Attack! Have You Heard of RansomWare – Wannacrypt?

RansomwareWhat is ransomware? Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it.

How can you protect yourself? Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection.
Updating the OS will take care of most vulnerabilities. Do not click on questionable links or open suspicious attachments as this can save headaches. This helps limit the spread of ransomware if hackers do get into your system.

How does it work?

  1. The malicious Ransomeware software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music
  2. Ransomware is a kind of cyber attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid.
  3. It enters a computer when a user mistakingly clicks or downloads a malicious file
  4. It can also spread via a worm, embedding itself within a network, this is instead of relying on humans to spread by clicking
  5.  Experts warn that there is no guaranteed access given after payment

It is interesting to note that Microsoft have already taken measures to save the world from this menace. You can visit Microsoft blog post about this attack – Click here to view.


Do You Think Your USB Flash is Protected? Learn How to Protect Your USB disks Using BitLocker.

It is usually a nightmare and a bit of hell experience for many folks who have lost valuable data stored on their memory sticks like a USB Flash or external Hard Disk Drive. At the same time, the information you place or store in your Flash can be accessed by anyone who gets hold of these sensitive materials.

There are several available Software and Hardware that one can use to encrypt your flash content and then lock it down with a password. However, majority of this software options require that you have administrative access to your PC. Fortunately too, Microsoft has included an encryption tool called BitLocker that can enable you do all of that.

To enable BitLocker encryption on a USB flash drive, do the following:
1. Insert the USB flash drive, click Start, and then click Computer.
2. Right-click the USB flash drive, and then click Turn On BitLocker. BitLocker initializes the drive.

Untitled3. On the Choose How You Want To Unlock This Drive page, choose one or more for the following options, and then click Next:

  • Use A Password To Unlock This Drive Select this option if you want the user to be prompted for a password to unlock the drive. Passwords allow a drive to be unlocked in any location and to be shared with other people.
  • Use My Smart Card To Unlock The Drive Select this option if you want the user to use a smart card and enter the smart card PIN to unlock the drive. Because this feature requires a smart card reader, it is normally used to unlock a drive in the workplace and not for drives that might be used outside the workplace.

4. On the How Do You Want To Store Your Recovery Key page, click Save The Recovery Key To A File.
5. In the Save BitLocker Recovery Key As dialog box, choose a save location, and then click Save.
6. You can now print the recovery key if you want to. When you have finished, click Next.
7. On the Are You Ready To Encrypt This Drive page, click Start Encrypting. Do not remove the USB flash drive until the encryption process is complete. How long the encryption process takes depends on the size of the drive and other factors.

The encryption process does the following:
1. Adds an Autorun.inf file, the BitLocker To Go reader, and a Read Me.txt file to the USB flash drive.
2. Creates a virtual volume with the full contents of the drive in the remaining drive space.
3. Encrypts the virtual volume to protect it.USB flash drive encryption takes approximately 6 to 10 minutes per gigabyte to complete. The encryption process can be paused and resumed provided that you don’t remove the drive.

Now You Can Be Tracked By Websites you visit via Your Device Battery Status

battery-iconsIn one of the newest development in the IT Industry, Website owners keen on tracking internet users have yet another means of doing so by simply requesting for it from the browser. This is courtesy of a feature the W3C added to HTML5 that lets a website interrogate the state of a visitor’s battery.
According to the research paper by International Association for Cryptologic Research, “all the information exposed by the Battery Status API is available without users’ permission or awareness.” The original rationale behind the spec was that if a server could access a user’s battery state, it could send out a lighter and less resource demanding version of a page for someone with low battery remaining, and heavier versions for people with full battery life. “Although the potential privacy problems … were discussed by Mozilla and Tor Browser developers as early as 2012 [when the API was introduced], neither the API nor the Firefox implementation has undergone a major revision,” the paper states.

Battery properties available to websites include the level, chargingTime, and dischargingTime by calling the navigator.getBattery() method in JavaScript. “When consecutive visits are made within a short interval, the website can link users’ new and old identities by exploiting battery level and charge/discharge times. The website can then reinstantiate users’ cookies and other client side identifiers, a method known as respawning,” the paper claims.
“Note that, although this method of exploiting battery data as a linking identifier would only work for short time intervals, it may be used against power users who can not only clear their cookies but can go to great lengths to clear their evercookies.” The API is only implemented in Firefox, Chrome, and Opera at the moment.

Hackers Attack Antivirus Company’s Server, Steal Sensitive Data

downloadIn an interesting twist, one the most popular and much-respected Antivirus and computer security firms BitDefender has recently been hacked and has had a portion of its customer data leaked.

The data breach on BitDefender is incredibly embarrassing for the security firm, not merely because the company failed to prevent its customers data from hackers, but also because the reputed computer security company did not encrypt its customers’ most sensitive data.

The hacker, who uses the online alias DetoxRansome, managed to break into a Bitdefender server that hosted the cloud-based management dashboards for its small and medium-sized business clients, and extracted usernames and passwords belonging to these clients. This is because these details were saved in a plain unencrypted form.

The Romanian security company admitted its system was breached and said that the attack on its system didn’t penetrate the server, but a security hole “potentially enabled exposure of a few user accounts and passwords.”

After demanding a $15,000 ransom which the firm refused to pay, the hackers uploaded a list of over 250 usernames and passwords over the internet.

“The issue was immediately resolved, and additional security measures have been put in place to prevent its reoccurrence. Our investigation revealed no other server or services were impacted,” said that company’s spokesperson.

BitDefender is currently working with law enforcement to investigate the issue.

Safety tips against Computer hackers

Let me start by telling you a story… One day I received a Facebook message from one of my Facebook friends. The message reads: “Please I got a contract to supply 30 Computers to one company and I need N600,000 to add up to buy the computers so I can supply to this company. Please assist me with the amount, I will pay back in a week’s time with an interest of 15%”.

So this message came from a close friend of mine who is like a brother that I do not have any reasons to doubt his personality. However,  I smelt a rat. I took measures (which you will find below as you read on) that saved me from the hands of a hacker! The friend’s Facebook account was hacked, and the hacker was using my friend’s account to defraud unsuspecting and innocent public. Sometimes, they ask for airtime. Other times, they ask for money of different degrees. But the bottom line is that it’s easy to get hacked. And yes, it can happen to you. It has happened to several people!!!

SafetyTherefore, let us carefully have a look at some security tips (the online safety commandments)  to keep your identity safe from hackers. Remember, the discussion cuts across Computer users, Mobile Phone users, Tabs, MACs, etc.

  1. Do not reuse your main email password: Most people use the same password as their email passwords on Facebook, on job application sites, and all other sites they visit! A hacker who has cracked your email password has the keys to your [virtual] kingdom. A criminal can trawl through your emails and find a treasure trove of personal data: from banking to passport details, including your date of birth, all of which enables ID fraud. Let me make it clearer that any other sites that requires your email and password do not necessarily mean that you must put your main email password. Just put in your email address on the email field, and choose a different password other than your email password. Be informed that most of the sites you visit, perhaps for jobs or other personal engagements were created to accepts emails and passwords, and not actually for jobs –  so when you expose your main email IDs, you get your mailbox hacked. You can consider running more than one email account. Do you use the same password for all websites? Do you overshare on Facebook? If so, you’re a target for cybercriminals.
  2. Always use different passwords on different sites:  Some people have several online accounts – blogs, Facebook, Instagram, 2go, Twitter, emails, Nnairaland, Job sites, forums, discussion groups, Journals, Online Libraries, name it! So the temptation is for individuals typically having anything up to 100 online accounts, the tendency has become to share one or two passwords across accounts or use very simple ones, such as loved ones’ names, first pets or favorite sports teams. WRONG!! Instead, what you can do is: memorize a favorite phrase like for example ‘safety tips against computer hackers by Sylvudo Integrated Services’, take each of the first letters and it will be stachbsis. Now add numbers and special characters and it becomes st@chbs1s. Now, for every site you log on to, add the first and last letter of that site to the start and end of the phrase, so the password for Yahoo would be “Yst@chbs1so”. Etc. This pattern or formula is very difficult for any hacker to guess, but easy for you to memorize. So, I encourage you to rush now and start changing your passwords. Use your own phrase, not necessarily the one I gave here.
  3. Use two-step verification: Most banks in Nigeria have implemented this feature. In addition to your user ID and password, they also give a token. And when you log in, a second verification code is sent to your mobile for verification. You can adopt this feature on your emails and other cloud services so that whenever you log in, a second verification code is asked from you which would be sent to your mobile that you registered with the services.
  4. Never click on a link you did not expect to receive: One of the easiest ways that Computer criminals spread virus and Malware is by luring users to click on a link or open an attachment, even when you had not subscribed to those links or expecting the attachment. Sometimes these links would say your bank is doing an upgrade and therefore requires you to update your bank details like your online username and password. Please do not do that. Your bank will never ask for your username and password for any upgrade whatever.
  5. Learn to block: When you are in doubt of a social network friendship request, especially from people you do not know, do not hastily accept, instead check their profiles first and be meticulous enough to know that this person does not know you. Block!
  6. Set up your phone’s protection: Some phones have some security features like BlackBerry Protect, Find My iPhone or Android Lost.  These allow you to remotely delete all your personal data, should your device be lost or stolen or the case where your phone is gone for good.  In  having a wipe feature can protect your information from falling into the wrong hands. So, if you have not set it up yet, run now and set it up. You can contact me for more details if you do not know how to do it.
  7. Be careful with public Wi-Fi: Yes, we all like free things. You sniffed an open Wi-Fi, you connect, bam! You are on the fly enjoying free internet. Remember, most Wi-Fi hotspots do not encrypt information and once a piece of data leaves your device headed for a web destination, it is “in the clear” as it transfers through the air on the wireless network. That means any ‘packet sniffer’ [a program which can intercept data] or malicious individual who is sitting in a public destination with a piece of software that searches for data being transferred on a Wi-Fi network can intercept your unencrypted data. If you choose to bank online on public Wi-Fi, that’s very sensitive data you are transferring. I advise either using encryption [software], or only using public Wi-Fi for data which you’re happy to be public – and that shouldn’t include social network passwords.
  8. Avoid storing your Credit card details online:  Please always take the extra efforts to key in your card details when you need to, rather than storing them online and then copy and paste when needed. If the location (email for example) where you stored is hacked, well you would be sorry for yourself, lol.
  9. Lock your Computer and Phones when not in use: Keep it locked, just as you would your front door. Keying in a password or code 40-plus times a day might seem like a hassle but it’s your first line of defense. Next-generation devices, however, are set to employ fingerprint scanning technology as additional security.
  10. Act of human: While much of the above are technical solutions to prevent you being hacked and scammed, hacking done well is really the skill of tricking human beings, not computers, by preying on their gullibility, taking advantage of our trust, greed or altruistic impulses. Human error is still the most likely reason why you’ll get hacked. So be careful online.

Now what what happens when your account is already hacked? What do you do? If your account has been compromised or hacked, here are ways to regain control.

How do I know if my email or social network account has been hacked?

  • There are posts you never made on your social network page. These posts often encourage your friends to click on a link or download an App.
  • A friend, family member or colleague reports getting email from you that you never sent.
  • Your information was lost via a data breach, malware infection or lost/stolen device.

If you believe an account has been compromised, take the following steps:

  • Notify all of your contacts that they may receive spam messages  that appear to come from your account.  Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for virus.
  • If you  believe your computer is infected, be sure your security software is up to date and scan your system for malware. You can also use other scanners and removal tools.
  • Change passwords to all accounts that have been compromised and other key accounts ASAP. Remember, passwords should be long and strong and use a mix of upper and lowercase letters, and numbers and symbols. You should have a unique password for each account.

If you cannot access your account because a password has been changed, contact the web service immediately and follow any steps they have for recovering an account.