Security Snaphot July 3rd

Cleanup continues for NotPetya
Many organizations are still rebuilding their server infrastructure after the June 27th attacks that targeted the Ukraine government and soon spread across the world. The payment system for the ‘NotPetya’ ransomware was disabled soon after the attack started, making it impossible to pay the ransom and decrypt infected computers. This means many companies had no choice but to restore those computers from backups or rebuild them from scratch. This situation emphasizes the need to make a robust disaster and recovery strategy a piece for any security approach.

Microsoft addressing vulnerabilities in Fall Patch
Windows 10 users will be relieved to hear that Microsoft is adding additional protection this Fall against ransomware attacks like WannaCry and CryptoLocker by adding additional functionality which informs users when a program attempts to perform automatic mass changes to files- like encrypting them.

Old “Critical Alert” scam recycled to target online shoppers
Anyone who has been using a computer online in the last five years has seen it. You are browsing a website and all of a sudden everything freezes up, and you hear “critical alert from Microsoft” coming across your speakers and a popup telling you to call Microsoft as your computer is infected. When you call the number on the pop-up, the scammers request your credit card information as payment to ‘fix’ your problem. They then sell that information off on the black market. Now that people have wised up to the current iteration, the scammers are getting creative. The latest iteration is targeted at online shoppers. The shopper receives an email that looks legitimate from an online retailer stating their order has been canceled. When they click on the link for more information they are taken to a pornographic site which then triggers the ‘critical alert’ pop up. This method is much more effective as it preys on what people have been continually taught about cybersecurity over the last decade– that viruses are spread via email. As there is a legitimate reason for people to fear their computer is infected, they are more likely to call the number instead of rebooting their computer, which will make the pop-up go away. If users do get the popup to go away they should still run a full malware scan as the link may have exposed them to more than just a pop-up scam.