Monday 28 October 2013

CryptoLocker virus

I was asked to write a blog article by our Managing Director this last week regarding the Crypto Locker virus as we've had to deal with a number of cases recently and have fully recovered from it without having to pay the ransom fee. Another article worth reading is this one, after reading mine of course, it makes some points worth considering, we came across it after dealing with the latest case:
http://www.avosec.com/cryptolocker-ransomware-prevention


If your company data had been irretrievably lost, what would you do?
Lately we’ve seen a number of infections with the Cryptolocker virus. This type of virus is rarely seen, in fact we had never seen any ransom viruses which effect the customer data, we usually see the type where its claimed to be a metropolitan alert stating you have visited an viruses which pop up after logging in and stop you being able to use your computer – data is left intact and the viruses are easily removed.

The problem with the Cryptolocker virus is that your files are encrypted with what is reportedly RSA-2048 encryption and it does it on the sly in the background while you are using your computer without you knowing anything is happening. Once it’s satisfied most of the files if not all have been encrypted it will pop up a message on your computer notifying you of the situation and that you’ll have to pay them to retrieve the files. We do not encourage anyone to pay these criminals.

We have been lucky in that our customers who have been effected have regularly changed their backup drives and we have been able to recover their data stored on the server and reinstalled the affected PC’s. This is why a good backup routine is so important, we cannot stress this enough.

Our customers have reportedly been infected from opening email attachments, however we cannot rule out a “web drive by” in which you can get infected by a site exploiting a weakness in your browsers security, usually the site owner is unaware they have been compromised. We implore you to be vigilant when opening attachments, even if it appears to be from someone you know, if you were not expecting the email check with them to see if they did in fact send it. Perhaps their email account has been compromised after they had opened an email attachment?


We are currently reviewing our security practices and working with our partners to develop better security for our internet and email customers.



Monday 21 October 2013

SkyDrive muddle up

Well what a palaver this was!

When I installed Windows 8 originally I also installed the Desktop app, because it wasn't baked into the OS, and as much as I love Windows 8, I still mainly work in the Desktop - it's where all the hard grafting is still done.

So anyway, roll on a few months and I pluck up the courage to install Office 2013, which comes with SkyDrive Pro, now this threw its own spanners into the work because of the damned upload manager which comes with Office 2013 and it not wanting to work with my personal SkyDrive where I have ~20Gb of Windows admin tools, Android tools and ROM's and other random junk.

Even after removing SkyDrive Pro and installing SkyDrive I had some odd behaviours thanks to the upload manager from Office 2013... and a second copy of SkyDrive folder existing on my computer which accounts for the missing things I thought I uploaded to SkyDrive... so two copies of SkyDrive, one a few months old, one new, I had been using both without realising there were two. One showed in Favourites the other didn't, one I navigated to manually and had a shortcut I used, which pointed to the 'old' one. I hadn't realised this just yet though....

... then came along Windows 8.1 and SkyDrive baked into the OS.

Oh boy, this is when I noticed the new SkyDrive just below favourites and actually took the time to investigate why I was missing files as it seemed to get worse. It got worse because I started using the new SkyDrive folder below favourites, yet when I clicked the other links I had, they were not up to date, I'd check SkyDrive.com and it was up to date... with what I had put in the new SkyDrive shortcut / perma-favourite.

So now I've realised what had gone wrong, I have .old'd the SkyDrive folder, renamed the other which more up to date from SkyDrive (2) to plain old SkyDrive. Now the laborious task of merging them without duplicating files, oh that's right I had also "cleaned up" one of the folders a few days before, so I've got to be careful which way round I do this, because I sure as hell don't want multiple copies of Android ROM's in different locations.

If you've got SkyDrive installed as a Desktop app, DO NOT install Office 2013 with SkyDrive Pro and I'd go as far as saying uninstall SkyDrive, .old the folder, THEN update to Windows 8.1, once you sign in for the first time, move the files into the new SkyDrive folder to ease the bandwidth usage if you're constrained by such things we were concerned about a few years ago.

I don't particularly blame Microsoft for this, but a nice prompt to say "Oh we see you've got SkyDrive installed, do you want to install SkyDrive Pro and the Office 2013 upload manager?"