickly click through the installation wizard and install the junk — so be careful when you install new software.
For example, the dreaded Ask toolbar bundled with Oracle’s Java and other software is sneaky. After you install the software, it lies in wait for ten minutes before installing itself. If you accidentally leave it checked during the installation process and try to uninstall it right afterwards, you won’t find it there. It will only appear in your list of installed software ten minutes later.
To remove the bad software, you’ll generally just need to hunt it down in the list of installed programs in the control panel and uninstall it. A particularly bad installer might pull in multiple junk programs that you’ll have to remove. You may also have to install the toolbar or other browser extensions from within your browser. If you’re having trouble removing something, perform a Google search for it — you may need a specialized removal tool or instructions.
Sadly, we probably won’t see the situation improve any time soon. Bundling unwanted software with installers has become widely accepted in the Windows software ecosystem, with companies as big as Adobe and Oracle bundling junk software along with their free downloads. Oracle even bundles the terrible Ask toolbar and other junk software along with Java security updates.
We, at Microdyne Computers, regularly tell people that you are the best security for your computer. Your antivirus is just your assistant.
If you find this information useful please share with others.
The Microdyne Team.
Researchers have come across a new ransom ware variant which they’ve dubbed CryptoLocker: Win32/Crilock. This piece of ransom ware is designed to encrypt files on the infected device and keep them that way until a ransom is paid by the victim.
Interestingly enough.. this ransomeware is known to give you the key to unlock your files if you pay the fee within the given time!
How nice of them!.
The files affected by CryptoLocker are not typically important to home users, more rather targeted at businesses where the sensitivity and importance of the files would be expected to be much higher - naturally increasing their chance of getting paid. Files with extensions such as odt, doc, docx, xls, xlsx, ppt, pptx, mdb, accdb, and many more are affected.
The nasty ware is typically distributed via emails informing recipients of customer complaints.A user gets infected by opening the file that is attached to the email.
Once it infects a computer, CryptoLocker creates a registry entry starting the malware when the system boots, establishes communications with its command and control server.
The malware starts communicating with it's server using traffic that’s encrypted using RSA encryption.
This not only allows the attacker to differentiate the actual communication between the malware and its server, but makes sure the malware is talking to the attacker’s server and not a blackhole controlled by malware researchers.
CryptoLocker then looks for files on the affected system and encrypts them. Unfortunately, it’s impossible to decrypt the files without the AES Key
Users are advised not to pay for this scam. This feeds the criminals - they see success they continue. Should you be infected we suggest you take your computer in to your local tech and have the malicious software removed. As we have mentioned in the past on the importance of back ups, this is where it definately would come in handy! Once your system is clean you can simply restore your files from your back up.
We are at a time where security software alone is not enough. Although many users say they don't want to know about the stuff they just want "it" to work, some basic education is now essential for everyone, especially professionals for example, medical offices etc. handling sensitive data. This can save a lot of time and money. To sum things up simply put YOU are the best security. Antivirus software / Antimalware software is just your assistant.
If you find this information useful please share
The Microdyne Team.
Microdyne Computer Services Ltd.; was born out of a desire to create a new concept in the computer industry — a concept built upon openness, honesty, integrity, service and trust.
Microdyne Computer Services LTD. is based out of Medicine Hat Alberta.
Our goal is to be the best we can be, not the biggest. Microdyne focuses heavily on exceptional customer service, custom built computers and gaming solutions — and an Open Tech Area. . .
Open tech area and personalized service
When you bring your computer in for repair, Microdyne’s staff conduct a free quick visual inspection of your computer for obvious hardware issues or problems.
Once the initial inspection is completed, your computer is taken into the “open” tech area and powered up for another completely free inspection.
The customer is welcome to watch this process, which also gives the customer an opportunity (if they wish) to point out difficulties they are having. Only after Microdyne has diagnosed the extent of the problem, and informed you of the approximate price, will Microdyne proceed to complete the repairs — indeed a new concept!
Custom built computer systems
Microdyne’s needs assessment ensures that the design of your computer, laptop/notebook or gaming system is uniquely suited to satisfy your operational needs. Most importantly; you the customer, are an integral part of Microdyne’s custom development process! AND contrary to popular business practices – you aren’t necessarily paying a ‘premium’ price for your customized system!
Microdyne’s team regularly monitor failure rates of various computer components, chipset compatibility issues and other related factors, translating into stability, reliability and performance.
Microdyne Custom Built Computers’ (or gaming) systems include a 3 year hardware warranty. A definite PLUS is that any required servicing is done in our Medicine Hat location. No sending it away!
SOMEONE ASKED ME:
Why is mixing Rock and Roll harder than mixing dance music? I play in a rock bar and want to mix my music.
Dance music, unlike rock is mostly created electronically, and the timing of the music is precise. If we take rock music, a drummer for example.. although they are very good it's nearly impossible to keep a consistent timing.
When you have two rock tracks rated at the same BPM (beats per minute) if you leave a transition between two songs too long.. the timing will be off hence the double beats.
Additionally many of the dance tracks and remixes have electronic beats behind them that not only make it easier for a DJ to match beats but most are somewhat non notational reducing the need to pay as much attention to harmonics.
(something I feel is very important).
Most DJ software such as Traktor, Mixmeister, Reason etc. have time stretching capabilities that help but it has to be a pretty predominate beat for the software to act on giving you that reliable mix.
SO HOW DO I MIX IT THEN?
There are several ways in which you can mix your rock music. One is to completely remix the track with a lead in and lead out beat. One caution is that most "rockers" don't like their classic rock played with.. they want the real thing. If your mix is done tastefully and not over done.. you can create a mix that's not only interesting and often more danceable, but easier to tie into your next track.
Also you get the dance crowd and the rockers on the floor!
A nice touch is adding in vocal samples from other tracks, and yes even hip hop. This seems to work best when the vocals in some way pertain to the vocals of your original track.
A good example of this is Kenny Rogers The Gambler.. with vocals from Lady Gaga's poker face.. both pertaining to poker.
The trick again is making things harmonically sound so you don't have that offish tone.
Most mixing is counted in 4-4 time and starts off to the next track on the 1st beat. You can add energy to your mixes by mixing into another key generally higher building energy, provided it's harmonically sound.
When doing this try mixing from the 3rd or 4th beat using a scratch or a sample on the first beat to keep the sense of timing - (be careful with this). This gives the impression of the same song changing key just before going into the next song. This can add energy to your dance floor and variation to your mix.
As a general rule you will want to stay with the basic 4-4 timing, too much can spell disaster, just like scratching way too much.
If you want to mix rock mainly from it's original form.. simply paying attention to harmonics and slightly faster transitions will do the trick nicely. cuts, faster transitions, fades, spin backs etc. most of which are basic DJ techniques and will make your transitions sound great.
having a bit of a musical background helps but isn't absolutely necessary if you have a good ear.
Also check out harmonic-mixing.com -If you find this information useful, please share.
CAN YOU REALLY TRUST WINDOWS PROCESS VIEWER?
WHAT ABOUT 3RD PARTY SOFTWARE SUCH AS "PROCESS EXPLORER, OR EVEN THE WINDOWS COMMAND LINE? THE INFORMATION HERE YOU MAY FIND INTERESTING!
I thought I'd post on something a bit different.
This post isn't for everyone although some may find this very interesting weather your new to the IT industry or have been working computers for a while and want to become more familiar with malware, rootkits and testing for nasties from a forensic standpoint.
Process architectures are different so it's likely that a kit won't hide itself from multiple operating systems. Looking at processes remotely often show up different remotely than when if you were to view it locally. This same rule applies to other process viewers such as "Process Explorer" for windows.
When suspicious of complex malware or rootkits check the victim machine remotely.. or use a command line emulator such as snort, free and also good for intrusion detection. What you see may surprise you! If your looking to get into computer forensics or advanced malware detection you need to look past looking for stuff locally on the hard drive. Other than completely wiping a hard drive there is no real way of knowing for sure a victims computer is "clean" regardless of how many scanners you run. A true test is "looking outside the box" -literally.. this way you can see what a hacker may see, rather than what you see locally. Found this interesting video courtesy of Infosec for those who may be interested in having a look. http://www.youtube.com/watch?v=-tGfXLZSQNI