To get the most out of the site we strongly suggest creating an account with us. Be sure to check the box to indicate you want to get the newsletter. Below you’ll find an archive of the newsletters we’ve sent out in the past.
- Open a Microsoft Office program (Word, Excel, etc.)
- Open a new document/spreadsheet/powerpoint, etc.
- Click on File
- Select Options
- Click on Trust Center
- Click Trust Center Settings
- Ensure the option selected disables macros
- Using the disable macros with notification option, the pop-up mentioned above will still show up on the screen giving the option to enable them
- The disable macros without notification will leave macros disabled unless the user goes into the Trust Center Settings to enable the option
- amount of ransom demand
- if backup files are easily retrieved
- how quickly the IT department can get systems working at full capacity
- if a disaster recovery plan is in place
- if a new security solution is implemented to prevent future attacks
- Employ a security solution that uses an automated whitelist technology
- Keep the operating system and third-party applications updated
- Complete an audit of admin rights, and disable all who do not need access
- Disable Macros
- Disable unused RDP ports
- Open your Control Panel
- Access System and Security
- Choose System in the list menu
- Click on the Remote Settings in the left menu
- Remove the check mark from the "Allow remote assistance connections to this computer"
- Click Apply
- Click Okay
- Look at the "from" address in the email and ensure it is someone you know
- Check the "reply to" address and confirm it would go to who it's supposed to
- Look for grammatical and spelling errors within the email
- Hover over the link to see where the destination URL is going to take you
- Review recent purchases to determine if you should be expecting this "invoice" or "tracking info"
Windows WaitList.dat File Has Been Found Storing User DataNow, before anyone panics, there are two major things you must understand. First, this is only impacting Windows PCs with touchscreen capabilities. In addition, a user of this PC must have enabled the handwriting recognition feature. This feature generated formatted text from a person's writings they used either by a stylus or the touchscreen. If you do not have a touchscreen PC, or you do but have never enabled the feature, you do not need to be concerned about this warning. If you do, however, you should read on.
All About WaitList.dat FileWhen a user enables the handwriting recognition feature, the handwriting has to be converted to text. This conversion feature has been added in Windows 8, which means the WaitList.dat file has been around for years. The purpose of this file is to store text to help Windows improve its handwriting recognition feature by withholding the ability to identify which words users use more frequently. Now if that was all that was happening, it wouldn't be so bad. But, once this handwriting recognition feature is enabled, it allows all text-based documents to be stored on the WaitList.dat file. To be clear, this includes all text documents and emails that are indexed by the Windows search bar feature. This means, if a user stores all of their user names and passwords in a Word document (which you should never do), it is now stored in this WaitList.dat file too. This doesn't become an issue until unauthorized access penetrates the PC, whether that is in the form of a person or malware. It is then, they could extract the WaitList.dat file and have all of the users most important data. To prevent any issues, users are encouraged to delete any files on their computer that include personal information. This includes data such as banking information, usernames, passwords, social security numbers, birthdates, etc.
Ransomware Attacks Drive 44.53% of Endusers to Reconsider Their Antivirus SolutionsNot only are ransomware attacks taking place daily, but news coverage of these attacks has increased. Therefore, the public has become more aware of this cyber threat. The same can be said for another cyber threat, crypto-jacking. Not long ago, computer users would have no idea what either of those terms meant. Now, increased awareness is leading users to reconsider their antivirus solutions. In a recent survey conducted by PC Matic, 44.53% of respondents reported reconsidering their current antivirus provider due to the recent news stories related to ransomware and crypto-jacking. Of those who are reconsidering, approximately 10% have already changed providers. In addition, 17.4% of respondents reported either they or their company, have been hit with ransomware. However, only 50% of those who have been hit with ransomware have switched antivirus programs in an attempt to prevent future attacks. Perhaps, most importantly, 100% of survey respondents who stated they were currently using a confirmed automated global whitelist antivirus program, reported they have not been victimized by ransomware.
Kraken Uses Security Program Name and Logo to Spread to Unknowing VictimsTo be clear, SuperAntiSpyware is a legitimate anti-malware tool. However, Kraken stole the company's logo and name to target users. The only difference between the Kacken and the legitimate program executable files are one letter in the file name. SuperAntiSpyware uses SUPERAntiSpyware.exe, while Kraken uses SUPERAntiSpywares.exe. Now, for those users who downloaded the legitimate program, you would not be impacted by this. However, those who downloaded the malicious file would experience encryption of various files. Once a user opts to download SUPERAntiSpywares.exe, the malicious executable begins to run. The only time this will be blocked from running would be if the user was employing a security solution that was using an application whitelist. Or, if blacklist antivirus companies are updating the blacklist to include SUPERAntiSpywares.exe. If the file is allowed to run, it will first ensure the location of the device is not in a certain geographical area. For instance, if the device is in Iran or Brazil, the ransomware will not execute. Assuming you are in a location they have deemed acceptable to encrypt, the malware will scan the device for files with a variety of file extensions, including .jpeg, .doc, .zip, etc. Once these files are recognized, they are renamed with the file name 00000000-Lock.onion and encrypted. At this time, there is no free option for decrypting files that have been locked by the Kraken ransomware. The only way users can restore locked files would be through their backup files.
Hackers Use Microsoft Macros to Distribute MalwareTech Republic has determined in the month of August, approximately 45% of malicious activity monitored was executed through Microsoft's macros feature. This means that the malware was hidden in a Microsoft program and upon opening, the malware would execute assuming macros were enabled. Often times Microsoft's macro feature is enabled by default. Therefore, if this was the case on a device the malware would run on its own. However, if the Microsoft macro feature is not enabled, a prompt populates on the screen to enable the feature to "open" the document. Upon clicking on enabling macros, the malware begins to run. The only way to stop the malware from executing, if macros become enabled, would be with a security solution using a whitelist approach. In this particular case, the malware would still attempt to execute; however, after determining the file is not on the whitelist, it would be blocked from running. To disable macros, follow the instruction below:
Which Creates More Issues for SMBs?Asking questions like this is simply asking, which is the lesser of these two evils? Neither is wanted or preferred. And both cause substantial damage. So forgive my bluntness, but which sucks less? Reports have suggested downtime is more damaging, financially than paying the ransom demand. This is contingent upon several varying factors, including:
Hawaii Medical Facility Issues Warning to 40k PatientsThe Fetal Diagnostic Institute of the Pacific (FDIP), located in Honolulu, Hawaii has begun contacting over 40,000 patients regarding a potential data breach. Concerns of a breach come after the facility fell victim to a ransomware attack in June of this year. After discovering the ransomware, FDIP contacted a cyber security firm for remediation efforts. While investigating, the firm determined hackers had access to current and former patient data. This included names, birthdates, addresses, account numbers, and diagnosis information. Unfortunately, the cyber security firm was unable to determine whether or not any of this information had been viewed or removed from FDIP networks. The ransomware variant that led to this data breach is not being disclosed, nor is the ransom demand. For those patients who may have been impacted, FDIP has asked if any suspicious activity or communications do occur, they contact FDIP immediately.
Other Ransomware AttacksFor a list of ransomware attacks that have already taken place in 2018, you may click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.
What is an RDP Attack?RDP, or Remote Desktop Protocol, is a port on devices that allow for remote access to be gained by anyone who has the appropriate credentials. An RDP attack means an unauthorized person or entity is accessing the network through the device's RDP ports. The attack may be an actual person using brute force to hack into the RDP port, or it could be an automated technology, also using brute force to access the RDP port. Brute force is a term used when someone, or something, is guessing user credentials over and over again until they are able to gain access.
How Common Are They?Over the last year, RDP attacks have increased in popularity for one major reason. They carry a significant payday if they are able to be executed. Typically the execution process takes a bit longer and is more labor-intensive than alternative hacking methods, but the end result is worth it to the cyber criminals. For instance, LabCorps, a major American labs facility hit with ransomware that executed through an RDP attack earlier this summer. The ransomware attack infected thousands of PCs and almost 2,000 servers. Also, the malware options are limitless when it comes to an RDP attack. Once the hacker has access, they install spyware, keyloggers, cryptojacking software, worms, ransomware, and any other form of malware they'd like.
Staying ProtectedThe best way to prevent an RDP attack is to disable the remote access to your device. Home users can do this by following the instructions below:
Targeted and Untargeted Cyber AttacksBefore discussing the attack methods of hackers, targeted or untargeted, we first must understand the difference between the two. First, untargeted attacks are when hackers have no specific vertical, business, or person they are attacking. Instead, they simply cast as wide of net as possible, and send out the malicious email, links, etc. hoping to infect as many people as they can. Targeted attacks are cyber attacks specifically designed to infect a particular industry, person, business, or event. For instance, the cyber attack that hit this year's opening Olympic ceremonies, or ransomware attacks targeting the healthcare sector are both examples of targeted attacks.
But which is most common?Untargeted attacks are far more common than a targeted attack, for two primary reasons. First, it is easier execute. Instead of trying to determine how to infiltrate a specific system, hackers simply create a generic email with malicious content such as an attachment or link. From there, they will send it out to every email address they have access to. Depending on the form of malware used in the email, this may lead to extortion from ransomware, installing keyloggers to track user credentials, the installation of spyware, or breaching company and/or personal data. Since they have no targeted audience, the content in the email is kept very vague, so it may be applicable to everyone. For instance, it may be a fake tracking link for a recent "purchase".
Which are more destructive?Although untargeted attacks are more common, targeted attacks tend to cause far more destruction. In order for a targeted attack to occur, there must be two things -- a desire to cause damage, and the knowledge to do so. In targeted attacks, hackers will often target an entire vertical, such as the financial sector or healthcare industry. The industry they opt to attack is contingent upon the type of cyber attack they're executing. For instance, if their end goal is to make money, they'll likely use ransomware and go after an industry heavily reliant on IT services, such as hospitals or banks. However, if hackers are targeting credit card information to sell on the dark web, they will target a large retail store. The malware variant used is hand-picked, based on the specific target to generate the most destruction.
Avoiding Falling VictimBy clicking on a malicious email, you open yourself up to malicious cyber activity, not only on your device, but any other device connected to the network. Therefore, to keep your network secure, all users must understand the red flags to be on the lookout for. To avoid falling victim to a cyber attack, users should do the following:
144 total views, 1 views today
About The Pit Crew
PC Pitstop's Pit Crew is committed to providing you with the information you need to keep your PC safe and running like new.