Info Advantage Blog

The WannaCry ransomware attack was created by hacking amatures who copied from a famous hacker group known as the shadow brokers. While WannaCry is no longer a threat with the latest security update, a recent announcment shows that the hacker group is going to continue to release dangerous security exploits for anyone to use, at the right price.

Who are the ShadowBrokers?

There are a few theories about who makes up the membership of the ShadowBrokers group. These theories range from official National Security Agency employees to Russian spies. However, all these theories are based on unreliable information, so not much is actually known about the group. The only thing known for certain is that the ShadowBrokers use social media to sell cybersecurity secrets to amatures.

What do they sell?

The ShadowBrokers’ first started to auction off security secrets in August of 2016. They promised the highest bidder would receive cycbersecurity vulnerabilities that work just as well as government cyber weapons. Over the next year, the ShadowBrokers used a variety of different means to sell their secrets: auctions, crowdfunding, and direct sales. In April of 2017, their fifth release of information went public, which included the ETERNALBLUE Windows vulnerability that allowed WannaCry to infect over 300,000 computers in a single day.

The Latest Release

The ShadowBrokers have recently announced a subscription service that would include access to bi-monthly security exploit releases in early September 2017. The first package they sold included an NSA exploit titled UNITEDRAKE, which allows hackers to remotely monitor or control a computer running any Microsoft OS between Windows XP and Windows 8.The exploit can also discreetly record audio from your microphone, video from your webcam and anything that is typed on the keyboard. It can also remotely remove itself from the target computer, leaving no signs of a breach.

How to protect yourself from ShadowBrokers releases

Luckily, all the security exploits that the ShadowBrokers have released targeted older, outdated versions of software.The best way to protect your computers is make sure your operating system is properly upgraded and patched. Advanced network monitoring can detect suspicious activity, but that requires a significant amount of time and IT knowledge, making it difficult for small- to medium-sized businesses who usually don’t have the resources to handle around-the-clock maintenance. This is where Info Advantage can help.

If you are worried about the ShadowBrokers releases, or have any other cyber security concerns, contact Info Advantage today at (585) 254-8710 today to learn more about how we can help keep your network safe.

If you’re constantly on the go, you are going to need a laptop that can keep up with your busy schedule. Many business professionals find themselves in need mobile computing to accommodate with busy travel; to check their emails, go over notes, or even finish up sales presentations. However, laptop batteries can only last so long without needing a charge, and that isn’t always a readily available option. Here are some times on how to extend your laptop’s battery life so you don’t have to worry whether or not it’s going to run out while you’re out doing business.

Adjust your Display and System Settings

There are a multitude of display and system settings that can be adjusted to lengthen the life of your laptop’s battery. For example, you can reduce the display brightness, turn off the screensaver, and set the laptop to hibernate rather than just go to sleep. Hibernation mode will make sure that the computer is not consuming any power while it is not in use. You can also turn off the WiFi or Bluetooth setting when not in use to give yourself a few more minutes of battery life.

Check Your Power Settings

Today, many laptops come equipped with an option of power settings to help optimize the laptop’s life and performance. In Windows, the Power Plan setting allows you to choose between standard settings or customized plans. MacOS systems use what’s known as “Energy Saver,” which will automatically adjust display or other system controls.

Don’t Overload Your Laptop

When you’re in a rush, it can be easy to leave up multiple tabs and applications for easy use. However, the time you save not closing out your apps will cost you in battery life. Having too many tabs open on your laptop’s browser can drain its power and slow down your productivity. Make sure you close all browser tabs and applications after you’re finished using them to save yourself more battery time.

Need an on-the-go laptop, but aren’t sure what features and specifications you want included? Contact the Info Advantage technology specialists at (585) 254-8710 today to talk about which model would be best for you and your business.

On Friday, May 12, a cyber-attack was launched that affected over 300,000 computers in roughly 150 countries. The attack, a ransomware worm known as WannaCry, affected nearly every major industry; including healthcare, government, and privately-owned businesses.

The attack began in Europe and continued to spread across the globe, reaching targets in China, Japan, and even reaching across seas to the Americas. Once hit with WannaCry, the worm encrypts all the files on an infected device, prompting the user to pay $300 in order to regain access to their files.

Since the attack spread, the hackers are thought to have gained about $80,000 in bitcoins from WannaCry victims. However, that number is not expected to rise much higher, as many technology companies have already implemented measures to block the attack. In fact, Microsoft had already had a vulnerability patch in place in March, months before WannaCry was released.

So how was WannaCry able to affect hundreds of thousands of devices while there were already measures available to block the attack? The answer lies within an affected company’s technology infrastructure. While the patch by Microsoft was originally released in March for Windows XP systems, many businesses completely overlooked the upgrade. This left them wide open for an attack, making them easy targets with well-known vulnerabilities.

However, we cannot be so quick to blame the IT departments of the affected businesses, particularly those with complex technology infrastructures. For example, many health care service providers in the UK were affected due to a reliance on older versions of operating systems. This is due in part to the variety of third-party medical equipment that health care providers rely on to do their jobs. This equipment can often be difficult to upgrade or patch, and can only be replaced if the budget allows for it. In many cases, companies will choose to spend their dollars on other IT necessities.

What can businesses do to protect themselves from WannaCry and other similar cyber-attacks? Security experts state that the best way to combat these attacks is to keep your technology updated and your employees aware of potential threats.

A good way to gauge your company’s vulnerability is to perform a threat and vulnerability tests. These tests will give a company insight into how many employees would fall for an attack by sending out a fake phishing scam. Once the data is collected, a company will have a better idea of what kind of vulnerabilities they have, and how they can train their employees to avoid them.

Experts also suggest that companies keep as up-to-date on their software as possible, and urge them to consistently check for updates or patches. While an update might not seem imperative, hackers are constantly on the lookout for newly discovered vulnerabilities to exploit. By creating a consistent update schedule, companies can be sure that they are protected from future attacks.

Don’t have the time to constantly check for software updates? Not sure if your company is up-to-date with the best possible cyber security plan? Contact our security experts at Info Advantage by calling (585) 254-8710 today to talk about how you can protect your business’ assets.

Ransomware, the malware variant that has appeared more and more frequently has struck again, this time targeting users of Microsoft Outlook in a zero-day attack. A malware variant of Cerber (a ransomware) was recently utilized in a large scale attack on users of the messaging program, sent via phishing emails to corporate users.

What’s worse, this variant of Cerber is more than just your typical ransomware, as it also possesses DDoS capabilities.

DDoS, or Distributed Denial of Service, programs utilize the previously infected systems in their attacks on new victims as part of a botnet, causing the target system to cave under a deluge of useless traffic. Therefore, as an unfortunate recipient of this malware tries to resolve the problem, their system has already been assimilated into a cyber horde that’s attacking other systems.

Cerber demands a ransom of 1.24 Bitcoins to unlock the currently uncrackable ransomware, which converts (as of this writing) to approximately $718 US dollars.

The attack typically goes down as such: An intended victim receives an email with the ransomware. If activated, Cerber adds three files onto the desktop of the victim’s computer, each containing the same message. One is TXT format, one is HTML, and one is a Visual Basic Script that converts into an audio message. Their message reads: Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted! The most annoying part is that every startup will trigger this message.

The other two files also contain instructions to navigate to the Tor payment site in order to pay the ransom, with the phrase “What doesn’t kill me makes me stronger,” transcribed in Latin at the bottom. As a brief reminder, we never recommend paying a malware ransom, as there is no guarantee that they will comply and release your files, and your funding will only contribute to further attacks.

As there is currently no known fix for Cerber, it is critical that businesses (the clear target of the ransomware) avoid falling victim to it, or any phishing-based attack for that matter. To do so, decision makers in companies should implement and enforce the following policies in their day-to-day practices.

n
1. Users should be informed of email security best practices, including not running or opening attachments from unknown sources or suspect emails in general.
2. In case of possible infection, all files should be kept on an isolated backup to prevent data loss. An infected backup is no good, and so it should remain separate from the network to avoid such a circumstance.
3. Be sure to keep all systems thoroughly updated with the latest versions of all your protections, as malware designers are in a constant race with their programs to outpace those who design protective programs.

To find out more about threats like this affecting your business, subscribe to Info Advantage’s blog.

The Petya ransomware, a particularly vicious monster of a threat, has reared its ugly head once again, only this time, it’s not alone. Petya now comes bundled together with Mischa, yet another ransomware that works well alongside Petya. The ransomware is delivered via an inconspicuous email disguised as a job application, with a resume attached. Once the user downloads the file, Petya encrypts the files located on the device.

The original version of Petya had a signature attack that struck the master boot record, restricting access to it until a ransom was paid through a dark web payment portal. Of course, there was no guarantee that paying up would resolve the problem, so it was entirely possible that the ransomware could add insult to injury and not decrypt the files at all. Thankfully, Petya had a weakness, and professionals were able to exploit it and find a fix for the ransomware.

Not this time, though. Petya comes with Mischa, which is a more traditional ransomware that can be just as dangerous as its counterpart. Mischa blocks access to files until the user pays a ransom. The ransomware will then link to a Tor payment site that allows the user to pay up and decrypt their files. Mischa encrypts executable files, while leaving the Windows and browser folders untouched, which provides access to files containing payment instructions for the user.

Now, here’s the problem with this development. Petya could be prevented by refusing administrator access upon downloading the installer. Now, selecting “yes” will download Petya, while selecting “no” will install Mischa. Either way, you get a slap in the face.

Mischa’s payment site works in largely the same way as Petya’s. Once you input the authorization code provided by the ransomware, you need to purchase enough Bitcoins to pay for the ransom. The current exchange rate is approximately $875 per Bitcoin, so you might be shelling out some heavy-duty cash for this. Once the user has purchased enough Bitcoins, the malware will then provide the Bitcoin address where it must be sent.

Though researchers managed to find a way around Petya, no such workaround has been found for Mischa. This is a recurring theme for ransomware, which is often so difficult to remove, that it forces large enterprises to either restore a backup of their data, or pay the ransom, rather than lose access to their files completely. As with all cases of malware, we urge you to do your research, and contact Info Advantage at (585) 254-8710 before caving into hackers’ demands.

As with all threats that work, Petya and Mischa have plenty of copycats out there that attempt to replicate their success. Malwarebytes has identified another two-in-one ransomware called Satana that functions in a similar way, locking the master boot record and the complete file record. In comparison to Petya and Mischa, however, Satana will run both types of ransomware, rather than just install one or the other.

Malwarebytes reports that Satana is still in development and has flaws that can be exploited, but the thought of malware continuing to develop in this sense is a bit unnerving, especially for business owners that may not devote enough time and resources to security solutions. If your business is unsure of whether you can handle a ransomware infection, reach out to us at (585) 254-8710.

Ransomware is such a popular method of attack used by hackers that new variants of it pop up every few months. Among these is Petya, a nasty new ransomware that masquerades as an unsolicited resume in an organization’s email inbox. Don’t be fooled, though; the only work these hackers are looking for is to work you out of a couple hundred dollars.