Categories
Security

Shrug ransomware attack

ZDNet is reporting that Shrug ransomware is spreading through fake gaming and other software apps starting in July 2018.  The installer program runs as C:\Users\USERNAME\AppData\Local\Temp\shrug.exe and creates “Shrug” entries in the Windows registry.

Instructions on how to disable and remove this ransomware can be found at https://www.zdnet.com/article/shrug-ransomware-victim-heres-how-to-retrieve-your-locked-files-for-free/.

Categories
Android Operating Systems Smartphones Web Browsers Windows

Windows 10 Fall Creators Update – new and deprecated features

Some of the new features that are installed with the Windows 10 Fall Creators Update (version 1709 or build 16299) include:

  • Mixed Reality Viewer app
  • Ability to highlight or add notes to e-books in Microsoft Edge browser
  • Ability to dictate an email or message instead of typing it by pressing Windows key + H key
  • Add emojis by pressing Windows key + period key (.)
  • Windows Controlled Folder access can protect folders from viruses and ransomware.  Select Windows Key -> Settings -> Update and Security -> Windows Defender- > Open Windows Defender Security Center -> Virus & threat protection -> Virus & threat protection settings -> Controlled folder access (set to On) -> Protected folders.
  • Android phone support (Windows key -> Settings -> Phone

A list of added features can be found at https://support.microsoft.com/en-us/help/4043948/windows-10-whats-new-in-fall-creators-update-1709.

Some features that were removed or deprecated include:

Deprecated Windows 10 Fall Creators Update features are found at https://support.microsoft.com/en-us/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up

Categories
Security Web Browsers

Bad Rabbit ransomware attack

A new ransomware named Bad Rabbit is spreading mostly in Europe and Russia and is spreading to other countries, according to ZDNet.com. It infects websites and prompts users to install a fake Flash update.  The ransomware will attempt to spread across networks once it is installed on one computer.

Windows Defender can remove this threat with update 1.255.29.0 and higher, so make certain that Windows Updates are current.

US-CERT (U.S. Computer Emergency Readiness Team) has logged the issue.

Categories
Operating Systems Security Windows

Petya Ransomware Attack

A new ransomware attack, tentatively named Petya, is occurring worldwide on Microsoft Windows computers.  It is also known under the aliases NotPetya, GoldenEye, Petrwrap, and Mischa.

This new ransomware can be stopped before damage occurs if a file exists on the computer and its file properties are read-only: C:\Windows\perfc (no file extension).  Instructions on how to create this file can be found at https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/.

TomsGuide.com reports that Windows computers with version 7 or higher should be protected from this attack if the March and April 2017 Windows Updates have been installed.  If this is not done, it is recommended that Windows Updates be installed as soon as possible.

US-CERT (U.S. Computer Emergency Readiness Team), part of the Department of Homeland Security, has listed this ransomware under Alert (TA17-181A).

Categories
Operating Systems Security Windows

WannaCry Ransomware prompts Microsoft to release Windows XP and Server 2003 update

The “WannaCry” or “WannaCrypt” ransomware that has spread around the world in the past few days has prompted Microsoft to release a security update for long-unsupported Windows XP, Windows Server 2003, and Windows 8.

The following supported operating systems should not be vulnerable to this ransomware if Windows Updates were completed, since those updates included the Security Bulletin MS17-010 (4013389) in March 2017:

  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8.1
  • Windows Server 2012
  • Windows 10
  • Windows Server 2012 R2
  • Windows Server 2016

Microsoft released a list of recommendations at https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/.

US-CERT Security Operations Center, part of the U.S. Department of Homeland Security, has also issued an alert on WannaCry ransomware at https://www.us-cert.gov/ncas/alerts/TA17-132A.