Posts

Am I protected against Wanna Cry / Wanna Decryptor?

There has been a global ransomware attack that has struck over the last few days. It has been in the news a lot over the weekend. The New York Times has a good overview of it available here.

We have had several questions about it and wanted to create an easy place to gather all of the information.

FAQ’s

Here are the major questions we are getting so far from clients and others.:

Q: I am a customer of Strive IT. Am I protected against Wanna Cry / Wanna Decryptor?
A: Yes. If you are on our fully managed support plan, then you are protected on multiple fronts.

Q: What is this new virus I’m hearing about?
A: It is called Wanna Cry, or Wanna Decryptor. It is ransomware, which means if you get infected, the virus encrypts your files and doesn’t give you access to them unless you pay the virus creators.

Q: Is my computer vulnerable?
A: This virus attacks a security vulnerability in the Microsoft Windows operating system.  All versions except are at risk, though there are claims that Windows 10 is safe.  This vulnerability was discovered some months ago and Microsoft released a patch in March to fix it.  If you are running Windows Update regularly, you are probably secure.  All Strive IT customers with full management plans are protected.  If you want to be sure, Microsoft has created a special page dedicated to this particular update.  Those on bill-by-the-hour plans should call us to ensure. Click here to download the update.

Q: I don’t know if all my computers are updated. Does Antivirus help?
A: If you are using Strive IT’s antivirus program, you are protected. We use Kaspersky antivirus, which is known to detect and block the virus. At this point, all the major antivirus companies have released new definition files that should protect against infection. Check with your AV vendor’s website to be sure, and open your AV and run an update to ensure you have the latest protection rules.

More Information
If you want to learn more about how to protect yourself against viruses, check out our two part blog series on this subject: Part 1, Part 2.  Also, Why Do Hackers Write Viruses might be of interest.

Getting help from us

If you are concerned about protection on your network and would like help from us, please call us at 303-963-2301 or email at contact@striveit.com.

Updates

As we learn more about this infection and have new information, it will be posted here.

May 15, 7:58 A.M.
Security researchers have found a hidden “kill switch” to this virus.  This effectively stops the virus from working.  This is great news but–like biological viruses–new strains of this ransomware have evolved without this kill switch.  If you hear about a secret website that stops the virus from working, this is true.  However, don’t trust it because it doesn’t help in all cases anymore.  Please update

Why Do Hackers Write Viruses?

It’s All About the Money

Everyone hates viruses.  They are annoying, slow your computer down, and don’t seem like they’re doing much.  So why do hackers write viruses?  Is it just to be annoying little punks who want to feel powerful?  There is probably some percentage of viruses that get released that way.  But most often, it’s all about money.

First: Steal the Data

The first thing virus writers think about is what data they want to steal.  This can be social security numbers, health records, email credentials, active email addresses to spam (i.e. your address book), or any other type of data.  Sometimes it’s not even data they’re stealing, it’s resources.  They can use your computer’s CPU and internet connection to mine bitcoins, launch attacks on the people they’re really after, send spam, etc.  And it doesn’t matter if you don’t have these things on your computer.  They’re usually not targeting you specifically, they just release the virus on the public hope it lands on valuable computers.

Next: Bundle the Data

If someone steals your credit card, you will cancel it.  One stolen credit card number isn’t worth very much.  But thousands of credit card numbers are worth something, because some fraction of those people won’t know their cards are stolen, and the numbers will still be good.  The same goes for email accounts, health records, spam lists, and most other easily-stolen data.

Last: Sell it to Hackers & Criminals

That’s right: Hackers are stealing your data to sell it back to other hackers.  If someone can buy a thousand social security numbers and health records for $500 per bundle, 10 of those might be good and they can create fake identities, selling them for $1000 apiece.  (I’m making up the numbers, but you get the idea.)

Or: Sell it to Users

In the case of ransomware, they aren’t selling the data to other hackers.  They steal (encrypt) your data and then sell it back to you.  If you are new to ransomware, check out our article on Cryptolocker for a description of how it works.

Recap: Why do Hackers Write Viruses?

Because they can make money.  Good spammers can make six figures per year, but they need lists of real email addresses.  CryptoLocker was thought to have made $30 million, but they need access to computers so they can encrypt users data.  Viruses are how they get this data.

What can you do about it?

  1. Get a good firewall and spam filtering service
  2. Get good antivirus and anti-malware software on your computer and update/scan regularly
  3. Keep your computer and all programs up to date
  4. Back up your data often

If you are worried about your security and how well protected you are against viruses, contact Strive for an evaluation.  We can help keep you safe, secure, and always running smoothly.

5 Steps to Avoid Credit Card Breaches

The Problem With Credit Card Breaches

As it turns out, credit card security is not something the tech industry has completely figured out. We have all heard about the stolen data and credit card numbers at Target, Neiman Marcus, and most recently Home Depot.  Credit card breaches affected over 70 million customers.

What is less well known is how this breach actually happened.  The answer: spyware caused the data breaches. In fact, the same malware caused both the Target and Home Depot breaches.

Most people think of viruses and malware these days as just causing popups and slowing down computers.  But they can do anything.  In this case, malware programs such as Backoff, BlackPOS, and Kaptoxa are designed to steal credit card data.  Computers infected with this malware read the credit cards as they’re being swiped and send the customer’s info to the malware owners. These people then sell it on the black market. This leads directly to huge amounts of credit card fraud.

[box] Malware is responsible for data and credit card breaches. Small businesses are just as susceptible to this problem as large businesses. If your business swipes credit cards, take steps to protect your customers and your reputation.[/box]

Small businesses are also susceptible to credit card fraud

Don’t think that hackers are specifically targeting the Targets of the world because they get a bigger payoff.  It costs them nothing to infect small businesses, so they do.  In fact, the Secret Service is reporting that more than 1,000 American businesses were infected by the same malware that got Target, and that report was released a month ago.  Given the typical growth patterns for viruses, I’m sure you can imagine what that number is today.

So if you accept credit cards from your customers, consider yourself a target and take steps to protect yourself.

5 steps you can take to help secure your company from similar data breaches

  1. Protect Against Malware

    These days, there are so many ways to infect a computer. You need a multi-layered approach to malware protection.  First, start with endpoint protection.  This should include antivirus and anti-spyware software on all computers.  Second, protect your entire network by using a content filter that scans all traffic in and out of the network for malware.

  2. Isolate Financial Computers –

    Ideally, Point of Sale computers will never need to get onto the general internet.  They will need to contact your credit card company, your PoS software company, and that’s it.  If this is the case, you can create special firewall rules that block all traffic from PoS computers that isn’t going to one of those two destinations.  That way, even if your PoS computers do get infected, they can’t phone home with the stolen credit card data.

  3. Network Security Best Practices

    No matter what business you are in, your company should be following general network security best practices.  Your IT support provider should be doing regular checks to ensure all of your computers, remote computers, networking equipment, and public-facing services are configured optimally for security.  (And they should be doing this as part of their service, even if you aren’t asking for it.)

  4. Upgrade PoS devices

    Magnetic strips on credit cards have inherent security flaws.  Anyone can read a magnetic strip, save that data, and sell it on the black market.  And anyone who buys that data can create fake credit cards.  Credit card fraud is widespread, but the credit card industry is moving quickly to put smart chips in all credit cards.  These chips have their own security flaws, but one of the big advantages is that they are very difficult to duplicate.  So even if thieves steal the data from the cards, it won’t do the thieves any good because they can’t use it. As of October 2015, the credit card industry has mandated that all businesses must upgrade their PoS machines and card swipes.  Do this sooner than later to protect your customers.  As an added incentive, if you haven’t upgraded and someone’s card data is stolen from you, they will place all of the liability on you for not upgrading.

  5. Get a PCI-DSS Audit

    Hire a company to come in and perform an audit to make sure you are PCI compliant.  (PCI-DSS stands for Payment Card Industry Data Security Standard.)  They will go through your setup and make sure you are compliant with a minimum set of security standards and that you are handling customer’s data securely.  But this is a minimum standard; both Target and Home Depot were PCI compliant.  Think of this audit as table stakes to play the credit card game, not as a panacea to fix all security problems.

Credit card security is an issue your company must address. For help securing your network to minimize any risk of you being the next Target, please give us a call. We would be happy to discuss how Strive Technology Consulting can help you avoid credit card breaches within your company.