Archives 2019

Article (PSA‑0012)

Historical Overview – Windows 7 End of Support (January 14 2020)

• All Windows 7 editions (Starter, Home Basic, Home Premium, Professional, Enterprise, Ultimate) stopped receiving **security updates, bug fixes, and Microsoft‑provided technical support** on 14 Jan 2020.
• Third‑party software vendors began withdrawing support for their products on Windows 7, and many newer applications no longer install on that OS.
• Microsoft offered an **Extended Security Updates (ESU)** program for businesses that needed extra time, but the program **ended on 13 Jan 2023**.
• At the time, users who upgraded from a licensed copy of Windows 7 could move to Windows 10 at **no additional OS cost** (Microsoft covered the license upgrade). The upgrade was a one‑time service fee for the technician.

Why the End‑of‑Life Still Matters (2024‑2025)

Even five years after the official EOL, many machines still run Windows 7. The risks are now even higher because:

• **No security patches** – new vulnerabilities discovered today are never fixed on Windows 7, leaving systems exposed to ransomware, malware, and remote exploits.
• **Application incompatibility** – modern productivity suites, browsers, and cloud services no longer support Windows 7, leading to loss of functionality and potential data loss.
• **Compliance issues** – regulations such as GDPR, HIPAA, and PCI‑DSS require supported operating systems for data protection; Windows 7 does not meet those requirements.
• **Hardware driver shortages** – newer hardware (NVMe SSDs, USB‑C, Wi‑Fi 6) lacks drivers for Windows 7, limiting upgrades or replacements.

Addendum (2024‑2025): What to Do Now

1️⃣ Migrate to a Supported OS

1. Windows 11 – the current Microsoft desktop OS. Minimum hardware includes a 64‑bit CPU (8th‑gen Intel or newer / AMD Ryzen 2000 or newer), 4 GB RAM, 64 GB storage, UEFI with Secure Boot, TPM 2.0, and DirectX 12 graphics. Ideal for new machines or for hardware upgrades.
2. Windows 10 – still supported until **14 Oct 2025** (extended support). Good choice if existing hardware cannot meet Windows 11 requirements. After Oct 2025 you’ll need to upgrade again.
3. Linux (Ubuntu, Mint, Debian, etc.) – free, regularly patched, and increasingly compatible with mainstream business applications (Office‑365 web, Chrome, Firefox). Suitable for legacy hardware and for organizations wanting an OS without licensing fees.

2️⃣ Licensing & Cost Considerations

• Windows 11/10 licenses are sold per device (OEM or retail) or via volume‑licensing for businesses. Prices vary $100‑$150 per seat for retail; volume discounts available.
• Many PC manufacturers now include a **Windows 11 Home** license with new hardware at no extra cost.
• Open‑source Linux distributions are free, but you may need paid support (e.g., Ubuntu Advantage) for mission‑critical environments.

3️⃣ Migration Path – Step‑by‑Step Checklist

1. Backup everything. Use the 3‑2‑1 rule (3 copies, 2 media types, 1 off‑site). Verify restores before proceeding.
2. Inventory hardware. Check CPU, RAM, storage, and TPM 2.0. Run the PC Health Check tool or a third‑party scanner.
3. Choose the target OS. If hardware is borderline, consider Windows 10 (short‑term) or Linux (long‑term).
4. Plan application compatibility. List critical apps and verify they run on the new OS (use vendor compatibility lists or test in a VM).
5. Perform a pilot upgrade. Deploy to a single workstation or a small group, resolve issues, then roll out to the rest.
6. Finalize and document. Update device inventories, license records, and backup schedules.

4️⃣ For Legacy Systems That Must Remain on Windows 7

• Isolate the machine on a **segmented network** or VLAN with no Internet access.
• Apply **application‑level firewalls** (e.g., Windows Defender Firewall with strict inbound/outbound rules).
• Use **air‑gap** strategies: disconnect from the network when not in use.
• Consider **third‑party extended support contracts** from vendors such as BullGuard or Lumension, though these are expensive and temporary.
• Plan a **decommission schedule** – set a firm deadline for retirement and budget for replacement hardware.

5️⃣ Security Best Practices (Regardless of OS)

• Enable **multi‑factor authentication (MFA)** on all cloud services and VPNs.
• Keep all installed software (browsers, Office suites, drivers) up to date.
• Run reputable **anti‑malware** solutions and schedule regular scans.
• Encrypt sensitive data at rest (BitLocker for Windows, LUKS for Linux).
• Educate users on phishing, social engineering, and safe download habits.

Getting Help with the Transition

If you need assistance assessing your current Windows 7 fleet, planning a migration to Windows 10/11 or a Linux alternative, or securing legacy machines while you transition, call PSA Computer Services at (707) 506‑6802. We’ll help you design a cost‑effective roadmap that keeps your data safe and your business running.

Dear Reader,

The FBI is the lead federal agency for investigating cyber-attacks by criminals, overseas adversaries, and terrorists, and the FBI’s IC3 provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet facilitated criminal activity.

The 2018 Internet Crime Report emphasizes the IC3’s efforts in monitoring trending scams such as Business Email Compromise (BEC), Extortion, Tech Support Fraud, and Payroll Diversion. In 2018, IC3 received a total of 351,937 complaints with losses exceeding $2.7 Billion.

This past year, the most prevalent crime types reported by victims were Non-Payment/NonDelivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported loss were BEC, Confidence/Romance fraud, and Non-Payment/Non-Delivery.

In February 2018, the IC3 established the Recovery Asset Team (RAT) to assist in the recovery of funds for victims involved in BEC schemes by streamlining communications to financial Institutions. The RAT works within the Domestic Financial Fraud Kill Chain (DFFKC) to recover fraudulent funds wired by victims. The DFFKC is a partnership between law enforcement and financial entities. In 2018, the IC3 RAT notified 56 field offices and 12 Legal Attachés of 1,061 DFFKC’s totaling $257,096,992, a recovery rate of 75%.

Another new asset of the IC3 was the creation of the Victim Specialists-Internet Crimes (VSIC) position. The VSIC contact victims of internet crimes, provide crisis intervention, conduct needs assessments, and refer victims to resources and referrals when appropriate. This new position is designed to ensure timely support and services are provided to victims to prevent further victimization and to engage the recovery process as quickly as possible. These positions also lead to a greater coordination of services with the victim’s local field office Victim Specialist.

We hope this report provides additional information of value as we work together to protect our nation against cyber threats.

Matt Gorham
Assistant Director
Cyber Division
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2018_IC3Report.pdf

Tip (ST19-001)
Security Tip – Protecting Against Ransomware
Original release date: April 11, 2019

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/tips/ST19-001

Article (PSA‑0011)

Why This Year Was a Wake‑Up Call

From the rapid spread of WannaCry and NotPetya ransomware to the explosion of illicit cryptocurrency miners, 2017 reminded us that cyber‑threats can appear from unexpected places. Each year the quantity and variety of threats increase, and attackers continuously develop new ways to infiltrate devices while covering their tracks.

Key Threat Statistics (2017‑2023 Trend Highlights)

• Ransomware – Over 2 billion records exposed worldwide (2022 Verizon DBIR).
• Cryptocurrency miners – Symantec reported an 8,500 % increase in miner detections from 2016 to 2017; the trend continues with modern “cryptojacking” scripts on compromised websites.
• Downloader families – + 92 % new variants reported in 2017; these “dropper” programs fetch additional malware after initial infection.
• Mac malware – + 80 % new threats in 2017, and the numbers have kept climbing as macOS market share grows.

What Is Malware?

“Malware” = malicious software. It’s an umbrella term for any program that infects a computer without the user’s consent, including viruses, ransomware, spyware, ad‑ware, trojans, and cryptominers.

Common Infection Vectors (non‑exhaustive)

• Infected email attachments.
• Compromised USB thumb drives or external disks.
• Downloads from untrusted websites or pirated software.
• Malicious links in email, social‑media posts, instant‑message chats.
• Drive‑by downloads via compromised legitimate‑looking websites (malvertising).

For a full glossary of terms, see our Threat Glossary.

Do You Need to Worry About Malware?

Absolutely. Cyber‑crime targets anyone with an Internet‑connected device—home users, small businesses, and large enterprises alike.

• Business impact: A breach can expose customer data, trigger legal penalties (GDPR, HIPAA, PCI‑DSS), and damage reputation.
• Personal impact: Family photos, financial documents, and personal communications can be stolen, encrypted, or deleted.
• Recent surveys (Verizon 2023) show **≈ 1 in 3 people** reported a personal security incident in the past year.

Basic Protection Checklist (Start Here)

1. Keep software updated. Enable automatic Windows/macOS updates, and patch third‑party apps as soon as patches appear.
2. Use reputable antivirus/anti‑malware. Microsoft Defender (Windows 10/11) or a trusted third‑party solution (Bitdefender, Malwarebytes, ESET).
3. Enable a firewall. Built‑in OS firewall is sufficient for most home users; ensure it’s turned on.
4. Practice safe browsing. Don’t click unknown links, verify URLs, and avoid downloading from untrusted sites.
5. Secure email. Use spam filters, enable MFA on email accounts, and never open unexpected attachments.
6. Back up your data. Follow the 3‑2‑1‑0 rule (three copies, two media types, one off‑site, zero errors).
7. Enable multi‑factor authentication (MFA) on any cloud service, VPN, and privileged accounts.

What to Do If You Suspect an Infection

• Disconnect the device from the Internet (disable Wi‑Fi/Ethernet).
• Run a full scan with an up‑to‑date anti‑malware product.
• If the scan reports ransomware or a serious threat, isolate the machine and consider professional remediation.
• Change passwords for any accounts accessed from the infected device (preferably from a clean device).
• Restore files from a recent, verified backup if they have been encrypted or corrupted.

2025 Update – New Threat Landscape & Mitigations

Since the original 2017‑2023 overview, several important developments have reshaped the threat environment. Below is a concise addendum you can use to keep the article current.

1️⃣ Ransomware‑as‑a‑Service (RaaS) is Mainstream

• Attack‑as‑a‑service platforms (e.g., LockBit 2.0, Hive, Blackcat) let low‑skill actors launch ransomware attacks for a subscription fee.
• 2024 Verizon DBIR reported 61 % of data‑breach incidents involved ransomware, and total ransomware payments in 2024 topped **$1.5 billion**.
• Mitigation: Deploy **endpoint detection & response (EDR)** solutions (CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint) that can detect malicious behavior before encryption begins; maintain immutable backups (write‑once, read‑many) to thwart ransom demands.

2️⃣ AI‑Generated Phishing & Deepfake Social Engineering

• Large‑language models are being used to craft hyper‑personalized phishing emails that bypass traditional keyword filters.
• Deepfake video/audio calls are increasingly used to impersonate executives (“CEO fraud”).
• Mitigation: Adopt **zero‑trust email verification** (DMARC, SPF, DKIM), train staff with regular simulated phishing campaigns, and enforce MFA for all privileged accounts.

3️⃣ Supply‑Chain & Software‑Update Attacks

• After the 2020 SolarWinds breach, attackers have focused on compromising software update mechanisms (e.g., recent Octave and EventX incidents in 2025).
• Mitigation: Verify code signatures, enable **code‑signing integrity checks**, and limit admin rights on update tools.

4️⃣ Cryptojacking Evolution

• Browser‑based cryptojacking scripts now target **WebAssembly** for higher hash rates, often delivered via compromised ad‑networks.
• Mobile devices are also being hijacked to mine Monero via malicious apps.
• Mitigation: Use browser extensions that block crypto‑mining scripts (e.g., uBlock Origin, NoScript), keep browsers and plug‑ins up to date, and run mobile anti‑malware scans.

5️⃣ Rise of “File‑less” Malware & Living‑off‑the‑Land (LotL) Techniques

• Attackers increasingly leverage legitimate OS utilities (PowerShell, Windows Management Instrumentation, Office macros) to execute payloads without dropping a file on disk.
• Mitigation: Enable **Windows Defender Exploit Guard** (Attack Surface Reduction rules), enforce **Application Control** (AppLocker or Microsoft Defender Application Control), and limit PowerShell execution policies.

6️⃣ Enhanced Defensive Technologies (2025)

• Microsoft 365 Defender XDR integrates email, endpoint, identity, and cloud app protection using AI‑driven analytics.
• Zero‑Trust Network Access (ZTNA) replaces traditional VPNs for many businesses, reducing lateral movement risk.
• Endpoint platforms now provide **automated ransomware rollback** (e.g., CrowdStrike’s “Rollback” and SentinelOne’s “ActiveEDR”) that can restore files to pre‑infection state without a backup.

7️⃣ Updated Statistics (2025)

• IDC estimates **5.6 billion** devices will be infected with some form of malware by the end of 2025.
• 2024 Palo Alto Networks report shows a **28 % increase** in credential‑theft attacks targeting remote‑work setups.
• Cyber‑insurance premiums have risen an average of **23 %** year‑over‑year, reflecting the growing cost of ransomware and data‑breach remediation.

Need Help Right Now?

If you have questions about current threats, want a security assessment, or need assistance cleaning an infected system, call PSA Computer Services at (707) 506‑6802. We’ll help you protect your data and get you back online safely.