Month: October 2020

Alert! Ransomware is making a comeback

Alert, the bad people are back at it again. If all the new scams weren’t enough, ransomware has a new twist and it is booming. Instead of the authors deploying ransomware in its latest incarnation, they have gone to contracting it out, designing it to be custom configured by middlemen and deployed by ghosts, who collect their money and disappear only to reform under new names, identities, you name it.

This new style of ransomware comes with some really clever new techniques to avoid detection and some new approaches to maximizing the income potential of holding someone’s data hostage. And, this new incarnation of ransomware also steals data while encrypting it.

First, a hint of the new techniques. Since the ransomware is sold as a configurable suite of exploitative modules, it isn’t easy for anti-virus software, devices, or even behavior watching protections to recognize. Second, one of the features is a really slick module that can funnel disk requests to the operating system’s cache manager and then use (Windows or Apple) built-in operating system components to encrypt the data while in the file cache, tag it as new, requiring synchronization with physical storage and let the operating system finish the dirty work as part of its normal duties.

Surprisingly, the ransom for most of these attacks is very affordable; because they (the bad people) really want folks to pay the ransom. This identifies for them the people and companies whom they can then apply further (virtual) blackmail upon with an expectation of getting further money. So, you pay the $150 ransom and are contacted by a representative of the ransomers who often sets up and performs the decryption of part of the files only to be told that your data was also stolen and will be publicly posted if you don’t pony up lots more money. And they aren’t bluffing, there have already been a few very embarrassing cases where they did just that (posted the “secret” data, identified the source, and advertised it on the open web).

So, how do you protect yourself against this kind of assault? Keep your operating system up to date, your antivirus and antimalware up to date, do regular “full” scans of the data holding machine, and all machines that have access to that machine. Keep your firewall on and as restrictive as possible (in an office consider an adaptive firewall appliance or gateway server). Honest, if you don’t get occasional firewall violations and refusals, your firewall is not restrictive enough.

Having good, current, and disconnected (not available to be “live” updated and thus also corrupted) backups is the best way to recover from most ransomware attacks and many other forms of exploitation. Also having company-wide policies in effect (no alien machines, no disks or drives introduced without proper verification of safety, no gaming, no use of unsecured email services, etc.) can go a long way to reducing your risk and attractiveness to the bad people.

Finally, if you do become a victim of hackers, or scammers, or ransomers, please do not pay the ransom. Instead, seek the assistance of law enforcement, your data insurance provider, IT security professionals, and other professionals as appropriate (each will likely have important insights to help you get through the event with a minimum of damage and cost).

FCC Notice of Rule

Notice of Effective date for Call Blocking Rules

CG Docket No. 17-59

On July 16, 2020, the Commission adopted the Call Blocking Third Report and Order, which adopted rules for the blocking of calls, including two safe harbors and associated protections for the blocking of certain calls.[1]  The rules become effective 30 days after publication of a summary of the Call Blocking Third Report and Order in the Federal Register.[2]  The Federal Register published that summary on September 14, 2020.[3]  Accordingly, the rules adopted in the Call Blocking Third Report and Order will take effect on October 14, 2020.

[1] Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket No. 17-59, Third Report and Order, Order on Reconsideration, and Fourth Further Notice of Proposed Rulemaking, 35 FCC Rcd 7614 (2020) (Call Blocking Third Report and Order) (implementing, in part, the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, Pub. L. No. 116-105, 133 Stat. 3274 (2019) (TRACED Act)).

[2] Call Blocking Third Report and Order, 35 FCC Rcd at7650, para. 125.

[3] Federal Communications Commission, Advanced Methods to Target and Eliminate UnlawfulRobocalls, Final Rule, 85 Fed. Reg. 56530 (Sept. 14, 2020).

The First Amendment and our right to Free Speech

Well, Benediktson Computer is once again in its Southwest office in Silver City, New Mexico. Yes, we were chased out of Montana by snowstorms and luckily made the trip safely with no major challenges or issues. I want to try and tackle a difficult topic for me; it has to do with what folks are calling a violation of their right to free speech. I may have a unique perspective on this topic.

First off, the right to free speech is not one that is provided by our government, the bill of rights (first amendment) protects us from infringement of this right by the government. I know there have been some appellate court decisions that appear to have broadened the scope of this protection; but, I am not aware of any high court decisions that have broadened this protection to the point that we are protected from censorship on private lands, services, hosts and so forth.

So, to be clear, Facebook, Twitter, etc. are private services hosted by corporations (presumably for profit) on privately owned and operated servers. Any act of censorship, restriction of content, or removal of content may be annoying; but, it in no way is a breach of anyone’s rights. If (and this is a big if) our government were to offer a similar type of service, then the first amendment might offer us some protection against content censoring on that service.

In addition, private groups hosted on any of these corporate services (please do not make the mistake of considering them government-sponsored or supported) have been given considerable freedom to choose what content they find acceptable (within the framework of the hosting service) and this may be quite a bit more restrictive in many ways (all of this without violating anyone’s rights).

As each of us joined (Facebook for example) we were offered a chance to view and then required to accept and agree to the terms of service for that service. While I will entertain the notion that there are some rights and priveledges of being an American Citizen that we simply cannot sign away, this, in no way, applies to content that we publish onto privately or corporately owned and operated services. One last point, when we publish content on a service (like Facebook) we are making that content public on that privately operated service, potentially causing the owners of that service to be responsible for that content (legally).

Server-based Issues

For those who have had some strange behavior with your Microsoft apps over the last few days (Sept 26 – 29), yes there have been some issues with the Microsoft servers. Microsoft admits to a multi-hour outage over the weekend. I suspect that they were hacked and Microsoft brought the services down to protect users. Evidence? Monday morning I attempted to load MS Edge onto a machine and the antivirus stated that the update was being abandoned because it contained a virus. Also, a number of cloud and email users of 365 and outlook products had the passwords from their products and Microsoft password storage purged during this same period.

If you are one of those impacted, it looks like Microsoft has cleaned up the mess and you can return to using those services. If your password(s) for one or more services was purged, go ahead and supply your passwords manually (as requested by the service in a pop-up) and then look into changing any affected passwords at your earliest opportunity. As always, it is very important to verify which service is requesting a password; if it is for a web service, look carefully at the address and make certain it matches the address for the appropriate service.

There are so many scams in operation out on the world wide web right now that it is likely you have seen or been called by one of the scam operations. There are several places you can look for help recognizing a scam; I can recommend fcc.gov and the many resources they maintain. In addition, a simple google search or bing search will often highlight what others have already encountered and identified. Your favorite neighborhood computer consultant or technician is likely to have already encountered and dealt with any but the very latest of scams and can be an excellent resource before and, sadly after you get involved with a scam.

A few tips, Microsoft is not monitoring your system (well at least not to spot scams or viruses) and will not call you to help you, will not put a full-screen popup on your computer, and will not email warnings to you. Any of these things are evidence that someone is trying to scam you. Generally, these scams are aimed at getting money from you, getting useable information about you or your financial footprint. It is extremely important that none of us give out this information to the scammers, no matter how harmless or helpful it or they may seem, and of course, do not give money in any form to anyone you do not already have a business relationship with.

Another tip, if the nice people who sent you a message or popup or warning offer to install McAffee products for you, or Symantec products, they are quite likely scammers. Why? Symantec owns both families of products and makes them available in bulk for at virtually no cost so they are easy choices for scammers trying to look legit.

Repair or Replace?

One of the questions I am often asked is when do you repair or upgrade and when do you replace? Sometimes the answer is clear and easy to explain; but, often this is a very difficult question resulting from complex criteria. Most of us have a lot invested in our desktop or laptop computers and minor damage simply does not rise to the seriousness level to bring on the need or desire to replace.

Some of the obvious reasons for replacement are age (a 10-year-old computer really is old), cost of repair and maintenance (replacing a $50 dollar part on a $700 computer is reasonable, replacing a $200 dollar part on a $250 computer is not reasonable). Then there is the concern for all the time and effort involved in “moving into” a computer. Generally, a new computer needs a lot of time and effort on someone’s part just to get it up to what the previous computer could do.

While, in the computer world, new is generally faster with more storage and should require less maintenance, it is not uncommon for new to also have left some important, to you, software behind (cannot install for a variety of reasons, or require a new license, and others) or a previously familiar software product behaves differently on the new computer and you have a learning requirement to get back being proficient again. Then there is a break-in period when new electronics can simply have factory testing missed flaws appear.

So, in many cases, there are reasons to consider repairing or upgrading instead of replacing. Each situation is different and the factors that drive the decision can change as time passes.

For many users, I recommend hard drive replacement when performance is the primary issue with a computer and that computer is more than 4 years old. With standard spinning hard drives, this is an age where they can really drop off in performance and reliability. Replacing that older hard drive with an SSD can really perk up a computer’s performance and its data storage reliability in one simple step. Let us not forget that backups continue to be important even with the newer drives as they can still fail.