There is a new and very nasty strain of ransomware that is wreaking havoc online. The latest ransomware that appeared in December 2018 is called Phobos. So far we know that the new threat is grim but the details as of now are still a bit sketchy.

CoveWare researchers have been sifting and dissecting the code and what they have got so far is that Phobos share some similarities with a certain strain of ransomware called Dharma, which has caused nothing but problems in businesses all over the globe throughout the years.

However, you cannot refer to it as a Dharma clone either. Phobos is made of some components found in the CrySis ransomware. Although CrySis is in fact a relative of the Dharma strain, Phobos

Whatever it is, it’s still the same. Phobos is bad news for commercial firms. Any company that finds their system infected with this malware will have nothing but encrypted files, with extensions converted to .phobos. They will also get popup messages telling them that if they want to get their files back, they would have to pay in Bitcoin.

Dharma has been acclaimed as among the most damaging and threatening strain of ransomware in 2018. This simply means Phobos has to be taken very seriously.

The best way to protect your system from these types of attacks is vigilance. Ransomware commonly find its way into corporate systems because of a lack of awareness among the staff. Apart from awareness and education, IT managers should also take precautionary measures and secure their RDP ports. They should also make sure that every detail that is critical to your company are regularly backed up.

Finally, it is important that your IT staff regularly tests all the backups to make sure that your system is fully functional and is operating as fast as it could. Although none of the above will immediately stop any attack, if done collectively, they will help minimize the negative effect of an online attack against your firm.

Call SpartanTec, Inc. if you need help in securing your company's system against these online threats.

SpartanTec, Inc.
Myrtle Beach, SC  29577
843-418-4792
https://www.spartantec.com/

Windows 7 Support Ends In 2020, So Plan To Upgrade

If you are among the shocking number of people who are still using Windows 7, then there’s some bad news for you. Microsoft is offering only one year of full support for Window 7 users. They will no longer offer important security updates by January 14, 2020.
The support will end only for individual users. Businesses that use Window 7 will continue to receive support beyond the said date.
But, they need to register to the Windows 7 Extended Security Update program once the date listed above has passed. They also need to pay a fee, which increases annually.
Discounts will be offered to enterprise users that have volume licensing agreements. However, support will still be discontinued completely by January 2023. Microsoft will likewise provide ESU’s for free to clients who buy the Microsoft Windows Virtual Desktop service, letting users virtualize Windows 7 and Windows 10.
Additionally, Microsoft will also cease offering support for Office 365 ProPlus plugin for Windows 7. The company will also end offering support to several other products.
The news is no longer surprising since the tech giant has made public its support timeline long before this announcement. However, there are still a number of companies that are using legacy applications, which depend a lot on Windows 7 and most of them have not yet established any migration plans. If your company is among these firms, you still have time to make the necessary plans. But keep in mind that you have a limited time to do so. Disregarding this will cost you in the end and will have a huge impact on your bottom line.
Microsoft has drawn a hard line at this point, and it’s highly unlikely for the company to give in to the pleas of consumers for a longer extension. So, you better start planning to switch or upgrade now.

Call SpartanTec, Inc. for more information on how you can switch or upgrade to different operating system.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

New Amazon Order Confirmation Emails Could Be Phishing Attempts

Amazon ranks as the fourth most frequented website in the United States and ranks eight in the world, according to the report released by Alexa. It is an understatement to say that it receives a lot of web traffic on a daily basis. Given the sheer number of internet users who visit this site, it very disturbing to know that there is a new phishing campaign that is pretending to be from Amazon.

Even though Amazon receives heavy traffic on a daily basis throughout the year, things become busier during the holidays when shoppers head over to the company’s website to purchase Christmas gifts for their loved ones. Scammers are well aware of all these and are eager to take advantage of unsuspecting customers, thus the launch of their newest campaign. IT support and Security firms like EdgeWave are on the look out for the campaign’s development.

Scammers are sending out sophisticated and well prepared emails that seem like it came from Amazon. It even comes with subject lines that are specifically made to attract the attention of online consumers like "Your Amazon Order (order number) or "Your Amazon Order (order number) has been shipped out.”

If you are like most online shoppers who bought something from the site, you will most likely open and read the email for more details. You will then be shown something that looks like a legitimate order confirmation, even though if you look at it closely, you will see that it does not include the specific details of the product you ordered.

Instead of the actual details of your order, scammers will instead provide you an “Order Details” located at the bottom part of the email, which will ask the user to click the button for more details. Unfortunately, when the user click on it, it triggers the download of a word document into the device of the user. In case the user opens the file, he or she will receive a message asking them to enable the content so that the message can be displayed properly.

What it actually does is to enable the macros, which are used by scammers and hackers to inject poisoned code into the PCs of their victims all over the world. According to EdgeWave, when the malicious document is opened, a file is downloaded called 'keyandsymbol.exe' and it comes with an embedded code that were linked to mergedboost.exe.

At this point, a lot of people know that they should not click links or even open files that might come from a legitimate source. It is important to be very careful. The latest campaign emphasizes how important it is to regularly educate and remind online shoppers about the most common and newly discovered online threats.

Call SpartanTec, Inc. if you want to know how you can protect your business from existing and newly discovered online threats.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

Scammers Are Using Direct Deposit Requests To Steal Money

The Federal Bureau of Investigation issued a warning last year about BEC or Business Email Compromise scams.  Regrettably, security experts report that those kinds of scams are rising in frequency, and worse of all, the latest ones come with a disturbing new twist. The recent manifestation of the scam focuses on employees, looking to move their direct deposited paychecks into hacker controlled accounts controlled.

Its execution is not at all complicated.  All that a hacker requires is the exactly the same details as what they obtain when they steal the identity of a person.  Armed with a target's email address and banking information, all a hacker has to do (in most cases) is send a formal request to HR, explaining that the target has a new bank account and asking that the paycheck be sent to the details provided.

It all seems legit to the HR personnel receiving the request, because all of the information is accurate. In a growing number of cases, nobody even thinks to check or confirm that the switch has been authorized by the employee in question.

One of the researchers who has been following the growth in popularity of this approach had this to say about guarding against it:

"If a two-factor online authentication system isn’t utilized, we suggest ensuring an element of human contact is set up before the completion of the request, apart from verifying that the email address is from a legitimate source."

How big a problem is this type of thing?

According to the latest FBI statistics, between October 2013 and May 2018, businesses suffered total losses estimated at more than $12 billion, worldwide.  If that doesn't get your attention, few things will.  This is a large and growing problem, but thankfully, it's one that can be easily fixed by putting a few additional common sense safeguards in place.

Call SpartanTec, Inc. if you are seeking out efficient measures to keep your business information and network safe and secure from online threats.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

New Love Letter Email Could Load Malware On Your PC

There are some alarming news that you need to know as Valentine’s Day draws near. Hackers across the world are trying to find ways to exploit this special day. The latest research conducted by the Emerging Treats team of ProofPoint, which is a security company, discovered the trend. The team also detected an extensive mal-spam campaign, which they have dubbed as “The Love Letter Campaign.”

This campaign relies on common social techniques and attention grabbing subject lines on emails like:

• I love you
• My letter just for you
• Wrote this letter for you
• Just for you!
• This is my love letter to you
• My love letter for you
• Wrote a fantasy about us
• Fell in love with you
• Always thinking about you!

To be honest, everyone likes to receive love letters and hackers know this very well. That is the reason why an alarming percentage of individuals who receive “love letters” such as this end up clicking on the attraction, commonly in the form of a PDF, to download and open the file.

The problem is that when they do, it triggers a malicious JavaScript file that downloads "krablin.exe" and then the file is executed. The results are unfavorable. The device used to open the file will be infected with different malware types including a cryptojacking miner known as Monero XMRig Miner, a GrandCrab Ransomware, and a Phorpiex spambot copy. The victim’s files will then be locked by the ransomware and can only be accessed once he or she pays in Bitcoin.

This is a thorny problem. Many people anticipate only one kind of malware is going to be installed on every attack. So, there is a huge possibility that when the victim agrees to pay the ransom to regain access to his or her files, all of the attention will be on removing all malware traces. This means the other two malware that were also installed in the device will continue to run without being noticed, which will benefit the hackers more.

Even though the “love letter” campaign does not appear to be all that dangerous, it is actually a dark as well as serious matter. All be careful and don’t forget to inform your employees about it.

Get in touch with SpartanTec, Inc. for more information.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

Malware Drains Your Computer’s Resources Without Your Knowledge

Cyrptominers are one of the most prevalent malware types today, according to the recent study conducted by Check Point, a digital security firm. Although hackers deploy several variations, the cryptojacker “Coinhive” are extremely common this year. When installed on the computer, it operates in the background by siphoning off your computer power whenever it is turned on to mine Monero and then the gains are sent to the hackers.

Jsecoin is second on the list of top malware. It is miner that is based on JavaScript and it can be embedded into different websites and operates in the browser of their victims. Another popular malware is Cryptoloot, which works much like its competitor Coinhive.

The top ten list is dominated by cryptojacking software, they are not the only kinds of malware on it, and there are two venerable contenders in the list features this year. Ramnit and Emote are banking Trojans that have been around for a long period of time.

Although all these are bad, there is one relative newcomer called Smoke Loader that is attracting the attention of several security professionals. On its own, Smoke Loader is not that dangerous. However, that is not its primary goal. Smoke loader is a gateway malware with an express purpose of infiltrating a system and then downloading another malware.

The specifics are open-ended. In case a hacker that uses Smoke Loader to get into a system would like follow that infiltration with a cryptojacker, it can do that. In case it wants to start a ransomeware attack, that can be done as well. The option

The specifics are open-ended.  If a hacker who is using Smoke Loader to access a system wants to launch another attack using a cryptojacker, that can be done as well.  If he'd prefer to start a ransomware attack, that can be done too. The sky is basically the limit. Regardless, it is important to know the Check Point top ten list especially if you want to make sure that your IT staff is updated on the latest threats.

Call SpartanTec, Inc. for more information about malware.

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/

The Basics of Cloud Computing

Cloud computing is an on demand delivery of computing services, which includes storage, services, databases, software, networking, and intelligence,  over what they refer to as “the cloud” or more commonly known as the internet to offer flexible resources, faster innovation, as well as economies of scale. Generally, you will only pay for the cost of the cloud service that you use, which means lower operational costs. It also allows you to operate your infrastructure effectively, and scale while your business requires change.

Types of Cloud Computing

There are different types of clouds and there is no one specific type of cloud that works well for everyone. Various types, models, and services have developed to be able to provide the most suitable solution for whatever it is that you need.

Private, public, and hybrid are the three primary kinds of cloud deployment. First of all, you have to find out the kind of cloud deployment or perhaps the cloud computing architecture, where your cloud services will be executed on. There are three unique methods that can be used for the deployment of your cloud service. These could be done on a private cloud, public cloud, or hybrid cloud.

https://us.annotate.co/us02/ws/113651309/php/pdfnotate.php?d=2019-01-23&c=iPWDGr6Z&ws=113651309
http://freepdfhosting.com/91d3378a75.pdf

SpartanTec, Inc.

Myrtle Beach, SC  29577

843-418-4792

https://www.spartantec.com/