Thursday, 25 September 2014

Return of the Cryptolocker virus

image
Last year we warned of a nasty virus that encrypted all your files and then charged you to decrypt the files. We haven’t seen this for a while but unfortunately it’s back in a slightly different form and is referred to by the anti-virus community as Torrentlocker – although it still calls itself Cryptolocker.

It may just be possible for us to recover your files and clean off the virus, depending on which version of the virus you have. Please turn the computer off and bring the machine into us if you see any message like the one above.

But the best thing is not to get infected in the first place! Make sure your anti-virus software is up to date and for added security consider Malwarebytes Pro.

This customer’s laptop we had in yesterday got infected from an email link which I captured below:

image

The link is purporting to be from Royal Mail and alerts you to a parcel delivery you missed. All looks very genuine.

If you click on the link, you get the message below:

image

Do not open the email or click on the “view information” link – delete the email immediately.

For your benefit and our curiosity we did follow this link in a safe, sandboxed environment. You can see what transpires in the video I’ve quickly put together below (easier to see full screen):

Wednesday, 10 September 2014

All you need to know about passwords

password login

Passwords have always been a source of frustration but it’s worse than ever now with the average user having to remember at least 10 web logins. And gone are the days where you could use the name of your first pet or your mother’s maiden name. I used to shudder when a website asked me to change my password – to something I’d not used before!

And rarely can you get away with just adding an extra digit. More likely you’ll have to capitalise a letter or add a symbol which makes the password you’ve had for years instantly forgettable!

It’s best to come up with a password yourself rather than appending various characters and digits to an existing old password. This is very hard to remember.

Choosing a strong password

ttc-password-post-it-150262

My advice is to try and use a strong password for your important online accounts like email and online banking. It’s painful but these need to be different. For your other sites like clothing stores for example, just ensure the password you use is different to the one used for your important accounts.

But how do you choose a strong password and how do you remember it? Dealing with the latter first, there’s nothing wrong with writing it down but try and keep it in a secret place!

One idea for a secure password is to choose a phrase that only you know and adding a capital letter and number. You can include spaces in this.

For example: It was sunny when I got married in 2002.

You can check how well you’ve done by using Microsoft’s password checker:

https://www.microsoft.com/security/pc-security/password-checker.aspx

Password managers

Personally I use a password manager which is software that runs on my computers, smartphone and tablet and relies on a very secure master password. It can then generate and remember random secure passwords for all your web logins and will encrypt these with your master password. It’s very convenient too since the software bookmarks your favourite sites and will automatically direct you to the site and log you in. I’ve used a program called Roboform for almost 8 years and can recommend it – in fact I’d be in trouble without it!

Keep your security information up to date

SNAGHTML96a334

As a final note it’s also important to setup your password recovery options, especially with your email accounts. If you get locked out, this offers a way of getting back into your account. For a Hotmail account, visit https://account.live.com and click Edit Security Info. You can also turn on 2-way authentication for Hotmail and Gmail which reduces the chance of your account getting hijacked. I use this now with the free Google Authenticator smartphone app. This links your phone to your account and gives you an additional pin number or token that changes regularly but can be read straight off your phone.