PC Pitstop sends out a monthly newsletter to update visitors about PC trends and what’s going on at the site. Each issue contains helpful computer tips. To subscribe, complete this form and you will receive a confirmation email. In the email body please click on the link Confirm Your Subscription to complete the process. You can rest assure we will never share your email address with others, see our privacy policy.

To get the most out of the site we strongly suggest creating an account with us. Be sure to check the box to indicate you want to get the newsletter. Below you’ll find an archive of the newsletters we’ve sent out in the past.

    Is This Windows File Hoarding Your Personal Information?

    September 21, 2018 by Kayla Elliott in Newsletter,tips

    Windows WaitList.dat File Has Been Found Storing User Data

    Now, before anyone panics, there are two major things you must understand.  First, this is only impacting Windows PCs with touchscreen capabilities.  In addition, a user of this PC must have enabled the handwriting recognition feature.  This feature generated formatted text from a person's writings they used either by a stylus or the touchscreen.  If you do not have a touchscreen PC, or you do but have never enabled the feature, you do not need to be concerned about this warning. If you do, however, you should read on.

    All About WaitList.dat File

    When a user enables the handwriting recognition feature, the handwriting has to be converted to text.  This conversion feature has been added in Windows 8, which means the WaitList.dat file has been around for years.  The purpose of this file is to store text to help Windows improve its handwriting recognition feature by withholding the ability to identify which words users use more frequently. Now if that was all that was happening, it wouldn't be so bad.  But, once this handwriting recognition feature is enabled, it allows all text-based documents to be stored on the WaitList.dat file.  To be clear, this includes all text documents and emails that are indexed by the Windows search bar feature. This means, if a user stores all of their user names and passwords in a Word document (which you should never do), it is now stored in this WaitList.dat file too.  This doesn't become an issue until unauthorized access penetrates the PC, whether that is in the form of a person or malware.  It is then, they could extract the WaitList.dat file and have all of the users most important data. To prevent any issues, users are encouraged to delete any files on their computer that include personal information.  This includes data such as banking information, usernames, passwords, social security numbers, birthdates, etc.  

    Flood of Cyber Attacks Drives Endusers to New Antivirus Solutions

    Ransomware Attacks Drive 44.53% of Endusers to Reconsider Their Antivirus Solutions

    Not only are ransomware attacks taking place daily, but news coverage of these attacks has increased.  Therefore, the public has become more aware of this cyber threat.  The same can be said for another cyber threat, crypto-jacking.  Not long ago, computer users would have no idea what either of those terms meant.  Now, increased awareness is leading users to reconsider their antivirus solutions. In a recent survey conducted by PC Matic, 44.53% of respondents reported reconsidering their current antivirus provider due to the recent news stories related to ransomware and crypto-jacking.  Of those who are reconsidering, approximately 10% have already changed providers. In addition, 17.4% of respondents reported either they or their company, have been hit with ransomware.  However, only 50% of those who have been hit with ransomware have switched antivirus programs in an attempt to prevent future attacks. Perhaps, most importantly, 100% of survey respondents who stated they were currently using a confirmed automated global whitelist antivirus program, reported they have not been victimized by ransomware.

    Kraken Ransomware Disguises Itself As Legitimate Anti-Spyware Software

    Everything isn't always what we seem.  This is something we have come to know and accept.  However, when we download a program that is supposed to protect us, that is what we expect it to do.  Apple users were recently duped with Adware Doctor, which positioned itself as an adware prevention tool, but actually was spying on user behavior.  Now, hackers have used the name and logo of the SuperAntiSpyware, an anti-malware tool, to trick users into downloading the ransomware deemed Kraken.

    Kraken Uses Security Program Name and Logo to Spread to Unknowing Victims

    To be clear, SuperAntiSpyware is a legitimate anti-malware tool.  However, Kraken stole the company's logo and name to target users.  The only difference between the Kacken and the legitimate program executable files are one letter in the file name.  SuperAntiSpyware uses SUPERAntiSpyware.exe, while Kraken uses SUPERAntiSpywares.exe.  Now, for those users who downloaded the legitimate program, you would not be impacted by this.  However, those who downloaded the malicious file would experience encryption of various files. Once a user opts to download SUPERAntiSpywares.exe, the malicious executable begins to run.  The only time this will be blocked from running would be if the user was employing a security solution that was using an application whitelist.  Or, if blacklist antivirus companies are updating the blacklist to include SUPERAntiSpywares.exe. If the file is allowed to run, it will first ensure the location of the device is not in a certain geographical area.  For instance, if the device is in Iran or Brazil, the ransomware will not execute.  Assuming you are in a location they have deemed acceptable to encrypt, the malware will scan the device for files with a variety of file extensions, including .jpeg, .doc, .zip, etc.  Once these files are recognized, they are renamed with the file name 00000000-Lock.onion and encrypted. At this time, there is no free option for decrypting files that have been locked by the Kraken ransomware.  The only way users can restore locked files would be through their backup files.

    Microsoft Macros Listed as Primary Malware Distribution Tactic

    September 18, 2018 by Kayla Elliott in Newsletter,tips

    Hackers Use Microsoft Macros to Distribute Malware

    Tech Republic has determined in the month of August, approximately 45% of malicious activity monitored was executed through Microsoft's macros feature.  This means that the malware was hidden in a Microsoft program and upon opening, the malware would execute assuming macros were enabled.  Often times Microsoft's macro feature is enabled by default.  Therefore, if this was the case on a device the malware would run on its own.  However, if the Microsoft macro feature is not enabled, a prompt populates on the screen to enable the feature to "open" the document.  Upon clicking on enabling macros, the malware begins to run. The only way to stop the malware from executing, if macros become enabled, would be with a security solution using a whitelist approach.  In this particular case, the malware would still attempt to execute; however, after determining the file is not on the whitelist, it would be blocked from running. To disable macros, follow the instruction below:
    • Open a Microsoft Office program (Word, Excel, etc.)
    • Open a new document/spreadsheet/powerpoint, etc.
    • Click on File
    • Select Options
    • Click on Trust Center
    • Click Trust Center Settings
    • Ensure the option selected disables macros
      • Using the disable macros with notification option, the pop-up mentioned above will still show up on the screen giving the option to enable them
      • The disable macros without notification will leave macros disabled unless the user goes into the Trust Center Settings to enable the option

    Ransom Payments or Downtime - Which is Worse for SMBs?

    September 17, 2018 by Kayla Elliott in Newsletter,tips

    Which Creates More Issues for SMBs?

    Asking questions like this is simply asking, which is the lesser of these two evils?  Neither is wanted or preferred.  And both cause substantial damage.  So forgive my bluntness, but which sucks less? Reports have suggested downtime is more damaging, financially than paying the ransom demand.  This is contingent upon several varying factors, including:
    • amount of ransom demand
    • if backup files are easily retrieved
    • how quickly the IT department can get systems working at full capacity
    • if a disaster recovery plan is in place
    • if a new security solution is implemented to prevent future attacks
    Paying the ransom demand is never encouraged.  It actually puts a target on your back for future attacks, and there is no guarantee the hackers will release the data after receiving their payment. Now, think of the damage this would create for SMBs.  The dangers are a bit higher for an SMB, after all, this is their livelihood.  They need a good reputation, the must be able to work, and do so at full capacity.  If their business is down for days or weeks at a time, they suffer reputational damage, as well as significant loss of productivity and profitability.  Depending on the length of downtime, their clients may go elsewhere.  Not because they lack loyalty, but they have their own needs that must be met too.  In the long run, this can crush an SMB.  A Colorado printing company just shut their doors after five years of business because they couldn't bounce back after a ransomware attack. These threats are real, and it's time business owners started being proactive and protect their devices, and the data on them, from modern cyber threats.  To do so, business owners are encouraged to do the following:
    • Employ a security solution that uses an automated whitelist technology
    • Keep the operating system and third-party applications updated
    • Complete an audit of admin rights, and disable all who do not need access
    • Disable Macros
    • Disable unused RDP ports

    Hawaii Issues Breach Warning After Ransomware Infection

    Hawaii Medical Facility Issues Warning to 40k Patients

    The Fetal Diagnostic Institute of the Pacific (FDIP), located in Honolulu, Hawaii has begun contacting over 40,000 patients regarding a potential data breach.  Concerns of a breach come after the facility fell victim to a ransomware attack in June of this year. After discovering the ransomware, FDIP contacted a cyber security firm for remediation efforts.  While investigating, the firm determined hackers had access to current and former patient data.  This included names, birthdates, addresses, account numbers, and diagnosis information.  Unfortunately, the cyber security firm was unable to determine whether or not any of this information had been viewed or removed from FDIP networks. The ransomware variant that led to this data breach is not being disclosed, nor is the ransom demand. For those patients who may have been impacted, FDIP has asked if any suspicious activity or communications do occur, they contact FDIP immediately.

    Other Ransomware Attacks

    For a list of ransomware attacks that have already taken place in 2018, you may click here. We have also created a map, see below, of the ransomware attacks that have taken place in the U.S.

    RDP Attacks - What they are and how you can stay protected

    September 13, 2018 by Kayla Elliott in Newsletter,tips

    What is an RDP Attack?

    RDP, or Remote Desktop Protocol, is a port on devices that allow for remote access to be gained by anyone who has the appropriate credentials.  An RDP attack means an unauthorized person or entity is accessing the network through the device's RDP ports.  The attack may be an actual person using brute force to hack into the RDP port, or it could be an automated technology, also using brute force to access the RDP port.  Brute force is a term used when someone, or something, is guessing user credentials over and over again until they are able to gain access.

    How Common Are They?

    Over the last year, RDP attacks have increased in popularity for one major reason.  They carry a significant payday if they are able to be executed.  Typically the execution process takes a bit longer and is more labor-intensive than alternative hacking methods, but the end result is worth it to the cyber criminals.  For instance, LabCorps, a major American labs facility hit with ransomware that executed through an RDP attack earlier this summer.  The ransomware attack infected thousands of PCs and almost 2,000 servers. Also, the malware options are limitless when it comes to an RDP attack.  Once the hacker has access, they install spyware, keyloggers, cryptojacking software, worms, ransomware, and any other form of malware they'd like.

    Staying Protected

    The best way to prevent an RDP attack is to disable the remote access to your device.  Home users can do this by following the instructions below:
    • Open your Control Panel
    • Access System and Security
    • Choose System in the list menu
    • Click on the Remote Settings in the left menu
    • Remove the check mark from the "Allow remote assistance connections to this computer"
    • Click Apply
    • Click Okay
    For business users, IT professionals are encouraged to conduct an audit of the RDP ports that are left open.  If adequate rationale cannot be provided regarding the reason for these ports to be left open, they should be disabled immediately. **PC Matic users, we encourage home users to disable the remote access feature.  Often times, home users do not use the remote feature or even know they have it.  Therefore, to minimize risk, disable the option so it cannot be exploited.  For PC Matic MSP and Pro users, you now have the ability to disable the RDP ports directly from the portal.  Our development team is also working on a vulnerability report to provide data on which RDP ports should be disabled.

    Targeted Attacks or Untargeted Attacks - Which is Most Common?

    September 13, 2018 by Kayla Elliott in Newsletter,tips

    Targeted and Untargeted Cyber Attacks

    Before discussing the attack methods of hackers, targeted or untargeted, we first must understand the difference between the two. First, untargeted attacks are when hackers have no specific vertical, business, or person they are attacking.  Instead, they simply cast as wide of net as possible, and send out the malicious email, links, etc. hoping to infect as many people as they can. Targeted attacks are cyber attacks specifically designed to infect a particular industry, person, business, or event.  For instance, the cyber attack that hit this year's opening Olympic ceremonies, or ransomware attacks targeting the healthcare sector are both examples of targeted attacks.

    But which is most common?

    Untargeted attacks are far more common than a targeted attack, for two primary reasons.  First, it is easier execute.  Instead of trying to determine how to infiltrate a specific system, hackers simply create a generic email with malicious content such as an attachment or link.  From there, they will send it out to every email address they have access to.  Depending on the form of malware used in the email, this may lead to extortion from ransomware, installing keyloggers to track user credentials, the installation of spyware, or breaching company and/or personal data.  Since they have no targeted audience, the content in the email is kept very vague, so it may be applicable to everyone.  For instance, it may be a fake tracking link for a recent "purchase".

    Which are more destructive?

    Although untargeted attacks are more common, targeted attacks tend to cause far more destruction.  In order for a targeted attack to occur, there must be two things -- a desire to cause damage, and the knowledge to do so.  In targeted attacks, hackers will often target an entire vertical, such as the financial sector or healthcare industry.  The industry they opt to attack is contingent upon the type of cyber attack they're executing. For instance, if their end goal is to make money, they'll likely use ransomware and go after an industry heavily reliant on IT services, such as hospitals or banks.  However, if hackers are targeting credit card information to sell on the dark web, they will target a large retail store.  The malware variant used is hand-picked, based on the specific target to generate the most destruction.

    Avoiding Falling Victim

    By clicking on a malicious email, you open yourself up to malicious cyber activity, not only on your device, but any other device connected to the network.  Therefore, to keep your network secure, all users must understand the red flags to be on the lookout for.  To avoid falling victim to a cyber attack, users should do the following:
    • Look at the "from" address in the email and ensure it is someone you know
    • Check the "reply to" address and confirm it would go to who it's supposed to
    • Look for grammatical and spelling errors within the email
    • Hover over the link to see where the destination URL is going to take you
    • Review recent purchases to determine if you should be expecting this "invoice" or "tracking info"
    If you ever question the legitimacy of an email, call the business or person it is allegedly from to confirm its authenticity. Also, ensure your device's operating system and third-party applications are updated.  By doing so, all known vulnerabilities will be patched avoiding the ability for them to be exploited by cyber criminals.

    144 total views, 1 views today

    (Visited 4 times, 1 visits today)

    About The Pit Crew

    PC Pitstop's Pit Crew is committed to providing you with the information you need to keep your PC safe and running like new.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.