[ARC5] lookee here!

[Bill Stewart]

Mike, 
In my case it just frustrated me for a day and my guru was able to get me going 
agn w/o any damage. I guess I was lucky to get hit at the beginning of the hackers 
learning curve. Looks like now, they have developed a much more sinister 'bug' 
which is much harder to fix....without paying. Tnx a lot for the memo. 
73 de Bill 

----- Original Message -----

From: "Mike Feher" <n4fs at eozinc.com> 
To: "Bill Stewart" <cwopr at embarqmail.com> 
Cc: "Michael Hanz" <aaf-radio-1 at aafradio.org>, w5sum at comcast.net, arc5 at mailman.qth.net 
Sent: Friday, February 19, 2016 8:49:25 AM 
Subject: RE: [ARC5] lookee here! 



Bill – 

I am sorry to hear that. I believe right now this new one is unbreakable, unless one pays, and as we said, even that is no guarantee. Here is a memo issued by a local hospital yesterday. 73 – Mike 

“Due to the recent news and increase of malware activity, IT is asking for your support and cooperation as we work together to enhance the privacy and security of our computing infrastructure. Please read the below. Additional educational and awareness materials will be forthcoming. 

Hollywood Presbyterian Medical Center’s computers held for ransom. After 10 days pays $17,000 to get them back. 
What happened? 
On Feb 5 th the hospitals network and server got infected with ransomware. It affected critical patient areas such as the Lab. While it did not infect all the hospital’s computers, downtime procedures were implemented and ambulance patients were diverted. After 10 days, they paid the ransom of 40 bit-coins ($16,664) and luckily received the password to unlock the computers. 

What is Ransomware? 
Ransomware is a type of malware that infects and locks a system until the user pays a fee to regain access to the data. It is different than traditional malware in that it; 
· It doesn’t steal victim’s information, it encrypts it. 
· It demands a ransom, usually in Bitcoins. 
· It’s relatively easy to produce—there are a number of well-documented threats 
· Infected users are instructed to pay a fee for the private key which is stored on the attackers server – without it, decryption is impossible. When the ransom is paid, decryption will start and a payment verification screen will be displayed. 
Note: Don’t take hackers’ word for it, paying the ransom does not guarantee that you can recover your files. 

How does it get in? 
Common attack techniques include: 
· Spam and social engineering techniques 
· Visiting or being redirected to malicious websites. 
· Leaving infected USB devices laying around tempting users to plug them in to a PC 
· Emails with attachments that contain Malware installation tools disguised as safe files such as PDF’s. 
· Emails with embedded links to the Malware installation tools. 

When ransomware first hit the scene a few years ago, computers predominantly got infected when users opened e-mail attachments containing malware, or were lured to a compromised website by a deceptive e-mail or pop-up window. Newer variants of ransomware have become more sophisticated. They have been found in been spread through removable USB drives or Yahoo Messenger, with the payload disguised as an image. 
How do we protect ourselves? 
Because of the technology limitations that prevent users from retrieving the decryption key without paying the ransom, the best way to protect against the effects of ransomware is to not get infected in the first place. 
· Don’t open suspicious emails or emails from unknown sources 
· Don’t click on suspicious internet links contained within emails 
· Don’t ever click, open or save suspicious email attachments 
· Never enter your username and passwords in response to emails 
· Keep your work and personal passwords separate and complex 
· Call the Service Desk if you are not sure if something is safe 
What is IT doing to protect us 
· Educating employees in good computer practices, in identifying social engineering techniques, attempts and spear-phishing emails. 
· Have installed, configured and maintain advanced endpoint security solutions. 
· Remote 24 x 7 network security monitoring. 
· Enabling software restriction policies to block programs from executing from specific locations. 
· Using firewalls to block all incoming connections from the Internet to services that should not be publicly available. 
· Using Web filtering gateways. 
· Ongoing vulnerability scanning and windows updates - patching 
· Backups of all critical systems and servers. 
· Restore to previous versions of the encrypted files once the virus has been removed. 
· Blocking the networks of the “Dirty Dozen” countries which are most noted for malicious virus / cyber activity which include Bulgaria, China, Hong Kong (Special Administrative Region of China), Iran, Korea(Republic of), Korea(Democratic People’s Republic of), Macao (Special Administrative Region of China), Pakistan, Romania, Russian Federation, Turkey, Taiwan (Republic of China) and Ukraine. 
Please feel free to contact myself or the service desk if you ever have any questions or if you suspect any suspicious activity or content.. 
Thanks 




Mike B. Feher, N4FS 
89 Arnold Blvd. 
Howell, NJ, 07731 
732-886-5960 



From: Bill Stewart [mailto:cwopr at embarqmail.com] 
Sent: Friday, February 19, 2016 8:39 AM 
To: Mike Feher 
Cc: Michael Hanz; w5sum at comcast.net; arc5 at mailman.qth.net 
Subject: Re: [ARC5] lookee here! 


Mike, I got bit by one of those a couple of yrs ago. I accidentally clicked on an 
email that I was gonna delete and presto, the computer was dead in the water. 
The price asked, in my case, for unlocking was 300 bux. My good friend, ham 
and my computer guru was able to unlock it in just a few minutes. By now I'm 
sure they are a lot harder to unlock without paying the price....and even that is 
probably no guarantee. We really have to pay attention to what we click on. 
73 de Bill K4JYS 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/arc5/attachments/20160219/eb36a575/attachment-0001.html>