File-less Ransomware Uses Windows Tools Against You

File-less Ransomware Uses Windows Tools Against You

By now everyone knows about ransomware, the dastardly strand of malware that encrypts data (or the drives it’s stored on) and sends the user a message demanding payment in a certain amount of time before the data is deleted forever.

To add a little more menace to an already stressful situation, the message includes a countdown clock. If it sounds like a bad situation, rest assured it is. How could it get worse you ask? Simple, make it more difficult to stop.

Companies of all sizes spend a pretty penny in IT security and training to ensure that they aren’t the next organization to fall victim of a hacker’s sick joke. What if we told you that all that expense was spent getting ready for an attack that could be already lying dormant in a file in a computer on your network? This could be the case as malware is now going fileless.

Okay, we know what you’re thinking…

Fileless malware?! What?

Today, we’ll go into what fileless malware exactly is, and how it isn’t great news for most people and businesses.

Starting with some good news is always appreciated, so the reason why hackers are now utilizing more file-less malware is because people and organizations are doing a great job fighting against traditional methods of infection.

In fact, 99.9 percent of all would-be malware attacks were turned away in 2017; so, while it didn’t have a marked effect for those organizations that were unlucky enough to have dealt with ransomware or some other devastating strain of malware, lots of would-be attacks were mitigated.

For years ransomware growth has facilitated a major shift in the way that organizations looked at the dangers that are coming from the Internet. Sure, there had been plenty of malware dispersed for years, but fileless malware doesn’t work like other malware.

Fileless malware attacks take default Windows tools such as PowerShell and Windows Management Instrumentation (WMI) and use them to support the malicious activity. Powershell and WMI are installed on every single Windows-run machine, and since they are used to manage and support a system’s well-being, they are working to keep the system functioning properly.

How It Works

Luckily for most organizations, the way fileless malware is dispersed is largely the same as most other malware strains, through phishing emails and messages. For this reason, if your organization has been doing its best to train its employees on the best practices to keep free from malware, those initiatives still pertain here.

Instead of an email attachment or link downloading the malware onto your system immediately, fileless malware runs a macro in the RAM of a machine and starts a command line which runs the application. That application, whether it be PowerShell or WMI are then commanded to encrypt the files/drives.

After that, the user of the machine gets presented the message saying that the files are being held for payment, setting the ransomware process in motion. Typically, this is when it will give the user a short amount of time to provide payment to regain control over the files.

At WheelHouse IT, we know the last thing you need is your operating system turning against you. We also know just how challenging it is to detect this type of malware. We’ve developed solutions and practices to fight even the most targeted and powerful malware.

Call us today at (877) 771-2384 to learn more about stopping fileless malware and keeping your organization’s IT working for you.

Password Protection

Password Protection

Password management is one of the most basic ways of securing your network and data. However, a surprising number of people do not practice password protection, leaving their computer systems vulnerable to hackers.

Hackers are constantly searching for passwords with which to penetrate your computer network. Phishing attacks, for example, will urge your people to log into a fake site using their passwords, recording them if they comply. Some use a brute force method using common words and phrases. Unsecured devices such as a personal computer or mobile device or a hotel kiosk can be infected with malware that captures passwords.

With that in mind, here follow some suggestions for sound password management.

  • Use long strings of characters, a good mix of alphanumeric and special characters. Avoid common words and phrases. Do not use familiar phrases such as birthdays, anniversaries, favorite TV shows, etc.
  • Never write down your passwords and leave the document in an unsecured location. A surprising number of people will write down a password on a post it note and leave it attached to their work station.
  • Never share your password, especially with someone outside your organization.
  • Be wary about logging into the system with a personal device from offsite. Always use a device that has been secured against malware by your data security people.
  • Never respond to phishing attempts. Do not open suspicious emails, and do not comply when they ask you to log into a website using your password. If you think you have fallen for such a scheme, change your password immediately, and contact your data security department,
  • Change your password periodically, at least every quarter.
  • Never use the same password for different devices.
  • Make sure that no one is looking over your shoulder when you key in your password,
  • Run antivirus software periodically to clean your computer of malware, such as a keylog virus that can pick up your password.

For more information contact us.

Economic Security for Businesses

Economic Security for Businesses

As with all other branches of computer technology, the branch of “security” is broad and can be sophisticated depending on how and what security methods are implemented — it doesn’t have to be costly or even sophisticated. A couple of common scenarios are discussed herein.

If a business owner or manager needs security software installed on a network of computers which aims to mitigate the threat of common types of malicious software, that doesn’t necessarily mean monetary resources must be tapped to buy the software.

There are many different types of software that can be downloaded for free from the internet which include free security software suites. The only potential drawback to using free software is the loss of time which it takes to obtain support for using the software — free software is generally harder to obtain support for.

Paid software generally comes with better support from the manufacturer. In summary, the tradeoff between convenience and loss of time must be weighed when deciding whether to use free or paid software.

Another common facet of computer security that should be considered is physical security — how to prevent criminals from getting physical access to a business’ computing devices.

While this side of security can be complex, it doesn’t have to be expensive and can even be managed simply by a business owner or manager.

Installing locks on the right doors allowing employees access to devices and resources only to the extent that allows them to get their jobs done, installing basic security cameras, and locking desks are some fundamental components of physical security that can be accomplished without much use of financial resources.

While for the most part, installing these types of systems are relatively simple, some businesses can require more sophisticated security systems to be installed in which trained professionals may be better-suited for installing and configuring.

For security needs, please contact us for help in making economic choices.

Windows Set to Launch Huge Update in October

Windows Set to Launch Huge Update in October

Windows 10 might be one of the best Microsoft operating systems to come out in a while, but their latest policy regarding major Windows 10 updates is causing quite a stir in the technology industry. Specifically, the large update coming up this October could potentially cause major problems for your organization.

In fact, the latest update could fail, causing your computer to crash in the process. This ultimately leads to frustration and wasted time on your end. The reason this happens is because the system doesn’t have enough storage space on it to install the update.

Microsoft hasn’t informed users of the size of the update, but judging from the update last spring, it could be anywhere from 16GB for the 32-bit operating system to 20GB for the 64-bit operating system.

This wouldn’t be so bad if the update checked your current file storage to make sure the update happens without incident, but that’s not how it works. We’ll walk you through the process to make sure that the Windows 10 update doesn’t break your computer.

Check Your Current Free Storage Space

The easiest and best way to make sure the update doesn’t harm your computer is just to check how much space you have on your computer prior to the update. This makes sure that there’s enough room for the update to go off without a hitch. You can use the aforementioned download sizes as a decent enough guideline.

To check your current storage space, you can follow this path: Settings > System > Storage.

If you don’t have enough room, you have some options. You can empty your Recycling Bin, delete temporary files, and empty your Downloads folder, although you’ll want to be a little careful with what you delete. You want to make sure you don’t throw out something you will need eventually.

Try Out Windows Storage Sense

To access Windows Storage Sense, follow this path: Settings > System Storage > Storage sense. There’s a toggle on this page that lets Windows automatically delete files that you don’t need. Select Change how we free up space automatically and you’ll see a new page that lets you customize these features, including how often Storage Sense deletes files.

You can also use the Clean Now button to immediately begin the process. This gives you an approximation of how much space you need to clean up before you can install the Windows 10 update.

Delete Large Files or Unused Applications

Depending on the kind of computer you’re using (or rather, whether it’s a personal computer or a company computer), you can uninstall apps that are taking up lots of space. Other files to be on the lookout for include video files, large pictures, games, and music files.

Not sure if you have enough room for the Windows 10 update? Be sure to give WheelHouse IT a call at (877) 771-2384.