CompuClever Blog

Don’t be Held at Ransomeware

by

 

With two prominent malware attacks occurring back-to-back during the past two months, you’re likely familiar with the term  – “Ransomware” – a cyber-crime gaining worldwide attention. In this article we explore ransomware in depth and offer recommendations and instructions to prevent it from happening and to protect your PC.

Ransomware defined:

You can think of ransomware as “data kidnapping”. It is the result of a malware attack that blocks access to a user’s PC data. Once infected, the attackers try to force you into paying money so you can regain access. In some cases there is a threat to publish or delete the data unless the ransom is paid. Data and access is blocked by using strong file encryption.

Computers can be infected whether at home or in the work environment. This includes PCs on an enterprise network or government agency servers.

Some ways of infecting your PC include:

  • Surfing to unsafe or fake websites.
  • Opening emails and email attachments from unknown sources.
  • Opening malicious links in emails, Facebook, Twitter, and from online chat apps such as Skype.

The two main types of ransomware are: Lockscreen and Encryption.

  1. Lockscreen ransomware prevents you from accessing your PC or files and instead displays a full-screen message saying you have to pay a ransom to regain access.
  2. Encryption ransomware prevents you from opening your files by encrypting them. The encryption is very strong (uses an AES-256 “military grade” cipher algorithm), and would take an estimated 3×1051 years to crack. Also, a unique encryption key is generated for each infected computer so you can’t just get someone else’s key.

Note: There are older versions of ransomware that display false messages such as claiming you have performed an illegal activity with your PC. They then state you are being fined by a police force or government agency. We want to stress that these claims are false and can be considered a scare tactic designed to extort money from you.

What is the result of the attack?

While there are various forms of ransomware, all of them prevent you from performing normal PC functions. This includes:

  • Getting locked out! Preventing you from accessing your operating system.
  • Blocked access to files! Files are now encrypted and you can’t access them.
  • Disabled apps! Certain programs (like your web browser), are no longer able to run.

What about the ransom?

Some ransomware attacks involve the victim having to pay money while some make you complete a survey. Payment of money is performed online and sometimes involves the victim having to pay in Internet currency Bitcoins. Due to the nature of those that commit these cybercrimes – there is no guarantee that your data or PC will return to the pre-attack state.

How much do they extort?

Symantec gained access to a malware server in 2012. This provided them first hand insight of the ransoms that were paid out. In a single day 5,700 computers were infected and 2.9% paid the ransom. This comes out to approximately $33,600 for one day.

“Given the number of different gangs operating ransomware scams, a conservative estimate is that over $5 million dollars a year is being extorted from victims. The real number is, however, likely much higher.”[1]

Recent Ransomware attacks…

WannaCrypt; May 12, 2017:

Many users around the world were victims of the malicious “WannaCrypt” software attack which has been considered one of the worst and most widespread cyber-attacks. More than 230,000 computers in over 150 countries were affected. All files on infected PCs were locked and the demanded ransom was 300 dollars in bitcoins.

Interestingly, people running Windows 10 were not targeted by the attack. Despite this, this attack was serious as evidenced in the steps Microsoft took. They took a highly unusual step in providing a security update for all customers to protect even the Windows platforms that are in custom support only. This includes Windows XP, Windows 8, and Windows Server 2003.

Supported versions of the operating system (Vista, Windows 7, 8.1, 10, etc.), have access to the security update MS17-010. If users have automatic updates enabled or have installed the update, they are protected. Microsoft states[2]: “For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010“. They go on to state that this attack may evolve over time and additional defense strategies are warranted.

Petya; June 27, 2017:

Companies across Europe and the US were affected by the ‘Petya’ ransomware attacks. Infected computers displayed a message demanding a Bitcoin ransom of $300. Victims were unable to unlock their computers even if they paid the ransom.[3] The instructions included sending confirmation of payment to an email address. However, that email address was shut down by the email provider and there was no way to contact the attacker for a decryption key to unlock their computer.

This ransomware attack exploited the same Microsoft exploit as WannaCry – the vulnerability known as EternalBlue. Even with the patch, this cyber-attack has two other ways to spread within an organization focusing on the network administrator’s tools. Experts believe the initial infection is suspected to have been delivered through email (as with WannaCry).

If Infected With Ransomware:

You are a victim of a ransomware infection once you see some form of ransom demand appearing in a dialog window, an app, or a full-screen message. Unfortunately, this demand is displayed after encrypting your files or disabling some part of your PC.

Before you try to recover your files, Microsoft suggests trying to fully clean your PC with Windows Defender Offline. After this you can try to Backup and Restore in Windows.

We fully agree with Microsoft: “Do not pay any money to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your PC or files.”

If You Already Paid:

If you paid the ransom, contact your bank and local authorities immediately. Your bank may be able to block the transaction and return your funds if you paid with a credit card. Inform your bank if you did submit credit card details to the cyber thieves.

We suggest you also contact the following government agencies that deal with fraud and scam reporting:

Prevention:

There are safe measures you can take to lessen the impact of attacks and failures and there are ways to prevent malicious attacks from crippling your PC and network.

  1. Keep a current back up of your data files (images, video, documents and music).
  2. Keep your Windows install up-to-date with the latest Windows security updates.
  3. Keep your antivirus program up-to-date. We highly recommend a reputable AV program with active subscription (one that keeps up to recent malicious attacks). We invite you to check out the performance and protection offered by CompuClever Antivirus PLUS.
  4. Do not open email links or files from a sender you do not recognize. In many cases you can recognize a fake email and webpage because they have bad spelling or look unusual.
  5. Be careful where you surf on the internet especially with less reputable sites. There is a greater chance of contracting a malware virus. Quite often unsafe sites can look convincing and have only subtle differences.

Microsoft states[4]: “Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).”

Stay Safe:

Hundreds of millions of emails that include a ransomware attachment are being sent out every month. Many of these are being blocked and software vendors are working hard to shrink security holes and fix this ongoing cyber-crime.

As can be seen with the information provided here, staying informed, taking precautions, and using safe practices can help prevent you from getting an infection that could save you time and your data. If you require further information on this subject we recommend Microsoft’s Ransomware FAQ page.

[1] http://www.symantec.com
[2] https://blogs.technet.microsoft.com
[3] https://www.theguardian.com
[4] General information on ransomware

CompuClever Antivirus PLUS – VB100 Award!

by

 
CompuClever is pleased to release the latest VB100 test results for CompuClever Antivirus PLUS.  We will present these results and help you to understand them as part of our ongoing testimony to the effectiveness of our AV product.  As is evident with these results… CompuClever Antivirus PLUS offers outstanding protection without slowing down your PC!

The Test Results

We’ve had four positive test results from the VB100 test lab, one of the few independently operated testing facilities focused on providing comprehensive examination of security software and solutions.  Let’s start with an overview of these four tests that are available for online viewing.  These tests were conducted between August 2015 and October 2016 on various Windows platforms.

Overview & Breakdown

The specific results of each test are based on test markers which you can get an idea of when you mouse over the column title (RAP Score, Performance impact %, etc.)  We define them here:

  • Platform:  This is the selected operating system that VB100 performs its test on. VB100 tries to cover a spectrum of the most popular Windows OS with their tests focusing on one version at a time.  Note:  CompuClever Antivirus PLUS supports Windows 10, Windows 8, 7, Vista, & XP.
  • Result:  This is the overall result; simply put, it reveals if the antivirus software passed or failed the test.
  • RAP Overview:  “Chart shows RAP scores with weighted average overlaid.” Note: The difference in scores is explained below.
  • RAP Score:  “Weighted average detection rate over recent malware samples, including retrospective coverage of new malware (Reactive and Proactive).”  Basically, this means the ability for the AV product to detect and react to malware threats.  This is the most important measure of how effective any AV product is; the higher the score, the more effective the product.
  • Performance impact (%):  “Increase in time taken to complete a set of common tasks.”  This is the impact to system performance by the AV product when in operation. A lower score is better here.
  • Stability Rating:  “Rated on a five-level scale from Solid (no problems) to Flaky (severe issues).”  This is the rating given by VB100 based on the test results. This tells you the quality of the AV software apart from the previously mentioned effectiveness or performance impact measurements.

What is evident in these results is a consistent pattern of high RAP Score – detection of AV threats – and a low performance impact.  Once again this means that CompuClever antivirus PLUS works to protect your PC from online malware threats all the while operating in the background.

In this way, you won’t notice it and it won’t have an impact to overall system performance – something CompuClever dedicates itself to accomplishing!

Overall Conclusions

Based on analysis of detailed test data, we are very pleased with the results of the tests. These results are in line with our original goals:

  • Total protection against any form of online threats: CompuClever Antivirus’s high RAP score is among the list of top security solution providers, like ESET, Kaspersky, Bitdefender, and AVG.
  • Minimum impact to PC performance: CompuClever Antivirus’s extremely low % in Performance Impact to PC performance outperforms most of our top competitors.
  • A solid and well-built antivirus product: It is easy to install without reboot, has an intuitive user interface, and is extremely intelligent and quiet. CompuClever Antivirus is regarded as a “solid” antivirus solution.

This is what VB100 lab says about us in one of its test remarks:

The design is slick and attractive, with a good range of options available and intuitive deployment of controls.

Stability was perfect throughout testing, with not the slightest shake even under heavy stress. Performance impact was decent too…

Detection was as excellent as one would expect, with good scores everywhere.[1]

Check Your AV Product

We invite you to examine the results for your AV product.  You can trust VB100 as it a free service that performs regular independent reviews of malware solutions and provides test results for AV software that handle both known (reactive) and unknown (proactive) virus samples. You can see the latest test results for any product or you can use the Search field to quickly find test results.

CompuClever Antivirus PLUS

CompuClever Antivirus PLUS offers unparalleled security technology against malware threats. It is designed to deliver the best performance for your PC and it is built on the most advanced antivirus technology available today. Exceptional in its ease of use, it allows you to handle security with a single click. The intuitive technology also guards your online privacy and digital identity with specific protection when doing online banking and online shopping.

Browse the following topics to learn more about Antivirus PLUS:

 

[1]https://www.virusbulletin.com/

CompuClever Antivirus PLUS Achieves VB100 Certification With a Full Mark and a Favorable Review

by

 

Victoria, British Columbia — CompuClever is pleased to announce Antivirus PLUS, its all-in-one PC security software, has achieved a favorable review from Virus Bulletin’s renowned VB100 certification programme.

“As part of its review, released in the summer of 2016, Virus Bulletin noted that CompuClever Antivirus PLUS is accurate, stable and responsive, with a slick and attractive interface,” says Andy Thompson, CompuClever Communications Director and Editor-in-Chief. “In its review Virus Bulletin also noted that CompuClever Antivirus PLUS provides a range of PC optimization tools and other software alongside its anti-malware offering, including a browser plug-in wallet system.”

This is the second time CompuClever Antivirus PLUS received a VB100 rating of “Solid” from Virus Bulletin, with no false positives and “excellent detection.”  CompuClever Antivirus PLUS has also passed the Windows 10 Logo Certification Test, which means it has obtained Microsoft’s approval for running on the Windows 10 operating system.

“CompuClever Antivirus PLUS relies on sophisticated security technology to protect Windows computers against malware threats and is fully compatible with Windows 10, 8, 7, Vista and XP,” says CompuClever’s  Andy Thompson. “CompuClever Antivirus PLUS is designed to deliver the best performance for your PC and it’s built on the most advanced antivirus technology available today.”

Easy to use, CompuClever Antivirus PLUS allows any PC owner to manage security with a single click. The intuitive technology also guards online privacy and digital identity, including banking and credit card details, as well as email passwords and social media information.

About Virus Bulletin

Based in the United Kingdon, Virus Bulletin is a magazine about the prevention, detection and removal of malware and spam. It regularly features analyses of the latest virus threats, articles exploring new developments in the fight against viruses, interviews with anti-virus experts, and evaluations of current anti-malware products.

About CompuClever

Founded in 2010, CompuClever’s mission is to provide PC users with a safe and enjoyable computing experience. CompuClever offers products and services, powered by knowledge, know-how and expertise, aimed at enhancing computer safety, performance and stability. CompuClever software products are designed from the ground up to provide powerful utility and optimization software that can be used quickly and effectively, even by novice computer users.

Contact

Andy Thompson

media[at]compuclever.com
957 Alston St. Victoria, BC
Victoria, BC, Canada, V9A 3S5
www.compuclever.com

Firewalls – First Line Filtration

by

If our PC could be considered a well-protected fortress, we would think of the firewall as an essential part of the moat and drawbridge system – it monitors and controls entry. Most of us associate firewalls with large network corporations and sophisticated security systems. You might, however, be surprised to find your PC and personal devices have security issues similar to large corporate networks. This is why firewall technology is built into your PC and offers the first line of protection from offensive web sites and potential hackers.

We’ll begin with a definition of what a firewall is and then move into some basic questions and answers.  After that we’re going to provide information for those that might want to beef up their firewall protection.

The Firewall Basics

Effectively a firewall is a filter.  It is designed to prevent dubious programs and Internet services from establishing a connection or gaining access to your computer.

Firewall Defined: A firewall is hardware or software technology designed to monitor and filter incoming and outgoing traffic to your PC.  It is a network security function that effectively acts as a barrier.  The data that passes through depends on the pre-determined set of rules which are configured in the firewall settings.

A Little Q and A

Now that we know basically what it is, we can answer some questions.

  1. Why do I need one?

A firewall tries to screen out incoming Internet streams of data from unwanted sources and it also prevents programs on your PC to access the Internet without authorization.  The purpose is to prevent unwanted and malicious programs from communicating to, or from, your computer.

  1. Who makes firewalls?

Microsoft includes a firewall with Windows – we’ll cover this in more detail below.  There are also a significant number of known makers of free and paid solutions.  The best known names would include Norton, McAfee, BitDefender, Kaspersky, as well as Zone Alarm, Webroot, and Comodo.  Some routers also have firewalls built into them.  While we are not recommending any specific option, selecting one of the manufacturers listed above should provide greater security.

  1. When do I need one?

Quite simply – you need a firewall when you connect to the Internet. This is why you should also consider a solution for your smart phone or mobile device.  Most malware programs these days attempt to get money from you and your mobile devices are also targets of malware attacks and cyber crime.

  1. Doesn’t Windows already come with a firewall?

Yes, it does, and it may be all you need.   It blocks unwanted connections and will prompt you if you want to allow a connection or not.  There is a list of programs to block and you can enter exceptions to identify programs you deem safe.

Windows Firewall is equipped to monitor traffic, but lacks in the area of program control.  Despite shortcomings, Windows Firewall may be all you need.   Other tools will provide additional functions such as the ability to create activity logs.  In this way you can review what was happening in terms of attempted connections so you can fine tune the security parameters.  The bottom line is that the Windows Firewall will suffice for most users and should not be regarded as providing insufficient security.

If you find surfing the net is slow, begin by optimizing the browsers and Windows configuration for accessing the Internet.  We recommend looking at the articles: Improve Internet Speed and Restore Browser Speed.  After this, if you are more certain that the firewall is affecting performance, you may want to replace it.  If your PC is encountering issues with viral infections then first look at your antivirus protection, and if you have a top notch AV solution and are still getting breaches, that too would be a reason for looking for a new firewall.

  1. Is a firewall all the protection I need?

In a previous article we covered some myths about antivirus protection and this came up.  We can review briefly here.  As we have described, firewalls can filter nefarious traffic.  However, they cannot protect your PC from files that contain a virus or Trojan.  The reason for this is that firewalls are not able to scan for infected files – you need an antivirus solution specific to this purpose.

Cyber criminals exploit potential security holes and look for ways to openly connect with your PC.  A firewall can minimize this risk and offer the first line of defense.  However, it is not sufficient in blocking the myriad of virus and malware threats that are prevalent.  Malware creators are very clever in disguising data and can even disable your firewall in an effort to steal private or personal data.

Antivirus Protection:In a nutshell… we are pleased to offer CompuClever Antivirus PLUS, an AV solution that delivers 100% protection against both known and unknown viruses, comparable to any first-tier antivirus software like Norton, Kaspersky, Bitdefender, and MacAfee.  As a matter of fact, an independent third-party lab test revealed that our antivirus product not only delivers a high level of protection, it also creates a very low impact to PC performance.

For more information about CompuClever Antivirus PLUS click here: Are You Well Protected?

Turning Windows Firewall On and Off

Microsoft states: “You only need one firewall app on your PC (in addition to the firewall that’s probably built into your network router).  Having more than one firewall app on your PC can cause conflicts and problems.” [1]  It is also good practice to NOT turn off a firewall unless you have another one turned on.

With these safe practices in mind, you can view the status of Windows Firewall and you can turn it off or on.  The easiest way to begin is to type “firewall” in the Search field located in the Start menu.  For more information and instructions specific to your operating system follow one of these links:

Windows 10  / Windows 8 / Windows 7 / Windows Vista / Windows XP

What to Consider if Seeking an Alternative

Here is our list to help you better decide on alternatives to the built-in firewall for Windows.

  1. You need to consider how accurately a firewall solution will identify threats to your system. You do not want it to miss threats but you also do not want it blackball safe and known programs.  No one wants an unending stream of warnings from their firewall for no valid reason.  The very best firewalls handle unknown programs by monitoring them closely for suspicious activity and signs of improper network activity behaviour.
  2. The fewer resources it requires the better. This will allow your system to run programs faster and dedicate resources to perform duties related to regular day-to-day activities.
  3. Supply only the functions you need. Some “suite” applications will include antivirus and performance tools.  If you already have these areas covered by other applications there is no need to pay for bloated software that is inadequate in these other areas.
  4. You will also need to know what kind of coverage you require in terms of the devices you are needing to protect (desktop, laptop, tablet, or phone), and if your solution will suffice.

Other Considerations

Now to finish off with some final points related to installing a new firewall solution.

Install Your Firewall 

There isn’t any one “right” place to install a firewall; it comes down to the devices you use and the programs you run.  If you are looking for a firewall for your business then the normal firewall is not what you need; you need what is known as a “Next Generation Firewall” or, “NGFW’.  These are more sophisticated and expensive, ranging from $500 to $80,000, and are beyond what we will discuss here.

Also, some routers have firewalls built right into them, meaning any system behind them does not need a firewall.  This is useful as it means that there is no performance loss for Windows as a result of a firewall performing checks on data streams.  However, if you have a portable device (like a laptop, tablet, or phone), then you need a firewall installed to the device that can be turned on whenever you connect to the Internet when away from home.

Common Problems

The most common problem in using a firewall is blocking a program you know is good.  When this happens you need to create an “exclusion” or “exception” (search the program help files for those terms).  Effectively, this provides you the ability to override what the firewall would normally do.  Firewalls are designed to run in the background so most people have little to no interaction with these programs once they are installed and exceptions are generated.

Summary

While we haven’t gone into detail about hardware and software firewall technologies and the various viral threats to firewalls, we have covered the basics.  Standard coverage should get you started and you have the option of customizing the onboard Windows Firewall.  As an alternative to Windows, you can follow our introductory guidelines for taking on an alternative firewall solution.  In either event, remember that an effective antivirus solution is part of your fortress of protection.

We would like to thank Richard from our Tech Support team for his first wave of research on this subject.  We will continue to provide story lines like this and we will describe them in a manner that is within reach of everyday computer users.  If you have some ideas of topics you would like us to cover, email us at: newsletter@compuclever.com

[1] http://windows.microsoft.com/en-US/windows-8/Windows-Firewall-from-start-to-finish