SIRKit Advisory: Ransomware and modern threats

Posted on May 20, 2016

Criminals have historically held up banks and convenience stores in order to get easy and fast money. But in the digital age, criminals don’t need guns or a getaway car to take your cash.

In recent years, there have been a growing number of cases of something called “ransom-ware”. This is exactly what it sounds like: software designed to hold your digital files – your entire business – for ransom. The very first case was in 2013 with an infection known as CryptoLocker.

This is how it works:

You receive an email with a generic looking attachment or URL that provides you a file such as “resume.zip”. When you open the file, nothing appears to happen. So you close it and go about your day. Unfortunately, by opening that file, you have infected your computer and malicious processes are now running silently in the background.

The infection will immediately start locking or “encrypting” your most important files – typically documents, pictures, spreadsheets, videos. The process performing the malicious encryption will stay hidden while making the changes. The process can take days, especially with large numbers of files or if the computer has access to a corporate file server.

Seemingly out of the blue, you may receive a pop up or find informational files telling you that your data has been locked. In the message the criminals will ask for payment in the order of hundreds, thousands, or even millions of dollars in extreme cases. What are you paying for? The digital key that allows you to unlock all of your files. The longer you wait before paying, the more money they will charge for the key. If they don’t receive payment within their timeline they will delete your key at which point your files will be locked forever.

Can we just pick the lock? No. This sort of lock involves a math problem with a solution that would take the remainder of human history to solve, if you’re lucky. So you only have two options in this scenario: pay up and try to unlock your data, or restore all of your files from a backup copy.

Many criminals have copied this pioneering CryptoLocker scheme and have come up with increasingly creative ways to infect computers. And for those of you on Apple systems, you aren’t safe either. Businesses have been directly targeted by criminals in large and organized attacks. Police departments and government institutions are among those who have been forced to pay, and in March of 2016 a US hospital paid a $17,000 ransom to get their systems working again.

It’s not all doom and gloom. It is possible to protect yourself from infection.

Let’s start with the most important point: backups can save your business. Losing a day of productivity while your entire company is restored from a backup is far better than permanently losing your files. Ensuring regular and thorough onsite and offsite backups are performed is critical to protecting your livelihood.

As for the infection itself, a lot of it comes down to training and awareness. These viruses masquerade in emails as resumes and invoices. Sometimes they pretend to be PDF or ZIP files, while newer and more advanced infections send legitimate Microsoft Word documents such as .DOCM which can use programming features built-in to Office to get you infected.

The simplest rule of thumb here is to not open attachments and do not click on URLs you aren’t expecting. Letting your curiosity get the better of you can be costly. If you don’t know the sender odds are they shouldn’t be sending you attachments. If you do know the sender, make sure you can recognize whatever attachment they are sending you before you open it. Criminals can mask email addresses to appear as the colleague right next door.

There are of course computer administrative controls to increase protection and to help take some of the burden off of your users, although these really only exist to try to catch or prevent the mistakes users occasionally make. Some examples:

• Admin-level computer access should be removed from any user who does not require it
• Emails can be scanned and blocked if they contain certain kinds of attachments
• Your firewall can check incoming downloads and URLs before they are allowed to be opened, by way of web-filtering and sandboxing
• Network folders should be restricted to restrict an infection from hitting everything
• Enhanced Macro and programming functions in Word, Excel, and all Microsoft products should be disabled by default

More drastic measures can also be taken to make your computers as inhospitable a place for these viruses to live as possible. An ounce of prevention is worth a pound of cure. Preventing this sort of infection from getting in could literally save your business.

Please contact our helpdesk (support@sirkit.ca) if you would like more information.

How Safe is Public WiFi?

Posted on May 13, 2016

Here’s a scenario: You’re in an airport waiting to board your flight. You remember that you need to transfer some funds between bank accounts. You open your laptop and are about to connect to a public WiFi hotspot.

http://wiki.sirkit.ca/wp-content/uploads/2016/05/free-public-wifi.jpg

Should you?

Wireless hotspots are extremely common. In high traffic areas (airports, waiting rooms, etc) it is more and more common to see them open for public use. But whose wireless network are you connecting to? Can you judge a book by its cover?

A “man in the middle” attack involves someone getting between you and your destination and intercepting whatever you’re doing. In the context of public WiFi, such an attack could lead to someone obtaining passwords or sensitive emails all because you needed an internet connection for 5 minutes.

With that in mind, a wireless hotspot named “YYC Public WiFi” might not appear out of place if you’re sitting in the Calgary International Airport, but the name alone doesn’t mean it is legitimate. Anyone could host that hotspot from their laptop or mobile device and pretend to be something they’re not. With the right name, tricking people into connecting can be very easy.

So how can you avoid malicious public hotspots? The best option would be to connect your laptop to your phone. Most smartphones allow you to tether your other devices via your own personal WiFi, Bluetooth, or USB connection. Tethering will give your laptop or tablet internet access via your mobile phone network. Banking or emailing while tethered might use up a small amount of data on your mobile plan, but it is well worth the knowledge that you’re connected to a trusted source.

Here are a few links to tethering tutorials to help you get connected:

It’s important to note that if you are tethering you should not be using it to watch movies or download large media. The cellular data plan is limited in size, you could exceed your allowance very quickly with movies and music.

Be mindful of what you’re connecting to and what you’re doing. If you do need to connect to public WiFi, check with local staff or posted signage to ensure an access point is legitimate. If any work you’re doing involves sensitive information it’s always better to tether unless you are absolutely sure the wireless network is safe.

Please contact our helpdesk (support@sirkit.ca) if you would like more information.