Bulldog Tech Restores Encrypted Server

Posted on
Bulldogtech onguard remote backup

OnGuard Remote Backup saves another long time customer! One morning we received a call from a fabrication company, unable to access their billing system, driven by SAP software. We found they were hit with the Ransom.CryptXXX (WannaCry) attack, causing complete encryption of all data, and critical operating system files.

We acted quickly to get them running again. First we picked up the server, reloaded the operating system and began a full system restore using OnGuard Remote Backup. We reviewed there security policy, and disabled remote access using insecure remote desktop. 

OnGuard emote Backup saved their data and put them back in business as if nothing happened!

OnGuard Remote Backup is typically installed to the main server, set to back up the network shared volume, or volumes, which typically contain any business related documents, scans, databases, etc. OnGuard runs on a nightly schedule, first scanning for any changed files, then sending the date to our secure remote storage vault.

OnGuard has been wildly successful in instances where all volumes are destroyed from an Encryptionware type exploit. With no indication these types of threats will subside, having and testing a backup solution regularly is the only way to avert disaster.

Are you protected?

Call Us: 718-921-6159

Sales@Bulldogtechinc.com

If your Windows De-Activated, Bring it in

Posted on

By by Danny Bradbury, Sophos

Microsoft Windows 10 users were left livid late last week after Microsoft mistakenly told them that their licenses were invalid.

On Thursday, Windows 10 Pro and Enterprise customers began complaining online that Microsoft was declaring their license keys invalid. The users, who confirmed that they had legal copies of the operating system, were told that they were actually using Windows Home. When they checked, the Pro version was still installed.

The problem led to Windows deactivation, according to some:

My digital entitlement is gone from my Microsoft account and I have a Windows 10 Home key now. Windows is deactivated because I went from Windows 10 Pro to Home and it doesn’t match anymore.

The issue affected both Pro and Home versions of Windows 10 that had been upgraded from earlier versions of the operating system, along with clean Windows 10 installs, according to posters on Reddit.

One Windows user reported that purchasing a Windows 10 Pro key in the Microsoft store was listed as an option for him, even though he had already upgraded to Windows 10 Pro years ago. When he tried to repurchase the key, it would not let him.

Customers were confused by what seemed to be inconsistent responses from Microsoft. Microsoft Support’s Twitter account denied any knowledge of a problem with Windows activation:

It then fell to a mixture of customers and volunteer moderators to tell the rest of the customer base what was happening. One of them posted this response from a Microsoft live chat support agent:

I am very sorry to inform you that there is a temporary issue with Microsoft’s activation server at the moment and some customers might experience this issue where Windows is displayed as not activated. Our engineers are working tirelessly to resolve this issue and it is expected to be corrected within one to two business days.

An actual Microsoft employee then commented on the customer’s post to offer an official explanation, and a volunteer moderator on the company’s forums also stepped in to relay information about the issue.

By the end of the day on Thursday, the company had indeed fixed the problem, according to reports.

Users also said that they were able to run the Activation Troubleshooter program manually to fix the problem if Microsoft’s changes didn’t correct it automatically.

Some customers were irked by Microsoft’s regular online checks for operating system legitimacy. “And someone please once again explain why DRM for an operating system was a good idea?” quipped one. Another complained that Microsoft had created a system to deter pirates with its regular online checks but ended up causing trouble for paying users.

Unfortunately, this isn’t the first time that Microsoft has let users down with its constantly connected operating system, which also offers the ability to install updates automatically for users. Just last month, the company had to stop offering its October 2018 update after users complained that it was deleting files.

Friendly Reminder, The Real Microsoft Will Never Call You

Posted on

Microsoft cracks down on tech support scams, 16 call centers raided
Read Article at Sophos

More than 100 Indian police swarmed 16 tech support scam call centers in Gurgaon and Noida last week, arresting 39 people for allegedly impersonating legitimate support reps for companies including Microsoft, Apple, Google, Dell and HP.

The day after the raids, which were carried out on Tuesday and Wednesday, Microsoft said that it has received over 7,000 victim reports from customers in more than 15 countries who’ve been ripped off by the call centers.

This is the second of two recent, big raids on Indian tech support scammers. In October, after Microsoft filed complaints about customers falling for pop-up messages that lied about their systems being infected with malware, Indian police raided 10 illegal call centers and arrested 24 alleged scammers.

In that second raid, law enforcement seized a wealth of evidence, including the call scripts, live chats, voice call recordings and customer records used to run the scams.

Read More

We Will HAPPILY Change Your Passwords

Posted on

Support wouldn’t change his password, so he mailed them a bomb

by Lisa Vaas, Sophos

Read Article at Naked Security

On 8 March, Cryptopay co-founder Wesley Rashid began to open a padded package addressed to two of his employees.

Something about it struck him the wrong way, though, so he didn’t open it all the way. That was a fortunate decision. The package held a bomb that could have injured or even killed him.

London’s Metropolitan Police announced on Friday that the sender, a 43-year-old Swedish man named Jermu Michael Salonen, has been sentenced to six and a half years in prison for sending the potentially lethal homemade bomb.

It turns out that the package had been delivered months earlier, around November 2017, to an office unmanned by Cryptopay employees. The UK crypto-wallet business had at one point employed an accounting firm that did have an office in that location, but fortunately nobody at the accounting company opened it on behalf of its client. The letter bomb just sat there, unopened, for five months.

Forensic specialists managed to retrieve some DNA samples from the package, but no matches were found in the UK. Investigators turned next to Interpol, and that’s when they hit a match, turning up Salonen’s DNA sample in Sweden.

Police said he was known to Swedish authorities. In addition to being found guilty of attempted murder by Stockholm District Court, Salonen was also convicted of mailing threatening letters to Swedish lawmakers and government officials.

Finally, he was also found guilty of 20 counts of threats in relation to letters filled with a mysterious white powder that was sent to Swedish lawmakers. According to the Associated Press, Prime Minister Stefan Lofven received some of that powder in August 2017, along with a handwritten letter that said: “you will soon be dead.”

When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb – or, rather, two pipe bombs, which is what investigators found when they picked apart the explosive package – the only thing the company could think of was that it had declined his request for a password change.

In August 2017, Salonen, a customer of Cryptopay, emailed their customer services team to ask for a new password. They refused, given that it was against the company’s privacy policy.

A fair point, as it’s never a good idea to send a new password in an email. A password-reset link is safer all round, although it’s not clear if Cryptopay offered this option to Salonen.

Commander Clarke Jarrett, head of the Met Police Counter Terrorism Command:

Salonen seemingly made and sent a device that had the capability to seriously harm and even kill over something as inconsequential as a change of password.

Fortunately the bomb did not detonate. It was due to sheer luck that the recipient ripped opened the package in the middle rather than using the envelope flap which would have activated the device.

Sheer luck, sheer four-leaf clover, sheer good sense to stop when things seem a bit off.

Next time you have to deal with a customer service rep, or your help desk staffers, or anybody who deals with opening your organization’s mail, be gentle. It’s shocking to think that any of them could one day risk their life at the hands of a mentally unstable, disgruntled customer, all over the most trivial of help-desk requests.

Microsoft mistake leaves Windows 10 users fuming

Posted on

by Danny Bradbury, Sophos

Microsoft Windows 10 users were left livid late last week after Microsoft mistakenly told them that their licenses were invalid.

On Thursday, Windows 10 Pro and Enterprise customers began complaining online that Microsoft was declaring their license keys invalid. The users, who confirmed that they had legal copies of the operating system, were told that they were actually using Windows Home. When they checked, the Pro version was still installed.

The problem led to Windows deactivation, according to some:

My digital entitlement is gone from my Microsoft account and I have a Windows 10 Home key now. Windows is deactivated because I went from Windows 10 Pro to Home and it doesn’t match anymore.

The issue affected both Pro and Home versions of Windows 10 that had been upgraded from earlier versions of the operating system, along with clean Windows 10 installs, according to posters on Reddit.

One Windows user reported that purchasing a Windows 10 Pro key in the Microsoft store was listed as an option for him, even though he had already upgraded to Windows 10 Pro years ago. When he tried to repurchase the key, it would not let him.

Customers were confused by what seemed to be inconsistent responses from Microsoft. Microsoft Support’s Twitter account denied any knowledge of a problem with Windows activation:

@x_rus_x Hi there! Thank you for alerting us about this. There are no known issues regarding license deactivation.… twitter.com/i/web/status/1…

Microsoft Support (@MicrosoftHelps) November 08, 2018

It then fell to a mixture of customers and volunteer moderators to tell the rest of the customer base what was happening. One of them posted this response from a Microsoft live chat support agent:

I am very sorry to inform you that there is a temporary issue with Microsoft’s activation server at the moment and some customers might experience this issue where Windows is displayed as not activated. Our engineers are working tirelessly to resolve this issue and it is expected to be corrected within one to two business days.

An actual Microsoft employee then commented on the customer’s post to offer an official explanation, and a volunteer moderator on the company’s forums also stepped in to relay information about the issue.

By the end of the day on Thursday, the company had indeed fixed the problem, according to reports.

Users also said that they were able to run the Activation Troubleshooter program manually to fix the problem if Microsoft’s changes didn’t correct it automatically.

Some customers were irked by Microsoft’s regular online checks for operating system legitimacy. “And someone please once again explain why DRM for an operating system was a good idea?” quipped one. Another complained that Microsoft had created a system to deter pirates with its regular online checks but ended up causing trouble for paying users.

Unfortunately, this isn’t the first time that Microsoft has let users down with its constantly connected operating system, which also offers the ability to install updates automatically for users. Just last month, the company had to stop offering its October 2018 update after users complained that it was deleting files.