BACKDOOR found in CCleaner!
Update, or better yet, uninstall CCLeaner now. In August, there was a backdoor discovered in the free registry cleaner. To read the full article, visit Acronis here: CCleanerBackDoorFound
October Deadline: Non-SSL sites will be flagged INSECURE
[edsanimate_start entry_animation_type= “rollIn” entry_delay= “0.5” entry_duration= “1.5” entry_timing= “ease” exit_animation_type= “” exit_delay= “” exit_duration= “” exit_timing= “” animation_repeat= “1” keep= “yes” animate_on= “load” scroll_offset= “” custom_css_class= “”][edsanimate_end]You probably heard about this, but probably thought what happened was already done and over with. It’s not. There is an October deadline when all Google (I.E. CHROME) browsers will flag all non-SSL sites as insecure. In order to not be flagged you will need to have a certificate installed, activated, and configured so your site redirects to a HTTPS:// URL prefix instead of HTTP. If you want to read an article about it, here’s one (you can Google it and find more I’m sure) google-reminds-website-owners-to-move-to-https-before-october . It is supposed to only flag websites that have password or credit card form fields on the site.
But, it is also important to recognize that even if you don’t have password or credit card form data fields on your website, it is still beneficial to install SSL on your site for the SEO benefit alone. If Google is penalizing the page rank for non-encrypted sites, and they are, you really can not afford to not install it, can you? Do you want to be on page 4 or 5 when people search for your type of business on Google? Because if you don’t put SSL, your website will go to the end of the list. Sorry. Don’t shoot the messenger.
There are many different types of SSL certificates out there that you can get for a whole range of prices, ranging from $10 to $500, depending on your need. The ones that come from your host tend to cost more. If you just want a cheap one, you can get one here: https://www.ssls.com/ . The $4.99/yr one is only if you purchase that cert for 3 years, for around $15 total. If you just get it for one year, it’s $8.95 I think.
Everything I.T. will install one for $75.
Everything I.T. Now Has A HELP Forum!
I get calls all the time from people who have simple questions…How do I do something on Facebook? How do I do something online? What would be the best or cheapest solution to my problem? Etc, etc. Everything I.T. is a business that cares about people. We are a business, yes, but there are many things you just shouldn’t have to pay for, …and general assistance is one of them. We aren’t going to take your money if we can help you save it. There are too many people trying to take every darn penny you earn for stuff that we, as human beings, should do for each other. I see so many places “charging” to support their own customers…people who have already purchased their products, and I for one, find it distasteful and appalling! So Everything I.T. now has a help forum. If you want to ask a question, please ask it there, so that others can benefit as well from your question and the answer that goes with it. (Didn’t they tell you all through school that there is NO SUCH THING as a stupid question?) …It’s true. When you ask a question, you actually help others as well who may not have the words to ask, or who may be too embarrassed. It’s a simple sign-up, and it’s encrypted so your email doesn’t get hacked. (in fact our entire site is encrypted!) So just go to the help forum, and post your question, and we will try to answer it as soon as possible. And if you read something I answer, and have a better answer, you can sign up to respond as well. so don’t be shy because you are the first one to post. I imagine on every forum that started, someone went first at some point. 🙂
You there is 1 topic started, only to make it easy for someone not so technical I guess…all you have to do is hit reply. But you are most welcome to start your own topic if you want. Anything not X-rated (this is an under-13 approved site) or illegal is welcome.
Protect, Protect, Backup, Backup, and Protect Yourself!
I was wondering when it would happen…that I would get a call from someone who had their files “ransomed”. What does that mean? Well the newest and greatest form of virus is ransomware…and it’s big business now. And they like to focus on businesses. They know that businesses can not afford to lose their client data…and they bank on that, and they quite often win.
Well, it happened today. And I felt bad for the guy.
What is ransomware? It’s a virus that installs one (or more) forms of ENCRYPTION on your computer, encrypts ALL your files so that they can not be opened without the decryption key, and it’s VERY effective. Some forms of ransomware can be decrypted, but there are some that can not. If your computer gets ransomed, you have only a couple of choices…
1. Pay the $500 or more to get the key and get your files back. If you want to do this, do it. Because once you start messing with trying to recover the files, you might lose the ability to decrypt…so think carefully about this. If you have no backup of your files, and you really need your files, and you can afford it, you should probably pay the money. It’s going to cost you maybe 1/3 to 1/2 that for an I.T. guy to remove the virus, and attempt to recover, and it may not even be possible. (though if you do, you should definitely get the machine cleaned after you get your files back!) You could possibly get a hold of the hacker, and try to negotiate a lower price I suppose, It’s worth a shot. I don’t know it’s successful or not.
2. You can remove the virus…to make sure no further files get encrypted, and start fresh…with the understanding that there is a 50% chance you will permanently lose your data. Every ransom attack is different. There are more than 1 ransom viruses, and some can be dealt with, and some can not.
3. You have a backup, and can restore it…GREAT! LET’S DO IT! Give me a call if you need help.
Some things to do once you know you have been hacked:
- Disconnect the internet! this can prevent cloud drive files from being synced to newly encrypted files, and being changed also if you have Google drive, or One Drive, or any other cloud account, and can prevent the virus from reaching other machines on the network.
- After you get the name of the ransomware package, write down the info, and SHUT DOWN THE MACHINE. Don’t use it. Don’t go on the network. Don’t install anything. Don’t do anything until you call a tech, or do some research on the internet on your particular ransom virus (from another computer)
- if you are going to try to remove it, download some help: Malwarebytes, Shadow Explorer, Norton Security (get a trial if you need to, they give you 30 days!)
- Often ransomware encrypts by way of making a copy, encrypting it, and deleting the original. Sometimes you can get originals back with deleted file recovery programs, like Recuva…which is an excellent program. System restore and Shadow Explorer will try to recover shadow copies created with system restore. If system restore doesn’t work, you can try to use ShadowExplorer.
If you haven’t been hacked yet, PROTECT YOURSELF!
- You should have a good security SUITE installed on every computer you own. If you don’t, shame on you! I can’t help you much if you don’t care enough to even try to protect yourself. I personally recommend Norton Security, it has the LEAST effect system resources (slowing down your machine) and it’s very good protection. And yes, you need the FULL SUITE of protection, firewall, virus scanner, real time protection…all of it, NOT JUST AN ANTIVIRUS PROGRAM. Malwarebytes is a good secondary protection. It will run alongside Norton just fine…and every time a new version releases, you get another 15 days of real time monitoring with it, (then it switches to manual scan mode, unless you purchase the pro version) …but 15 days of real time, 5 or 6 times a a year is fine for free, since you have another security suite, right? (yes) There is a 3rd program you can run alongside if you want, to protect specifically against ransomware, and it’s called CRYPTOPREVENT.
- Make sure SYSTEM RESTORE is TURNED ON and THAT YOU HAVE ENOUGH STORAGE SPACE FOR RESTORE POINTS! Depending what version of Windows you have, right click on either My Computer, or This PC (windows 8-10) and click on PROPERTIES. Then click on System Protection, select the drive you want to configure and then click CONFIGURE. You should turn on system restore for you operating system drive/partition, and any data partitions/drives you have. And you should also make sure that around 10% of the total drive space is allocated for restore points. (if you have system restore turned on, but have 0% space allotted to store restore points, it’s useless, as nothing will be written to the drive in way of a backup)
- BACKUP YOUR DATA. Cloud backup services are “ok” …for backing up files, but they won’t restore an entire drive image, operating system, and installed programs…it will only give you files. And it’s risky, because if it runs all the time, there is a chance those files also become corrupt when they sync with your machine. You should do regular full system drive imge backups with a backup program such as either Acronis True Image or Aeomi Backupper, or EaseUS Todo Backup . Do a FULL drive image backup at LEAST once a month (or incremental/differential if the software has that capability) If you do inc/diff backups, only do about 3 or so…but every 90 days at least, do a new FULL backup. Note, when doing backups, if you are using EXTERNALS USB HARD DRIVES, these will fail eventually. They have moving parts. They get hot. Especially if they run all the time, they will fail.. I myself use plain hard drives…if your desktop has storage for more hard drives, put a backup drive right in your machine. You can also use hard drives with a docking station, which is both cheaper, and more reliable than external drives. If possible, use flash storage: either flash drives (if you find one large enough) SSDs, or even SD cards can be used to store files, and they are typically more reliable. If you do use external hard drive, don’t leave it running all the time, and if you do need it to run all the time, get a new one every 18 months at least, sooner if you can afford it. Or, just store backups in more than one place. If you ever need one of your backups, you will be glad you have more than 1 to choose from. You really can’t be too anal about this stuff, trust me.
Anyway, that’s the skinny on ransomware. If you have questions, comment below, or contact Everything I.T. on the contact page (or just CHAT, we do that also) and we’ll give you hand!
IoT (internet of things) Security Risks – Cameras
You may have heard that more and more penetrations are coming by way of IoT devices. This may be new and confusing to you, and you may be wondering if this affects you, and how it could affect you.
IoT devices are devices that use, and connect to the internet, but because they are more simple in nature, haven’t been considered for security risks. One of the newest ones that has popped up is IP Cameras. An IP camera is a camera that transmits it’s data (images) in DIGITAL format instead of analog. How would you know if you had a digital IP camera? Well, analog cameras connect to recorders with coaxial cables, where digital IP cameras use a standard Ethernet (internet) cable. Here is an example of a digital IP camera: https://www.youtube.com/watch?v=79G4InvJX78 . If you have a newer security system in your home, or especially if you have a business with a full-fledged camera network security system, then this article on how Sony cameras are compromising networks would be a good, and highly recommended read for you. https://krebsonsecurity.com/2016/12/researchers-find-fresh-fodder-for-iot-attack-cannons/?platform=hootsuite My job is simply to educate you, and pass on new and important information, hoping to protect the public from the scoundrels and criminals who want to take advantage of your weaknesses.
Have a Happy Holiday season this 2016 Christmas and New Year. Blessings from Everything I.T.
Recent Comments