SIRKit Advisory: Ransomware and modern threats

Posted on May 20, 2016

Criminals have historically held up banks and convenience stores in order to get easy and fast money. But in the digital age, criminals don’t need guns or a getaway car to take your cash.

In recent years, there have been a growing number of cases of something called “ransom-ware”. This is exactly what it sounds like: software designed to hold your digital files – your entire business – for ransom. The very first case was in 2013 with an infection known as CryptoLocker.

This is how it works:

You receive an email with a generic looking attachment or URL that provides you a file such as “resume.zip”. When you open the file, nothing appears to happen. So you close it and go about your day. Unfortunately, by opening that file, you have infected your computer and malicious processes are now running silently in the background.

The infection will immediately start locking or “encrypting” your most important files – typically documents, pictures, spreadsheets, videos. The process performing the malicious encryption will stay hidden while making the changes. The process can take days, especially with large numbers of files or if the computer has access to a corporate file server.

Seemingly out of the blue, you may receive a pop up or find informational files telling you that your data has been locked. In the message the criminals will ask for payment in the order of hundreds, thousands, or even millions of dollars in extreme cases. What are you paying for? The digital key that allows you to unlock all of your files. The longer you wait before paying, the more money they will charge for the key. If they don’t receive payment within their timeline they will delete your key at which point your files will be locked forever.

Can we just pick the lock? No. This sort of lock involves a math problem with a solution that would take the remainder of human history to solve, if you’re lucky. So you only have two options in this scenario: pay up and try to unlock your data, or restore all of your files from a backup copy.

Many criminals have copied this pioneering CryptoLocker scheme and have come up with increasingly creative ways to infect computers. And for those of you on Apple systems, you aren’t safe either. Businesses have been directly targeted by criminals in large and organized attacks. Police departments and government institutions are among those who have been forced to pay, and in March of 2016 a US hospital paid a $17,000 ransom to get their systems working again.

It’s not all doom and gloom. It is possible to protect yourself from infection.

Let’s start with the most important point: backups can save your business. Losing a day of productivity while your entire company is restored from a backup is far better than permanently losing your files. Ensuring regular and thorough onsite and offsite backups are performed is critical to protecting your livelihood.

As for the infection itself, a lot of it comes down to training and awareness. These viruses masquerade in emails as resumes and invoices. Sometimes they pretend to be PDF or ZIP files, while newer and more advanced infections send legitimate Microsoft Word documents such as .DOCM which can use programming features built-in to Office to get you infected.

The simplest rule of thumb here is to not open attachments and do not click on URLs you aren’t expecting. Letting your curiosity get the better of you can be costly. If you don’t know the sender odds are they shouldn’t be sending you attachments. If you do know the sender, make sure you can recognize whatever attachment they are sending you before you open it. Criminals can mask email addresses to appear as the colleague right next door.

There are of course computer administrative controls to increase protection and to help take some of the burden off of your users, although these really only exist to try to catch or prevent the mistakes users occasionally make. Some examples:

• Admin-level computer access should be removed from any user who does not require it
• Emails can be scanned and blocked if they contain certain kinds of attachments
• Your firewall can check incoming downloads and URLs before they are allowed to be opened, by way of web-filtering and sandboxing
• Network folders should be restricted to restrict an infection from hitting everything
• Enhanced Macro and programming functions in Word, Excel, and all Microsoft products should be disabled by default

More drastic measures can also be taken to make your computers as inhospitable a place for these viruses to live as possible. An ounce of prevention is worth a pound of cure. Preventing this sort of infection from getting in could literally save your business.

Please contact our helpdesk (support@sirkit.ca) if you would like more information.

How Safe is Public WiFi?

Posted on May 13, 2016

Here’s a scenario: You’re in an airport waiting to board your flight. You remember that you need to transfer some funds between bank accounts. You open your laptop and are about to connect to a public WiFi hotspot.

http://wiki.sirkit.ca/wp-content/uploads/2016/05/free-public-wifi.jpg

Should you?

Wireless hotspots are extremely common. In high traffic areas (airports, waiting rooms, etc) it is more and more common to see them open for public use. But whose wireless network are you connecting to? Can you judge a book by its cover?

A “man in the middle” attack involves someone getting between you and your destination and intercepting whatever you’re doing. In the context of public WiFi, such an attack could lead to someone obtaining passwords or sensitive emails all because you needed an internet connection for 5 minutes.

With that in mind, a wireless hotspot named “YYC Public WiFi” might not appear out of place if you’re sitting in the Calgary International Airport, but the name alone doesn’t mean it is legitimate. Anyone could host that hotspot from their laptop or mobile device and pretend to be something they’re not. With the right name, tricking people into connecting can be very easy.

So how can you avoid malicious public hotspots? The best option would be to connect your laptop to your phone. Most smartphones allow you to tether your other devices via your own personal WiFi, Bluetooth, or USB connection. Tethering will give your laptop or tablet internet access via your mobile phone network. Banking or emailing while tethered might use up a small amount of data on your mobile plan, but it is well worth the knowledge that you’re connected to a trusted source.

Here are a few links to tethering tutorials to help you get connected:

It’s important to note that if you are tethering you should not be using it to watch movies or download large media. The cellular data plan is limited in size, you could exceed your allowance very quickly with movies and music.

Be mindful of what you’re connecting to and what you’re doing. If you do need to connect to public WiFi, check with local staff or posted signage to ensure an access point is legitimate. If any work you’re doing involves sensitive information it’s always better to tether unless you are absolutely sure the wireless network is safe.

Please contact our helpdesk (support@sirkit.ca) if you would like more information.

How to setup and use Intel WIDI (Wireless Display)

Posted on July 10, 2015

Plugging your laptop into a television or projector is something many of us do on a daily basis. But cords can be as limiting as they are ugly. There are an increasing number of solutions to this, but one that is already built in to many laptops is Intel's Wireless Display (WiDi) solution. WiDi allows you to send high definition video and audio to a display wirelessly allowing for completely cable-free presentations and a greater flexibility in computer and display placement.

With Smart TVs becoming nearly ubiquitous now more and more of these displays also bundle in support for wireless display technologies, including WiDi. For those displays that don't have it built in there are external adapters available for purchase such as the Netgear PTV3000. Plug the external adapter into power and HDMI behind your display and you're free to move your WiDi laptop to wherever you need it.

We used an HP EliteBook 840 and an LG 50LB6100 Smart TV for this example. Virtually any new computer that includes an Intel processor, Intel HD graphics, and Intel wireless card supports WiDi. A wide variety of Smart TVs also include support for WiDi such as LG, Samsung, and Toshiba. As for projectors, both Epson and NEC have product lines that come with WiDi support. Intel has a short list of devices and product lines that support WiDi here. Although more and more displays support Intel’s Wireless Display, most have the feature disabled by default. Every TV is different, but on our LG model you would open Settings > Network > Miracast/Intel’s WiDi and change it to “On”.

Once this feature is turned on within your display settings, there are only a few steps required to get WiDi up and running:

  1. Download and run the Intel WiDi Update Tool. It will tell you whether your computer supports Intel WiDi and update any software or drivers needed to get it working.

    If your computer’s hardware is not compatible with WiDi, the Update Tool will abort (shown below) and you won’t be able to take advantage of Intel’s Wireless Display technology.

  2. After successfully running the WiDi Update Tool, you will be able to detect nearby wireless displays within range. If you're using Windows 7, open the Intel WiDi utility and scan for wireless displays as shown:

    If you're using Windows 8.x, open the Charms menu then select Devices > Project > Add a wireless display:

  3. The first time you connect your computer to a wireless display, you will be prompted to enter a randomly generated 8 digit PIN shown on the external display.

  4. Once connected, you can disconnect and reconnect using the Intel WiDi/Charms menu. You can manage your wireless display just like any other monitor, cloning or extending the desktop to best suit your needs.

    1. To manage your displays, right click a blank space on your Desktop and click Screen Resolution. From there you can click the “Multiple Displays” drop down and choose your preferred duplicate (clone) or extend options.

If both your computer and your display have WiDi built in, setup truly can be this simple. But nothing is perfect and sometimes other steps also need to be taken. Here are some of the more common problems you can encounter:

  1. Software firewalls and behavior monitors can pose a problem with some wireless display adapters. The exact steps vary depending on the software firewall you’re using, but if you’re using the built-in Windows firewall, follow these steps:

    1. Open the Windows Firewall by going to Control Panel > System and Security > Windows Firewall, or typing “Windows Firewall” into Start Search.
    2. Click “Allow a program or feature through Windows Firewall”

    3. If you scroll down, you may find a “Wireless Display” option already present. If so, make sure it is enabled and applied to your network type. If, like above, it is enabled and you cannot connect, click the “Allow another app”

    4. Click “Browse” and navigate to "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe", then click Add. It will then display in the list above.

      • On Windows 7 computers, you will need to repeat steps iii) and iv) to also add "C:\Windows\System32\WUDFHost.exe"
    5. After you have added that entry, click OK and close Windows Firewall

  2. WiDi is incompatible with the Dynamic Frequency Selection (DFS) feature used on some 5 GHz wireless networks. Technically WiDi does not require your laptop to be connected to a wireless access point in order for it to connect to a wireless display, but if you do need to be connected to a wireless network using DFS at the same time, this can pose a problem.There are two options to bypass this: Disable DFS on your wireless access points (usually the less preferable option), or set your Intel wireless adapter to prefer 2.4 GHz networks. The latter option will only be available if there are 2.4 and 5 GHz networks broadcast under the same SSID. Otherwise you would need only connect to your computer a 2.4 GHz network.To set a preferred frequency band:

    1. Open Network and Sharing Centre from the Control Panel and click Change adapter settings, or simply enter “ncpa.cpl” into Start Search in order to open the Network Connections window directly
    2. Right click your Wireless Network Connection and select Properties

    3. Click the Configure button

    4. Click Advanced > Preferred Band then click the dropdown menu and select “Prefer 2.4 GHz band”

    5. Click OK and close the Network Connections window. Your wireless card will now connect to the 2.4 GHz portion of your network automatically.

Setting up a wireless display takes relatively little effort but can offer a great deal of convenience. Ensuring that you procure WiDi compatible computers and displays will help make display connectivity that much easier and virtually seamless.

Changing Your Desktop Orientation

Posted on May 21, 2013

One feature of many flat-panel monitors you might be unaware of is the ability to physically rotate the monitor into a portrait position.

 

This is a great feature, especially for working with documents, flyers or magazines, and photo editing as it provides more vertical work space.

 

To change the orientation of your desktop:

1. Right click on an empty space on your desktop, then select Screen Resolution from the pop-up menu:

 
2. If you have multiple monitors, click on the appropriate monitor. If you are unsure of which monitor you need to change, click the Detect button. If you have only one monitor, proceed to step 3.

 
3. Click on Landscape to drop down the orientation options menu, and select Portrait. Click Apply when done:

 
4. Select Keep changes:

 

That’s all there is to it. Your desktop orientation on your monitor should now be set for portrait.

 

Save a Word or Excel file as a PDF

Posted on April 18, 2013

One great but often little known feature in the latest versions of Office is the ability to save a Word document or Excel spreadsheet as a PDF file.

To save your document or spreadsheet as a PDF:

1. Click on File:

 

2. Click on Save As:

 

3. In the Save As window, click on the Save as type box, and select PDF from the drop-down menu:

 

4. Ensure you select the desired location where you wish to save your PDF

 

5. Click on Save:

 
When finished, your newly created PDF will automatically open for review

That’s all there is to saving a document or spreadsheet without having to install any additional software or tools.

Removing a wireless network from your computer

Posted on March 18, 2013

There may be instances where you find yourself unable to connect to your wireless network, such as after you have changed the wireless password on your router.

In some cases, you may need to remove the wireless connection from your computer, and reconnect.

To accomplish this, follow these steps:

1. Click once on the Wi-Fi signal/bars icon on the taskbar, and click on Open Networking and Sharing Center:

 

2. Once open, click on Manage Wireless Networks in the left hand panel:

 

3. Click once on the wireless network you wish to remove, and then click Remove from the menu above:

 

4. Confirm by clicking Yes on the confirmation box:

 

5. You may now close any open windows and reconnect to your wireless network.

 

 

Removing a wireless network from your iPhone

Posted on March 18, 2013

There may be instances where you find yourself unable to connect to your wireless network, such as after you have changed the wireless password on your router.

In some cases, you may need to remove the wireless connection from your iPhone, and reconnect.

To accomplish this, follow these steps:

1. Tap Settings:

 

2. Tap Wi-Fi:

 

3. Tap the Wi-Fi network you wish to remove:

 

4. Tap Forget this Network:

 

5. To remove the network, tap Remove:

 

6. You may now reconnect to your wireless network.

How to lookup a user’s current Active-Directory site

Posted on March 13, 2013

Curious what site you're in?

nltest /dsgetsite

Outlook will not save email in the Sent Items folder of a shared mailbox

Posted on February 19, 2013

I recently ran into an issue where Outlook would not save the email sent on behalf of a shared mailbox into the Sent Items folder of that shared mailbox.

This was causing a problem, as the shared mailbox was set up for sharing between multiple users, and the Sent Items folder was not consistent within each user’s Outlook.

I found a registry edit that solved this problem. On each computer configured with the shared mailbox:

  1. Close Outlook
  2. Open the registry and perform a full backup
  3. Browse to: HKEY_CURRENT_USER\Software\Microsoft\Office\[version]\Outlook\Preferences
  4. Add a DWORD labeled as: DelegateSentItemsStyle
  5. Set the DWORD value to 1
  6. Exit the registry

You should now be OK to open Outlook, and test sending an email through the shared mailbox, as the sent email should now be saved in the Sent Items of the shared mailbox.

A note about laser printer power

Posted on January 18, 2013

When finding a location to set up a laser printer, one commonly overlooked consideration is power.

Most often I see laser printers placed in a location where the printer is connected to the same power circuit that has other devices plugged in, such as a computer.

Laser printers should, whenever possible, be plugged into their own dedicated circuit.

When printing, laser printers consume a lot of power. If another device, such as a computer, is plugged in to the same circuit, there is a risk that the printer can cause power issues, such as a “brownout”. A brownout is a momentary drop, but not a complete loss of power. This drop can cause serious damage to the computer, and the parts inside.

Laser printers should also never be plugged in to a battery backup device, or UPS. The power used by a laser printer while printing can damage the battery inside, and may void the warranty.

These considerations only apply to laser printers. Other printers such as inkjet or dot-matrix printers consume a lot less power, and do not pose a risk to other equipment plugged in to the same circuit.