Monday, April 4, 2016

Through the Keyhole - April 2016

russia 2
     APRIL 2016 turnkey-color-logo-white 7
Through the Keyhole SPECIAL EDITION

Informative & Interesting... not your everyday company newsletter.

This month, I am taking a departure from our normal "fun" format to talk about something very serious and potentially devastating subject - RANSOMWARE.  I have mentioned this subject in the newsletter at least a dozen times over the last 3 years yet the threat becomes even more prevalent.  This issue will speak to this subject to inform you at length.

Last month alone, we eradicated 4 different RANSOMWARE attacks that all came in via different methods.  If you only read ONE ISSUE of this newsletter this year, THIS ONE would be the one to digest...

Last month, Kurt Swanson guessed THE BULL AND FINCH (or the Cheers bar in Boston). "Jimmy Burrows says this is a place where everybody knows your name. Coach used to work there until he died a sudden death and a jock named Sam often flirted with the ladies."

Congrats Kurt! 

The director of Cheers! was James Burrows, Coach was a bartender who passed away mid season and replaced by Woody Harrelson.  The character Sam (played by Ted Danson) was the former Boston Red Sox athlete (although he never played baseball in real life) who bartended on the show.  That was easy!

Can you guess this month's location? This month, the picture above is the location where most ransomware originates.  Can you guess the capital city and country?

Correct answers will be given recognition but half the fun is trying to figure it out.  The correct answer will be revealed in the subsequent issue.  Good luck and have fun.

If you like this newsletter, forward it to someone else or sign them up HERE.

As always, send any items you think are newsworthy, interesting or just plain odd to

Cheers Bar (TV show set)- Keyhole Answer

bar 4

"Jimmy Burrows says this is a place where everybody knows your name. Coach used to work there until he died a sudden death and a jock named Sam often flirted with the ladies."
This is a fairly straightforward location and we had many guesses that were correct.  Thanks for the participation - onto the important stuff...

link to the IMDB page


A bit of background...
Ransomware is a form of malware that encrypts private information and demands payment in order to decrypt it.

  • CryptoLocker first appeared in 2013
  • New variants emerge all-too-regularly
  • Current wave has roots in the early days of Fake Anti-Virus
  • Locky is one of the newest flavors to menace internet users
  • Common ransom demands for USD 200 – 500 but run as high as thousands of dollars
  • Technology used changes rapidly
  • Office documents with macros enabled are often used to dupe users into letting the trojans in
Although Anti-Virus programs are slowly becoming more effective at stopping these threats, users being duped (or not having safeguards in place) often allow the threats to invade and lock down critical data.

How does RANSOMWARE get in?

  • from plausible senders
  • phishing attachments (i.e. invoices, delivery notices, bank imposters, etc.)
  • Office attachments that enable macros (word, excel, etc.)
#2 Exploit kits
  • Black market tools used to exploit unknown vulnerabilities (zero-day or patient zero attacks)
  • Browser vulnerabilities
When attachments are opened by the user, the malicious code downloads and executes the ransomware payload.

1 2

2 2

3 2


5 2


8 2

55 2

RANSOM PAID IN BITCOINS - What are they?bitcoins-640x353 2

Bitcoin is a digital currency created in 2009 by Satoshi Nakamoto. The name also refers both to the open source software he designed to make use of the currency and to the peer-to-peer network formed by running that software.

Unlike other digital currencies, Bitcoin avoids central authorities and issuers. Bitcoin uses a distributed database spread across nodes of a peer-to-peer network to journal transactions, and uses digital signatures and proof-of-work to provide basic security functions, such as ensuring that bitcoins can be spent only once per owner and only by the person who owns them.

The RANSOMWARE thieves usually want to be paid in Bitcoins because they are untraceable and you cannot cancel payment once it is made.

How does one buy Bitcoins?As it turns out, there are now Bitcoin ATM machines popping up everywhere.  You can simply put your credit card in (or cash is probably more advisable).
g 2

These machines will turn your USD into Bitcoins and NOT SURPRISINGLY are making a fortune with all of the ransomware in the world.

Ransomware is a $24 million a year industry – and growing.  That number may sound small but this is just the amount that has been reported to the FBI.  Most people do not report their incidents out of embarrassment or feeling like the FBI has better things to do.

  • Payments are usually demanded in Bitcoins
  • The ransom increases the longer you take to pay

Why are these attacks so successful?
  • People are quick to open attachments
  • Password complexity is usually low and brute force attacks also occur
  • Skillful social engineering
  • Malicious code is hidden in technologies that are permitted through normal "surfing" (e.g. Office Macros, JavaScript, Flash, etc.)
  • Inadequate backup strategy (disaster recovery)
  • Dangerous user / rights permissions - users often have more permissions than needed
  • Lack of security training

Best Practices that TURNkey recommends:
  • Backup regularly and keep a recent backup copy off-site.
  • Backup files and folders AS WELL AS a Disaster Recovery Solution
  • Have different revisions of backups enabled.
  • Don’t enable macros in document attachments received via email.
  • Be cautious about unsolicited attachments.
  • Don’t give yourself more login power than you need.
  • Consider installing the Microsoft Office viewers.
  • Patch early, patch often.
  • Configure your security products correctly.
SECURITY SOLUTION RECOMMENDATIONS (TURNkey uses Sophos as its security partner)
  • Deploy Business Grade antivirus protection
  • Block spam
  • Use a sandboxing solution
  • Block risky file extensions (javascript, vbscript, chm etc…)
  • Password protect archive files
  • Use URL filtering (block access to C&C servers)
  • Use HTTPS filtering
  • Use HIPS (host intrusion prevention service)
  • Activate your client firewalls
  • Use a whitelisting solution
tt 2

In Conclusion...TURNkey IT has seen too many of these RANSOMWARE attacks in 2016 already. The attacks are unproductive not only to the customer but also to our team. 

Anti-virus programs have little effect on protecting against these threats as users unwittingly let the criminals in. Sophos has a sandboxing solution that fights these types of threats almost in real time so it gives us a best case scenario to fight potential infections.

What can you do?
The best defense to these (or any virus for that matter) is proper computer etiquette. The main rule to obey is, if you receive an email, specifically with an attachment from someone you do not know DO NOT OPEN IT.  Or, if you receive a pop-up to update something that you are unsure of, X IT OUT (CLOSE IT). ‘Delete first, ask questions later’ is the best course of action here.  By opening that attachment, you are essentially inviting the virus in, much like inviting a vampire into your home- nothing good will come of it. 

If you have questions or would like to receive more information.  Please email us at

turnkey-color-logo-white 10
Tel: (847) 808-3990
Toll Free: 866 928 8208


If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe

Click here to forward this email to a friend

210 S. Milwaukee Ave.
Wheeling, Illinois 60090
Read the VerticalResponse marketing policy.
Try Email Marketing with VerticalResponse!