Author Archive

We recently stumbled upon a great article over at Sophos, one of the leading providers of software security services explaining the security differences between Apple and Android devices. Even though this article shows both sides, there’s a clear winner when it comes to mobile device security for law firms.

Google’s Android platform has become a larger target for mobile malware writers than Apple iOS. This could be a result of Android’s popularity—with more than 1 million activations per day, Android smartphones command a 59% market share worldwide. However, the relative vulnerability of Android vs. iOS comes down to the level of control the vendors have over products and the marketplace for development and distribution of apps.

Mobile malware writers know the best way to infect as many devices as possible is to attack central application markets. The cyber-criminals plant applications that include hidden (obfuscated) malicious functionality in an attempt to avoid detection included in the vendor’s application vetting process (e.g., Google Bouncer).

In 2011 alone, Google removed more than 100 malicious applications from its app store. Google discovered 50 applications infected by a single piece of malware known as Droid Dream, which had the capability to compromise personal data. However, Google hasn’t always acted in a timely manner to prevent infections. Users downloaded one harmful app more than 260,000 times before the company removed it from the app market. So creating a mobile security policy that requires end users to protect personal mobile devices within the enterprise is key to keeping your organization’s data safe.

Apple and iOS

Apple’s walled garden App Store—where applications are fully vetted before being made available to customers—has prevented widespread malware infection of iOS users. As a centralized point of distribution, the App Store provides users with confidence that the apps they download have been tested and validated by Apple.

Evidence of malicious malware showing up in the App Store is anecdotal at best, as Apple does not typically volunteer such information. However, it’s safe to assume that since Apple does not make APIs available to developers, the iOS operating system has fewer vulnerabilities. However, iOS isn’t 100% invulnerable and every now and then it has been seen that questionable apps have slipped through the Apple vetting process.

Google and Android

Like Apple, Google provides a centralized market for mobile applications called Google Play. However, that is offset by the Android’s ability to install apps from third-party sources. Some are well-known and reputable such as Amazon. Others are not, and originate from malware hotspots in Russia and China. The criminal developers deconstruct and decompile popular apps like Angry Birds, and publish malicious versions and make them available for free.

One alternative market for these “cracked” or “cloned” applications is Blackmart, and the apps cracked for that market are known as PJApps. Tools used to crack legitimate applications allow the mobile malware writers to repackage popular applications and add their own functionality. Repackaged apps will typically include some potentially unwanted pieces, such as advertising frameworks or malicious capabilities.

Another family of Android-specific malware reported to Sophos is known as DroidSheep, a tool used by hackers to listen to network traffic and gain access to online accounts of popular websites. Attackers running DroidSheep can impersonate victims’ accounts and gain access to sites not using a secure connection. DroidSheep allows the attacker to sniff wireless network traffic and steal authentication tokens, which the attacker can then use to impersonate someone else. Popular sites such as Yahoo, Google, and Facebook support HTTPS connections, which a tool like DroidSheep cannot infiltrate.

The most prolific family of Android malware is known as Boxer. In April 2012, when the popular photo sharing application Instagram was released on the Android platform, mobile malware writers immediately took notice. The malware creators copied the contents of the Instagram site and created a fake, malicious counterpart complete with rogue applications. Once installed, the app sends SMS messages to premium-rate services, concentrated mostly in Eastern European countries like Russia, Ukraine and Kazakhstan. In the process, cybercriminals earn a fast and tidy commission at the expense of users.

Mobile malware by the numbers

The number of threats, especially on the Android platform continues to increase. In 2011 SophosLabs observed 81 times more Android malware in 2010, an 8,000% leap. In 2012 SophosLabs has already resulted in 41 times more malware than in all of 2011, a growth rate of nearly 4,100%.

I say small firms deserve corporate email too because there is a major misconception that these solutions are expensive and only attainable by large firms which couldn’t be farther from the truth. In fact, I just got off the phone with another 6 user firm with the same old email story that I’ve heard time and time again. Let me know if this sounds like your firm. Years ago you had a web guy or an old IT guy who sold you email. You don’t use him anymore but you still use use the same email 5 to 10 years later. You get email on your phone but only the inbox, no sub-folders that you created in Outlook. You either keep a calendar in Outlook or would like to, but you really want it to sync to your phone so you can check your schedule on the go. You know the technology is out there because you’ve seen it, you just don’t know how to set it up, who to trust, and most of all you don’t want to lose any email or your email address in the process.

I’m certain that the above describes many attorneys and paralegals reading this blog right now. Getting your firm email organized is simple, inexpensive and offers no risk of losing your domain name, email addresses or email. Real corporate email is $8 per mailbox per month and is labelled Hosted Exchange. A watered down version of this email that seems to be popular these days is Office 365 and is sold at $5 per mailbox per month. These solutions offer total mailbox sync to your mobile devices, security, calendar & contact sharing, along with a plethora of useful features you most likely don’t have right now.

If your looking to up the ante and actually make IT work for your firm, moving to a new mail system that offers your firm real benefits is definitely a good way to start. Break away from late 90’s technologies and contact an IT vendor like Rekall to see how a new email system can increase firm productivity. Top notch email solutions are easy to use, they will increase firm productivity, and will not break the bank.

Most people don’t utilize favorite folders in Outlook and this is a real shame. Outlook favorite folders give you the ability to favorite certain folders so that they appear on the top of your Outlook folder list instead of embedded within the alphabetically organized Outlook folder list. For example, I have set the following folders as favorite in my Outlook because I access them often, Inbox, Unread Mail, Sent Items, my Potential Clients folder, as well as my Potential Partners folder. These folders I am in constantly, all day. On top of this when we perform large scale projects for clients, or when we take over new clients from previous IT companies I temporarily favorite the new client folder within my Outlook so all correspondence can easily be dragged within the folder at the top of the list instead of dragging all the way down my folder tree.

This is actually very easy to do, simply find a folder you wish to favorite, right click the folder and left click on “Show in Favorites.” BAM, it’ll show up at the top of your list making it easy to navigate to. If you ever want to remove the folder from your favorites simply right click the folder you wish to remove at the top of your list and click “Remove from Favorites.” You can also change the order of your favorite folders by dragging them where you like. Just be careful not to drag a folder into another one, this will create a top folder with a sub folder, or, a folder in a folder, which you probably don’t want.

Tricks like this help to keep my Outlook organized so I can get to the information I need, quickly. That’s the name of the game with Outlook, finding what you need in a short amount of time. This tip will work for Outlook 2010 through 2016.

Someone in your firm just opened an email attachment having no idea who sent it or what the file does. 20 minutes later no one can work because all firm documents have been encrypted and you also have no data backup or an inadequate backup in place. If you find yourself in this situation, you’re not alone. Many firms resort to paying the ransom on a Ransomware attack. It is confirmed around the internet that once you pay, you will get your files back, Rekall can also confirm this as we tested this internally in order to write this article. This guide will explain in detail the steps you must take in order to pay your Ransom and get your firm data back.

Step 1. Figuring Out The Cost of Your Ransom  |  The first thing we need to do is see how much your Ransom will cost. You’ll notice that in each directory where your files are encrypted there is a folder or file called “Where are my files” or “How to Decrypt.” You will see a .HTML file labeled like this as well.  We’ll need that file so remember where it is. Navigate your browser to https://www.torproject.org/download/download-easy.html.en and download the Tor web browser. This browser is an anonymous browser, you may not be able to open that .HTML file with Firefox or Internet Explorer. Download and install the Tor browser. Once installed, open the HTML file in Tor or copy and paste the link in the Ransom .txt file into the Tor browser. When the page loads it will tell you the how much you owe in Bitcoin. As I write this article 1 Bitcoin is worth $659.10 USD so it adds up. Average Ransom is 2 – 4 Bitcoin.

Step 2. Bitcoin Wallet  |  Next we have to create a bitcoin wallet. This is a virtual wallet that is secured by encryption. This wallet will eventually hold your Bitcoin. Navigate your browser to Blockchain.com, signup and follow the instructions to create a Bitcoin Wallet. Also, download the app from the Apple or Google Play Store and set it up using the same credentials you created. This will be important for future steps.

Convert USD to Bitcoin (Bitcoin ATM Method)  |  There are many ways to convert Bitcoin to USD including buying them from private entities looking to sell as well as Bitcoin Exchange websites which are probably more reputable like https://www.bitstamp.net/. Transferring USD to Bitcoin via online exchange is not permitted depending on the state you live, this includes New Jersey. For this reason we have utilized the Bitcoin ATM method, yes there are Bitcoin ATM machines. A Bitcoin ATM is exactly how it sounds. It is a physical machine where you deposit cash into your virtual wallet via internet accessible ATM machines. In real time you will see money deposit into your Bitcoin wallet on your mobile device as you feed money into the Bitcoin ATM. To find a Bitcoin ATM navigate your browser to https://coinatmradar.com/. Locate the closest Bitcoin ATM, they are usually in “smoke” shops and other locations of the like. Drive to the location and you will find a white ATM looking machine with a touch screen and a dollar slot like a change machine. For a visual aid, use this Youtube tutorial https://www.youtube.com/watch?v=19tVcU4rZrU. First, type in your phone number into the unit, you will then get a text with a verification code. Open your Blockchain app and hit receive on the bottom right. You will see a QR Barcode in the middle of the screen. Hold it up to the camera on the ATM so the ATM machine can verify you. Then insert cash as needed. You may have a $900 limit so you may have to do this entire sequence twice. You will then see the money in your Bitcoin wallet on your phone.

Pay The Ransom & Get Your Files Back  |  Once you are back to a PC open up that same link from step 1 where they told you how much ransom to pay and you will find a wallet ID or wallet address. Follow instructions on the page via your Blockchain account to send the appropriate amount of Bitcoin to the correct wallet ID. Once the Ransom is successfully paid via Blockchain refresh the Ransom page a few times until it says payment received. Keep refreshing until you see a link that says download decrypter. Download and run this file, all files will be unencrypted and usable after an hour or so. It will take time to decrypt your data and a black command prompt box will come up list all files to be decrypted, be patient. In our opinion it is a good idea at that point to find the PC where the Ransom emanated and format that PC for safety sake.

If you have issues following these instructions or would like Rekall to assist you in this process if you ever get hit by Ransomware please feel free to give us a call (800) 554-4166.

What is Ransomware?

The hacker groups behind Ransomware/Cryptowall/Cryptoware cannot be stopped. They are faceless, nameless groups located all around the world with the goal being to encrypt your firm data and hold it  hostage in exchange for a ransom payment in the form of Bitcoin, an untraceable internet currency. If you don’t pay within a certain amount of time, you will lose your data forever. In 2015 alone Ransomware hacker groups made an estimated $4 Million holding private, public & government entities’ data hostage with a promise to restore all data in exchange for an average 2 Bitcoin. 2 Bitcoin doesn’t sound like a lot, but the exchange rate as I write this article is $649.10 US Dollars to 1 Bitcoin. In some cases the request is far greater, upwards of 5 to 10 Bitcoin for a single ransom totaling over $6,000 US Dollars.

Ransomware is not a virus, no damage is ever done to your data. Your data is encrypted and can be decrypted if you pay the Ransom, but it has never been seen that these groups steal or damage your data. When a Ransomware executable is inadvertently launched, a silent encryption application runs in the background on your PC. It seeks out shared network drives and also encrypts those locations as well. Before you know it, you can’t get into any of your documents or pictures and in every encrypted directory there are instructions offing information on the Ransom with a tutorial on how to pay. Once you pay, you will get all your files back, Rekall can confirm this. This is Ransomware in a nutshell, but truthfully, it’s a lot more complicated than that.

By the way, if you do get hit, there’s a strong chance all your contacts will be sent the same Ransom email you clicked on, only this time all emails will be sent from your email address making your contacts think you sent them Ransomware. This is how it spreads, not good.

How Law Firms Can Avoid Ransomware

Sophos Firewall  |  ZERO-Day Ransomware is unstoppable. While Ransomware sounds like an unstoppable entity, there are ways to avoid the ordeal and cost of paying the Ransom. Firstly, get yourself a Sophos Firewall with web filtering, Rekall offers this as a hosted service nationwide. It’s very inexpensive and extremely useful. Sophos is the only securities company with definitions to stop Ransomware. Since Ransomware is technically not a virus, many other security companies have not dealt with the Ransomware epidemic. Sophos is your only hope.

Sophos Email Filtering  |  85% of Ransomware is downloaded and executed through email. Make sure you have a Sophos spam filter, filtering incoming and outgoing email for the entire firm. Again, Rekall offers these services nationwide on a hosted and/or cloud level. They are inexpensive and a necessity. Again, Sophos is the only one who does this.

Secure Offsite Backup  |  Another way to avoid Ransomware is to have a backup, and not a USB backup, because anything USB will be encrypted as well with your data, remember, they’re smart. We’re talking about a secure offsite backup that supports a large retention policy with versioning. Rekall recommends 10 versions and 30 days minimum on the retention for all our law firm clients. In this way, restoring a snapshot of your server files from last week should not be an issue. If you can’t do this easily with the current setup, get new IT. Backup software that does this is not expensive or special, it’s the norm and everyone should have it.

Better Internet & Email Practices  |  The last way to avoid the Ransomware nightmare is to teach your people not to click on links they are unsure of may they be on the internet or within email. Many of the Ransomware emails come from random email addresses with attractive Subject lines. Tell your people to avoid these like the plague. If you’re unsure about an email or an attachment, open it on your phone, Ransomware doesn’t execute on mobile devices so there is no risk there. Just be careful and stress this to your firm staff.

Here’s a quick tip for securely opening email from unknown senders. I’m sure this has happened to you, you get an email from someone, maybe it has an attachment, but you don’t know the sender. You don’t want to open the email on your computer because it may have a virus or malware attached. Something we do as security minded IT  techs is open unknown email and/or attachment on our mobile devices. This is of course after all our email is secured through a spam filter.

Mostly all viruses and malware target Windows computers. In this way you can open an email and even an attachment may it be a word doc or zipped file as long as you have the appropriate viewer installed on your mobile device. If you open the file and get an error or a garbled word doc, you know the file was either corrupt or something nasty. We recommend deleting it immediately.

Keep in mind that there is a small number of malware produced to affect iPhone & Android devices, but they are not common from our experience. With this method you should be able to double-check all questionable emails in no time flat. Please keep in mind that this should not take the place of a proper spam filter service.

On Tuesday June 14, 2016 Microsoft release patch KB3159398 that was supposed to resolve a number of security related issues with Microsoft Windows. Due to this patch we have seen an influx in client support requests regarding missing mapped drives and missing shared printers. Uninstalling the update is not recommended, we had to manually changed security permissions on the GPO for each client with this issue. We hope this helps IT professionals, it took us an hour to figure out that we had a problem and fix it, but with much research.

Mobile devices are basically mini computers enhanced by a vast amount of applications. The apps we’re talking about today offer attorneys a specific advantage to their industry. They increase productivity and offer abilities you otherwise would not have while on the go. If your interested in downloading these apps simply go to the Apple store or Google Play Store if your an Android user.

Skype | Skype is a great tool for video chatting between Windows & Apple platforms as well as a quick and easy chat program that attorneys can utilize on the go. It’s quicker than email, more formal than text and when connected between an attorney and their admin quick communication becomes effortless. You can even send photos and documents quickly and see if your contacts are online, offline or idle. Law firms with Skype have an edge and the ones that deploy Skype Business have an even greater edge with more control features and communication options. Every attorney and attorney admin needs Skype on their phone and their desktop. Best of all, Skype standard is free.

WordPerfect Viewer | If your a law firm still using WordPerfect, than this app is for you. We live in a Microsoft world. Sometimes when WordPerfect documents are sent, the formatting is off when viewing them on your Apple or Android device. This is why you need WordPerfect viewer. With this viewer, formatting is spot on as originally intended making it easy to view and read WordPerfect documents on the go.

Outlook | Both Android & Apple devices have a default email app but we have found that the Outlook application is a bit superior, especially for firms using Microsoft Exchange. The way emails are viewed within the Outlook app is cleaner and more organized. The Outlook app even connects to other important applications like dropbox when saving file attachments. One thing that we noticed that that the default view should be turned off. It’s a setting where Outlook tries to organize your email by priority. We found that turning this off and getting back the typical organization by time and date was much more normal looking. The Outlook app also offers advanced signature options that Apple & Android do not offer as well as a ton more features. The look and feel altogether is what makes people use this app over their branded provider default mail apps. Give it a try, it’s free.

Tiny Scanner | This app is awesome to say the least. How many times have you been in a situation where you want to get a physical document to someone but your either out, or home without a scanner. Tiny Scanner to the rescue! Tiny Scanner turns your phone into a scanner. Tiny Scanner works with the camera in your phone to produce high resolution scanned documents. When your scan is complete, your default mail app opens with the scanned document imported as an attachment. Simply type in an email, subject, and body, and send a scanned version of your physical document to whomever you wish. It’s that easy and works that well. Give it a try.

Dictate + Connect (Dictamus) | Dictamus is a dictation app. Open the application and dictate, once saved you can choose to email this audio file to whomever you wish. This can be useful for reminders, dictating billing for transcription, and quick requests on the go when there is no time to type an email. Many of our attorneys love Dictamus.

Your planning on buying some new desktops but what will your IT people to do with your old workstations? You should know the answer to this question and it should be integrated into your support agreement with your IT vendor due to it’s relationship with firm data security. In this article we will explore what Rekall does with old client hardware and perhaps you can integrate our practices into your IT agreement, adding liability coverage and security to your agreement.

The answer is simple, your IT vendor should cart away any and all superfluous network hardware may they be printers, desktops, switches or servers and backup any localized data if the data is valuable. If it is not valuable then hard drives and RAM should be removed and all storage devices and should be zero’d out which is basically a high-end format. Once the storage media is cleared, your IT vendor should drive your hardware to a local electronics recycling center. Here, not only will the hardware be recycled but some centers offer certified hard drive shredding services. This may come at a cost but these services offer real-time hard drive shredding with a certificate of destruction.

This process outlines the right way to dispose of hardware so that there is no lingering data for garbage pickers to steal, plus a certification of destruction for insurance purposes.