Ransomware warning from the FBI

CITADEL MALWARE CONTINUES TO DELIVER REVETON RANSOMWARE IN ATTEMPTS TO EXTORT MONEY
The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) and the Department of Homeland Security (DHS) have recently received complaints regarding a ransomware campaign using the name of the DHS to extort money from unsuspecting victims.
In May 2012, the IC3 posted an alert about the Citadel malware platform used to deliver ransomware known as Reveton. The ransomware directs victims to a download website, at which time it is installed on their computers. Ransomware is used to intimidate victims into paying a fine to “unlock” their computers. The ransomware has been called “FBI Ransomware” because it frequently uses the FBI’s name including the names of FBI programs such as InfraGard and IC3. Similar ransomware campaigns have used the names of other law enforcement agencies such as the DHS.
As in other variations, the ransomware using the name of the DHS produces a warning that accuses victims of violating various U.S. laws and locks their computers. To unlock their computers and avoid legal issues, victims are told they must pay a $300 fine via a prepaid money card.
This is not a legitimate communication from law enforcement, but rather is an attempt to extort money from the victim. If you have received this or something similar, do not follow the instructions in the warning and do not attempt to pay the fine.
It is suggested that you:
 Contact a reputable computer expert to assist with removing the malware.
 File a complaint at www.IC3.gov.
 Keep operating systems and legitimate antivirus and antispyware software updated.
Updated Alert
Prepared by the
Internet Crime Complaint Center (IC3)
July 27, 2013

Network downtime – June 3rd 11:24 to 12:31

Amplex experienced a network wide problem today at 11:25am.   While we are still analyzing the logs we have a good idea of what caused the issue.    The network experienced a broadcast storm and loop due to the failure of the mechanisms designed to prevent network loops.

We have seen this same issue twice in the past, approximately one month ago.  In those cases the problem occurred late at night and was not noticed by most customers.  Following the earlier occurrences we made several changes to the network to remove the lower bandwidth backup paths which caused a significant amount of instability.  I can go into much more detail but it’s probably not worth discussing since the important part is…

What are we going to do about keeping it from happening again?

There are several steps we are taking to prevent the issue from occurring in the future:

  • Installation of routers at tower sites.  We are outgrowing the existing network layout (which has worked well for many years) and will be installing routers at the individual tower sites.  This will significantly reduce the broadcast load on the network.  We have avoided placing routers at tower sites in the past for reliability reasons.   The advantages of individual tower routers now outweighs the risks.   Installing routers is low risk and can be done with minimal impact on the network and customers.   The first one will be installed at Luckey today.
  • Splitting the network into 2 logical parts.  The network consists of 2 rings that share a common path between Perrysburg and Lemoyne.  The north ring primarily serves sites in Ottawa county, the south ring serves Wood county.  We are adding an additional link between Perrysburg and Lemoyne and will use that to isolate the north and south rings.  This will reduce the effective size of the network while also helping to isolate issues.
  • Evaluating Performant Networks Software Defined Networking gear.  Performant has designed a network appliance that promises to improve the stability and recovery time for Ethernet networks by incorporating ITU’s G.8032 “Ethernet Ring Protection Switching”.   This standard and equipment allows for sub 50mSec failover in the event of breaks in an Ethernet ring.  The Performant equipment adds an additional feature by continuously measuring the actual performance of the links so that it can make intelligent decisions based on the capacity of the individual links.  Evaluating and installing this equipment is a long term project as the equipment is new and relatively untested.  While it shows great promise we want to run it in a test environment for several weeks before attempting to deploy it.

We understand that a reliable network connection is very important to you and sincerely apologize for the issues today.  If you have further questions please do not hesitate to contact us.

Mark Radabaugh, VP Amplex

Partial Internet outage 11/12/08 4:24pm to 4:45pm

We noticed a brief loss of connectivity to some destinations on the Internet this afternoon.   The problem occured in a portion of the Verizon network and affected traffic to some popular destinations such as CNN, MySpace, and Facebook.     The problem cleared while we were analyzing the situation and deciding on a course of action.

Numerous network operators are reporting the problem on outage mailing lists.   Verizon has not issued a statement at this time.   The rumor mill is pointing the finger at Level3 claiming bad announcements from Level3 (another very large network).

So how does all this work you ask?  (or the really short intoduction to BGP).

The Internet is not a single entity but rather a collection of independent networks connected together.  The networks connect to each other at gateway routers.   The gateway routers speak a language (actually a protocol) called BGP where they announce to each other what networks (and destinations) are available by sending traffic through the gateway.

Amplex maintains connections to two large networks (Verizon and Cogent) and we recieve information from both telling our router the fastest way to deliver traffic to it’s destination.   Should a network cease to be able to carry traffic to a particular destination (say MySpace) the neighbor router is supposed to ‘withdraw’ it’s offer to carry traffic to that destination.    When that happens, if we still have a route to the requested destination via our other connection, we will send data out the working connection.   Sometimes the route is withdrawn by both providers at the same time – this likely indicates that the destination network itself is no longer online.

In today’s outage Verizon continued to tell our router that the best path to MySpace, CNN, and other sites was to deliver the traffic to Verizon.   Unfortunatly Verizon was not keeping that promise but rather dropping the traffic inside it’s own network.    While that situation is not supposed to happen it does on fairly rare occasions.

Verizon will likely issue a ‘root cause analysis’ regarding the outage at a later date to explain to the routing engineers at other companies how and why this happened and how to prevent it in the future.

How could Amplex work around this problem?

We would shut down the connection to Verizon which then routes all traffic to Cogent.  Unfortunately this is not a decision to be made lightly since shutting down an upstream carrier causes our own announcements to the rest of the Internet to change.   There can be fairly long waits (and disconnections of existing VPN, Video, and other sessions) while the Internet determines the new best path to reach us.

Once we had established that the problem was at Verizon we were preparing to shut down the connection when the problem in Verizon’s network was resolved.

Windows XP Service Pack 3

I can honestly say, I am so behind on caring about Microsoft Products, that I had no idea SP3 was even in the works, but it was, and it is here! Windows XP Service Pack 3 has been released as of today. As with all software patches, especially those labeled Microsoft *anything*, I am extremely wary of actually installing this puppy. Oh, I am sure it fixes many, many gloriously awful issues, and of course, causes 3 times as many new ones. I just can’t get excited about trading the bugs I know, for a whole host of new ones. But, I do have an ace in my sleeve today. I don’t run Windows XP as my primary workstation. I keep a copy of it running on a virtualization system called VMWare. VMware allows me to run a virtual computer, on my computer. So, I can have a copy of Windows XP, a copy of Windows Vista, and I can play with the latest Linux distributions, all without gumming up my workstation. It has lots of cool features too, like the ability to back itself up to a known safe state, so I feel pretty confident that installing this service pack won’t annoy me for very long. But I am rambling, I should I stop that.

Like I said, I am wary of any major Microsoft patches, and I strongly suggest you be wary as well. Better that I install SP3 on my virtual computer, and it blow up, rather than you install it on your PC, and it blow up. My virtual computer is very easy to fix, and I wouldn’t care very much if it wasn’t. I will post my impressions of the patch in a few days, after I have had several moments to see what breaks, what is cool, and of course, what makes me shake my head in utter disbelief.

Network Maintenance for 3/10

It appears from the signal strength graphs that the Curtice tower 900Mhz south facing sector antenna has water in the RF Connector. During the one above freezing day we had this week (Thursday) the signal strength for all the customers off that sector dropped about 12dB when the moisture in the connector turned from ice to water. The problem ‘corrected’ itself around 2am when the moisture refroze. This RF loss that comes and goes with temperature is a pretty good signal that there is water in places it shouldn’t be. Clearing the water may take 1/2 hour as I will need to heat the connectors to drive the moisture out but it needs to be done carefully so as to not damage the connector in the process. My plan is to do this Monday afternoon/early evening. With the other 2 sectors in place at Curtice this should only affect a few customers.