Ken Dwight's blog

Coronavirus - Pandemic Possibilities for the IT Community

Way back in February, I was a participant in a project by seven vendors whose clients are IT Support organizations.  Our goal was to create a document that would help your clients prepare for the necessary changes in the way they do business if the Coronavirus escalated into a major concern.  Since then, of course, COVID-19 has been declared a global pandemic.  This declaration has had a dramatic impact on our daily operations and those of our clients.

Helping your clients work through the COVID-19 pandemic

We've all been inundated in the past few days with e-mails, articles, news stories, blog posts, webinars, advertisements, and lots of misinformation about the current worldwide pandemic of COVID-19.  One of the most common (and reasonable) responses by many businesses is to have their staff work from home as much as possible.

Why MSPs Are The Newest Targets Of Ransomware

As an IT Professional, you know all about the rise of encrypting ransomware over the past 6 years.  Ever since the original CryptoLocker was released, in 2013, this has been one of the most widespread, and most damaging, forms of malware.  It has also become, by far, the most profitable type of attack for the criminals who produce and distribute it.

Ransomware -- Should You Pay?

It’s been barely 19 months since the CryptoLocker virus started infecting computers around the world, but in that relatively brief time it has made a significant impression on thousands (some say millions) of computer users.  It has also spawned a whole new category of cyber-criminal activity, known as encrypting ransomware.

My First-Ever Virus Alert

In the 12+ years I’ve been operating as The Virus Doctor™, I have never issued a general Virus Alert to all of my clients and subscribers to my e-mail list – until now.  In the past week I have learned of a very widespread virus outbreak that could ensnare even the most cautious users of the Internet and e-mail.

This outbreak crippled a major hospital in the Texas Medical Center, in Houston, and surely many other computer users around the United States.  But unlike some viruses you may have heard about on the evening news, this one has gone mostly unreported in the news media.

CryptoLocker -- Game-changing malware

One of the most widespread pieces of malware making the rounds these days is an updated version of a payload that first appeared quite a few years ago.  This malware, known as CryptoLocker, is a form of "ransomware," a program that holds the user's data files hostage until that user pays to have those files released.  I wrote about this type of malware in my book, Bug-Free Computing:  Stop Viruses, Squash Worms, and Smash Trojan Horses, original Copyright 2005.  But CryptoLocker is a much more sophisticated variant of this attack.

All of the major anti-virus software vendors are aware of CryptoLocker, and many have written about it.  There has also been a lot of misinformation and bad advice on the subject from various sources, even some that would normally be considered reputable.  Rather than attempt to reinvent this wheel here, I will offer my general observations and recommendations, followed by a link to a blog post that I believe does an excellent job of presenting the facts about CryptoLocker.

How did that computer get infected? Not the way you think!

When a computer is infected with a virus today, many IT support technicians assume the user contracted that infection as a result of visiting a pornographic web site.  In fact, that represents a small percentage of the infections that are occurring with the current generation of malware.  That was a much more common infection vector in years past, but not so much in 2013.

Before going into a list of ways a computer can become infected, it may be productive to state the obvious -- no rational computer user deliberately sets out to do anything that will lead to a virus infection on their computer.  Some may engage in what they know is risky behavior, but will usually heed a warning that clicking on a link or downloading a file may cause their computer to become infected.

How do you deal with the latest FBI virus?

The latest variant of the widespread FBI Moneypak virus has become one of the most difficult malware challenges facing the IT support tech in recent years.  The main source of this difficulty is the fact that the malware disables the boot options on the infected computer.  Thus the tech is unable to boot into Safe Mode or Safe Mode with Command Prompt.

Following extensive research and communications with some of the leading anti-virus vendors in the world, The Virus Doctor™ has developed a simple, mostly automated procedure that cleans these infections in about 10 minutes.  This procedure and the tools necessary to carry it out are now included in the Virus Remediation Training workshops.

In the absence of a procedure such as this, most technicians have been dealing with this malware in one of three ways:

Should you Clean a Virus Infection, or Wipe and Reload Everything?

This is a question that is frequently asked by IT support technicians, and it generates strong opinions on both sides of the argument. Usually those discussions in online forums generate more heat than light, with a lot of “mine is bigger than yours” and “you’re just lazy” themes.

To save you the suspense of reading to the end, I will give you the definitive answer to this question right now. It is never in your best interest, and rarely in the client’s best interest, for you to wipe and reload the system. Clear enough?

Pages