Ransomeware is a malicous attack that causes your data to be unavailable to you unless you pay a payment to unlock the captive material.  Often, ransomware requires that you pay this ransom in bitcoins. How does this happen?  Malware can be delivered many different ways exploiting vulnerabilities through ad networks or older versions of a flash player. 

According to "The Guardian," a news magazine, a number of major websites including the NLF, the New York Times, the BBC and AOL have all been hijacked.   When a user visits a page that has been targeted, the page gets redirected to a different server hosting the malware.   The malware then looks for any way to exploit the target computer.  It installs a program similar to cryptolocker that takes over the user's data and encrypts it in such a way that you cannot use it again until you pay the ransom to get the information back.  

Ransomeware seems to be the newest trend for criminals versus the older forms of threats such as a virus, adware or trojans.  

It is best to keep your computer up to date with the most current Windows  and Adobe updates as well as having an antivirus software  such as Symantec Endpoint Cloud Protection which pushes new anti-virus signatures directly to your computer through the Cloud.  

If you have questions or concerns, we would be happy to assist you.  Please contact Glasser Tech at 516-762-0155. 

March Patch Tuesday brings with it both security updates from Microsoft and Adobe.  Altogether there are 39 vulnerabilities that appear to affect Windows operating systems as far back as Vista.  Let's review the patches.

Most critical is a patch for Internet Explorer.  This patch takes care of 13 vulnerabilities that may allow a hacker to take over your computer if a particular website is visited.

Microsoft also released an update for their newest browser called Edge.  This fixes 11 vulnerabilities in total.

For the flaws in the Windows PDF Library, Microsoft has released a patch to avoid remote code execution when opening a malicious PDF file.

Word also gets an update this month to fix a flaw that enables a hacker to put malicious code on a machine remotely.

For more about this month's windows updates visit Microsoft Security Bulletin Summary for March 2016

Adobe's releases this month deal with fixes for Adobe Reader and Acrobat.  To learn more visit Adobe security bulletin.

It is important to keep your computer up to date.  If you have any questions regarding windows updates, please call Glasser Tech at 516-762-0155. 

There is a new ransomware called "Locky" that is on the attack.  Please make sure your entire office is aware of it.  It comes in the form of a Word Attachment.  If you are not expecting an email with a Word Attachment call and ask the sender if it in fact came from them and was it actually meant for you. 

What the "Locky" ransomware does is rename your files, scrambles them and then encrypts them. Locky also removes any Volume Snapshot Service (VSS) files also known as shadow copies that you may have.  Shadow copies are Windows way of making backup snapshots.

Once seeded on a host, the ransomware can spread quickly across your network.  Then when it is ready, it instructs you via a screen to pay a ransom to get your data back. 

The best defense is a good offense.  

• Make sure you have a good backup solution.
• Check your backup and make sure you have a good backup every day.
• Make sure your staff does NOT click on random emails that they were not expecting.  If something looks suspicious, it probably is suspicious.
• Make sure you have a good Antivirus and it updates automatically.

As you know every first Tuesday of the month is patch Tuesday for Microsoft.  This month Microsoft released 13 bulletins, 6 of which they rate critical.   These patches apply to all versions of Internet Explorer, operating systems and other Microsoft products.

Many of these updates affect Windows 8.1 and Windows 10.   A lot of updates involve Internet Explorer or Edge which is a part of Windows 10. 

The complete list of updates can be found by clicking Here.  If windows updates are enabled on your computer, your machine should update automatically.  As always, if you have any questions, please feel free to contact our office at 516-762-0155

Java which is from the US based software company Oracle has today released an emergency patch for Java in an effort to fix a flaw that happens during installation on Windows platforms. 

This vulnerability could cause an exploitation of a critical vulnerability allowing someone to manipulate a user into going to a website containing malicious code and files and downloading them to the user’s system before Java gets installed.   This applies to Java versions 6, 7 or 8. 

Basically this site appears to be a Java site even though a user may be nowhere near the actual Java site.

Because the exposure exists only during the installation process, users need not upgrade existing Java installations to address the vulnerability. However, Java users who have downloaded any old version of Java prior to 6u113, 7u97 or 8u73, should discard these old downloads and replace them with 6u113, 7u97 or 8u73 or later.

Java home users should visit www.Java.com to check that they are using the most recent version of Java.