On December 17, 1903, Orville and Wilbur Wright made the first successful flight in a mechanically propelled airplane. To celebrate the accomplishment and commemorate the achievements of the brave brothers, December 17 became Wright Brothers Day by a 1959 Presidential Proclamation. Wright Brothers Day is now honored every year in the United States with festivities and activities.

Wright Brothers Day

A Land of Innovation and Invention

In the nation’s beginnings, the founding fathers had to cross an unfriendly ocean to live in uncharted land. Early settlers made their way across the vast landscape, using their strength and ingenuity to adapt to often harsh conditions.

Over the history of the US, Americans laid track to build railroads to span the nation, while other Americans built the cars that would change the way people live. The Wright Brothers succeeded in their revolutionary flight soon after.

What Was Once Thought Impossible

Before the Wright Brothers launched their flight, most people could not imagine that flight by humans was possible. Earlier efforts to leave the ground were limited, because there was no way to sustain flight or control a contraption in the air. The Wright Brothers knew that they would need to be able to control the wings and nose so that a pilot could navigate while in the air.

While it seems obvious now, their ideas changed the way humans view the world. People felt attached to the earth, trapped in two dimensions. Once people were able to fly, they could see the world from an entirely new perspective. Distances become relative, and the world seems both grander and more interconnected. The boundaries that used to limit people’s activities no longer hold that control over our lives.

Humble but Loving Beginnings

Milton and Susan Wright were the parents of Orville and Wilbur, and they encouraged their sons to learn about whatever they could and to travel to other parts of the world. Mr. Wright was a bishop in the United Brethren Church, and his position caused him to travel a lot for church business. While he was away, he sent many letters and gifts home to his family, exposing them the many fascinating wonders the world has to offer.

Wilbur and Orville started in the printing business and even had their own newspaper for a while. They started their own bicycle business in 1894, making and selling bikes to turn a profit. But their dreams were always bigger.

When Wilbur and Orville started seeing other inventors’ attempts at building flying machines, the brothers figured out where they were going wrong. Their first gliders did not succeed, but the Wright Brothers kept trying until they achieved their dream. The Wright Brothers decided what they wanted to do, and then they realized what other people couldn’t with their own abilities.

Happy Wright Brothers Day – December 17

Facebook has just announced that a Photo API bug gave app developers access to user photos outside of the scope intended for 5.6 million users. This includes granting apps access to Facebook Stories, Marketplace photos, and photos that were uploaded but not shared. The bug was in effect from September 13th to September 25th.

Facebook Bug

As of now, Facebook is working on releasing tools to allow app developers to determine if they were impacted by this bug, and will work with them to delete unauthorized photos. Facebook will also be notifying any users they suspect may have been affected.

Learn More

If you have any questions or concerns about this latest Facebook bug, please don’t hesitate to contact me directly at {phone} or {email}.

6.8M Facebook Users Hit By New Photo Bug

A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them.

The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.

Sextortion Scam

Here’s a closer look at the threat and how to prevent such ruses in the future.

What Happened in the Sextortion Case?

The latest fraud was different from earlier sextortion cases in one significant aspect. Victims were targeted with an email that appeared to come from their very own email account.

In the past, similar hacks used passwords to an adult website that had been stolen in a data breach. The scammer would threaten to release information about the victim’s activity in exchange for cryptocurrency.

Are These Schemes Successful?

The risk of public embarrassment is a powerful motivator for many victims who would rather pay than be exposed for visiting questionable websites. The recent scheme was first noted in the Netherlands, where it reportedly netted €40,000 in short order. That kind of quick cash is highly motivating to hackers looking to make a large amount of money fast.

What Did the Sextortion Email Say?

The English version of the scam had a subject line that included the victim’s email address and “48 hours to pay,” e.g. “username@example.com 48 hours to pay,”

In broken English, the scammer claimed to be part of an international hacker group that now had access to all accounts and gave an example of a stolen password.

Throughout several months, the email alleged, the victim’s devices were infected with a virus from visiting adult websites. Now, the hackers had access to a victim’s social media and messages.

“We are aware of your little and big secrets … yeah, you do have them,” the email continued. “We saw and recorded your doings on porn websites. Your tastes are so weird, you know.”

The email further claimed to have recordings of the victim viewing these websites and threatened to release them to friends and relatives. It demanded payment of $800 in bitcoin within 48 hours of reading the message. If the funds were received, the data would be erased. If not, videos would be sent to every contact found on the victim’s device.

For unsuspecting victims, receiving such an email could be terrifying. That’s why so many people succumb to such demands and pay up.

What Can Users Do?

While it’s easy to be scared into sending payment, the reality is that these emails can be ignored and deleted. It’s a good idea after doing so to run an anti-virus scan on all your devices to be sure that there is no malware installed.

Many of these scams occur because a domain has been hacked. However, these vulnerabilities can be eliminated by using some basic protections. Using domain name system (DNS) records designed for email validation and authentication are an essential first step. Here are three of the most common:

  • SPF. A sender policy framework (SPF) verifies that an email that claims to come from a domain is associated with an authorized IP address. An SPF can detect faked sender email addresses in spam filters. Hackers are less likely to target such domains for phishing attacks.
  • DKIM. DomainKeys Identified Email (DKIM) lets an email receiver verify that an email coming from a domain was authorized by that domain. Senders need to attach a digital signature to each outgoing message that’s linked to a domain name. The recipient’s system can compare that signature to a published key.
  • DMARC. Layered on top of SPF and DKIM is domain-based message authentication, reporting and conformance protocol (DMARC). Established in 2011, DMARC allows email senders to publish policies about unauthorized email. Also, email receivers can provide reporting to those senders. Both are designed to build a domain reputation and credibility about Domain-issued emails.

Your users and domains are vulnerable to hackers looking to exploit technology to shame people into paying. With the right technology assessments, security protocols and safeguards in place, your systems will be protected and dissuade hackers from attacking your sites in the future.

Sextortion Scam Pretending To Come From Your Hacked Email Account

Your employees may understand that they risk identity theft every time there’s a major cyber breach at a store they’ve patronized. But do they know that even more of their personal information is available to hackers via their employee benefits plans? It’s a risk that an increasing number of business owners and CEOs have had to confront. How to safeguard employee data — and avoid the significant expense of a managing a breach response — are just some of the questions that business leaders face around this issue.

Employee Benefits

Why are benefit plans so attractive to hackers?

Virtually any type of employee benefit plan is vulnerable to hackers. These include pension plans, health and welfare plans, and retirement savings accounts. All represent a rich source of personally identifiable information (PII).

First, hackers can gain access to the employee’s personal health information. Armed with that information, cyber thieves can do everything from file fraudulent insurance claims, get prescription medication, and even blackmail the employee.

Hackers may also gain access to the actual employment benefit accounts, potentially using the accrued amounts as fraudulent assets to obtain lines of credit under the employee’s name.

Of course, being able to completely steal the employee’s identity is one of the most concerning threats. And given that employee enrollment forms will have birthdates, email addresses, official residence addresses, and social security numbers — at a minimum — there’s a strong potential for wide-scale identity theft using the PII.

What makes the plans so vulnerable to hacking?

The average worker assumes that accessing his or her employer’s cash reserves and financial information would be the more attractive target than that of its employees. But a company is one entity and can move quickly to protect its holdings after a firewall is breached. A business’ large number of employees, however, represent better odds for a cyber attack. Even if many of them are able to protect their PII after a breach is discovered, the odds of capturing at least some employees’ personal data are still high.

Employee benefit planning is often handled by the third-party provider. And even when these plans are managed internally, the business may be using software that’s vulnerable to attack. For convenience, the employee plan programs are designed to be accessible to more than one agency or company, and by using different platforms.

Yet the same technology that makes the software so easy for multiple parties to access is also what can make it more vulnerable to cyber attack.

Why do employee benefit plan breaches keep happening?

Unfortunately, pension planners, insurance companies and other partner providers still rely on “old school” tech to stop hackers. While anti-virus software might be helpful to stop non-corporate cyber attacks, it’s not always up to the task of more sophisticated hackers.

Also, federal regulations don’t consider employee benefits information as sensitive as personal health records. For that reason, regulations aren’t as strong on the pension side of benefits as they are on the medical records aspect.

What can be done to protect your employees?

The threat to employee benefit plans information is ever-growing. But the good news is that business leaders can put several safeguards in place, protecting that information on several fronts.

If you use an outside provider to oversee your employee benefits programs, it’s essential to carefully examine what safeguards those partner providers have in place to protect the information they handle. If your own staff is handling the benefits program, it’s essential that they receive the most advanced and up-to-date training available. Even staffers proficient in software and administrative safeguards may not be aware of the latest viruses and scams by which hackers may gain entry.

Perhaps most crucially, you’ll need to set up a chain of command and strict protocol about how all information is handled. From your own IT specialists and human resources administrators to outside benefit plan providers, access should be limited to the scope of that department’s work. The more sensitive the information is, the fewer people should have access to it.

What’s the best way to implement these safeguards?

Hiring a reputable firm of cybersecurity experts will immediately put technological safeguards in place to protect employee PII. These experts can also train business leaders and relevant staffers about how to administer their employee benefits plans accounts safely — and how to select third-party benefit program providers that also put cybersecurity first.

Employee Benefits & Cyber Attacks (Questions/Answers)

WordPress 5.0 was just released to the public on December 6, 2018. According to WordPress’ blog, this new version of the go-to platform for small business websites and blogs will “revolutionize content editing with the introduction of a new block editor and block editor-compatible default theme Twenty Nineteen.” However, if you’re like most small business owners, you’ve been burned before by being a little too eager to try a new software product. Is WordPress 5.0 the amazing new upgrade that its creator is touting or should you wait until it’s been tested by others and worked out any bugs?

Wordpress 5.0

A little about WordPress 5.0

WordPress 5.0 changes the way users compose and publish pages. The new editing function will do things like allow you to “drag and drop” blocks of text, more easily insert videos and images and be able to preview what your page will look like throughout the creation process without having to toggle back and forth to a separate preview screen.

Upgrade or wait?

Whether you should upgrade immediately or not, in our opinion, depends on a few factors…

  • Is this your busy time of year? If you’re in the middle of a busy holiday retail season, this is clearly not the time to be potentially disrupting your revenue stream and impacting your customers’ user experience by updating to WordPress 5.0. In addition, you won’t have time to learn the new editor, play around with the new features and find the best ways 5.0 can work for you.
  • Are your plug-ins compatible with Gutenberg? Gutenburg is the driving force behind WordPress 5.0’s new editing functions. However, not all plug-ins are really to work with it. Make sure that you’ll be able to fully use the new WordPress functions before making the switch.
  • Do you really need 5.0? Will the new features of WordPress 5.0 really impact your business? If not, or if only marginally so, we suggest you pass or at least wait until spring.

To learn more about using whether WordPress 5.0 is right for you and your company and to learn ways to better your website’s user experience, contact your IT services team at {company} immediately by calling {phone} or dropping us an email at {email}.

Should Your Business Upgrade Your Website To WordPress 5.0?

Sure, you can purchase Windows applications for a price. With some — like Microsoft Office and Adobe Photoshop — it’s impossible to get around.

Free Windows Applications

But there are also many Windows applications out there that are 100% free. Some of them can even replace most of the features of your favorite paid programs (Microsoft Office and Adobe Photoshop included). Or, if you’re considering buying the paid versions of these programs, you can first download the free version to ensure you like the layout, options, and fluidity.

Below, we go over 10 of the best free Windows applications for download. These applications aren’t trials, and they aren’t limited to things like watermarks or other incomplete features. They are absolutely free, downloadable applications that you can use for … well, forever.

Let’s get started!

1. DaVinci Resolve

DaVinci Resolve is one of the most professional video editors on the market. Functionality is excellent, and you have a range of options when editing video in nearly any form. With this program, however, you’ll need to keep in mind two things.

First, in order to properly run DaVinci Resolve, you’ll have to have at least 8 GB of RAM, 1 GB of graphics memory, and a 64-bit version of Windows.

Second, there are two versions of this software: DaVinci Resolve (free version) and DaVinci Resolve Studio. The latter is a paid version and, naturally, has more capabilities and features. If you don’t want the paid version, choose the option on the left when downloading this program. And remember that for basic editing practices (with some added keen features), the free version of DaVinci Resolve is still quite capable completely worth it.

2. Blender

Blender is another of the best free applications for Windows. It is an open source 3D modeling package. Use it to create amazingly-professional 3D images of any kind; if you like, you can even translate your designs to a 3D printer. Blender can also be utilized to create animations.

In addition to its 3D imagery modeling capabilities, Blender also features video editing capabilities (basic) and has an integrated compositor.

3. Apache OpenOffice

When Microsoft Office is too pricey of an option for your word and data processing needs, Apache OpenOffice is an excellent alternative. It has been downloaded over two hundred million times.

This program includes a word processor, database, drawing package, presentation package, and spreadsheet maker. All of these programs are compatible with the paid version of Microsoft Office.

A sub-option of OpenOffice is another free Office package called LibreOffice. They are essentially comparable with only a few features that differentiate them.

4. Audacity

In terms of sound applications, Audacity is one of the most widely-used and professional multi-track audio editors out there. It is also a recorder. Volunteers created this super easy-to-use program to be completely open source. It can record and edit an entire album, has multiple themes and playback options, and allows you to edit and use effects just like a professional program.

5. SketchUp Make

SketchUp is a modeling program and is used often by those interested in 3D printing; the software can create all types of models that can later be translated to a 3D printer. It is extremely easy to use.

There are two SketchUp programs, and this is the free version. The professional (and paid) version is called SketchUp Pro. As a result of this, it is essential that you state that you are only going to use SketchUp for personal projects at the time of your free download.


GIMP is an image editor and is completely open source. This program is an excellent alternative to Adobe Photoshop for editing photographs and other images. Even though the program has quite a steep learning curve, it’s definitely possible to get used to the platform and reap amazing benefits from the program — especially if you’re not ready to shell out for Photoshop.

7. Krita

Krita is a painting program and is open source. It was created by artists and is geared toward artists. You can download the program from the Krita website. The program allows you to create drawings on your computer, much in the way that real drawings (with paper and pen or pencil) are created. If you have a Graphics tablet, the program works especially well.

8. Sculptris

Sculptris is a 3D sculpting program available from Pixologic. It uses technology that professional 3D-modeling sculptors use. The whole package is a pared-down version of an all-in-one-digital sculpting solution called ZBrush (also by Pixologic), but this doesn’t mean it’s not possible to use Sculptris to create some pretty amazing things — great for those thinking about investing in ZBrush, who want to see how the software works.

9. Inkscape

A vector graphics editor, Inkscape allows you to “Draw Freely” as the advertising proclaims. It is comparable to Adobe Illustrator.

The program was created by developers for professionals and amateurs alike. Those who can benefit from this software include classic designers, web designers, illustrators, and anyone else interested in vector imagery. A broad array of structured drawing tools are available for a clean and neat final presentation.

10. Scribus

Scribus is a desktop publishing package that can produce a range of excellent results in terms of type- and image-setting. It is a top-notch DPT program for PDF and animated presentations as well. Create and arrange typesetting, layout, and much more.

Keep in mind that many of these applications can also be used on Macs or with Linux. Applications that are Mac compatible include:

  • Sculptris
  • Krita
  • Scribus
  • Inkscape
  • Audacity
  • SketchUp Make
  • GIMP
  • Blender
  • DaVinci Resolve
  • Apache OpenOffice

Applications that are Linux compatible include:

  • Krita
  • Scribus
  • Inkscape
  • Audacity
  • GIMP
  • Blender
  • Apache OpenOffice

Are There Any Other Free Application Options?

In addition to the ten free applications listed above, there are also two other, runner-up free applications you might consider.

Bonus App #1: Fusion from Blackmagic Design

This is a motion graphics program and compositor for both 2D and 3D design. Just make sure that you have strong enough capabilities with your PC as this program has specific requirements.

Bonus App #2: Autodesk 123D

Finally, here’s another 3D modeling option that is free for users of all ages. Autodesk 123D offers a variety of packages for assistance with 3D modeling that can create jewelry, home décor, Minecraft models and other toys, and much more. For industry, the models created with Autodesk 123D can be used in a variety of settings as well.

If you are interested in any of the areas listed above — illustrating, 3D modeling or sculpting, sound editing, video editing, image editing, or word and data processing — be sure to give these free applications a try on your Windows computer. These free versions were created by professionals to be open source for use by everyone and anyone, so take advantage of the technology and get creative!

Tech Tips: Top 10 Free Windows Applications

Even though the word App is relatively new, it has become popular in everyday terminology as its uses have changed lives in the modern world. Almost all mobile phones are now smartphones, so even those individuals who were apprehensive about using new technology now use apps on a daily basis. That is why we now celebrate National App Day every year on December 11.

National App Day

What is an App?

The word “App” was listed as the word of the year by the American Dialect Society in just 2010, showing just how quickly apps have become a regular part of society. But people already use the word so much they don’t really think of where it comes from. While the term “app” is short for “application,” common usage has changed the meaning.

An app is actually a kind of computer software or a program, and now usually refers to a very small one used on mobile devices like smartphones and tablets. Initially, the term could have meant any mobile or desktop application, but the term has quickly evolved to conform to the way people use it. Now there are thousands of apps, and some individuals and businesses design and run their own apps to make specific tasks easier.

Kinds of Apps and Main Uses

There are three basic kinds of apps, but Web Application Apps are used through a browser and Hybrid Apps have characteristics of both Web Application Apps and Native Apps. Native Apps are the ones used on mobile devices, and they only work on certain devices and have a special source code.

Of course, once someone understands how apps work they can create a new one to perform specific functions. Apps are available on Google Play for Android users, Apple’s App Store, the Windows Phone Store and BlackBerry App World. There are currently millions of apps, and prices range as widely as uses. Some apps are entirely free, while others have a recurring rate.

  • Apps can be used for communication, including encrypted phone calls or video phone.
  • Apps can be used for entertainment, providing movies, books and music.
  • Travel apps provide needed information and tools, helping with everything from transportation to finding the closest restaurant.
  • Many people use apps for games, playing simple games like solitaire or complicated games with players around the world.
  • Many apps provide important tools, helping people organize their homes or perform essential functions at work.

There is no reason to think the proliferation of apps will slow down any time soon, if ever. It only remains to be seen how many people will adopt these handy tools to perform more and more specific jobs. Hopefully, people will be thinking of the endless possibilities as they celebrate National App Day on December 11.

Happy National App Day: December 11th

Hackers Know How to Steal Money Anonymously

In West Barnstable, Massachusetts, Cape Cod Community College recently fell victim to a phishing scam that resulted in the school losing more than $800,000. The money was taken out of the school’s bank accounts. While this kind of scam is common these days, there are measures a business can take to prevent it. In the case of Cape Cod Community College, experts believe endpoint security solutions using next-generation technology would have prevented the monetary loss for the school.

Cape Cod Ransomware Attack

The hackers of today are quite sophisticated, and if a business falls victim to one of their scams, there is often very little they can do about it. Hackers know how to remain anonymous, and leave few if any, digital footprints to follow. This means the likelihood of recovering one’s money is little to none. That is why it is so vital to prevent these things before they happen by using proper technology.

The president of Cape Cod Community College, John Cox, revealed the financial loss via a digital theft to the staff and faculty of the school in an email on December 7. By working with the bank at which the school’s accounts were held, the school has been able to recover about $300,000 of what was stolen, which is more than most smaller businesses would be able to do. It is unlikely they will be able to recover the entire $800,000, but they might be able to get some more of the money back by working closely with the bank, as they are doing.

Details of the Digital Theft

Cox gave an interview with a local newspaper after informing the workers at the college of the theft. In the interview, he revealed many interesting details about the theft, including:

  • The email that allowed hackers access to the school’s bank account information appeared to come from another college, so it seemed safe to open the attachment that came with it.
  • After opening the attachment, the person who initially opened the email believed the attachment was suspicious and alerted the school’s IT department. Alerting the IT department is standard protocol at the school when it comes to suspicious emails and attachments.
  • When the IT department did a diagnostic on the attachment, they found a polymorphic computer virus embedded in it. They quarantined the virus, but it had already gotten into the school’s computer network.
  • The scammers had a fake URL that seemed to go to TD Bank, where the college has its accounts. By placing phony calls to school employees to validate transactions, the scammers were able to make nine transfers out of the college’s bank accounts, totaling $807,103.
  • The scammers attempted 12 transfers, but workers at TD Bank recognized three of them as suspicious and did not allow them to go through.
  • Cape Cod Community College has recently installed next-generation endpoint protection software, but only on some of their computer networks. If it had been installed on all of them, the hackers likely would not have been able to gain access to the school’s bank account information and use it to transfer out the money.

Other Schools Have Had This Issue, As Well

Cape Cod Community College is not the only school to have this kind of issue in recent times. In June of 2018, hackers stole around $1.4 million from 21 account holders in the Connecticut Higher Education Trust.

Hackers are not just after money, either. They are out to cripple the schools they target. Sometimes, they don’t steal any money at all, but instead, generate outages of the computers at a particular school. This happened to a college in Wisconsin in June of 2018, and it resulted in classes having to be canceled for three days because the computer infrastructure to support the classes, students, and employees wasn’t there.

It hasn’t just been colleges being targeted, either. K-12 schools are also targets. A public K-12 school in New Jersey lost $200,000 in September of 2018 in a phishing incident similar to the one experienced at Cape Cod Community College.

Technology Companies are Stepping Up to Help Prevent This

Technology companies are stepping up in light of such incidents, creating phishing simulators to help schools teach their employees to avoid allowing their workplaces to become the next phishing victims. They are also reaching out to schools to increase awareness of the need for next-generation endpoint protection software, and to help schools install and use it.

Cape Cod Community College Hit With $800,000 Ransomware Attack

Looking for a new computer for your home office?

Purchasing a new home computer

Year-end sales and tax returns often lead to boosted sales in computers. But purchasing a new computer can feel overwhelming. The technology changes quickly and the jargon can be confusing. Here is an explanation of what you want to consider when looking at getting a new home computer.

Central Processing Unit: The faster the CPU (central processing unit), the faster your computer can complete tasks. Currently, the i5 and i7 for Intel are the best choices for average users. The i9 is likely too expensive for the value, but the i3 is pretty low end. The number of cores tells how many parts are doing different functions, so getting a CPU with multiple cores is a good thing. The CPU is really the backbone of the entire computer and an inferior processor is going to limit any other features you get. Start with a robust system.

Storage/Disk Space: The disk space on your computer is what stores your information. There are both solid state drives (SSD) and hard disk drives (HDD). The SSD is far faster than HHD and purely electrical (no moving parts). You want to get a drive that is at least double the amount of space you are currently using, with most getting 500GB or 1TB (1,000GB) of storage. You can also get external drives that plug in when needed and store information or pictures in a second location as a backup or to free up space on your computer.

Memory (RAM): To support newer OS and programs, you will want at least 8GB of RAM. This is how your computer operates temporary tasks quickly. If the RAM is used up because the computer too many things are running at once, a temporary working space has to be set up in the storage system. Too little RAM and you will notice the sluggishness. You can’t have too much and there are options for 24GB, 32GB, 64GB or more.

Operating System: Whether you are going with Mac or Microsoft, you will want to make sure you get an updated version on your system. For MS, Windows 10 offers Home or Professional versions. You really only need the professional OS if you are joining your computer to a corporate network. The operating system is going to dictate a lot of the programs you can use, the control you have as the computer administrator and the interface you are working with on the computer.

Support: You can get warranty protection when you are purchasing your machine. You will want to look over what the fine print says and what the warranty includes. A one-year warranty is enough in most cases—just something to make sure the computer isn’t wired wrong. A security system for anti-virus protection is also something you should have included. Some of the excellent AV systems include, Panda, MS, Trend Micro, Bitdefender, Webroot, ESET and F-Secure. Watch out because many anti-virus software is subscription based and you will only be given one year of a subscription before you have to decide if you are going to pay for the security service or not.

Extras: Depending on what you want to use the computer for, you will want to consider what extra features come with your system. The optical drive is going to include CD, DVD, Blu-ray or a combo. Some computers now aren’t including drives at all since so much is downloaded, but buying an external drive is relatively cheap and plugs in quickly when you need it. Some computers come with special graphics cards for gaming or art programs. Many computers now offer WiFi connectivity, but not all provide a hardwired port for a direct internet connection. The programs you need are another point to consider and some computers will even come with some software pre-loaded. Most computer deals are really going to try to wow you with the “extras” you receive. Most of the time, the extra software is only going to be a subscription for one free year. One year after the computer is purchased, you may lose your access to those programs and have to pay to get them operating again on the computer.

If you are looking for IT support, call {company} first. We help small home businesses and large corporate offices outsource their tech for additional support as needed. Let us make your computing smoother, easier and more efficient.

A Quick Guide For Buying A New Home Computer

The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed.

SamSam Ransomware

According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, the SamSam actors targeted multiple industries—some within critical infrastructure—with the ransomware, which also is known as MSIL/Samas. The attacks mostly affected victims within the United States, but there was also an international impact.

As pointed out in the alert, organizations are more at risk to be attacked by network-wide infections than individuals because they are typically in a position where they have no option but making ransom payments.

“Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms,” the alert states.

That does not mean individual systems cannot or are not attacked, but they are targeted significantly less by this particular type of malware.

How do SamSam actors operate?

Through FBI analysis of victims’ access logs and victim-reporting over the past couple of years, the agencies have discovered that the SamSam actors exploit Windows servers and vulnerable JBoss applications. Hackers use Remote Desktop Protocol (RDP) to gain access to their victims’ networks through an approved access point and infect reachable hosts. From there, the cyber actors “escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization,” the report states.

RDP ransomware campaigns are typically accomplished through stolen login credentials—sometimes purchased from darknet marketplaces—or brute force attacks. Since they do not rely on victims completing a specific action, detecting RDP intrusions is challenging, according to the alert.

Ransom notes instructing victims to establish contact through a Tor hidden service are left on encrypted computers by the SamSam attackers. Victims are assured that once they pay the ransom in Bitcoin, they will receive links to download cryptographic keys and tools for decrypting their network.

Where did SamSam originate?

The Department of Justice recently indicted two Iranian men who allegedly were behind the creation of SamSam and deployed the ransomware, causing approximately $30 million of damage and collecting about $6 million in ransom payments from victims. The crippling ransomware affected about 200 municipalities, hospital, universities and other targets during the past three years, according to an article from Wired.

Keith Jarvis, a senior security researcher at SecureWorks, reiterated the sophistication of the SamSam ransomware and how it gains access to systems through weak authentication or vulnerabilities in web applications, methods that don’t require the victim to engage in a particular action. Hackers also go out of their way to target specific victims whose critical operations rely on getting systems up and running as quickly as possible, making them more likely to simply pay up.

What technical details about SamSam are important?

In the joint DHS and FBI report, the federal agencies provided a list, though not exhaustive, of SamSam Malware Analysis Reports that outline four variants of the ransomware. Organizations or their IT services administrators can review the following reports:

MAR-10219351.r1.v2 – SamSam1

MAR-10166283.r1.v1 – SamSam2

MAR-10158513.r1.v1 – SamSam3

MAR-10164494.r1.v1 – SamSam4

What mitigation and prevents practices are best?

In general, organizations are encouraged to not pay ransoms, since there is no guarantee they will receive decryption keys from the criminals. However, relying on a contingency plan or waiting out an attack, as advised by the FBI, is difficult when an entire operation has been compromised.

The best course of action is for organizations to strengthen their security posture in a way that prevents or at least mitigates the worst impacts of ransomware attacks. The FBI and DHS provided several best practices for system owners, users and administrators to consider to protect their systems.

For instance, network administrators are encouraged to review their systems to detect those that use RDP remote communication and place any system with an open RDP port behind a firewall. Users can be required to use a virtual private network (VPN) to access the system. Other best practices, according to the report, include:

  • Applying two-factor authentication
  • Disabling file and printer sharing services when possible, or using Active Directory authentication or strong passwords for required services
  • Regularly applying software and system updates
  • Reviewing logs regularly to detect intrusion attempts.
  • Ensuring third parties follow internal policies on remote access
  • Disabling RDP on critical devices where possible
  • Regulating and limiting external-to-internal RDP connections
  • Restricting the ability of users to install and run the unwanted software application

This just scratches the surface of actions that administrators and users can take to protect their networks against SamSam or other cyber-attacks. The National Institute of Standards and Technology (NIST) provides more thorough recommendations in its Guide to Malware Incident Prevention and Handling for Desktops and Laptops, or Special Publication 800-83.

Information technology specialists can also provide insight and advice for how organizations can detect gaps or vulnerabilities in their cyber-security that leave them susceptible to SamSam or other malware infections.

Important FBI/DHS Warning: Update On FBI and DHS Warning: SamSam Ransomware