All You Need to Know About the WannaCrypt Ransomware

by

WannaCrypt is a ransomware program targeting Windows. On Friday, 12 May 2017, a large cyber-attack using it was launched, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency bitcoin in 28 languages.

 

It was being spread primarily by phishing emails (most commonly links or attachments) and as a worm on unpatched systems.

The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain’s National Health Service, FedEx, Deutsche Bahn and LATAM Airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.

WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems. Although a patch to remove the underlying vulnerability for supported systems (Windows Vista and later operating systems) had been issued on 14 March 2017, delays in applying security updates and lack of support by Microsoft of legacy versions of Windows left many users vulnerable. Due to the scale of the attack, to deal with the unsupported Windows systems and to contain the spread of the ransomware, Microsoft has taken the unusual step of releasing updates for all older unsupported operating systems from Windows XP onwards.

Shortly after the attack began, a researcher found an effective kill switch, which prevented many new infections and allowed time to patch systems. This significantly slowed the spread. It was later reported that new versions that lack the kill switch were detected. Cyber security experts also warn of a second wave of the attack due to such variants and the beginning of the new workweek.

As always, be sure your Windows is up to date. XP users should consider upgrading where possible. The vulnerabilities for that operating system will not go away. Don’t click links in an email. Don’t open file attachments.

And, our longest running advice; back up regularly. You can back up to the cloud, or another drive. Programs like Macrium Reflect can Image your drive essentially restoring everything at any time.

Animated Map of How Tens of Thousands of Computers Were Infected With Ransomware

by

https://www.nytimes.com/interactive/2017/05/12/world/europe/wannacry-ransomware-map.html

SPECIAL BULLETIN

by

SPECIAL BULLETIN
Malwarebytes www.malwarebytes.com

Dear ,

A massive ransomware attack spread across the globe today, locking up thousands of hospital, telecommunications, and utilities systems in nearly 100 countries. The attack used data stolen from the NSA to exploit vulnerabilities in Microsoft Windows and deliver the WanaCrypt0r ransomware. The demand was for $300 per PC.

While the ransomware was first detected wreaking havoc in emergency rooms and doctors’ offices in the UK, the infection quickly spread worldwide, including to the US.

We’re alerting you to reassure you that if you’re currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the WanaCrypt0r ransomware before it can encrypt your files. (The free version of Malwarebytes, however, does not protect you against WanaCrypt0r. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.) Learn more about Malwarebytes

If you’re not currently using the premium version of Malwarebytes, we recommend that you update your Microsoft Windows software immediately. Microsoft released a patch for this vulnerability in March, but many users haven’t updated, leaving their computers open to this attack.

Here at Malwarebytes, we pledge to keep you protected and informed about the latest issues. Your peace of mind is our number one priority.

Sincerely,

The Malwarebytes team
P.S. Learn more about this threat here.

Massive Global Ransomware Attack Underway, Patch Available

by

This is a public service security announcement for all users of computers running any version of Windows.

We have confirmed that a serious virulent ransomware threat known as WannaCrypt0r/WannaCry has affected Windows computers on shared networks in at least 74 countries worldwide, with 57,000 reported individual cases being affected. And according to the analysis team at Kaspersky Lab, that number is growing fast.

Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.

What Is Ransomware?

Ransomware is a kind of malicious script or software that installs itself on your computer without your knowledge. Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer. Usually, as in this current WannaCry exploit, it will alert you to the lockdown with an impossible-to-ignore pop-up screen which informs you that your computer is being held for ransom. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must purchase an unlock tool or decryption key from the hacker.

Where Did This Threat Originate?

In this case, Microsoft has been aware of the vulnerability since March 2017, when it published a Security Bulletin covering the potential risk. According to the Spanish newspaper El Mundo, early indicators seem to point to the attack originating in China, but more information is needed.

How Can You Tell If Your Computer Is Infected?

The most obvious way to tell if your computer has been affected is if you are seeing a ransomware pop-up screen when you start up your computer. But because we don’t know how long the malware sits on your computer or network, not seeing this pop-up isn’t necessarily an indication that you haven’t been infected. The bottom line: if your Windows computer has connected to a shared network, such as those found in schools, public places, cafes and businesses, and you don’t have complete control over every computer on that network and haven’t been keeping Windows up-to-date, your computer may be infected.

How to Protect Yourself From the Vulnerability

According to Microsoft a fix for this vulnerability was released on March 14th for all affected versions of Windows. If you are running Windows and have automatic updates enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. It is important to note that unsupported versions of Windows, like XP, did not receive this security update. Those systems should either be isolated or shut down.

Please pass this along to your friends and family. Those that are less technical may not have updates auto-enabled, and may need a helping hand updating their operating system.

Massive Ransomware attack going worldwide.

by

Massive Ransomware Outbreak

We have an update on this outbreak here. The ransomware is using an NSA exploit leaked by The Shadow Brokers, and has made tens of thousands of victims worldwide, including the Russian Interior Ministry, Chinese universities, Hungarian telcos, FedEx branches, and more. Original article below.

A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country’s biggest telecommunications companies — has fallen victim, and its IT staff is desperately telling employees to shut down computers and VPN connections in order to limit the ransomware’s reach.

The culprit for these attacks is v2.0 of the WCry ransomware, also known as WannaCry or WanaCrypt0r ransomware. For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic.

WCry ransomware explodes in massive distribution wave

Version 1.0 of this ransomware was discovered by Malwarebytes researcher S!Ri on February 10 and then spotted in a brief campaign on March 25 by GData security researcher Karsten Hahn.

Version 2.0 was detected for the first time around four hours ago by independent security researcher MalwareHunter. The security researcher says the ransomware came out of nowhere and started spreading like wildfire.

In these first four hours, WCry 2.0 made more victims than Jaff, a ransomware spotted this week distributed via the Necurs botnet, the former home of the Locky ransomware. In numbers, in just four hours WCry made 1.5 times more victims than Jaff did all week.

Currently, researchers weren’t able to pinpoint the exact origin of the WCry distribution campaign. At the moment, it could be from malvertising, exploit kits, email spam, or hand-cranked RDP attacks.

Source  https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/

Windows Defender tops AV-Test zero-day malware charts for the 3rd straight month

by

Windows Defender tops AV-Test zero-day malware charts for the 3rd straight month

April 3, 2017

The recent test reports of Security firm AV-Test reveal that Microsoft’s Windows Defender has scored 100% for the 3rd consecutive month when tested for the zero-day malware protection. AV-test tested Windows Defender against current online threats, which involved accessing known malicious websites or e-mails so as to test if the security product is able to ward off attacks practically or not.

AV-TEST Product Review and Certification Report tests for Windows 7 (January and February 2017) and Windows 10 (December 2016) show Microsoft doing a great job and scoring 100% in zero-day malware checks. Here is the analysis.

Windows Defender does a good job for Windows 10 & Windows 7

Not long ago, Windows Defender was so mediocre that it was only considered as the baseline metric in third-party tests. However, analysis of the recent AV-test reports will tell you that Windows Defender has improved significantly in the past 12 months.

For instance, let’s compare the AV-test report for Windows 7, for zero-day malware protection in the past 12 months. In July and August 2016, the Windows Defender scored 95.2% and 86.1% respectively while for the same test conducted this year in January and February, it scored a perfect 100%.

 

Analyzing the results of the third-party suites, some of which charge you money to use them, the likes of AVG Antivirus Business 16, G Data Antivirus Business 14, Intel Security McAfee Endpoint Security 10.2, Seqrite Endpoint Security 17.0 were found to be trailing Microsoft.

On the other hand, Bitdefender Endpoint Security 6.2, F-Secure Client Security 12.30, Kaspersky Lab Endpoint Security 10.2, Kaspersky Lab Small Office Security 10.2, Sophos Endpoint Security and Control 10.6, Symantec Endpoint Protection 14, Symantec Endpoint Protection Cloud 22.8 and Trend Micro Office Scan 12.0 were found as effective as Windows Defender, all scoring 100%.

For Windows 10 users

Comparing the AV-test report for Windows 10, for zero-day malware protection in the past 12 months. Back in March and April 2015, the Windows defender scored a poor 88.9% and 88% respectively. Whereas, in November and December 2016, it scored 97.9% and 100% respectively showing a remarkable improvement.

Third-party suites like AVG Antivirus Business 2016, Bitdefender Endpoint Security 6.2, G Data AntiVirus Business 14 and Intel Security McAfee Endpoint Security 10.2 were found to be less effective dealing with zero-day malware protection when compared with the Windows Defender.

While, F-Secure Client Security 12.2, Kaspersky Lab Endpoint Security 10, Kaspersky Lab Small Office Security 5, Seqrite Endpoint Security 17, Sophos Endpoint Security and Control 10.6, Symantec Endpoint Protection 14 and Trend Micro Office Scan 11 were at par with the Windows Defender, all scoring 100%.

Can you consider Windows Defender against top third-party antivirus suites

The results from the AV-tests shows that Windows Defender has improved a great deal in moving from the lower bottom levels in the last 6-12 months. Although it has still more ground to cover before it can challenge the top security vendors who offer a better overall protection, you can surely rely on Defender to provide more than average class protection.

source

Windows Defender tops AV-Test zero-day malware charts for the 3rd straight month

 

 

Backing up your computers

by

Creating disk images lets you restore Windows and all your imaged disks and partitions to a previous working state from compressed copies you have created and kept updated on external storage media, quickly and probably without technical help.

You can recover from:
– a failed disk drive (restore to a new one)
– ransomware (which encrypts your disk)
– user error
– unrecoverable problems from failed updates to problem programs
– unbootable PC (hardware faults aside)

Images also act as a full backup- you can extract files too.

You can even use images to help you move more easily and quickly to a new PC.

Imaging can even help you sleep at night knowing you have a second chance.

I recommend and install on every computer I service Macrium Reflect (free) as a good robust solution and more reliable than some others. It’s
– more feature rich
– more flexible
– more reliable
than Windows Backup and Restore system images.

There are other such programs, free/commercial, some with simpler interfaces, but Macrium is one of the most robust and reliable.

How long does it take?
SSD+ USB3 – maybe 15 mins

HDD + USB2 – maybe 40-50 mins
That’s with little personal data, few programs installed.
– of course, depends on how much you have on C:
(You can and should image all your partitions and disks)

You need a backup medium – I recommend a 1tb external drive. This will vary dependent on the number of images you keep, I recommend keeping 3 images of each computer you own. So is only a rough practical guide.

Some comment that system restore isn’t always reliable; if it works and solves the problem, great. But sometimes restores won’t work or fail. And of course, a restore point only covers a limited number of aspects of the system. That’s where disk imaging comes in.
I can assist with setting this up and showing you how to do it.

https://sapcupgrades.com/services/backup/

Consumers Warned About Tech Support Phone Scam

by

http://abcnews.go.com/WNT/video/consumers-warned-tech-support-phone-scam-45260617

 

How to avoid tech support scams

If you fall for it and download whatever software the crooks give you, they can then secretly track everything you do on that device — just waiting for you to enter any password or payment information that they can steal.

On top of that, once you give the scammers remote access to your computer, they can then hold it ransom until you pay them a large sum of money — which may or may not actually get you your device back.

These scams have become such a big threat that the FTC now has a page on its site dedicated specifically to informing consumers about tech support scams. And since it can be difficult to determine whether an update or alert is legitimate, the FTC has provided some tips on how to spot this type of scam, how to avoid it and what to do if you think you’ve been a victim.

Here are some common tactics a scammer may use to try to get money and/or sensitive information from you:

  • ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable
  • try to enroll you in a worthless computer maintenance or warranty program
  • ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free
  • trick you into installing malware that could steal sensitive data, like user names and passwords
  • direct you to websites and ask you to enter your credit card number and other personal information

What to do if you get a call from someone claiming to be from tech support:

  • Don’t give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.
  • Online search results might not be the best way to find technical support or get a company’s contact information. Scammers sometimes place online ads to convince you to call them. They pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password.
  • Put your phone number on the National Do Not Call Registry, and then report illegal sales calls.

Top Ten Infected Cities-Computer Repair San Antonio

by

If you are looking for the best Virus Removal in San Antonio Texas and surrounding areas like Live Oak, Converse, Windcrest, Selma and Schertz consider SAPC Upgrades for affordable fair priced Virus Removal.

 

Do you live in one of the top ten most infected cities?  The answer is YES

Webroot conducted a survey and found the most infected cities in the U.S. The survey found that the numbers do not reflect density. New York, which is the most densely populated city in the U.S. is not on the list.

The research included PC’s, laptops and smart phones. And it also found that these infected devices had an average of 6 to 24 pieces of malware installed.

“Our most infected cities list shows that cybercriminals have no geographical bias,” said David Dufour, senior director of engineering at Webroot. “Whether you live in a big city or small town, from east coast to west coast and everywhere in between, you are susceptible to being a victim of malware. It is in everyone’s best interest to run a security solution on their personal device, and to make sure that all security software subscriptions are current.”

So what are the most infected cities? Here is the top ten:

• Houston – 60,801
• Chicago – 49,147
• Phoenix – 42,983
• Denver – 39,711
San Antonio – 39,646
• Dallas – 37,630
• Los Angeles – 34,050
• Las Vegas – 31,836
• Minneapolis, Minn. – 28,517
• Charlotte, N.C. – 27,092

We advise that all users practice safe surfing. Those safety measures include having up to date security software, use strong passwords, avoid public wi-fi, and store your personal information and important documents in the cloud

Best of all have image backups on an EXTERNAL drive done on a monthly basis.

Contact Us today for Virus/Malware prevention and clean up 210-549-6477

Computer Repair in San Antonio

by

If you are looking for the best Computer Repair in San Antonio Texas and surrounding areas like Live Oak, Converse, Windcrest, Selma and Schertz consider SAPC Upgrades for affordable fair priced Computer Repair.

  • Protecting your DATA is our #1 goal
  • Fair Flat Rate in shop pricing
  • Free Estimates
  • Malwarebytes Authorized Reseller
  • Friendly, honest communication, no “geek-speak”
  • Professional, experienced technician
  • Microsoft Registered Partner
  • Locally owned and operated since 2003
  • We strive to build lasting relationships with our customers

SAPC Upgrades offers many quality computer repair services.

Dell,HP,Lenovo,Acer,Sony,Toshiba,ASUS

 

  • LCD Repair
  • Laptop Repair
  • Fast Support
  • Honest Estimates
  • Virus Removal
  • Attention To Detail
  • Malware Removal
  • Data Backup
  • Trojan Removal

Live Oak, Converse, Windcrest, Selma and Schertz,San Antonio.