Archive for Tech Tips for Business Owners

How to Know if Your Vendors Have Good IT Security

Many small- to medium-sized businesses rely on third-party vendors for some of the critical-path IT functions of a business. When they do this, the responsibility for maintaining IT security is transferred to the vendor. This may increase the risk of potential damage caused by security breaches.

There have been many examples of serious security breaches at vendors that have done major harm to their clients. This is why conducting detailed due diligence is necessary to identify the security risks of using a third party vendor’s services or software tools.

Comprehensive due diligence for security risk analysis focuses on the following areas and specifics:

  • Historical record of problems and how the vendor dealt with security issues.
  • Upgrade policy and rapid response with security patches for vulnerabilities.
  • Use of encryption to protect sensitive data.
  • Vendor’s ability to view, share, or sell data to other parties. Any transfer of data to other parties adds additional security risk.
  • Does the vendor have a dedicated security team?
  • Do they conduct regular security audits and are those reports available to clients?
  • Specific security protocols must be in place if there is a legal requirement for data protection. Examples of this include attorney-client privilege in the legal profession, strict privacy rules under HIPAA for healthcare records, and student information under COPPA and FERPA rules.

IT security risk is a serious issue. Businesses that are not experts in IT security issues benefit strongly by using a specialist consulting firm to help with the due diligence requirements in this area.

Sentree Systems Corp. gives data security advice for clients in Indiana serving the communities of Indianapolis, Avon, Plainfield, Carmel, Fishers, Noblesville and others. We recommend conducting a detailed review of the Service Level Agreement (SLA) from any vendor and a security audit to help identify security risks. It is much better to know in advance of the existence of potential security risks and take steps to mitigate them, rather than being blind-sided by sudden damage from a security breach that is not expected.


Posted in: Monthly Security Brief, Security Awareness Training, Tech Tips for Business Owners

Leave a Comment (0) →

FDA Recall for Nearly Half a million Pacemakers Vulnerable to Hacking

The Food and Drug Administration on Tuesday issued an alert about the first recall of a network-connected implantable device due to cyber security vulnerabilities.


The agency is instructing patients with certain implantable cardiac pacemakers from St. Jude Medical – now owned by Abbott Laboratories – to visit their physicians for firmware updates to address cyber vulnerabilities that can potentially be remotely exploited by hackers and that pose safety concerns.

Approximately 465,000 such devices are in use in the U.S., an Abbott spokeswoman tells Information Security Media Group. She did not immediately have information about how many of these devices are used outside the U.S.

While the FDA has characterized the corrective action to address the vulnerabilities as a “voluntary recall” by the manufacturer, the Abbott spokeswoman stresses that neither the company nor the FDA is not recommending the “prophylactic removal and replacement of affected devices.” Rather, patients are being advised to have the devices’ firmware updated “at their next regularly scheduled visit” to their healthcare provider, the Abbott spokeswoman says.

A related Department of Homeland Security alert also issued on Tuesday notes that vulnerabilities include the Abbott pacemaker’s authentication algorithm, “which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via radio frequency communications.”

‘Key Moment’
The recall of the Abbot cardiac devices is “a key moment in the evolution of connected medical devices,” says cyber security expert Joshua Corman, founder of grassroots cyber safety organization I Am the Cavalry and a member of the Department of Health and Human Services’ cyber task force. That group issued a report earlier this year with recommendations about how the healthcare sector can improve cyber security.

Making arrangements to have nearly a half million patients in the U.S. visit their healthcare provider for the firmware update “will be a logistical nightmare,” he says, despite Abbott and the FDA recommending that patients wait until their next regular appointment with physicians to do the update. Many worried patients are likely to seek appointments for the updates sooner than their regularly slated visits, he says.

And although there have been no reports of actual harm to patients due to hackers exploiting the vulnerabilities in the devices, “that number can go from zero to a lot of patients quickly” if hackers decide to launch attacks, Corman warns.

This recall is the most serious development so far related to medical device cyber security, Corman contends.

Affected Devices
The FDA alert says the recall involves implantable cardiac pacemakers, including cardiac resynchronization therapy pacemakers under the names Accent, Anthem, Accent MRI, Accent ST, Assurity and Allure. The alert does not apply to any implantable cardiac defibrillators or to cardiac resynchronization ICDs, the FDA says.

The FDA notes that on Aug. 23, it approved the firmware update “that is now available and is intended as a recall, specifically a corrective action, to reduce the risk of patient harm due to potential exploitation of cyber security vulnerabilities for certain Abbott pacemakers.




Is your Network REALLY Secure, why not know for sure, Get your FREE Vulnerability Assessment Today!!!

Get Your FREE Assessment Today!


Posted in: Monthly Security Brief, Tech Tips for Business Owners

Leave a Comment (0) →

The Data Security Game Has Changed

Why Today’s Security Strategy May Not Be Enough

For auto racing fans and teams, safety is a subject that is always on everyone’s mind. Compared to racing 25 years ago, the game today has changed dramatically. Cars are faster, lighter, and danger to the drivers has increased. Safety features to accommodate these changes certainly cost the race team more money – but they’re necessary to stay secure. Investments in safety continue, as long as the threat escalates. The same is true in business, technology and cybercrime The game has indeed changed and a business’s security investment must adapt.

5 Reasons The Game Has Changed

Cyber-security, much like car racing, has changed significantly over the past several years. There are five ways the cyber-security game has changed and why the current strategy, particularly for the small businesses, may not be enough.
1. The Growth of Cyber-Crime – The growth in attack volume on small businesses has grown exponentially because it’s easy. Small businesses (and some public sector entities as well) tend to be well behind the security curve, making the organization an easy target of cybercrime.
2. The Target of Cyber-Crime – The real target of cyber-crime are small businesses! In 2014, 60% of all known successful attacks where against small and medium businesses. And of those that were breached, 60% went out of business within 6 months.
3. The Number of Security Solutions – While firewalls, IDS/IPS, AV, etc., are critical, improper configuration and management of these tools often create more risk. Many companies might not have the resources or expertise to know what to do if those tools alert them of a problem.
4. The Lack of Expertise – The most effective way to listen to these devices is to observe their every action and their communication patterns. Because these actions and “event logs” occur several times per second, many companies turn to a Security Information and Event Management tool (SIEM) to help make sense of the vast amount of machine data being generated.
5. The Lack of Resources – Security products, to be effective, must be monitored and maintained 24/7 so that threats are detected and responded to immediately. Not an easy task for the typical small business that cannot afford around-the-clock security experts. Cisco agreed that “the worldwide shortage of information security professionals is at 1 million openings, even as cyber attacks and data breaches increase each year”.

“it only take once for a hacker to gain access to your network, but it takes 100% of your time defending it”!

Cyber-threat monitoring and detection are the cornerstones of an effective IT security strategy. But collecting the right data, parsing and analyzing it into manageable and useful pieces of information is an extremely complex task.
Our 24/7 security service employs the right technologies, paired with a staff of security experts, to reduce the risk and complexity of protecting your critical data.
Our SentreeGuard solution provides the intelligence and awareness needed to take action on the latest threats in your organization’s environment.  If you are serious about your company and want to take your security to the next level, we have the next level security solution, SentreeGuard.



Get Your Security Audit Today, Tomorrow Could be Too Late!!!

Did you know that the average breach goes undetected for more than 200 days?

Get Your Data Security Audit


Posted in: Company News, Monthly Security Brief, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

[Alert] WannaCry Ransomware Attack Uses NSA 0-Day Exploits To Go On Worldwide Rampage

NHS Ransomware Attack

This screenshot is just one example: The IT systems of around 40 National Health System hospitals across the UK were affected by this ransomware attack. Non-emergency operations have been suspended and ambulances are being diverted as a result of the infection. Cybersecurity experts have long used the phrase “where bits and bytes meet flesh and blood,” which signifies a cyberattack in which someone is physically harmed.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.” This is a cyber pandemic caused by a ransomware weapon of mass destruction. In the Jan 3 issue of CyberheistNews, we predicted that 2017 would be the year where we’d see a ransomworm like this. Unfortunately, it’s here.

Banks, Trains and Automobiles

Hundreds of thousands of machines are infected worldwide, including FedEx Corp, Renault, Nissan, the German Railways, Russian banks, gas stations in China, and Spanish telecommunications firm Telefonica (which reported 85% of their systems being down as a result of the cyberattack), and in a case of poetic justice, Russia seems to have been hit the hardest up to now. The source is Kaspersky’s Securelist, note that this is just the early days, and their visibility is likely limited.


The strain is called “Wana Decrypt0r” which asks $300 from victims to decrypt their computers. This monster has infected hundreds of thousands of systems in more than 150 countries. Monday morning when people get back to work, these numbers will only go up. Check out an early animated map created by the NYTimes.

Here is an infection map based on data from


…and the Wall Street Journal also created an InfoGraphic explaining the spread of Wana which is nice to show to management when you ask for more IT security budget to train your users – which would prevent this whole mess.


Bleepingcomputer said: “Whoever is behind this ransomware has invested heavy resources into Wana Decrypt0r’s operations. In the few hours this ransomware has been active, it has made many high-profile victims all over the world. “Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Despite the fact that this strain is hyper-agressive, the criminals behind the code do not seem to be all that sophisticated, they are using only a limited amount of static bitcoin wallets. Could even be that they are relative newbies at ransomware, and that the NSA worm-code has run amock scaring the daylight out them, afraid to be caught.

The Ransom Deadline Is Short

The ransom starts at $300 for the first 6 hours, and you’ve got up to 3 days to pay before it doubles to $600. If you don’t pay within a week then the ransomware threatens to delete the files altogether. Note the social engineering aspect here too: a sense of urgency is created to prompt people into action. A sense of hope is granted by virtue of the ability to decrypt a sample selection of the files

The ransomware’s name is WCry, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or Wana Decrypt0r. As everybody keeps calling it “Wana Decrypt0r,” this is the name we’ll use in this article, but all are the same thing, which is version 2.0 of the lowly and unimpressive WCry ransomware that first appeared in March.”

Kaspersky Lab also reports that the Wana strain has numerous languages available and was designed to affect multiple countries.


Sky News Technology Correspondent Tom Cheshire described the attack as “unprecedented”. The ransomware is using originally NSA 0-day ETERNALBLUE and DOUBLEPULSAR exploits which were made public earlier this year by a group calling itself the ShadowBrokers. There are recent patches available but many have not applied them yet.


Former U.S. intelligence contractor turned whistleblower Edward Snowden pointed the finger at the NSA, implying the agency was responsible for exploiting a weakness in Windows. It is not clear yet how the ShadowBrokers first got their hands on the NSA tools – conspiracy theories range from a contractor leak to a Russian counter-espionage trying to hint American intelligence should back off.
The group ShadowBrokers first appeared in August, claiming it had stolen tools from the Equation Group, a legendary espionage operation rumored to be affiliated with the NSA. The Brokers announced they had the tools and offered to auction them off which did not go very far. In January, the group gave up, only to resurface in April dumping EternalBlue and other Windows hacking tools in the public domain, where criminal hackers were grateful recipients.


The Initial Infection Vector Is A Well-crafted Phishing Email.


According to CrowdStrike’s vice president of intelligence Adam Meyers, the initial spread of WannaCry is coming through phishing, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a password protected .zip file, so the email uses social engineering to persuade the victim to unlock the attachment with a password, and once clicked that initiates the WannaCry infection. Microsoft confirms this in a blog post.

But the most concerning aspect of WannaCry is its use of the worm-like EternalBlue exploit. “This is a weapon of mass destruction, a WMD of ransomware. Once it gets into an unpatched PC it spreads like wildfire,” CrowdStrike’s Meyers told Forbes. “It’s going through financials, energy companies, healthcare. It’s widespread.”

“We encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school,” the U.S. Department of Homeland Security said in a statement released late Friday. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally.” Here is a technical nosedive of the Wana malware.

If You Can, Apply This Patch Immediately.

After the initial infection, the malware spreads like a worm via SMB, that is the Server Message Block protocol used by Windows machines to communicate with file systems over a network. According to Cisco’s TALOS team:

The file tasksche.exe checks for disk drives, including network shares and removable storage devices mapped to a letter, such as ‘C:/’, ‘D:/’ etc. The malware then checks for files with a file extension as listed in the appendix and encrypts these using 2048-bit RSA encryption.

From what we have been able to learn, Wana spreads through SMB so when we’re talking about machines behind firewalls being impacted, it implies ports 139 and 445 being open and at-risk hosts listening to inbound connections. It’d only take one machine behind the firewall to become infected to then put all other workstations and servers at risk due to it being a true worm.

In the mean time, harden yourselves against this Windows Network Share vulnerability and ensure that all systems are fully patched with the “MS17-010” security update (link below) and remind all staff to Think Before They Click when they receive any out of the ordinary emails.

Redmond Issues Emergency Patch For WinXP

Microsoft has also released out-of-band patches for older versions of Windows to protect against Wana, because the original patch did not include XP/Win8. “This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind,” the company told customers in a blog post.

Besides installing these out-of-band updates — available for download from here — Microsoft also advises companies and users to outright disable the SMBv1 protocol, as it’s an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3. You can use Grooup Policy for Clients and Servers. Here is a script to check the complete Active Directory for systems that miss the WanaCry related hotfixes.

Here is how to remove SMBv1 on Windows 10:


And here is how to turn if off on Windows Servers. Start with those…


Another option: Use DSC to enforce the SMBv1 removal. If you don’t have DSC in place, you can use DSC local on your servers as well. You can now download security updates for Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86,Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, and Windows 8 x64.

A Honeypot Server Got Infected With WanaCry 6 Times In 90 Minutes

As the original one, the second variant is automatically executed by “Microsoft Security Center (2.0) Service” and is trying to spread by creating SMB connections to random IP addresses, both internal and external.

According to an experiment carried out by a French security researcher that goes online by the name of Benkow. WanaCry infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware’s scanning module, which helps it spread to new victims. Noteworthy: three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches.

How To Detect The Presence Of Wana And SMBv1 Servers On Your Network

One of the easiest ways to monitor what is happening on your network is to setup a SPANMirror port or use a network TAP. This will give you access to flows and packet payloads so you can see who is connecting to what and if there is anything suspicious moving around. Check out this blog post if you use Cisco switches, it explains how you can monitor multiple network segments without the need to remember what is connected to what switch port. If you don’t use Cisco switches there is an excellent resource on the Wireshark wiki site which looks at how to setup monitoring on other switches.

There is one caveat though, this infection moves out like lightning from patient zero, and all vulnerable machines are literally locked in less than two minutes so monitoring alone would not be enough to be stop this monster. Here is a video showing a machine on the left infected with MS17-010 worm, spreading WCry ransomware to machine on the right in real time.

There Are Four Things To Watch Out For When It Comes To Detecting Wana

  1. Check for SMBv1 use
  2. Check for an increase in the rate of file renames on your network
  3. Check for any instances of the file @Please_Read_Me@.txt on your file shares
  4. Check for any instances of files with these extensions
    • .wnry
    • .wcry
    • .wncry
    • .wncryt

If Your Network Has Been Infected, What To Do?

This ransomware strain cannot be decrypted with free tools. Research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake has not been found yet.

Your best bet is to recover from backups, and if your backup failed or does not exist, try a program like Shadow Explorer to see if the ransomware did not properly delete your Shadow Volume Copies. If a user did not click Yes at the UAC prompt, then there is a chance those are still available to start the recovery. Here is How to recover files and folders using Shadow Volume Copies. As a last resort and all backups have failed, you could decide to pay and get the files decrypted. It appears to work.


What Can Be Done To Stop These Bad Guys?

It’s possible but difficult. The money has reportedly been flooding into hackers’ accounts and investigators can track the money and see where the bitcoin ends up. “Despite what people tend to think, it’s highly traceable,” Clifford Neuman, who directs the University of Southern California’s Center for Computer Systems Security. told the Washington Post.

However, hackers are still able to hide and launder the bitcoins in many different ways. Investigators will also examine the code itself as hackers often leave identifiable traces of their work. You can watch as some of these wallets are receiving money in real time.

Here Are 8 Things To Do About It (apart from having weapons-grade backups)

  1. Check your firewall configuration and make sure no criminal network traffic is allowed out, and disable SMBv1 on all machines immediately
  2. From here on out with any ransomware infection, wipe the machine and re-image from bare metal
  3. If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it’s tuned correctly
  4. Make sure your endpoints are patched religiously, OS and 3rd Party Apps
  5. Make sure your endpoints and web-gateway have next-gen, frequently updated (a few hours or shorter) security layers
  6. Identify users that handle sensitive information and enforce some form of higher-trust authentication (like 2FA)
  7. Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud
  8. Deploy new-school security awareness training, which includes simulated social engineering tests via multiple channels, not just email.

See How Sentree Systems, Corp. can Help!!

Learn More!



Posted in: Monthly Security Brief, Newsletter Topics, Security Awareness Training, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

[ALERT] DynA-Crypt Ransomware Steals And Deletes Your Data

Our friend Larry Abrams at Bleepingcomputer alerted the world about a new strain of ransomware called DynA-Crypt that was put together using a malware creation kit by people that are not very experienced, but have a lot of destruction in mind.

Larry said: “DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim’s computer.dyna-crypt.png Image courtesy Bleepingcomputer

Ransomware and information stealing infections have become all-to-common, but when you combine the two into the complete mess that DynA-Crypt is, you are just left with a big pile of NASTY that just makes a mess of a victim’s programs and data.

“The problem is that this ransomware is composed of numerous standalone executables and PowerShell scripts that just do not make sense in some of the actions they perform. It not only encrypts your files while stealing your passwords and contacts, but it also deletes files without backing them up anywhere.”

A DynA-Crypt Infection Means A Full-blown Data Breach

While running, DynA-Crypt will take screenshots of your active desktop, record system sounds from your computer, log commands you type on the keyboard, and steal data from numerous installed programs like Skype, Chrome, Minecraft and many others.  When stealing this data, it will copy it into a folder called %LocalAppData%\dyna\loot\, When it is ready to send to send to the developer, it will zip it all up into a file called %LocalAppData%\, and email it to the developer.

The Ransomware Portion of DynA-Crypt can be Decrypted

The ransomware portion of DynA-Crypt is powered by a PowerShell script that uses a standalone program called AES to encrypt a victim’s data. This script will scan a computer for files that match the following extensions and encrypt them.

When it encrypts a file it will append the .crypt extension to the encrypted file’s name. That means a file named test.jpg would be encrypted and renamed as test.jpg.crypt. The ransomware will also delete the computer’s Shadow Volume Copies so that you are unable to use it to recover files.

When done encrypting a computer, DynA-Crypt will display a lock screen asking you to pay $50 USD in bitcoins to an enclosed bitcoin address. Thankfully, at this time nobody has paid a ransom.



Is your Home Internet Connection Secure???

Are you worried about what your child is seeing or doing on the Internet? Well look no further the MDS Personal Internet Security device, from Sentree Systems, Corp., is what you need.

Secure Your Home Internet Today!!!


Posted in: Monthly Security Brief, Newsletter Topics, Security Awareness Training, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

Locky Ransomware Campaign Using Osiris Extension from Egyptian Mythology

The threat actors behind Locky ransomware have moved on from Norse gods such as Zepto, Odin and Thor and into Egyptian mythology with a new campaign that uses the extension .osiris when encrypting files as tweeted by R0bert R0senb0rg earlier this week.

How is this being distributed?

Operations6 tweeted that this campaign is being distributed through phishing emails with Excel email attachments that contain macros to download and install Locky.  

We’ve been warning about this very popular method of delivering ransomware for the past several months.  We’ve even put together a macros warning screen guide to show you the most common examples we see so you know what to watch out for when a phishing email like this lands in your inbox.

The name of the sheet in this particular campaign is called Лист1, a probable indication that the developers are located in Russia or the Ukraine. If a user actually opens the doc they get a blank screen with a prompt to enable macros.

Locky Phishing Email

Of course the attachments have important sounding names containing the word ‘Invoice’ to really try and get users interested enough to find out what’s in the attachment and enable the macros.

Once the macros are enabled it’s too late. A VBA macro is triggered that downloads a DLL (Dynamic-link library, Microsoft’s shared library concept) file and executes it using Rundll32.exe.  

Locky Excel Doc

Locky Installation

That DLL file is then downloaded into the %Temp% folder and gets renamed with an extension such as .spe rather than the usual .dll extension. The DLL file is subsequently executed using legitimate Windows program Rundll32.exe and installs Locky ransomware onto the computer. 

See the details from Larry Abrams at Bleeping Computer for the results of a sample he ran.

Once files have all been encrypted, Locky displays its ransom notes, see an example below. Currently the price for file recovery is about 2.5 Bitcoins (~$1880).

Locky Ransom Note Osiris

What to do about Locky

At this time unfortunately there is still no known free decryption method for the Locky ransomware variant. This would be where those weapons-grade backups we’re always talking about would save the day. Locky does try to erase Shadow Volume Copies although in some cases that fails, so it is possible to restore your encrypted files from Shadow Volume Copies if you’re lucky.


© KnowBe4, Inc. All rights reserved. | Privacy Policy & Terms Of Service | Security


See How Sentree Systems, Corp. can Help!!

Learn More!


Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

[ALERT] Yikes, A New And Scary Double- ransomware Whammy.



Sophos reported on one of the more scary ransomware strains I have seen lately. It’s called Goldeneye and encrypts the workstation twice: both the files and the Master File Table (MFT).

It’s a phishing attack with two attachments. One is a PDF and the other an Excel file. The Excel file contains a loader that pulls down all the malware. The PDF is the social engineering ruse that makes the user open the Excel file. If your user is untrained enough to open both attachments and there are crucial files on the local hard disk without a backup, you potentially get to pay ransom TWICE.

The spam email presents itself as a job application form to be filled out. It has attached an uninfected PDF with the application to get the process started, and in the PDF is a polite reference that the Excel file contains more details — no explicit demand to open up the file… just business as usual.

Opening up the Excel file, you get a suggestion how to display the aptitude test. Sophos said: “The crooks don’t openly ask you to do anything obviously risky, such “Enable macros” or “Turn off the default security configuration”, but they do encourage you to make a change to your Office settings, something that Excel will invite you to do because the file contains what are known as Visual Basic for Applications (VBA) macros.

In fact, if you permit macros to run in this Excel file, you will quickly regret it: the VBA downloads a copy of the Goldeneye ransomware and immediately launches it.” The VBA programming language used in Office macros is powerful enough to allow cybercriminals to control Word or Excel programmatically, but also to perform more general actions such as downloading files from the web, saving them to disk, and running them. 


Once the Excel file is activated, all the malicious activity happens in the background, but when the encryption pass is done, there’s a whole bunch of files left behind called: YOUR_FILES_ARE_ENCRYPTED.TXT which announce the infection:


Most strains of file-encrypting ransomware stop here, but Goldeneye’s developer has experience in this field and does a double-whammy attack similar to their Petya / Misha strain and encrypts the Master File Table (MFT) of that machine as well. 

Goldeneye works a bit different than the previous editions: it first encrypts the files, then performs the UAC bypass and the low-level MFT attack, then reboots and pretends doing a CheckDisk.


Once the “check” is finished, another reboot sounds the alarm with some dramatic ASCII art:


Pressing the Any Key gives you this:


In case you’re wondering why Sophos redacted the so-called personal decryption codes in the images above, the encryption is different for your files and for your MFT: the malware uses different algorithms and different keys each time.

In short, if you pay up to unlock your scrambled MFT so you can reboot into Windows, then, assuming the crooks actually send you the key, you’ll get back into Windows only to face the YOUR_FILES_ARE_ENCRYPTED.TXT pay page as well. If you don’t have any backup, you get to pay up 1.4 Bitcoins all over again.  That’s 2.8 total which starts to get very expensive.


See How Sentree Systems, Corp. can Help!!

Learn More!


Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Is Data Security really that important to my company?

Digital Security Protection Privacy Interface Concept

Why should I care about Data Security?

Take a moment to consider the following question: What is more expensive…. spending money on the right Data Security solution or paying RANSOMWARE FEES, fines, court fees, the loss of your company’s reputation, and your clients walking away from your business down the street to your competitors?  As a business owner thinking “why should I spend any more money on my computer system, I have an IT company that should be taking care of that”, this question is why I’m writing to you. 

I need to first set the record straight by saying, Data Security is not an IT problem, it is a business risk problem.  The reason I say this is because IT looks at the functionality, durability and productivity of your network devices, which is a good thing to do. But data security looks at your company at the user level, where the risk ultimately starts.  Every time you hire someone you must perform background checks on that person and a portion of that decision, depending on the position you hire them for, is based on if they would intentionally compromise your critical data.  Those types of thought don’t go in to buying the right computer with enough RAM, that is the job for IT.

Trust me I know what your thinking, “spending more money as a small business, just isn’t feasible right now, I will just deal with it if it comes my way”.   Unfortunately, that could be too late depending on the situation.  Example, if you live in Indiana and you have 500 or more records of client personally Identifiable information gets compromised, you are required by law to report the compromise to the authorities and to everyone whose records you have.  This is at the point that you could lose client loyalty and they could walk away from you.  The WRONG way is to not report it, but if one of your 500 or more clients find out their information was stolen because you were compromised, they can sue you and the authorities can fine you thousands of dollars for not reporting it properly and stick you with the bill for sending all your 500 contacts to breach counseling.  In 2015 the average cost per stolen record was $217 per record and if you had only 500 records that would be 500 x $217 = $108,500, is that worth waiting to deal with it, if it comes your way?

If you want to find out more ways to decrease your risk of data breaches and malware attacks, contact us today. 


Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

DMV worker accused of using state computer to ask customer on a date

Police on Tuesday said they have arrested a worker at the New York State Department of Motor Vehicles (DMV) on Staten Island, for allegedly trying to use the work computer to get a customer’s personal information and ask her out on a date.

According to the New York State Inspector General’s office, Peter Grosseto, 29, has been charged with the felony charge of Computer Trespass and the misdemeanor charges of Unauthorized Use of a Computer and Official Misconduct.

Investigators claim that Grosseto used the work computer system to look up the name and phone number of a customer – without her knowledge – who was being served by another DMV staffer.

He allegedly did it 3 times. Then, police say, Grosseto called the woman at home, pretending to be a DMV quality assurance rep.

He ultimately admitted he was calling to ask her out on a date.

Inspector General Leahy Scott said that Grosseto’s alleged behavior was unprofessional:

This defendant set aside any semblance of professionalism and illegally accessed State resources to satisfy his own interests and harass a customer with unwelcome advances. I will not tolerate any government employee’s violation of the public trust or violation of any citizen’s privacy and dignity.

Grosseto’s bosses aren’t too happy about it, either.

DMV Executive Deputy Commissioner Terri Egan:

There is no responsibility we take more seriously at DMV than safeguarding the personal information of our customers. When personal information is compromised, we take swift action – especially when a DMV employee is involved.

Grosseto’s been suspended without pay “to ensure he can no longer abuse his position,” Egan said.

He is, of course, innocent until proved guilty.

If Grosseto is guilty, he’s sure not alone. After investigating cops who misuse access to personal information, the Associated Press on Wednesday published a report finding that police across the US run unauthorized searches on confidential databases for purposes that include revenge and stalking.

Calling a stranger for a date, using a phone number and a name she never agreed to give you, might sound kind of cute. Harmless. Easy to laugh off.

But the AP story about police who abuse their positions to dig out data on people makes clear that government employees who do this aren’t just unprofessional: they can be downright dangerous.

One example is an Ohio officer who pleaded guilty last year to having looked up information on an ex-girlfriend and to stalking her.

The AP quoted Alexis Dekany, the woman he stalked:

It’s personal. It’s your address. It’s all your information, it’s your Social Security number, it’s everything about you.

And when they use it for ill purposes to commit crimes against you – to stalk you, to follow you, to harass you… it just becomes so dangerous.

Law enforcement officials have tried to stem the number of times that these betrayals of trust occur. Unfortunately, it’s well-nigh impossible to differentiate between legitimate database inquiries and those that are self-serving.

What can they do?

Some departments have tried increasing field audits.

The Miami-Dade police department is now conducting quarterly audits in which officers can be randomly asked to explain searches. Also, a sergeant’s duties have been expanded to include daily reviews of proper usage and troubleshooting, Maj. Christopher Carothers of the professional compliance bureau told the AP.

But at the end of the day, for better or (often for) worse, it looks like we’re relying on professionals acting like professionals as we trust them with our personal information.


Article by:





Is your Home Internet Connection Secure???

Are you worried about what your child is seeing or doing on the Internet? Well look no further the MDS Personal Internet Security device, from Sentree Systems, Corp., is what you need.

Secure Your Home Internet Today!!!


Posted in: Newsletter Topics, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →

Should we soon expect to be sending passwords through our bodies, not the air?

Whenever you send a password using a broadcast medium such as Wi-Fi or Bluetooth, someone might be listening. Even if it’s encrypted, you might be giving hackers at least a shot at breaking it.

Researchers have expressed particular concerns about the risk of vulnerabilities in custom radio protocols for wearables and implantables. But what if you could securely send that data through your body, not the air?

And what if you could do it using a fingerprint sensor or touchpad like the one already built into your smartphone or laptop?

That’s the claim of new research from computer scientists and electrical engineers at the University of Washington. As UW assistant professor of computer science and engineering Shyam Gollakota puts it:

Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body.

That’s right: even though fingerprint sensors aren’t designed to be active radio transmitters, “during normal operation they produce characteristic electromagnetic signals, which are consistent and at frequencies below 10 MHz” – frequencies that apparently propagate well through the human body.

According to the University of Washington’s description of the research:

These ‘on-body’ transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body – such as a smart door lock or wearable medical device – and a phone or device that confirms your identity by asking you to type in a password.

Co-lead author Mehrdad Hessar walks through a typical use case:

Let’s say I want to open a door using an electronic smart lock. I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door.

The authors’ paper documents transmission tests across the whole body, demonstrating that their technique works across different body types, and whether the subject is standing, sitting, or lying down. They tested iPhone 5s and iPhone 6s fingerprint sensors, the Verifi P5100 USB fingerprint scanner, and both Lenovo T440s and Adafruit touchpads.

Their technique also held up well against interference from other wearables. (A claimed side benefit of this finding: it might “be difficult for an attacker to transmit an external signal on the air to either jam transmissions or send false information.”)

Don’t expect to watch any HD movies transmitted directly through your fingerprint sensor just yet: Hessar et al achieved transmission rates of just 25 bits per second. That’s less than a quarter the speed of a 1950s modem.

It’s a long way from a university research lab to your body, but if this proves out, multiple applications are possible. For example:

Instead of manually typing in a secret serial number or password for wirelessly pairing medical devices such as glucose or blood pressure monitors with smartphones, a smartphone could directly transmit arbitrary secret keys through the human body.

Of course, having your body as the transmission medium brings a whole new set of security concerns about man-in-the-middle attacks.

Article by:





See How Sentree Systems, Corp. can Help!!

Learn More!


Posted in: Newsletter Topics, Tech News, Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 11 12345...»
Real Time Web Analytics