How to protect your Windows PC from WannaCry ransomware

UPDATE 05.25.17:  Here’s Connecting Point’s Service Manager, Jason Kellogg (among others), in an interview about WannaCry and other ransomware hitting systems right here in the Rogue Valley. (Courtesy NBC5, aka KOBI Channel 5, the local NBC affiliate.)

WannaCry screenshot virus ransomware security Connecting Point Medford Oregon

You’re probably safe. But you really should make sure—now.

The first reports came out of Britain last Friday: The National Health Service found some of its Windows PCs under attack by a virulent piece of ransomware named WannaCry, foisted on vulnerable systems by a group calling itself Shadow Brokers. Then it attacked Germany’s national rail system. WannaCry exploits a critical vulnerability in Windows computers, a vulnerability that Microsoft had issued a patch for back in March. But for those not diligent with their operating system updates, many found their computers completely unusable, with a pop-up message informing them that their files were encrypted and locked. To release them, they needed to pay a ransom of £230 (about $300) to a BitCoin account.

By Monday morning, the attacks had surfaced globally, in particular in China, where many computers run on pirated versions of Windows and thus cannot be patched. The extortion scheme has now spread to 150 countries. Microsoft has pointed a finger at the U.S. government’s National Security Agency (NSA), which created hacking tools enabling this type of cyberattack – and then had them stolen by hackers. Ironic.

So are you at risk? If you’re using a licensed copy of Windows and have up-to-date security software installed, you’re probably fine – but let’s make absolutely certain.

Which versions of Windows are at risk?

WannaCry take specific advantage of a vulnerability in older Windows operating systems to infect and encrypt.  These versions are Windows 8, Windows XP, and Windows Server 2003. If you’re currently running Windows 10, Windows 8.1, Windows 7, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 and have been diligent about system updates, you’re fine.

Here are some steps you can take to protect your PC from WannaCry:

  • If you don’t have a recent backup, make one immediately. Once WannaCry encrypts your files, your options become very limited. Restoring your system from a backup is one of them – but you can’t make such a backup retroactively. As we tell our customers: You should assume at all times that, 30 seconds from now, everything on your computer will go away… forever. You should always have multiple current backups, with at least one of them kept off-site (in case of fire or other disaster). Talk to one of our sales or service specialists about implementing a robust backup strategy as soon as possible.
  • Make sure you have the latest Windows updates and patches installed. As mentioned above, the security vulnerability that makes WannaCry and other attacks possible was identified and patched by Microsoft a couple of months ago – but it only works if it’s been installed. Windows 10 checks for updates on a regular basis, then downloads and installs them automatically. But in light of this recent attack, you should check to make sure you have the latest updates installed. To do this, click the Start button, then go to Settings > Update and security > Windows Update, and select Check for updates. Windows XP users can download a special patch Microsoft created to address this vulnerability. Find out how here.
  • If you’ve turned off Windows Update, turn it back on. Many users, weary of constant updates and patches, disable this important feature. Better to deal with a bit of inconvenience than risk infection by malware.
  • Use a good Internet security suite. PC Magazine has an in-depth review of the current offerings here. Get a good one, install it, and keep it updated.
  • Bring your co-workers into the loop. At your next staff meeting, budget time to go over “best practices” for using office computers. A good place to start: Don’t click on questionable links, and don’t open suspicious attachments. IT administrators should restrict user access to the company network to just the areas they need to do their jobs.
  • If you’re attacked, don’t hesitate. Act. Shut down the entire network immediately. Ransomware often threatens dire consequences if you turn off the computer or disable Internet access, but that is rarely the case. Security experts and law enforcement agencies warn against paying ransoms, since this only encourages fresh attacks further down the road. And paying the extortion fee does not guarantee your files will be unencrypted.
  • Get a Mac. While no longer immune to all viruses and other malware, Mac systems are far less prone to such infections. (The exception would be if you are running Windows on your Mac via something like Boot Camp or Parallels. Windows running on a Mac is just as vulnerable to WannaCry and other PC malware as any other Windows computer.) The same holds true for users running ChromeOS, Linux, or mobile operating systems like iOS and Android.

The experts at Connecting Point can offer assistance in making the transition from Windows to Mac as painless as possible (we’ve done it literally thousands of times). We even offer a monthly class to ease your switching journey.

Are Today’s Cameras Cybersecure? 10 Tips to Avoid Camera Hacking

cameras cybersecure cybersecurity webcams privacy protection Connecting Point Medford OR

Guest post by Vound Software and Ghergich & Co.

Computer webcams, home security systems, and baby and pet monitors allow us to stay connected 24/7. These camera-enabled devices allow us to video chat with family members and work contacts and keep tabs on the safety of our homes, pets, and children with ease. But all this connectivity opens us up to some serious vulnerabilities. Cyber hackers can gain access to some of our most intimate moments if we don’t take the proper precautions. Thankfully, there are ways to protect ourselves-beyond covering your computer webcam with masking tape. Check out the infographic below to better safeguard your devices.

Are Today’s Cameras Cybersecure? 10 Tips to Avoid Camera Hacking

cameras cybersecure security privacy webcams

Deal of the Week | Feb. 12, 2016: Kensington MicroSaver Keyed Laptop Lock for $10 (reg. $45)

Kensington MicroSaver Keyed Laptop Lock for $9.99 (reg. $44.99)

Kensington MicroSaver Keyed Laptop Lock for $9.99 (reg. $44.99)Protect your notebook from theft by locking it down. T-Bar locking mechanism and super-strong carbon tempered steel cable provide maximum protection that attaches to the industry standard Kensington security slot found in 99% of notebooks.

  • 6 ft, 5.5mm carbon strengthened steel cable anchors your notebook to a desk or immovable object
  • Attaches to 99% of notebooks with the T-Bar locking mechanism for superior strengthBuilt-in defense system guards against lock tampering
  • Safe Pro exceeds industry standards for tough security applications
  • Free Register & Retrieve on-line key registration for secure key replacement

The retail price for this security system is $49.99, and our regular price is $44.99. Yet this week, while they last, we’re crazy enough to let them go for a mere $9.99. Now you have no excuse for not locking down all your expensive electronics.


This offer runs from Friday, February 12th to Thursday, February 18th, 2016, or while supplies last. Sorry, no rain checks.

Deal of the Week | Apr. 17th, 2015: SyncStop Safe Charging USB Adapter for $14.99 (reg. $19.99)

SyncStop Safe Charging USB Adapter, on sale at Connecting Point for $14.99And now for something completely different…

In late 2013, a small, Portland-based independent security firm called Xipiter built the first version of SyncStop (which was originally called the “USB Condom,” until cooler heads prevailed) to scratch an itch: They wanted to minimize the risks involved with charging their own mobile devices in public areas.

When they tweeted about their invention, they were immediately flooded with emails and calls – and realized they were on to something big. The first production run sold out in a matter of days, spurring them to refine (and rename) their product.

Connecting Point is proud to be the first in our area to carry SyncStop, designed and built by another locally owned, independently operated business. And we’re inspired to offer this already-affordable gadget at a 25% discount, as this week’s Deal of the Week.

Click here to learn more about this week’s DOTW.

SyncStop – Charge Safely from XipiterSec on Vimeo.

BANNER-DOTW_yellow_reflect_640x160

SCAM ALERT: Beware of emails “from” FedEx, UPS, USPS, and online retailers

Security beaches, malware, and identity theft can be a real headache

During the holiday season, email phishing and malware scams dramatically escalate. Nearly everyone is shipping packages, expecting packages, or tracking deliveries. It’s a golden opportunity for con artists to hoodwink you into clicking on a link in a seemingly legitimate email.

Here’s one we received at our Medford store, just this morning:

Fake FedEx delivery failure notice
Scan suspicious emails for misspelled words or mangled syntax (like the first sentence in this one).

On the surface, it looks legit—until you examine more closely. Vigilance is key. The whole point of these scam emails is to trick you into clicking on their link. Once you do, it could enable the installation of malware, or the ransom of your computer’s hard drive, or identity theft—or a combination of these.

Let’s take a closer look at this email, while carefully avoiding actually clicking that link. First, examine the return address. Here’s what it looked like in our email:

Detail of suspicious return address on fake FedEx scam email

We’re pretty sure the FedEx email system doesn’t originate out of something called “hindquarterly.com.” Now let’s see where that link would take us, if we were to actually click on it. You can do this by hovering your computer’s cursor over the link. Soon, it will reveal its true nature:

Detail of actual link destination for fake FedEx email scam

It’s obviously not going to take you to anything having to do with FedEx. In fact, the .eu domain indicates it’s of European origin, but even that could be completely falsified.

So practice safe computing this holiday season (and all year long). Remember the following:

  • FedEx, UPS, and USPS never send unsolicited emails. Instead, shipping companies will call you or leave a tag on the door.
  • Learn to spot fraudulent emails and websites.
  • Anti-virus or security software doesn’t guarantee scam emails can’t hurt you.
  • Keep your login info and passwords for shipping company sites safe and secure.
  • Also safeguard your FedEx, UPS, and USPS account numbers.
  • Exercise caution with public computers, which can cache personal data and login details. Be sure to completely log off any sites, and to clear the browser’s cache before leaving.
  • Learn to recognize common warning signs of online scams:
    • Unexpected requests for money in return for delivery of a package, often with a sense of urgency.
    • Requests for personal and/or financial information.
    • Links to misspelled or slightly altered Web-site addresses (fedx.com, fed-ex.com, etc.)
    • Spelling and grammatical errors or excessive use of capitalization and exclamation points.
    • Claims that you have won a large sum of money in a lottery or settlement.
    • Certificate errors or lack of SSL for sensitive activities.
  • If you’re still not sure if the email is fake or legitimate, try replying to it. Most companies will issue an automatic reply back, informing you the email address is not monitored. If you get a human response, it’s almost certainly a scam.
  • The point of scam emails is to get you to click on a link. Don’t click on anything until you know exactly where it will take you.

We want our customers—and their computers—to enjoy a safe and relaxing holiday season. With a little bit of heightened attention, you can prevent security breaches and all the heartache that can bring.

Deal of the Week | August 15th, 2014: LED Solar Flashlight for $4.99

LED Solar Flashlight for $4.99You are roused from a deep sleep by your spouse, elbowing you in the ribs.

“What the…” you begin to mumble, groggily.

Shhh! I heard a noise downstairs,” your spouse whispers.

At once, you’re wide awake, in a state of hyper-alertness, courtesy evolution and the fight-or-flight reflex it perfected. You reach for the flashlight on your nightstand, flick the switch, and…

Nothing. Darkness. And the noise is moving…closer.

Dead batteries in flashlights result in more U.S. deaths than automobile accidents, lightning strikes, and bathtub slips combined.* Don’t let this happen to you! With this week’s DOTW, you’ll never need worry about flashlight batteries again. Just keep it near a window, and let that bright glowy thing in the daytime sky take care of maintaining a full charge for you.

What is protection from things that go bump in the night worth to you? The answer should be “priceless,” but we’re going to peg it at $4.99. That’s 75% off the regular price, making it affordable enough to buy several and keep them all over the darned place. Because they’re out there. You know they are.

Find out more about our latest Deal of the Week here.

*Not an actual statistic, and also utterly false.

The time is World Backup Day. Do you know where your files are?

World Backup Day 2014Don’t be an April Fool. Be prepared: Back up your files today, March 31st – World Backup Day.

Take a moment to imagine what it would be like if everything on your computer, tablet, or phone went away – permanently disappeared – 30 seconds from now. This is not some rare nightmare scenario. Devices are manmade, and things made by the hand of man must someday fail. It is known.

In other words, it’s not a question of “if.” It’s a question of “when.” And when it does happen, how badly would it hurt you?

Take a moment to imagine what it would be like if everything on your computer, tablet, or phone went away – permanently disappeared – 30 seconds from now.

Fortunately, there are simple, sensible steps you can take to make this a total non-issue. If you have a Mac, you have an app called Time Machine that makes keeping a current, local backup of your computer easy as pie. Windows 8.1 comes with a similar program called File History. In both cases, you’ll need an external hard drive dedicated to the task. Connecting Point can help you select the perfect external drive to fit your system and budget, with prices starting well under $100.

But to really, truly protect your photos, home videos, music, emails, and documents, you’ll want to supplement this local backup with an off-site one. As it happens, we offer a safe, affordable, and simple solution: SafeBox Automated Online Backup. For less than seven dollars a month, your important stuff is seamlessly, continuously backed up over broadband connection to a secure, remote location. Fires, floods, and wayward pets cannot touch your precious information.You can read all about SafeBox here.

So visit the World Backup Day site. Take the pledge. And sleep easier tonight, knowing your data is safe.

Deal of the Week | October 18, 2013: Wi-Fi Netcam with Built-in Mic for $39.99

Wi-Fi Network Video Camera with Mic for $39.99Lot of cameras out there. Whole lot of surveillance going on.

Not trying to be paranoid or anything, but just look. At the supermarket, on the street, in the lobby, the café, the ATM, the super-villain’s lair: Surveillance cameras are ubiquitous.

Time to fight back with a little bit of counter-surveillance. And you can do it for just under 40 bucks – that’s $60 off the regular price! Countermeasures have never been so affordable.

Find out more about taking an eye for an electric eye here.