RE: Windows 7_Cyberattack Vulnerability Exploited

Using a z420 (Xeon E5-1650 v2 /64GB / GTX 1060 / Samsung 860 EVO 500GB + HGST 7K6000 4TB / HP OEM Windows 7 Pro'l64-bit), last Friday using the Chrome browser- which will not allow many sites' access with a VPN (PIA) running, resulted in a serious cyberattack, resulting in necessitating a complete restoration of C:/ and the changing of every password.

The attack was quite clever in that it was disguised as an MS OS update.  When shutting the system down, the familiar message to the effect that "Windows is installing updates, do not turn off the computer".  It took a moment to process the conflict with the fact that Windows 7 updates- which were mostly security related toward the end of support, had been ended on January 14, 2020,  meaning that this was an exploit, possibly phishing or ransomware.  However, the surprise of this delayed the reasoning and the cold shutdown at the power switch for probably two to three minutes.

The damage was done however and upon restart, Windows would not start, only displaying the "configuring Windows updates" screen.  Attempt to start Windows in Safe Mode and etc. did not work, the startup would revert to the "configuring updates screen, appearing that it would never complete that process, possibly buying time, disguising phishing for passwords and data. 

 I have the z420_3 system image on an external HD (HP/HGST Enterprise 6TB) that is never run except during backup which could have used to restore the z420_3 drive by installing it in z620_2, but instead I simply cloned the z620_2 drive (HP Z Turbo Drive M.2 AHCI 256GB, as I had recently gone through that drive (CCleaner) and  multiple scans (Malwarebytes, AdwareCleaner).  As the BIOS and Windows version of z620_2 and z420_2 are identical, and the software I use allows installation on two systems as long as they are not used simultaneously, all the programs are activated and settings are correct. 

The cloning (187GB) from the fast M.2 ZTurbo Drive to the reasonably fast Samsung 860 EVO connected to an internal SATA 3.0 port was quite fast, perhaps 20-25 minutes. And the Passmark PerformanceTest results demonstrated a reasonable improvement. This test was run at 4.2GHz on all cores, but the test conditions were not optimized as this system is usually run all-core at 4.3GHz:

z420_2 PT 9.0 Test_ @ 4.2GHz

While the rating is  off that system's peak of 5644 (see peak results below), the Disk Mark is highest result for that drive, perhaps reflecting the recent maintenance effort.

As I was concerned that the exploit was phishing, I changed all passwords, and this was far more time-consuming than the system recovery.

This occurred despite using an VPN (PIA), Firefox running unlogged DuckDuckGo searches and beginning today, using the Tor Browser. 

I had hoped that continuing use of Windows 7 would be possible, thereby saving the considerable expense of replacing programs and hardware that will not run on Windows 10, but half an hour in the hard-tracking Chrome and shut-down VPN environment was the first successful attack since 2010.  I strongly recommend anyone still using Windows 7 to use a VPN  (recommended: PIA or Nord), the Tor Browserand suggest considering Proton Mail which is encrypted and to end for anything with financial or proprietary content.

My recent use of Windows 10 on the HP ZBook 17 G2, however is still not encouraging the change. In my view, the reason Win 10 was initially given away is probably that it is hard-wired for tracking / surveillance and the resulting data must be sufficiently profitable. Particularly concerning is  Microsoft Edge, which as far as I know, can not be removed and not modified in important privacy categories.  An example of this situation; when setting up, I turned off at least seven or eight modes of the ZBook 17 G2 OS reporting to MS , but had used the system for at least ten hours before learning that the camera and microphone were by default always on.  

BambiBoomZ

HP z620_2 (2017) (R7) > Xeon E5-1680 v2 (8C@ 4.3GHz) / z420 Liquid Cooling / 64GB (HP/Samsung 8X 8GB DDR3-1866 ECC registered) / Quadro P2000 5GB _ GTX 1070 Ti 8GB / HP Z Turbo Drive M.2 256GB AHCI + Samsung 970 EVO M.2 NVMe 500GB + HGST 7K6000 4TB + HP/HGST Enterprise 6TB /   Windows 7 Prof.’l 64-bit  (HP OEM) [ Passmark Rating = 6280 / CPU rating = 17178 / 2D = 819 / 3D= 12629 / Mem = 3002 / Disk = 13751 / Single Thread Mark = 2368 [10.23.18]

HP z420_3: (2015) (R11) Xeon E5-1650 v2 (6C@ 4.3GHz) / z420 Liquid cooling / 32GB (HP/Samsung 4X 8GB DDR3-1866 ECC registered) / EVGA SSC GTX 1060 6GB/ Samsung 860 EVO 500GB + HGST 4TB / 600W PSU > Windows 7 Professional 64-bit (HP OEM ) [Passmark System Rating: = 5644 / CPU = 15293 / 2D = 847 / 3D = 10953 / Mem = 2997 Disk = 4858 /Single Thread Mark = 2384 [6.27.19]

HP ZBook 17 G2: (2015 ) i7-4940MX Extreme (4C@ 3.1/ 4.0GHz) / 32GB / Quadro K3100M 4GB / Kingston 480GB SATA SSD / 17.3" LCD 1920 X1080 panel > HP docking station> video DP to HP 2711x 27" LCD + Dell 17" (2007!) [Passmark System Rating: = 3980 / CPU = 10140 / 2D = 618 / 3D = 2779 / Mem = 2559 Disk = 4662 / Single Thread Mark = 2387 [1.3.20]