WANTED:
3 New Clients
We are looking for a couple of new clients. The ideal candidates:
- have 10 or more PCs
- who want lightning fast response to their IT problems
- who want IT support with a “Today, Not Tomorrow” attitude
- are tired of 2nd rate IT support
- who don’t like IT surprises
- are willing to pay a set monthly fee for IT service
- who want honesty, reliability and predictability out of their IT Vendor
- who are most likely (but, not required) in the Professional Services industry such as Medical, Law, Engineering, or Accounting fields
If you are ready to talk about making a switch of IT vendors, give us a call.
Computer Networks of Roanoke, Inc.
Hank Wagner
hank.wagner@computernetworksinc.com
757-333-3299 x200
Petya is Not Ransomware-It is Wiper Malware
What if I say the Tuesday's devastating global malware outbreak was not due to any ransomware infection?
Yes, the Petya ransomware attacks that began infecting computers in several countries, including Russia, Ukraine, France, India and the United States on Tuesday and demands $300 ransom was not designed with the intention of restoring the computers at all.
According to a new analysis, the virus was designed to look like ransomware but was wiper malware that wipes computers outright, destroying all records from the targeted systems.
Comae Technologies Founder Matt Suiche, who closely looked the operation of the malware, said after analyzing the virus, known as Petya, his team found that it was a "Wiper malware," not ransomware.
Security experts even believe the real attack has been disguised to divert world's attention from a state-sponsored attack on Ukraine to a malware outbreak.
"We believe the ransomware was, in fact, a lure to control the media narrative, especially after the WannaCry incident, to attract the attention on some mysterious hacker group rather than a national state attacker," Suiche writes.
Petya is a nasty piece of malware that, unlike other traditional ransomware, does not encrypt files on a targeted system one by one.
Instead, Petya reboots victim’s computers and encrypts the hard drive's master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.
Then Petya ransomware takes an encrypted copy of MBR and replaces it with its own malicious code that displays a ransom note, leaving computers unable to boot.
Windows 10 has Built In Ransomware Protection
Ransomware Ransomware Everywhere Not a Single Place to Hide!
But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.
Two massive ransomware attacks — WannaCry and Petya (also known as NotPetya) — in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car companies to shut down their operations.
Most ransomware in the market, including WannaCry and NotPetya, are specifically designed to target computers running Windows operating system, which is why Microsoft has been blamed for not putting proper defensive measures in place to prevent such threats.
But not now!
In the wake of recent devastating global ransomware outbreaks, Microsoft has finally realized that its Windows operating system is deadly vulnerable to ransomware and other emerging threats that specifically targets its platform.
To tackle this serious issue, the tech giant has introduced a new anti-ransomware feature in its latest Windows 10 Insider Preview Build (16232) yesterday evening, along with several other security features.
Microsoft is planning to introduce these security features in Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017.
The anti-ransomware feature, dubbed Controlled Folder Access, is part of Windows Defender that blocks unauthorized applications from making any modifications to your important files located in certain "protected" folders.
Applications on a whitelist can only access protected folders. So you can add or remove the apps from the list. Certain applications will be whitelisted automatically, though the company doesn't specify which applications.
Once turned on, "Controlled folder access" will watch over files stored inside Protected folders and any attempt to access or modify a protected file by non-whitelisted apps will be blocked by Windows Defender, preventing most ransomware to encrypt your important files.
So, whenever an application tries to make changes to Protected files but is blacklisted by the feature, you will get a notification about the attempt.
Google To Remove ePHI From Its Search Results (if you ask)
HIPAA data breaches can occur if ePHI (electronic protected health information) is posted on an open web site. In that situation, not only is the ePHI available for viewing, it also can be indexed by an Internet search engine such as Google. Many data breaches have been uncovered by finding the unauthorized ePHI via a Google search. As an example, we know of patients that have found their own ePHI by searching for their name, finding the posted ePHI and lodging a complaint with HHS/OCR. These complaints have resulted in investigations.
In the past, removing these search results from Google has been difficult. That has now changed. Last week, Google made a change to its removal policy. The Removal Policy describes certain types of sensitive information that can be excluded from Google Search results. Examples include information such as Social Security numbers and Bank Account numbers. Now the removal policy page also includes “Confidential, personal medical records of private people”
Does Google remove this information automatically? No. According to a Bloomberg Technology article a Google spokesman said “that such information is only pulled when the company gets specific requests from individuals”. Google does not know if ePHI is posted with or without consent. But now it is making it easier to get such information removed from search results.
Does this mean if ePHI removed from a Google search result that it is no longer a data breach? No. It is still a data breach, for several reasons. First, the information may still be on a website, and the source website needs to remove the information. Second, the information only comes off Google search results after an individual knows about it and makes a removal request. Finally, even if all the information is removed from the web and search results, it still was available for a period of time, and that is a breach by itself.
22,000 Patients Affected By Ransomware Attack On Cleveland Medical Associates
Cleveland Medical Associates began notifying 22,000 of its patients of an April 21 ransomware attack that may have compromised patient data.
The compromised computer was both locked and encrypted, and there is currently no evidence the patient data was impacted.
The attack did not impact patient care at Cleveland Medical.
The potentially compromised data contained patient names, Social Security numbers, clinical information like medical records, insurance billing data, addresses, phone numbers and email.
The team was unable to determine with “reasonable certainty,” if there was unauthorized access to patient data. The medical center is offering a year of free credit monitoring to all affected patients.
Cleveland Medical has implemented a new medical records system following the event and is analyzing security procedures. Officials said the organization hired a forensic investigation firm to determine the extent of the attack’s reach.
“While we believe the motivation behind this incident was extortion, and we don’t believe your protected health information was specifically targeted, our computer server containing medical information was affected,” officials said in a statement.
Cleveland Medical is one of the many organization’s heeding the updated U.S. Department of Health and Human Services’ guidelines that state the burden of proof when it comes to determining if there was a breach of patient data during a ransomware attack is on the provider.
2017 has seen a steady increase in provider’s accurately reporting ransomware attacks as breaches.
During a ransomware attack, hackers use malware to seize control of data that effectively denies users access. “By definition, the ransomware attacker has obtained unauthorized access to the PHI by the act of encrypting it,” Steven Gravely, partner with Troutman Sanders.
“In many instances, the attacker retains the data and sells it on the black market even if the ransom is paid and access to the target system is restored,” he said. “These are the reasons why OCR guidance advises that any ransomware attack is presumed to be a reportable breach.”
Funnies
A computer lets you make more mistakes faster than any invention in human history – with the possible exceptions of handguns and tequila.
Q: How many programmers does it take to change a light bulb?
A: None. It’s a hardware problem.
