My files are encrypted, now what?

Having first heard about the CryptoLocker ransomware about 6 months back I remember thinking to myself, 'Holy crap thats a pretty bad virus' as it doesn't target your computers operations at all, but it targets your personal files themselves. The files which make your personal computer of any value at all.

With 'normal' viruses they usually are disruptors trying to break your computers functionality and potentially causing irreversable damage to your operating system (Microsoft Windows variant in most cases). These types are a pain to deal with but you always have the option of copying data from the drive, formatting, and re-installing your operating system. Time consuming and disruptive yes but usually after one of these infections you don't lose any personal files, photos or music it is just the operating system that gets screwed.

Something tells me this aint a good thing

One of my clients friends recently got in contact with me to try fix a computer that had contracted the CryptoLocker ransomware. Now how this particular ransomware works is that you get an email with an attachment the criminals want you to click on. In the case of Australia they have been posing as Australia Post, RTA infringement notices, something that will entice you to click on the attachment. Once you have clicked on said attachment the rogue program gets to work and starts encrypting all your personal files thus making them inaccessible by you or anyone else. If you have decent security program that is kept up to date it should stop and delete the rogue program immediately, (but I wouldn't want to test this out as many variants of the rogue program exist).

After the program has started its encryption of your files it will show a popup asking  you to pay a ransom to get the decryption key which will allow your files to be restored and accessible, the fee can range from $100 - $2000 from what I have read, but that is assuming you can even access the site to make a payment to the criminals.

In my experience the user in question had:

1. No Backups
2. Let the virus be active on the computer for 10+ days
3. Shadow copies on but since the virus had been on for so long the shadow versions were encrypted too.
4. No access to the page to actually pay the ransom, either the virus has a shelf life where the links are only active for a short duration, or law enforcement had taken the sites offline.

So in the end all I could do was remove the ransomware, so no new files were encrypted and thats it, now the computer is full of encrypted inaccessible files. The only long shot I had was to head to https://www.decryptcryptolocker.com/ its a free service whereby you can upload one of your encrypted files and based on the encryption key they 'might' be able to send you the decryption key which can be used to restore the files. Unfortunately there are many variants of the CryptoLocker ransomware that it doesn't work for all, but nevertheless I tried and it did not work, website says invalid file. The other thing I tried was contacting Fox-IT directly, they were very helpful but only confirmed my suspicion that there was nothing the user could do to recover the files.

Lesson's for all to learn:

1. Keep an external backup drive with all your files on it (especially home photos and videos)
2. If something doesn't seem normal on your computer, get it looked at
3. Don't open attachments from emails where you ask yourself, I wonder how they got my email address?
4. If any email has a zip file attached be very wary of clicking on it
5. Keep an up to date security program on your computer in case you do accidentally open something malicious. It may save you.
6. Keep an external backup drive with all your files on it (especially home photos and videos), yes this is mentioned twice, it is that important.

Traditional Phone System to VOIP, pull vs push

Since office telephony and Information Technology (IT) have been crossing paths there seems to be an end goal where the owner of a small business can have one company that looks after almost everything required for them to run their business, stretching from Phones, to computers and servers. However, since phone systems usually are one of the first things to go into a business and are the last things to change (some clients run the same phone system for 10+ years quite happily) there seems to always be a legacy system which the IT provider has to pass it over to the 'Phone Company' so they can do something seemingly trivial such as add another extension or change a hunt group. Usually the performing of these tasks are quite costly as the system itself is old and the people who service them are becoming rarer and rarer.

Specifically the systems I am talking about use traditional phone lines coming into the premises and each of the handsets is configured to access the lines and display the information on buttons that light up to indicate which line is active. At any point in time a user can simply press the button on the corresponding line and assume control of the call.

Commander phone system handset

These phone systems were perfect for offices which had few employees and they were all within an ear-shot of each other as a receptionist could answer the call, say for example and incoming call on line 1, put the call on hold, and yell out to another team member that there is a call for them on line 1. The team member can press line 1 to pull and assume responsibility of the call. Simple yes, and it's a one to one relationship, you have one PSTN line for each of the active lines you require for your business and when all are used up you cannot call out or call in as all lines are full.

Cisco SPA504G a popular VOIP handset

Enter VOIP, an internet based phone system which does away with the notion of one to one and allows many calls to come through to the same number, there are hybrid VOIP solutions which use physical and VOIP lines to facilitate calls but I am focusing on pure VOIP. VOIP also usually allows the management of hunt groups and other things like extensions through a web based configuration which can be administered by the businesses IT provider. Physical lines feeding into the premises no longer matter and this can break down the barriers to allow customers to scale easily and cheaply. All sounds good in theory, yes but how about the example I mentioned earlier, where in a small business the user would like to get a call to another team member? Now in the case of VOIP each handset is not aware of the other 'lines' that it is hooked up to as each VOIP handset makes a connection to the VOIP server (whether its in-house or hosted) so in order to get a call from one handset to the other the receptionist must push or transfer the call to the recipients handset. This leads to a few extra button presses on the handset and opens up a whole bunch of other options including an attended transfer (where a calling party can introduce the call before transferring) and a blind transfer (which is basically like pushing the call across and having no way to get it back). This is more flexible then the old system but you can't argue that it is simpler the old way required one button to be pressed to simply take the call away from receiption.

Some users may struggle with this small but often overlooked change in pushing and pulling of the calls, if the current system has been in use for a long time it would be best to stipulate this difference with your client at the forefront before any moves are made towards a VOIP system. In the end yes it is not as simple as the older phone systems, but the cost and flexibility benefits from VOIP might outweigh the marginal increase in complexity.

The Apple difference

First let me start by saying, I am a Windows user, growing up I had access to both Mac OS and Windows based systems (starting with Windows 3.1) but I always seemed to gravitate towards Windows. Perhaps this had something to do with the school using them, or games and applications being cheaper and more readily available. Or maybe the biggest factor was they were expensive.

During my high school days in the late 90s Mac's were seen as the best and contained quality components. Seeing as most people could not afford them for a home computer it made a Mac a niche product and if you had one, you either had too much money or were heavily involved in graphics or anything creative digital. The PC on the other hand was like the wild west every corner shop seemingly was putting together computer packages with Windows pre-loaded. The components were completely mixed, usually the only thing in the box that was genuine was the CPU. Seeing as Microsoft licensed the software and allowed any hardware vendor to build/assemble the hardware there was no quality control on how the end user would see Windows perform. Thus lead to the great Mac vs PC debate whether one was better then the other, it isn't that straightforward though as Apple controlled the Software and the Hardware, Microsoft only controlled the Software.

Apple did move away from crafting custom CPU's and chips favouring Intel's CPU's as a standard in all Mac's after 2006 however, in my mind I think I had always thought of them in that light even till now 2014.

So why bring this up now? It has been 8 years since Apple went to Intel processors? Well as I said I personally had a mental barrier that was preventing me from seeing Mac as an option when considering a new laptop or desktop. Something made me change my mind though, enter the Asus UX21E. You see I was in the market for a new laptop, something small, something that could be taken to client's sites and something I could hack away at on my lap when coding HTML or Javascript. At $900 AUD I figured why not? Certainly looked the part, specifications were great, price was right. About 5 months into the purchase I found I was not using it for the reason I purchased it. Yes I was taking it to client's sites it was light and handy, but I would do very little 'work' on it.

Everything about the machine felt a bit off, the way I couldn't open the top lid without the whole device tipping over, the way the keys felt when you hit them, almost like there was no feedback, the hinge in the screen having a weird tilt, the shininess of the screen which appears to collect fingerprints even though its not a touch screen. This is not isolated to this model either, as I have many other clients using Dell, HP, ASUS, BenQ and all explain similar problems. I then started to realise it's not too different to what had been happening in the late 90s with PC manufacturers, the problem hadn't gone away the PC manufacturers have just become better at hiding the shortfalls. The UX21E looks like a great machine at face value so I am sure it will sell. That however does not fill a person with confidence to buy another ASUS computer after the first one inevitably dies.

So after my UX21E died (well didn't die the power button just won't turn it on anymore) I looked to Apple for guidance about what I should get as a replacement. So I took the plunge and bought my first MacBook Pro 13inch with Retina Display (late 2013 model).

I will just some it up with one word, design. When you control the software and the hardware as Apple does, you can do proper quality control and testing, the result is a product that not only does what the owner purchased it for, but it becomes a tool for the owner which the owner wants to use.

I realise now the ASUS was a tool and it did what I needed it to do, but I never wanted to use it, I needed to. With the MacBook Pro I want to use it. This could be all marketing BS working on me from the Apple hype machine, but if it is I don't really care, as if marketing BS can get me to work harder then that's fine with me.

Motherboard Dead? Maybe not, check your firmware first.

I have been building computers for my clients and myself for a long time.

I switch between AMD and Intel setups depending on the requirements. Every now and then I come across a piece of hardware that is DOA (Dead on Arrival), it's unavoidable as since these parts are mass produced their is always a chance you get unlucky and it's time to pack it up and send it back under warranty. On a completely new build it sometimes is tricky to find out what is causing the issue if a system simply won't boot, as it could be the PSU (Power Supply Unit), CPU, RAM or the motherboard. So when I recently got a batch of Gigabyte GA-B85M-HD3 motherboards and 2 out of 3 were not working I was puzzled. As I ended up testing everything PSU, RAM, Motherboard and couldn't figure out what was going on. The system would not even get to post but it was powering up.

2 out of 3 in one order couldn't be DOA could they?

I then finally checked the CPU's (Intel I5-4590), it seems as though the newer Haswell CPU even though still LGA1150 was not compatible with the firmware that shipped on 2 of the motherboards I received. I have to update the firmware to somehow get my CPU's working with these boards but since it can't even get to BIOS I was struggling to figure out how to do it. 

Luckily I had an older Haswell CPU lying around so I had to transfer it into the motherboards, boot to the bios, update from a usb drive and then swap back the newer Intel Haswell and all were working. Problem is that if you weren't in possession of an older CPU then you will have no choice but returning the boards to the supplier for them to update the firmware for you, which really is a pain especially if you needed the computers built and delivered quickly.

So next time you think you have a DOA motherboard on your hands ask yourself, is there a chance that the firmware is simply incompatible with the CPU I have on board?

QNAP firmware Updates and Virtual Machines use Caution

One of my clients QNAP devices was largely out of date running version 3.2 something, I really wanted to get them onto 4.0 so I could get some nice Rsync and NAS to NAS backups happening. The QNAP runs as an NFS share with 2 VM's and vmdk files located on it and its connected directly to the ESXi server.

I started by shutting down all the VM's, then proceeded to update the QNAP to version 4.0. Update was successful and all looked well in the world of QNAP, however, something had happened where now I could not access the share via windows explorer for example before I could access \\192.168.0.199\VMStorage directly and see the vmdk files,  but now it was prompting for a username and a password.

Why do you need a password now?

The firmware update had brought with it some additional security settings which had caused the direct referencing of the share not to show the files anymore and it broke the connection with my datastore on my ESXi server. I was using the 'everyone' user in order to access the VMStorage. To fix this I had to create a new user on the QNAP and re-map the datastore on the ESXi server. Then I could boot my VM's no problems.

So if you are running a QNAP with several VM's on it with no security on the area where your VM's are stored then I would be cautious when updating the QNAP firmware. The best thing would be to have security on your VMStorage folder when you first set it up as QNAP is going to require you to do this when you upgrade.

Building computers, don't skimp on the power supply

I have been building computers for a long time now for clients and friends alike. However, there is one thing that keeps coming up and has been an issue since more people started to build their own. Everyone seems to skimp or go cheap on the power supply. In most cases where a client's computer will not start up it is due to a generic PSU that has decided to die. 

If you see something like this, it could be this causing the issue.

Now there is definitely a price advantage to going cheap on the power supply, the range in on PSU's pricing can be quite broad and to the average builder a 500w PSU is a 500w PSU right? Wrong, you can find some PSU's with the same wattage almost $100 in difference. So why the difference in price? It comes down to consistent voltage distribution and the biggest one reliability.

Most clients in my experience understand that this often overlooked component of a computer is valuable and will be happy to pay extra for a more reliable computer.

Haven't had one of these die on me yet...

If you are looking for a quick sale and want to get the box out the door and client is only concerned with price, sure put in an el-cheapo PSU in the box. However, if you want to keep this client happy and value their custom built computer at least set $50+ aside for a decent durable power supply. Some brands I recommend are http://www.antec.com/ and http://www.corsair.com/en/