Can I Just Unplug My Computer to Shut It Down?
You may damage your computer.
By pulling the plug or forcing a power-off by holding down the power button, you risk corrupting data on your hard drive and damaging hardware.
I’m not sure what kinds of problems you’re having with the power button, but even that needs to be used correctly, or you could end up with the very problems you’re seeing.
WannaCrypt is a ransomware program targeting Windows. On Friday, 12 May 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages.
It was being spread primarily by phishing emails (most commonly links or attachments) and as a worm on unpatched systems.
The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service, FedEx, Deutsche Bahn and LATAM Airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.
WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability for supported systems (Windows Vista and later operating systems) had been issued on 14 March 2017, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable. Due to the scale of the attack, to deal with the unsupported Windows systems and to contain the spread of the ransomware, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.
Shortly after the attack began, a researcher found an effective kill switch, which prevented many new infections and allowed time to patch systems. This significantly slowed the spread. It was later reported that new versions that lack the kill switch were detected. Cyber security experts also warn of a second wave of the attack due to such variants and the beginning of the new workweek.
As always, be sure your Windows is up to date. XP users should consider upgrading where possible. The vulnerabilities for that operating system will not go away. Don’t click links in an email. Don’t open file attachments.
And, our longest running advice; back up regularly. You can back up to the cloud, or another drive. Programs like Macrium Reflect can Image your drive essentially restoring everything at any time.
This is a public service security announcement for all users of computers running any version of Windows.
We have confirmed that a serious virulent ransomware threat known as WannaCrypt0r/WannaCry has affected Windows computers on shared networks in at least 74 countries worldwide, with 57,000 reported individual cases being affected. And according to the analysis team at Kaspersky Lab, that number is growing fast.
Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.
What Is Ransomware?
Ransomware is a kind of malicious script or software that installs itself on your computer without your knowledge. Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer. Usually, as in this current WannaCry exploit, it will alert you to the lockdown with an impossible-to-ignore pop-up screen which informs you that your computer is being held for ransom. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must purchase an unlock tool or decryption key from the hacker.
Where Did This Threat Originate?
In this case, Microsoft has been aware of the vulnerability since March 2017, when it published a Security Bulletin covering the potential risk. According to the Spanish newspaper El Mundo, early indicators seem to point to the attack originating in China, but more information is needed.
How Can You Tell If Your Computer Is Infected?
The most obvious way to tell if your computer has been affected is if you are seeing a ransomware pop-up screen when you start up your computer. But because we don’t know how long the malware sits on your computer or network, not seeing this pop-up isn’t necessarily an indication that you haven’t been infected. The bottom line: if your Windows computer has connected to a shared network, such as those found in schools, public places, cafes and businesses, and you don’t have complete control over every computer on that network and haven’t been keeping Windows up-to-date, your computer may be infected.
How to Protect Yourself From the Vulnerability
According to Microsoft a fix for this vulnerability was released on March 14th for all affected versions of Windows. If you are running Windows and have automatic updates enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. It is important to note that unsupported versions of Windows, like XP, did not receive this security update. Those systems should either be isolated or shut down.
Please pass this along to your friends and family. Those that are less technical may not have updates auto-enabled, and may need a helping hand updating their operating system.
Massive Ransomware Outbreak
We have an update on this outbreak here. The ransomware is using an NSA exploit leaked by The Shadow Brokers, and has made tens of thousands of victims worldwide, including the Russian Interior Ministry, Chinese universities, Hungarian telcos, FedEx branches, and more. Original article below.
A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country’s biggest telecommunications companies — has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomware’s reach.
The culprit for these attacks is v2.0 of the WCry ransomware, also known as WannaCry or WanaCrypt0r ransomware. For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic.
WCry ransomware explodes in massive distribution wave
Version 2.0 was detected for the first time around four hours ago by independent security researcher MalwareHunter. The security researcher says the ransomware came out of nowhere and started spreading like wildfire.
In these first four hours, WCry 2.0 made more victims than Jaff, a ransomware spotted this week distributed via the Necurs botnet, the former home of the Locky ransomware. In numbers, in just four hours WCry made 1.5 times more victims than Jaff did all week.
Currently, researchers weren’t able to pinpoint the exact origin of the WCry distribution campaign. At the moment, it could be from malvertising, exploit kits, email spam, or hand-cranked RDP attacks.
Windows Defender tops AV-Test zero-day malware charts for the 3rd straight month
The recent test reports of Security firm AV-Test reveal that Microsoft’s Windows Defender has scored 100% for the 3rd consecutive month when tested for the zero-day malware protection. AV-test tested Windows Defender against current online threats, which involved accessing known malicious websites or e-mails so as to test if the security product is able to ward off attacks practically or not.
AV-TEST Product Review and Certification Report tests for Windows 7 (January and February 2017) and Windows 10 (December 2016) show Microsoft doing a great job and scoring 100% in zero-day malware checks. Here is the analysis.
Windows Defender does a good job for Windows 10 & Windows 7
Not long ago, Windows Defender was so mediocre that it was only considered as the baseline metric in third-party tests. However, analysis of the recent AV-test reports will tell you that Windows Defender has improved significantly in the past 12 months.
For instance, let’s compare the AV-test report for Windows 7, for zero-day malware protection in the past 12 months. In July and August 2016, the Windows Defender scored 95.2% and 86.1% respectively while for the same test conducted this year in January and February, it scored a perfect 100%.
Analyzing the results of the third-party suites, some of which charge you money to use them, the likes of AVG Antivirus Business 16, G Data Antivirus Business 14, Intel Security McAfee Endpoint Security 10.2, Seqrite Endpoint Security 17.0 were found to be trailing Microsoft.
On the other hand, Bitdefender Endpoint Security 6.2, F-Secure Client Security 12.30, Kaspersky Lab Endpoint Security 10.2, Kaspersky Lab Small Office Security 10.2, Sophos Endpoint Security and Control 10.6, Symantec Endpoint Protection 14, Symantec Endpoint Protection Cloud 22.8 and Trend Micro Office Scan 12.0 were found as effective as Windows Defender, all scoring 100%.
For Windows 10 users
Comparing the AV-test report for Windows 10, for zero-day malware protection in the past 12 months. Back in March and April 2015, the Windows defender scored a poor 88.9% and 88% respectively. Whereas, in November and December 2016, it scored 97.9% and 100% respectively showing a remarkable improvement.
Third-party suites like AVG Antivirus Business 2016, Bitdefender Endpoint Security 6.2, G Data AntiVirus Business 14 and Intel Security McAfee Endpoint Security 10.2 were found to be less effective dealing with zero-day malware protection when compared with the Windows Defender.
While, F-Secure Client Security 12.2, Kaspersky Lab Endpoint Security 10, Kaspersky Lab Small Office Security 5, Seqrite Endpoint Security 17, Sophos Endpoint Security and Control 10.6, Symantec Endpoint Protection 14 and Trend Micro Office Scan 11 were at par with the Windows Defender, all scoring 100%.
Can you consider Windows Defender against top third-party antivirus suites
The results from the AV-tests shows that Windows Defender has improved a great deal in moving from the lower bottom levels in the last 6-12 months. Although it has still more ground to cover before it can challenge the top security vendors who offer a better overall protection, you can surely rely on Defender to provide more than average class protection.
Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
This is a Wordfence public service security announcement for all users of Chrome and Firefox web browsers:
There is a phishing attack that is receiving much attention today in the security community.
As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.
This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.