Fear As A Weapon To Get You To Open Infected Zip Files

While not in person, this kind of email is as much an attack using social engineering as some unknown tech who shows up saying they are there to repair your copier when you weren't expecting it, but is really there to gain unauthorized onsite access to your network.

The desired outcome is the same - access!  Their weapons is social engineering, cunningly forcing the person in front of them to suspend doubt and allow them access to the building (in the case of the copier repairman) or access to launch an attack on the company's network (in the case of the zip file).

The response to this email is natural, what do you mean my account was declined?!?

And before common sense kicks in the zip is opened the files extracted and wham the malicious content of the zip file is let loose on your company's network.  

Rules for the new world of infected Zips:

  • If you are presented with a Zip that you were not expecting do not open it until you are able to verify it's legitimacy.  
  • If an employee comes to you and tells you they have opened a Zip that did not contain what it was expected to contain, or appeared to contain a file that would not open or nothing at all immediately turn it off and call your tech support.
  • If you find yourself face to face with one of the now numerous Ransomware screens demanding money for your data, call in an expert like Top Speed.  Not all hope is lost, depending on a number of factors your company may not need to pay the criminals.

Depending on the Ransomware variant there are options that may be available in your situation.  Or if you are running an Enterprise Backup Solution, where multiple versions of files are backed up, recreating a short amount of work is likely to be far more cost effective than converting USD into Bitcoins and paying the ransom.


Reno / Sparks Craigslist Sellers Beware

We don't normally write about threats in the real world, focusing more on the online world, but in this case there's a real threat coming from the online world - specifically Craigslist locally in the Reno / Sparks area.

For those who sell items on Craigslist there has always been a certain amount of risk involved. Some of the crimes associated with Craigslist include:

  • Georgia January 2015- Elrey & June Runion went missing and were later found murdered after contacting a car seller on Craigslist.
  • Boston 2009 - Philip Markoff allegedly killed Julissa Brisman after answering her Craigslist ad.
  • Pennsylvania 2013 - Miranda & Elytte Barbour murdered Troy LaFerrara, after he responded to a Craigslist ad placed by Miranda.
  • 2012 Ohio - Brogan Rafferty and Richard Beasley used Craigslist to lure people to a fake ranch then robbed and murdered them.
  • 2007 Minnesota - Katherine Ann Olson was murdered after replying to an ad and agreeing to meet Michael John Anderson about a nanny position.
  • 2015 Atlanta - Gangs allegedly use fake Craigslist car ads to lure victims and rob them.
  • 2015 Washington - 2 teens were kidnapped and robbed after answering a Craigslist ad for a car for sale.
  • 2015 Texas - Victor & Sergio Torres were arrested and charged after allegedly robbing the person who responded to their ad selling a Suzuki motorcycle.

The list could go on and on and on.

So this morning when this suspicious email arrived in one of our employees in-boxes it seemed important to get the message out to the area before there's a news report that begins Reno / Sparks, Nevada 2015.

This person did indeed have an item offered on Craigslist this weekend and this would be a genuine reply to that ad, the "Original craigslist post" took you there until it was deleted this morning.  However, there are some red flags in this email, such as "this item" that should make people stop and consider whether it's a legitimate offer for purchase or not.


The obvious concern is this is someone or several people trying to lure victims to a parking lot where they could be robbed or worse.  As out in public as a Walmart parking lot might seem, unless you're parked right at the front there's a lot more privacy in those parking lots than you'd initially think.  There is a sense that you're being told something about the person with the email address, but using two women's names is more likely a ruse to put you at ease.

This email has been reported to the local authorities who said this email is unusual as most of the Craigslist scams they see involve a scam for money with no in person meeting; it's the here I've sent you $1000 for a $500 item, send me the change scam.  It's not until after you've sent them their "change" that you discover the $1000 check or money order is bad or forged.

Always be safe when using Craigslist to buy or sell items!


TeslaCrypt A New Ransomware For Gamers

Rather than bombard you with all of the new ramsomware versions that come out (after the success of CryptoLocker there have been far too many copycats to mention) we've attempted focused on the new versions that are deviating from the standard either because there are work arounds or their targets / delivery are unusual.  This week brings us one of those unusual cases...

TeslaCrypt has been discovered by Fabian Wosar of Emsisoft; TeslaCrypt is unusual because it is very specifically targeting over 40 different video game related files.  The target games include, MineCraft, Call of Duty, World of Warcraft, RPG Maker, World of Tanks, Dragon Age, League of Legends, StarCraft, and Steam.


Most ransomware, prior to TelsaCrypt, has targeted images, documents, and videos.

Another interesting change with TeslaCrypt is for the first time we're seeing PayPal My Cash cards being accepted for the ransom payment.  PayPal My Cash cards can be purchased at CVS, Dollar General, RiteAid, Family Dollar and Freds. After purchasing the card you login to your PayPal account and using the PIN on the back of the card apply the funds to your account.

Paying with a PayPal My Cash card is more expensive than paying with Bitcoins - $1000 vs. $500 USD. This is likely for two reasons, the first is using PayPal they are risking having PayPal confiscate their ill-gotten gains and second if you've ever tried to purchase Bitcoins it's not that simple and takes several days. So if you want to get your files unencrypted now you might pay the premium through PayPal.  The latter would seem to work best in the case of a mission critical business server, but if you have the money and just can't stay away from World of Warcraft it might work on you too.

Image courtesy of Bleeping Computer Image courtesy of Bleeping Computer

Like so much of the ransomware the standard red screen with a shield on the upper left is used to let you know your computer is infected.

Where the name TeslaCrypt came from is anyone's guess, although it is a name they gave themselves, see the screenshot.  Perhaps they are hoping to be as successful as Tesla.



Is BYOD Right For Your Company?

Some companies are choosing to move from the traditional employer provided laptops and cell phones to a Bring Your Own Device model.  While there are many advantages to BYOD there are also quite a few pit falls and issues to consider.

BYOD for cell phones and smartphones: These seem to be the most frequent devices used when we're talking about BYOD policies. This is also a model that's popular not only with employers, but employees alike. It's a rare employee who misses the days where they had to carry around their personal cell phone and a business cell phone. Beyond the feature of not having to carry around a second phone, most businesses, as a trade off for use of personal equipment, reimburse their employees a portion of their monthly cell service bill to compensate for the additional use.

Employees are in a position to get a larger phone and data plan or a newer phone than they might have purchased without the BYOD policy and the employer is saved the cost of purchasing the actual equipment - generally the phone, charger(s) and case.

Per the IRS guidelines to be reimbursable the employer must require their employees to use their phones "primarily for non-compensatory business reason to use their cell phones for business purposes." As long as the company is meeting that requirement the allowable reimbursement must be "reasonable". That's "reasonable" per the IRS; see IRS notice IR-2011-93 for further reading. Per a local CPA "reasonable" to the IRS would be equal to or less than what the employer would pay to provide their employee with cell phone service. This will vary community to community and industry to industry, hence the term "reasonable".

Then you have BYOD for the, less frequent, use of a personal laptop or tablet in the work environment. This is more likely to be applicable to an outside sales employee than someone who spends all day at a desk in the office. One lesson businesses have learned over the years is that whether intentionally or just due to carelessness an employee is always going to be more careful with what he considers his property rather than his employer's property. In the case of laptops, how often have IT staff and firms seen damage to a company laptop that could only have come as a result of less than quality care taken. I've heard of more than one story where an out of the office employee got in the car daily, just throwing the laptop behind the front seat with no concern for how much the useful life of the laptop was being shortened by his carelessness. It's not his and the company will just buy him a new one when it stops working, right? How much does this attitude cost employers each year in equipment? For companies with a large outside work force, it can cost tens of thousands to replace equipment that just wasn't cared for properly.

You can see how BYOD works in the employers favor for laptops, but how does it work in the employees favor? There are quite a few ways you can make this an advantageous choice for your employees. For starters, a certain amount of IT support naturally comes with BYOD; the amount of support that is included alone can be a good incentive to get employees to participate.

Some companies offer an extra end-of-year bonus to those participating in the bring your own laptop program - they are able to save money on hardware costs during the year and have the ability to pass those savings onto their employees in the form of a thank you for participating type bonus.

Another option is to offer hardware purchases through the company - allowing employees to purchase their laptops through company channels where you may be able to get a lower price or offer your employees the ability to pay the company back for the purchase over a couple of months. This allows your employees to get new hardware and potentially even better hardware than they would have otherwise purchased.

Also offer them an online backup solution - this tackles a couple of problems. Chances are you've already setup your company with an off-site backup and if you haven't that should be on the top of your priority list. Add your employee's device onto the plan and allow them a certain amount of acceptable personal items they can also backup. Something like the Top Speed online backup service is ideal for this scenario. Top Speed online Backup A monthly licensing fee plus $25 per 50Gb online data storage; when grouped into a single account makes this an affordable option for the employer. The employer must have a clear policy on what is and is not acceptable for backing up, as the company can be held liable for any illegal files. This becomes a win win for the employee who has his data securely backed up and the employer has an up-to-date accounting of company information stored on the laptop and quick access to that information in case something were to happen to the laptop such as theft or destruction of the laptop

Another concern with outside laptops is making sure they are properly protected from malicious threats such as viruses and malware / spyware. Webroot a Colorado based security company says that 1/3 of employees using their devices for work don't have any security installed on them. The simple and most cost effective solution is that the employer provides anti-virus software for the employee's laptop. Again a cost savings for the employee, as they don't have to purchase it on their own, and they know they are protected with a quality anti-virus. To take that a step farther some companies also add the laptops and smartphones to their Managed Services as an additional device to be monitored for threats and potential hardware problems. The cost is relatively small to the company and very valuable to the longevity of the laptop. Making sure employees have passwords on their devices and are set for a remote wipe whenever possible. 

Possibly the primary concern for companies in moving to BYOD in a business environment is secure company communications being accessed on a personal device - company email on a smartphone and access to the network on a personal laptop or tablet. For companies allowing access to business materials and communications on a personal device they must make sure that they have a clear policy on how that sensitive data is to be handled as well as what will happen upon termination (whether the employee resigns or is fired). Whether your company is using a BYOD system or owns all the equipment you must have a policy for ending employment - securing data, removing access to emails and the network, etc. But if you also have BYOD policies you need to add a few extra steps.

Extra steps that should be considered are having a written agreement that these devices are included in your company non-disclosure or similar employment agreement, that upon termination all company related documentation is to be deleted from the personal device or some companies are going a step farther and saying upon termination (again either when the employee resigns or is fired) the personal device(s) will be submitted to the company's IT support and company data will be removed by support staff. This is not done in an antagonistic way, but rather it should be made clear that this step protects the company and the employee from intentionally or accidentally allowing access to sensitive material and the employee finding themselves subject to litigation.

All-in-all any company considering the change to a BYOD model needs to make sure they've considered all the pros and cons of the change and if they decide to move forward make sure all the information and the expectations are ready to be provided to employees before the change occurs. There's nothing like a little ambiguity to turn a great idea into a failed procedure.

Subscribe to this RSS feed

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844

Email: info@tsis.net

Physical Address:

8755 Technology Way

Suite J

Reno, NV 89521

Log in or Sign up