Computer Repair San Antonio-Watch Out For Fraudulent Tax Emails

by

Scammers Portray IRS in Latest Phishing Scam

Earlier this week, the IRS issued a warning to taxpayers regarding a fraudulent email that has been impersonating the agency.  The email includes tax transcripts, in an attempt to get the users to click on the documents, which contain malware.  The biggest risk would be employees clicking on these emails on company networks.  By doing so, the malware would spread network-wide.

The scam email includes an attachment labeled “tax account transcript” or something similar, with a subject line using some variation of the phrase “tax transcript.”

According to KLFY News 10, this malware, known as Emotet, generally poses as specific financial institutions in its effort to trick people into opening infected documents.  This time, they’ve portrayed the IRS.  Cybersecurity experts have labeled Emotet one of the most costly and destructive malware variants in the wild.

Proceed with Caution

The IRS has the following suggestions if you receive this email scam:

  1. Do not open the email or attachment.
  2. Delete or forward the email to phishing@irs.gov.
  3. If an email goes to your business, notify the company’s technology professionals.

The bottom line – the IRS does not, and will not, send out unsolicited emails.  Therefore, if you receive an unsolicited email claiming to be from them– do not open it, it is a scam.

Computer Repair San Antonio-More Than A Virus, Common Malware to Watch Out For

by

More Than A Virus, Common Malware to Watch Out For

The term “virus” is often used to describe many different types of infection a computer might have.  Virus, when used as a blanket term, can describe any number of potential computer programs. What these programs have in common are they are typically designed to cause damage, steal data, or spread across the network.
Malware describes software designed to act maliciously on a personal computer.  The name ‘malware’ is a shorthand for ‘malicious software’ and describes exactly what it is. A computer virus is a single type of malware that can cause harm to your PC, but it is only one of many.

Adware

Short for advertising-supported software, adware is a type of malware that delivers advertisements to your computer.  These advertisements are often intrusive, irritating, and often designed to trick you into clicking something you don’t want. A common example of malware is pop-up ads that appear on many websites and mobile applications.

Adware often comes bundled with “free” versions of software that uses this intrusive advertising to make up costs.  Commonly it is installed without the user’s knowledge and made excessively difficult to remove.

Spyware

Spyware is designed to spy on the user’s activity without their knowledge or consent.  Often installed in the background, spyware can collect keyboard input, harvest data from the computer, monitor web activity and more.

Spyware typically requires installation to the computer. This is commonly done by tricking users into installing spyware themselves instead of the software or application that they thought they were getting. Victims of spyware are often be completely unaware of its presence until the data stolen is acted on in the form of fraudulent bank transactions or stolen online accounts.

Virus

In technical terms a computer virus is a form of malware that is installed inadvertently, causing damage to the user.  A typical virus may install a keylogger to capture passwords, logins, and bank information from the keyboard.  It might steal data, interrupt programs, and cause the computer to crash.

Modern virus programs commonly use your computers processing power and internet bandwidth to perform tasks remotely for hackers.  The first sign of this can be when the computer sounds like it is doing a lot of work when no programs should be running. A computer virus is often spread through installing unknown software or downloading attachments that contain more than they seem.

Ransomware

A particularly malicious variety of malware, known as ransomware, prevents the user from accessing their own files until a ransom is paid.  Files within the system are often encrypted with a password that won’t be revealed to the user until the full ransom is paid.

Instead of accessing the computer as normal, the user is presented with a screen which details the contact and payment information required to access their data again.

Ransomware is typically downloaded through malicious file attachments, email, or a vulnerability in the computer system.

Worm

Among the most common type of malware today is the computer worm.  Worms spread across computer networks by exploiting vulnerabilities within the operating system.  Often these programs cause harm to their host networks by consuming large amounts of network bandwidth, overloading computers, and using up all the available resources.

One of the key differences between worms and a regular virus is its ability to make copies of itself and spread independently.  A virus must rely on human activity to run a program or open a malicious attachment; worms can simply spread over the network without human intervention.

If you would like us to make sure your systems stay safe from malware, give us a call at 210-549-6477.

All You Need to Know About the WannaCrypt Ransomware

by

WannaCrypt is a ransomware program targeting Windows. On Friday, 12 May 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages.

 

It was being spread primarily by phishing emails (most commonly links or attachments) and as a worm on unpatched systems.

The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service, FedEx, Deutsche Bahn and LATAM Airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.

WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability for supported systems (Windows Vista and later operating systems) had been issued on 14 March 2017, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable. Due to the scale of the attack, to deal with the unsupported Windows systems and to contain the spread of the ransomware, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.

Shortly after the attack began, a researcher found an effective kill switch, which prevented many new infections and allowed time to patch systems. This significantly slowed the spread. It was later reported that new versions that lack the kill switch were detected. Cyber security experts also warn of a second wave of the attack due to such variants and the beginning of the new workweek.

As always, be sure your Windows is up to date. XP users should consider upgrading where possible. The vulnerabilities for that operating system will not go away. Don’t click links in an email. Don’t open file attachments.

And, our longest running advice; back up regularly. You can back up to the cloud, or another drive. Programs like Macrium Reflect can Image your drive essentially restoring everything at any time.

SPECIAL BULLETIN

by

SPECIAL BULLETIN
Malwarebytes www.malwarebytes.com

Dear ,

A massive ransomware attack spread across the globe today, locking up thousands of hospital, telecommunications, and utilities systems in nearly 100 countries. The attack used data stolen from the NSA to exploit vulnerabilities in Microsoft Windows and deliver the WanaCrypt0r ransomware. The demand was for $300 per PC.

While the ransomware was first detected wreaking havoc in emergency rooms and doctors’ offices in the UK, the infection quickly spread worldwide, including to the US.

We’re alerting you to reassure you that if you’re currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the WanaCrypt0r ransomware before it can encrypt your files. (The free version of Malwarebytes, however, does not protect you against WanaCrypt0r. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.) Learn more about Malwarebytes

If you’re not currently using the premium version of Malwarebytes, we recommend that you update your Microsoft Windows software immediately. Microsoft released a patch for this vulnerability in March, but many users haven’t updated, leaving their computers open to this attack.

Here at Malwarebytes, we pledge to keep you protected and informed about the latest issues. Your peace of mind is our number one priority.

Sincerely,

The Malwarebytes team
P.S. Learn more about this threat here.

Massive Global Ransomware Attack Underway, Patch Available

by

This is a public service security announcement for all users of computers running any version of Windows.

We have confirmed that a serious virulent ransomware threat known as WannaCrypt0r/WannaCry has affected Windows computers on shared networks in at least 74 countries worldwide, with 57,000 reported individual cases being affected. And according to the analysis team at Kaspersky Lab, that number is growing fast.

Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.

What Is Ransomware?

Ransomware is a kind of malicious script or software that installs itself on your computer without your knowledge. Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer. Usually, as in this current WannaCry exploit, it will alert you to the lockdown with an impossible-to-ignore pop-up screen which informs you that your computer is being held for ransom. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must purchase an unlock tool or decryption key from the hacker.

Where Did This Threat Originate?

In this case, Microsoft has been aware of the vulnerability since March 2017, when it published a Security Bulletin covering the potential risk. According to the Spanish newspaper El Mundo, early indicators seem to point to the attack originating in China, but more information is needed.

How Can You Tell If Your Computer Is Infected?

The most obvious way to tell if your computer has been affected is if you are seeing a ransomware pop-up screen when you start up your computer. But because we don’t know how long the malware sits on your computer or network, not seeing this pop-up isn’t necessarily an indication that you haven’t been infected. The bottom line: if your Windows computer has connected to a shared network, such as those found in schools, public places, cafes and businesses, and you don’t have complete control over every computer on that network and haven’t been keeping Windows up-to-date, your computer may be infected.

How to Protect Yourself From the Vulnerability

According to Microsoft a fix for this vulnerability was released on March 14th for all affected versions of Windows. If you are running Windows and have automatic updates enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. It is important to note that unsupported versions of Windows, like XP, did not receive this security update. Those systems should either be isolated or shut down.

Please pass this along to your friends and family. Those that are less technical may not have updates auto-enabled, and may need a helping hand updating their operating system.

Massive Ransomware attack going worldwide.

by

Massive Ransomware Outbreak

We have an update on this outbreak here. The ransomware is using an NSA exploit leaked by The Shadow Brokers, and has made tens of thousands of victims worldwide, including the Russian Interior Ministry, Chinese universities, Hungarian telcos, FedEx branches, and more. Original article below.

A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country’s biggest telecommunications companies — has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomware’s reach.

The culprit for these attacks is v2.0 of the WCry ransomware, also known as WannaCry or WanaCrypt0r ransomware. For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic.

WCry ransomware explodes in massive distribution wave

Version 1.0 of this ransomware was discovered by Malwarebytes researcher S!Ri on February 10 and then spotted in a brief campaign on March 25 by GData security researcher Karsten Hahn.

Version 2.0 was detected for the first time around four hours ago by independent security researcher MalwareHunter. The security researcher says the ransomware came out of nowhere and started spreading like wildfire.

In these first four hours, WCry 2.0 made more victims than Jaff, a ransomware spotted this week distributed via the Necurs botnet, the former home of the Locky ransomware. In numbers, in just four hours WCry made 1.5 times more victims than Jaff did all week.

Currently, researchers weren’t able to pinpoint the exact origin of the WCry distribution campaign. At the moment, it could be from malvertising, exploit kits, email spam, or hand-cranked RDP attacks.

Source  https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/

Yahoo Announced a Second Breach; 1 Billion Users Affected

by

Yahoo reported a breach that occurred in August of 2013 and affected 500,000 members.

Yahoo is now reporting a second breach that has affected an estimated 1 billion users. The breach included birth dates, names, hashed passwords, email addresses, telephone numbers and, at least in some cases, security questions and answers, some of which were encrypted.

“This is absolutely shocking that Yahoo has again just been informed by external parties via law enforcement that they have been the victim of the largest data breach in history,” Joseph Carson, Head of Global Strategic Alliances at Thycotic, said. “More than one billion user accounts have been disclosed and impacted by this breach, meaning that almost one in three people using the internet have been impacted by this single breach alone.”

This second breach “brings the total number of stolen credentials and passwords this year to more than 3 billion which almost equals the number of people actually using the internet,” said Carson. “That is astonishing.”

“It appears thus far from the publicly disclosed information that this is resulting from privileged unauthorized third party access. This has been a common source of many of the data breaches this year,” Carson said.

Yahoo is in the process of notifying affected users. “Yahoo has stated that they are notifying account holders impacted by this breach which means they are informing, get this, nearly one out of every seven people on this planet,” said Carson, who expects the breach to “likely impact the proposed agreement between the two companies.”

“The value will likely decrease to cover the potential costs of this breach which could be the biggest financial impact from any cyber breach to date,” he said. “This breach is one to surely watch and will likely cause many issues for Yahoo in the EU with the European Commission and the Data protections regulations who will be looking for answers from Yahoo for both of the major breaches this year.”

Source: SCMagazine