Translate page Now !!

Monday, 28 October 2013

Understanding Cryptolocker

What is CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted

CryptoLocker payment screen

CryptoLocker will then begin to scan all physical or mapped network drives on your computer for files with the following extensions: *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c. When it finds a files that matches one of these types,it will encrypt the file using the public encryption key and add the full path to the file and the filename as a value under the HKEY_CURRENT_USER\Software\CryptoLocker\Files Registry key.
When it has finished encrypting your data files it will then show the CryptoLocker screen as shown above and demand a ransom of either $100 or $300 dollars in order to decrypt your files. This ransom must be paid using Bitcoin or MoneyPak vouchers. It also states that you must pay this ransom within 96 hours or the private encryption key will be destroyed on the developer's servers.

Command & Control Server Message

How to increase the time you have to pay the ransom

When the CryptoLocker is first shown, you will see a timer that states you need to pay the ransom within 96 hours. Some people have reported that you can increase the time by rolling back the clock in your BIOS. So to increase the timer by 10 hours, you would change your clock in your BIOS to 10 hours earlier. The virus author has stated that using this method will not help. They have said that the private key required for decryption will be deleted from the Command & Control server after the allotted time regardless of how much time it says is left on the infected computer.

Sunday, 13 October 2013

Knowledge about WMI / Query

Dear All,

We understood that many times end users often have questions like ?
What kind of software products was installed on my workstation ?
What are the type of windows patches that was install on my workstation ?
What kind of CPU chip am I using ?
What is my motherboard serial number ?
How Many users account were created on my workstation ?

Click Here to download the document.

The purpose of this document is to help user to familiarize WMI-Command line usage. Most of the information have been simplified. Should you have more questions please revert back to GuoWen.su@softwareone.com

Friday, 11 October 2013

Microsoft Licensing Umbrella

Dear All,
 

Click Here to download


The purpose of this document is to explain to customers who are new to Microsoft Licensing terms and various types of licensing agreement and processes.
Hopefully with this document it somehow provided you a basic understanding of what is all about.
inside the document. It also provide information about Open licenses, Select + and enterprise agreements.
 
Revert if you have any questions. guowen.su@softwareone.com SoftwareONE | One Focus | Your Licensing experts.

Wednesday, 9 October 2013

Microsoft Cloud Licensing Changes

Dear All,

As we understood that Microsoft have recently added new licensing terms into the Microsoft licensing spectrum.

So I hope with the below document it will give you some vision on what microsoft have change :)

Click Here to download

Friday, 4 October 2013

Azure Active Directory Integration Methods

Azure Active Directory -Tips to AAD Integration Features


The purpose of this document is to further assist IT cloud administrators in integrating on premises AD users profile onto cloud Azure active directory services.

 

To download the user guide -- Click Here

The above document will assist you in setting up Azure Active Directory integration. Help yourself by downloading a copy it is free of charge.
Please click on the stars if you feel that my user guide is deem helpful to you.

What is Windows Azure Active Directory?

Windows Azure Active Directory is a service that provides identity and access management capabilities in the cloud. In much the same way that Active Directory is a service made available to customers through the Windows Server operating system for on-premises identity management, Windows Azure Active Directory (Windows Azure AD) is a service that is made available through Windows Azure for cloud-based identity management.

How to establish connectivity with Azure Platform with Office365


Author: Su Guowen | Technical Evangelist | Microsoft Community Contributor
Email: guowen.su@softwareone.com
Blog: http://geeky-gw.blogspot.sg/


Tips: Follow the Red box

Note: Pre-requisite -You must have an existing O365 Subscription with Microsoft in-order to establish the connectivity.
Link On How to setup O365 -- Watch Video Here

Download the User Guide by click Here 

How many of you out there are having plans in enrolling into a Azure subscription ?

The step by step document can enable users who are having difficulties in enrolling Azure subscription.
In the document i will also show you how to ensure the O365 platform establish a connectivity with Azure Platform.
Should you have any questions. Please feedback at guowen.su@softwareone.com