Ransomware! What is it, and what can I do about it? (Part 2 of 2)

April 10, 2017 at 4:55 pm | Posted in cybersecurity, Knowledge | Leave a comment
Tags: ,

In my first post (Part 1), I went over the basics of how ransomware exploits your computer, and the #1 weird trick that computer experts use to avoid the pain of ransomware: namely, always have a current, offline backup of your files where the thieves can’t encrypt it in the first place.  Backups can save you from the pain, the agony, and the grief of ransomware. You may have to reimage your computer and copy a known set of good files from a backup set, so the more often you back up, the better off you’ll be.

However, if everyone always had a current backup, there’d be a lot less ransomware out there. The criminals who spread ransomware know that most people don’t back up their data. According to the FBI, attacks by ransomware accrued over $18 million by June 2015, and ransomware attacks are expected to boom in 2017. Crime pays, and pays well.

GGordonLiddy

Also, cybercriminals attack new and surprising venues every day (like Android screen lockers that demand payment in Amazon gift cards), so you may be the next victim. And while backups are good, you don’t want ransomware (or malware of any kind) on your computers in the first place.  And finally, if you’re in IT, you’re always going to field the eventual call from your mom, your brother, or your college roommate, saying “Help! There’s a message on my computer screen that says ransomware has infected my router and I have to pay $200!”

In this post, I’ll go over some general suggested practices to harden the various areas of your computer or network where malware might enter in the first place. I’ll also list the better resources to turn to for ransomware news and solutions that may help you extricate someone from a ransomware attack.

(Note: the first part is mostly Windows-based, but the second part applies to all computer users.)

Reveal it all

If you run a Windows machine, you should always show hidden file extensions using Windows Explorer. The average user – your college roommate, Joe Lunchbucket – has been warned a zillion times by the IT department never to open an executable file from email or a URL, and believe it or not, he won’t. But if he unzips an attachment, say an automated email from the local printer, and sees a file named BillJones_Resume.PDF, he’s going to think it’s really a PDF file. If file extensions are hidden (the default behavior) he won’t realize the file is actually BillJones_Resume.PDF.exe.

File extension viewing can be enabled by opening Windows Explorer, choosing the View, choose Options, and choosing Change folders and search options. On the View tab of the Folder Options window, uncheck Hide extensions for known file types. (The exact path may depend on which version of Windows you run.)

FolderOptions

Keep executables and known bad links out of email, and keep updates current

Ensure that your email service filters out EXE and script files. This may not protect you from someone hiding an EXE in a ZIP file, though. At work, your corporate infrastructure should have in-mail protection such as antivirus engines that check mail and attachments before the email is sent to the inbox, and checks web links to see if they are dangerous or spoofed.

If you’re operating in a Windows enterprise environment, you or your IT administrator can use Group Policy Objects (GPO) to prevent ransomware like Cryptolocker from executing its payload in the \USERS folder, AppData, Local App Data folders, or Temp directories.

Check if you have any Remote Desktop Protocol (RDP) ports open and disable these ports to prevent access to your desktop remotely. (TrendMicro reported a sharp uptick in the number of brute-force RDP attacks in 2016.)

Patch or update your software and browsers regularly. Windows Update ensures that you have security patches and fixes for your operating system. Remember, if you have Windows 10, your free malware/anti-virus protection app is Windows Defender. To get updated malware and virus signatures, and to update Windows Firewall, you have to run Windows Update.

On a related note, make sure your device firmware (even routers, streaming devices and smart TVs, and refrigerators) are updated regularly.

Axe the non-essentials and known vulnerabilities

Remove Adobe Flash on computer. Do you need Adobe Flash? Lots of malware attacks come from fake pop-ups that tell the user to update their Adobe Flash or from malvertising that uses Flash. If you do keep Adobe Flash, make sure that your antivirus/ antimalware system actively checks for malware files. Other common browser hijacks will pop up a message saying you need to download an emergency update to Firefox or click to install free anti-virus software. Ensure that these kinds of applications update silently in the background so you won’t be fooled.

What to do if you think a ransomware attack is underway

If you suspect you’ve just landed on a site that’s infected with ransomware, disconnect your machine from the outside world. Unplug your Ethernet connection. Turn off your WiFi. If you move fast enough, you may protect network-attached drives from being affected. Get off the network and fire your anti-virus and anti-malware engines up immediately.

First – as I already stated – it’s a mistake to pay. (If you do decide to pay, it should always be a last resort.) Your first step should be to verify that it’s REALLY ransomware or malware, and not a browser hijack or a scareware popup that goes away when you close your browser and restart your computer.

It’s really ransomware: where to go for help (or to help others)

Ransomware can be divided roughly into two groups: sophisticated proware, and amateur hour. Even if it’s not just a scareware popup, some ransomware can be circumvented with built-in system tools. I know someone who was recently hit with Spora, a nasty and sophisticated cryptoware for which there’s no current fix. However, she managed to retrieve some of her files using Windows Previous Versions and volume shadow copies (VSS).

DON’T start with a random Google search. A huge number of search results from “how to fix ransomware XYZ” will be spurious or links infected with malware. (Criminals work the SEO to try to direct you back into their web.) Using another computer if you have to, go directly to the blog or forum maintained by your anti-virus or anti-malware solution provider and search for information there. In fact, major antivirus providers offer free ransomware discovery or decryption tools on their websites, and non-profit sites exist that will help you identify what’s infecting your system, so any of these links are also a good place to start:

Subscribing to security newsfeeds is a good way to keep your background knowledge high. If you want to read up on ransomware before you’re hit with an attack, Digital Guardian released its list of The Top 50 InfoSec Blogs You Should Be Reading (including authorities like Krebs On Security).

If you or someone you know is a victim of ransomware, it will tell you there’s a deadline of 48 to 96 hours to pay the ransom to get a private key. After the time has expired, the private key is gone and your data is forever encrypted. It’s possible to set the BIOS clock back in an attempt to delay the process and explore options. However, once the data is encrypted, you may not be able to access the files. If you can, make a new backup image of your files, even if they’re encrypted – you can always try decryption now, or at a later date once new solutions are released. (This is exactly what I told my friend who was a Spora victim to do with the rest of her hard drive that’s still encrypted.)

While this can’t be a comprehensive guide to fixing ransomware, I hope it was able to point you in the right direction. Before I leave, I want to share this amazing timeline of the varieties of ransomware released between May 2016 and today.

Until next time,

George Monsalvatge

 

Ransomware! What is it, and what can I do about it? (Part 1 of 2)

April 4, 2017 at 3:08 pm | Posted in cybersecurity, Knowledge, Technical Tips | 1 Comment
Tags: , ,

Ransomware! What can I do about it?

We live in dangerous times. Your cranky grandfather was right: they are out to get you – but who are “they,” and what the heck are we talking about? Ransomware, of course. It’s out there, and its coming for you.

Mobsters extort money from people. You may be a fan of mobster movies or the Sopranos on HBO, but it’s only fun to watch mobsters at work when you’re not the one getting the shakedown. I don’t know Tony Soprano, and besides, I like Joe Pesci’s character in Lethal Weapon III better than his characters in Casino or Goodfellas. Extortion could be coming to a PC, Mac, or even Linux box near you in the form of ransomware.

Mobsters

It’s fun to watch these guys on TV. It’s not so fun to be a victim in your own home.

First I’ll go over the basics of how ransomware works.  I’ll explain the most common mistake you may be making – even if you’re an IT professional – that might leave you a victim of a drive-by drive-locking. And, of course, I’ll tell you the best ways to prepare to fight ransomware.

In my follow-up post I’ll go over some specific strategies to harden your e-mail and firewall against malware attacks and share a recommended reading list for infosec news.

How the shake-down starts

You can be extorted on the Internet without being infected with ransomware. Hijacking someone’s social media account (like Instagram), changing their login, and then demanding payment for the user credentials is extortion, but it isn’t ransomware.

Ransomware is a type of malware that infects your computer and encrypts your files or blocks access to your own data. The ransomware displays a message stating that the attacker will unlock your files for a price, and that payment should be rendered through a nominally untraceable electronic currency, such as BitCoin or MoneyPak. It usually gives you a time limit and threatens to permanently destroy your data if you don’t pay before the deadline.

For home users, that price is usually set between $150-300 USD or Euros. For business victims, the demand might start at $500 – or it could be $10,000 and escalate from there.

How did the ransomware get there?

The malware that carries the encrypting payload is loaded on your computer in a number of ways. The malware could have come from a downloaded file or from a browser hijack. The malware could be hidden in another program. Any web site that hosts third-party ads, like recipe blogs and your favorite vintage car forum, can be a huge vector for malware no matter how innocent the site itself is; just visiting the site or clicking an ad by accident can expose you to a silent malware download.

No operating system is immune (not even mobile phones or home appliances). Ransomware can affect PCs running any operating system and Macs. Yes, I said Macs. A ransomware called KeRanger was found in a BitTorrent software that was designed to install on the Apple OS X operating system. The KeRanger malware will encrypt files on your computer and try to encrypt Time Machine backup files to prevent you from recovering the data from a backup. The KeRanger malware attackers want $400 for the private key.

[Note: If you frequent Bittorrent sites, you know they have pirated files for download from shady servers. Don’t be surprised when you lie down with dogs and get up with fleas.]

What happens when the ransomware activates?

A majority of active ransomware uses a variation of Cryptolocker. Once the malware is loaded on your computer, it first contacts a central server on the Internet. That server creates a unique encryption key pair. A public key that is kept on the local computer and the private key used for decryption that is kept on the attacker’s central server. Once the public key and private key are created, the malware will begin encrypting files locally on your computer and any mapped drives.

The attacker has the private key and will sell it you to use to decrypt your files. If you have ransomware on your computer, you will get a pop-up that instructs you to pay money via BitCoin, MoneyPack, or something similar.

CryptoLocker

When ransomware is an offer you can’t refuse

Ransomware is common because it’s cheap to implement (for the attackers) and hugely effective. Steve Perry of Journey once sang the wheel in the sky keeps on rolling. Well, when it stops rolling, everybody raises hell. If your business has an outage, the data has to be restored. Money never sleeps; your network has to hum along 24 hours day. The Internet is like Waffle House: it never closes. (I can go on and on in this vein. Don’t try me.) In short, your customer expects that you will never be closed and that your (and their) data will always be there. Ransomware that locks your data up has kneecapped you right in the business income.

Many business victims would rather just pay the ransom and get access restored. The logic goes that it’s better to pay rather than to lose an unknown amount of revenue from the downtime they’ll incur while trying to root out the infection and restore systems.

Unfortunately, this is EXACTLY why ransomware continues to flourish, and exactly the wrong response to an attack.

Whatever you do, if at all possible: DON’T. PAY. THE. RANSOM. There are two very important reasons why this is a bad idea:

  1. You are dealing with criminals. There is no guarantee you’ll even get the private key to unlock your files.
  2. If you pay, you only encourage this crime to continue.

However, it’s easy for me to lecture you on this. I didn’t have my laptop full of all my kids’ photos, my graduate thesis, the last video of my late wife, or some other valuable data extorted from me. I can honestly say that if I was in that situation, I don’t know whether I would pay to get that data back.

The #1 mistake that leaves you vulnerable to ransomware

Pirating movies. Frequenting shady websites. Buying a “smart” refrigerator and letting it connect to your home wireless router without changing the default settings. Failing to keep your anti-virus programs updated. All of these are bad ideas, but they’re not the #1 mistake that makes you most likely to shell out the (bit)coin and retrieve your data.

Sure, our goal should be to never get infected with ransomware. But given the speed at which these attacks evolve, it’s not realistic to assume that our firewalls and anti-virus software will be 100% effective. The best offense is always a good defense; with ransomware, the best defense is a secure recent backup.

Threats only work if you’re afraid of the consequences. With a secure external backup, you can wipe your system and walk away from the demands.

After all, if you have a full image of your system and a secure external copy of your data, you can risk losing a few days’ worth of files while you wipe and reimage your system to remove the malware.  You could use a snapshot to restore your system, or clean your machine and restore your data.

Unfortunately, home users (and many small businesses) rely on cloud-connected file servers like OneDrive and Dropbox to back up the physical copies stored on our hard drive. Or we never keep a local copy of our files, assuming that our cloud providers have better intrusion security than we could provide for ourselves.

Rest assured: backing up to the cloud won’t protect your data. Malware like Cryptolocker can encrypt files on mapped drives and external drives. This definitely means your Dropbox, OneDrive, Google Drive or cloud service that is mapped to your machine can also be infected and your cloud-based files can be encrypted just like your local ones.

You should treat the personal data on your laptop or desktop, company data on your company’s laptop, or data on your company’s devices just like the data on corporate servers and schedule regular backups. Furthermore, you need to back up to external drives.

You should have your drives backed up to an external drive on a regular basis or use a backup service that does not use an assigned drive. Why does it have to be an external drive? Variations of Cryptolocker can check for shadow files on your computer and disable or delete them.

How often you perform backups will determine how much you lose.

In our next post…

In my next post I’ll share a few ways to harden your OS, firewall, email, and end users – even your grandma – against some common ransomware entry points. I’ll also suggest ways to handle the dreaded “friends and family support call.”

Until next time,

George Monsalvatge

 

Kaplan IT Training Announces New Blog Column Focusing on Women In Technology

March 30, 2017 at 10:58 am | Posted in Certification Paths, cybersecurity, Knowledge, Uncategorized | Leave a comment

Welcome!

Women At Work In Engineering and Technology is our new blog column created especially for women working in these specializations and those who are interested in taking on the challenge. As we bring Women’s History Month 2017 to a close, this is the perfect time to introduce our new column. Let’s make Women’s History Month every month for women in technology.

Worker Shortage

Although many women are currently work in the area, education and corporations are investigating ways to encourage more women and girls to choose tech as a career option. Women have played a large part in engineering, technology, science and math, but until recently were often overlooked. The recognition is growing and so are the opportunities. There are definite shortages of technology workers, most assuredly women are missing at larger rates than men. How can we address this?

There are companies and institutions that have chosen to provide virtual classes for beginners as well as advanced learners that teach coding. Coding literacy is in demand and companies are finding innovative ways to fill the void. This is an example of how important technology has become in our world. Currently, there is a lack of employees that can take on the roles of software engineers and system administrators. Fortunately for those who acquire these skills, the need is increasing.  Other areas that contain critical shortages include cyber security and data management.

Educational Efforts In Public School Education

There are efforts in K-12 education in many schools across the nation to bring coding and advanced technology classes to students. These efforts are boosted by the United States push towards S.T.E.A.M and S.T.E.M.

S.T.E.A.M. is education’s way to encourage students’ to embrace careers in Science, Technology, Engineering, The Arts, and Math. This usually takes place in lower grade levels through middle school. S.T.E.M. is the acronym given to Science, Technology, Engineering and Math studies in high schools. Students are surrounded by technology, but oftentimes they are not aware of its power or relevance. Many educational institutions believe that if introduced early enough, students will take advantage of the knowledge over the course of their education and be more apt to be successful in an increasingly technical world. Girls, in particular, are targeted because of the scarcity of females that continue to enroll and stay on track in these courses.

Women Where Are You?

As young women and girls enter the technology field it becomes quite apparent that they are surrounded by fewer female faces. Support is often lacking, and roadblocks appear because of lack of access to find pathways to assist in continued progress.  Mentorship and encouragement is extremely important,

We Want To Help

Our goal with our new column is to provide information that can uplift women and girls in the field of technology. We will be discussing technical trends, careers, certifications, and training. We will keep you up to date on what it takes to find yourself and be successful in a technology focused career.

We will also reach out to our readers to find out your challenges, issues, personal stories as you navigate the world of technology. Technology surrounds us. We are mastering it and thriving. It’s time for us to let the world know while encouraging others. Look for us. We are here to share your stories and give you information that you can use.

 

 

FREE quarterly webinar: Investigating the Security Roadmap, 3/22 at 11 AM EST

March 21, 2017 at 1:55 pm | Posted in Transcender news | Leave a comment
Tags: , ,

Internet Security is the hot business topic of the day. The fragile infrastructure of the forever expanding internet is a concern for every corporation, government entity, and non-profit agency. However, challenges always bring opportunities.

Our security testing expert, Robin Abernathy, will map out the security certification landscape and discuss the most logical choices for your career.  Kaplan IT Training’s quarterly webinar will discuss the certification and career options in the varied fields of cybersecurity, including exam costs, requirements, job roles, and skills measured. There may be a place in the world of securing information for you. Join us to find out on March 22nd, 11AM EST.

To register for the webinar, click this link.

Microsoft extends Windows 7 and SharePoint Server 2013 certifications to mid-2018

January 30, 2017 at 2:50 pm | Posted in Certification Paths, Microsoft | Leave a comment
Tags: , ,
Key certifications receive new lease on life

Microsoft announced that they have extended the life of certifications that were previously slated to expire in 2017. These exams will now expire on July 31, 2018:

  • 70-680: TS: Windows 7, Configuring
  • 70-685: Windows 7, Enterprise Desktop Support Technician
  • 70-686: Windows 7, Enterprise Desktop Administrator
  • 70-488: Developing SharePoint Server 2013 Core Solutions
  • 70-489: Developing Microsoft SharePoint Server 2013 Advanced Solutions

 

The good news is that you now have over a year to study for and secure these key certifications – and Transcender has a full range of practice tests, e-learning, and practice labs to help you succeed.

Windows Server 2008 to be retired in mid-2017

All of the following exams will retire July 31, 2017:

  • 70-640: TS: Windows Server 2008 Active Directory, Configuring
  • 70-642: TS: Windows Server 2008 Network Infrastructure, Configuring
  • 70-646: Pro: Windows Server 2008, Server Administrator
  • 70-694: Virtualizing Enterprise Desktops and Apps

Continue Reading Microsoft extends Windows 7 and SharePoint Server 2013 certifications to mid-2018…

User security features in Windows 10: a free Transcender webinar

January 19, 2017 at 10:55 pm | Posted in Microsoft, Transcender news | Leave a comment

Windows 10 has some exciting new additions for its users, and our audience will receive an inside look at the latest security updates during our first webinar presentation of the year.  Join us for this LIVE and free webinar on January 25, 2017. Our Microsoft industry expert, George Monsalvatge, will cover the history, applications, functions, best practices, and security features of Windows 10. He will also explain why it is important to keep up-to-date on your certifications, and introduce you to some new features included in the latest version of Windows 10.

Some of the webinar topics include:

  • What is Windows 10?
  • User security features
  • Keeping up with the latest versions

Join us on January 25, 2017 at 11:00 AM CT for the free webinar. Click here to register for the event!

 

PolitiHack, Or How I Learned to Stop Worrying About Russians Influencing the US Election and Learned to Love Cybersecurity

December 23, 2016 at 4:12 pm | Posted in cybersecurity, Knowledge | 2 Comments
Tags: , , , , , , , , , , , , , ,

Hackitivism and cyberespionage are certainly nothing new, especially emanating from Russia. But the 2016 US presidential election was a swift education for Americans and the watching world regarding the widespread consequences of a successful  APT (advanced persistent threat). A joint statement issued by the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security stated that the “U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations” (emphasis ours).

Thanks to the detailed reporting from the New York Times, the fog of war is beginning to clear and the full extent of the cyberattack has become clear. And what is increasingly apparent is that at every stage, cybersecurity training could have significantly mitigated or (perhaps) even prevented portions of the attack altogether.

kaperskythreatmap

Real-time cyberthreat map from Kapersky Lab

Enter the low-rung MIS contractor hired by the DNC — Yared Tamene.  He claims no cybersecurity expertise, much less any cybersecurity-related certification like GSEC, CASPCISSP, CEH or CFR. So it’s hardly appropriate to assign him the brunt of the blame. Instead, we should use his example to learn how cybersecurity knowledge and skills could have better informed the fateful decisions that he, and many others, made along the way.

In the fall of 2015, the FBI noticed some unusual outgoing network traffic from the DNC network, suggesting that at least one computer was compromised. The early forensics linked the compromise to a known Russian cyberespionage group going by the moniker “the Dukes” (AKA “Cozy Bear” and “APT29”) , who had in just the last few years, penetrated the White House, State Department and Joint Chiefs of Staff email systems. A special agent picked up the phone, called Tamene, and told him what they knew.

Before we even get to Tamene’s response, any trained cybersecurity first responder knows why the FBI called via phone rather than emailing their dire message. Communication protocol during a security incident should be out-of-band, meaning outside of the primary communication channels (primarily network where the attacker could be listening). Ironically, Tamene was convinced that the FBI call was a hoax, and after repeated calls over the new few months, he ignored the urgency. In November, the FBI even confirmed with Tamene that known malware was routing data to servers located in Moscow.

Continue Reading PolitiHack, Or How I Learned to Stop Worrying About Russians Influencing the US Election and Learned to Love Cybersecurity…

Transcender is Now an Authorized Practice Test Provider for (ISC)²® Certifications

December 7, 2016 at 4:51 pm | Posted in (ISC)2, CISSP, Uncategorized | Leave a comment

There are a lot of great security certifications out there, but since its release in 1994, the CISSP (Certified Information Systems Security Professional) has become one of the best known and most highly regarded credentials. At Transcender, we’ve been dedicated to providing CISSP practice tests for over 13 years. Earlier in 2016 we also released our first test preparation for its sister certification, SSCP (Systems Security Certified Practitioner).  Our hard work has paid off, because we’re now an authorized practice test provider for (ISC)²® certifications!

What does this mean to you? Nothing has changed about our award-winning products, but it does mean that (ISC)² has officially endorsed our practice tests for CISSP and SSCP.

  • The SSCP practice exam is a 300-question exam that will develop your test-taking skills, identify any weak areas, and prepare you for the actual test.
  • The premium SSCP study solution combines our trusted practice exam with self-paced eLearning, for a comprehensive learning experience.
  • The CISSP practice exam has an exhaustive 924-item question bank that will test every aspect of your technical skills, plus a 892-item flash card array.
  • The premium CISSP study solution includes the practice exam with  20 hours of online instruction through self-paced eLearning, which includes access to a live subject matter expert.

We’re also working together to develop a practice test for the up-and-coming CCSP (Certified Cloud Security Professional) certification for 2017. Be sure to follow our blog or subscribe to special updates and promotions on the Transcender web site to be notified of its release.

Transcender has been committed to closing the skills gap in the IT industry for the last 25 years and helping qualified candidates get the recognition they deserve.  And now even (ISC)² recognizes our efforts.  After your certification training, come over to us to help you prepare for exam day. Study with confidence, knowing that you have the most relevant and up-to-date study tool in the marketplace!

Now Offering CFR-210 Test Prep

December 1, 2016 at 3:16 pm | Posted in Logical Operations, Vendor news | Leave a comment
Tags: , , , , , , , , , , ,

Who says there’s no news in December? In cybersecurity, it’s never a question of if, but a question of when a breach will occur. So rather than wait for the new year, we thought we’d get the jump on 2017 and together with Logical Operations, release the Cybersec First Responder (CFR-210) practice test today.

What exactly is the CFR certification all about? Well, CFR-210 showcases your ability to to quickly detect and respond to active cyber threats. It’s not just about detailed knowledge of the analysis techniques and tools, but how to identify and respond, in real time, to the broad array of security threats affecting organizations worldwide.

So, white hats, rejoice and black hats, you’re on notice. They’re some new sheriffs rolling into town with some serious skills — and they’re not afraid to use them!

Here’s the press release for your reading pleasure.

Microsoft changing Windows 10 certification paths; Windows 8/8.1 certifications to retire in December 2016

November 16, 2016 at 1:19 pm | Posted in Certification Paths, Microsoft | 1 Comment
Tags: , , ,
Disclaimer: Exam retirements are subject to change without notice. Please go to the Official Microsoft Retired exams list to confirm or deny a specific test’s retirement date, as it may have changed since this post was originally published. Click our blog’s Certification Paths category to find the latest posts by date on this topic.

Test takers, take note: Windows 8 and 8.1 certifications are being retired in December, while Windows 10 certification paths are changing. If you are only one test into the two-test sequence, be sure to schedule your exam before the retirement.

These exams will no longer be available after December 31, 2016:

  • 70-687: Configuring Windows 8.1
  • 70-688: Supporting Windows 8.1
  • 70-689: Upgrading Your Skills to MCSA Windows 8
  • 70-692: Upgrading Your Windows XP Skills to MCSA Windows 8

If you have passed either the 687 or the 688, but you do not pass the sister exam, you will not have a valid certification after December 31.

What to do if you still need that MCSA: Windows 8 in your certification wallet

You may not know that if you hold an older certification – even as far back as Windows 2000 – you can bypass the two-exam path to a MCSA: Windows 8 and take a single upgrade exam.

You can take the 70-692 and earn the MCSA: Windows 8 if you hold any of these old-school certifications:

  • MCDST: Windows XP
  • MCSA: Windows 2000
  • MCSA: Security on Windows 2000
  • MCSA: Messaging on Windows 2000
  • MCSA: Windows Server 2003
  • MCSA: Security on Windows Server 2003
  • MCSA: Messaging on Windows Server 2003
  • MCSE: Windows 2000
  • MCSE: Security on Windows 2000
  • MCSE: Messaging on Windows 2000
  • MCSE: Windows Server 2003
  • MCSE: Security on Windows Server 2003
  • MCSE: Messaging on Windows Server 2003

You can take the 70-689 and earn the MCSA: Windows 8 if you hold any of these more recent certifications:

  • MCITP: Enterprise Desktop Administrator on Windows 7
  • MCITP: Enterprise Desktop Support Technician on Windows 7
  • MCSA: Windows 7
What to do if you want to jump to the MCSA: Windows 10

There are now two distinct paths for the MCSA: Windows 10 certification. If you have already earned the MCSA: Windows 8, you can upgrade to MCSA: Windows 10 by taking and passing this exam:

If you’re starting at square one, you can earn the MCSA: Windows 10 by passing two exams:

That’s right – there is no separate “upgrade exam” that takes you from an MCSA: 8 to an MCSA: 10. The 70-697 will either upgrade your prior cert, or knock out half of the testing requirements for a brand-new MCSA.

What to do if you’re still in a Windows 7 shop

While you will no longer have the ability to earn Windows 8 and 8.1 certifications, Microsoft has not announced any immediate plans to retire the MCITP in Windows 7. The MCITP: Enterprise Desktop Support Technician on Windows 7 and MCITP: Enterprise Desktop Administrator on Windows 7 are still valid certifications and can be earned with a two-test sequence:

MCITP: Enterprise Desktop Support Technician on Windows 7:

  • 70-680: Windows 7, Configuring
  • 70-685: Windows 7, Enterprise Desktop Support Technician

MCITP: Enterprise Desktop Administrator on Windows 7:

  • 70-680: Windows 7, Configuring
  • 70-686: Windows 7, Enterprise Desktop Administrator

Note that the MCSA: Windows 7 is listed as a “retired certification” on the Microsoft legacy certifications page. (For more information on Microsoft’s newly streamlined certifications, read this post on Born To Learn.)

Note that as of this writing, there do not appear to be any direct upgrade exams from the MSCA: Windows 7 (or its equivalent MCITPs) to the MCSA: Windows 10. Your best bet there is to take the two-exam sequence starting with 70-689 (upgrade to MCSA: Win 8 from MCITP: Win 7) and 70-697 (upgrade from MCSA: Win 8 to MCSA: Win 10). Remember that you need to pass 70-689 before December 31, but you can take the 70-697 at any time in 2017.

Bundle and save with exam vouchers and practice tests from Transcender

Be sure to subscribe to email updates from Transcender to receive future sale alerts, bundles, deals, and discounts!

Windows 7 Practice Exams and Bundles

Windows 8 Practice Exams and Bundles

Windows 10 Practice Exams and Bundles

Happy certifying!
-The Transcender Team

Next Page »

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: