Ransomware – Avoiding the “Big Bad”

Hacked carRansomware is everyone’s nightmare and until the government, manufacturers and the OS producers emerge from the Dark Ages, we’re stuck dealing with it.* 

This is a really useful  article from Paul Myers at TalkBiz News, a great newsletter for people who do business online. In this piece he has information for everyone with a computer.


Mild paranoia has long been a requirement for intelligent use of the Internet. The way things have been going lately, though, we may have to escalate the alert level to Tin Foil.

This time around, we’ll look at avoiding one of the worst threats.
….

Ransomware is growing at rates that should scare the bejeebers out of even the most cautious net users.

Quick recap, for those who aren’t familiar with the term: Ransomware is malicious code that encrypts all the data files on your computer. It then pops up a note telling you how to pay the $300 to $1000 they want for the keys to make them readable again.

The creeps behind this demand payment in Bitcoin, which is practically untraceable. That’s part of why ransomware is growing so quickly. It’s a safer way to steal than selling identity theft data or credit card dumps.

The other main reason is that the money comes in faster. With stolen account info, you can only move the data for a short period of time, as cards expire, and the victims will change passwords and credit card numbers when they become aware their info was compromised.

With ransomware, the creeps set the timeline, and a lot of people end up willing to pay. It’s often easier and cheaper than trying to recreate the data from scratch, and a lot of folks don’t keep proper backups.

A smaller, but growing, reason is that pretty much anyone can set up a network to spread the code. It’s cheap, and there are “kits” for it.

Yeah. Done-for-you creep kits.

Gotta love that tech, eh?

….

Last month, out of 5.6 million phishing emails, 93% came with a ransomware component included. If you open the attachment and your system is set up to run the code in it, you get hit with a demand for money to get your data back. If you visit a site directly, they ask for account log-in info and go after your accounts.

And those phishing emails are getting better all the time. They’re starting to figure out they need people to write in the recipient’s native tongue, which eliminates one big warning sign.

They’re also going much more for job-based soft targeting that includes your first name in the opening.

That’s probably how they ended up encrypting the files for hospitals and police stations. They got one hospital twice.

Those kinds of incidents are why I think we should be hunting these people down and locking them up for life. If they’re in another country, put real pressure on that country until they show they’re making an effective effort to stop it.

This goes way beyond spamming for body part enhancer scams or fake watches.

….

The drive-by infections are still a problem. Click the link on an interesting post and WHACK! They gotcha.

Malicious ads are another issue. These usually rely on vulnerabilities in Flash. You visit some innocent site, and a harmless looking ad runs in Flash. Next thing you know… “Gimme the money. In small, unmarked bitcoin.”

At the very least, go into the plug-ins settings on your browser and set Flash to either never activate or to run only after asking. A safer bet would be to delete Flash entirely and ignore anything that suggests you install or update it.

The inconvenience would be minor next to losing every data file on your network.

If you keep Flash, only update by going to adobe.com and scrolling down to the bottom. In the lower right corner, you’ll see the link for it. That way you know you’re getting the real thing.

That’s only half as dangerous as one you’d get from a random link on the web.

….

It’s not just getting more common. The tech involved in ransomware is improving.

There are versions now that run in Javascript, and ones that work on both Windows and Mac machines. There is at least one version that affects other connected machines on the same network, and can be spread by USB devices that are moved from one machine to another.

And you can bet they’re looking for more ways to get past your defenses and into more of your devices.

There’s already a version that can infect Android phones. That one is really nasty. It downloads child porn to the phone, locks it, then threatens to report the phone to the FBI if you don’t pay the $500 ransom.

See why I think they should get life in prison?

….

If you haven’t been hit yet, you will be.

So, how do you protect yourself?

The first answer is to have backups on a device or media that is offline. A disconnected external hard drive or DVDs work.

Make sure to include email and phone addressbooks. Those are very commonly forgotten, and they’re a pain to rebuild.

Use the best security software you can get. For Android devices, Avast has a good reputation for dealing with ransomware.

On Apple devices, sticking to apps from the iTunes store is pretty safe. Google Play is a bit more of a roll of the dice, but they’re safer than side-loading sketchy stuff from random sites you don’t know much about.

When surfing, do not ever click on alerts that say you need to download some program to protect or clean your computer. Never. If one of those pops up, immediately close that browser tab using the browser’s close button, not the one within the page itself.

Then there’s the same old stuff you’ve heard for years. Don’t open email attachments you weren’t expecting. If they come from someone you know, ask first. And disable macros in your word processor and spreadsheet software.

Don’t click on links in spams. Stay away from sketchy websites. You know exactly the ones I mean.

If you really want to be careful, run a browser like Opera in a sandbox. (Sandboxie is pretty good, although it can be slow if you have a lot of tabs open.)

When you get an email with nothing but a link and maybe a signature, and it looks like it came from someone you know, double-check it. As an example of how this works, I get emails all the time using the names of various friends on Facebook, but with the wrong address included after their name.

You can be pretty sure those are phishing emails.

I get the same sorts of things from subscribers all the time. If your machine or account is hacked, the attacker will often use your addressbook to send messages that have a better chance of getting opened and clicked on.

Simple, but effective.

….

Another entryway: If you get a friend request on Facebook from someone you’re already friends with there, don’t accept it until you check with the real person first. It’s common now for people to steal a photo and timeline cover and fake those accounts. Then, when you accept the friend request, they’ll send you links hoping you’ll click on them.

There’s nothing good on the other end of those links.

….

I can’t decide for you if you should pay the ransom if you get hit. If you have backups and keep them up to date and not connected to your machine except while updating them, you won’t need to.

Format and reinstall the OS and then put the data back. A much better option than financing some low-life’s criminal operations.

If you run a business online, or with a network-connected computer, you should already be doing backups. Having copies that aren’t on connected systems might not be part of your strategy. For a long time, that aspect wasn’t that critical.

It is now. Change the system if you need to.

If you only have a few gigabytes of critical data, you may want to consider backing up another copy to a microSD card in your phone or tablet. Or an SD card you carry in your wallet or purse.

BestBuy currently has 3 different brand name SD cards on sale for under $50 that are 128 gigabytes each. So, that’s a practical option. (The best one is the Samsung Evo+.)

You can usually find them on Amazon, too, but be careful to make sure you’re getting the real thing. There are a lot of knockoff or offbrand fake high-capacity cards on there super cheap, and you won’t be happy if you get one.

Plus, you never know what might be on them.
….

The key to handling this, like so many other digital disasters, is to be prepared. Take my word for it, that’s a lot less panic-inducing than finding out all your data is lost.

Be safe out there.

Paul

*Wondering why there’s a photo of a car? Because they’ll be next unless we move away from virus protection. Click  here to learn all about the Next Big Thing in cybersecurity. If you feel like it, please lobby Congress – we need this in the Fed, the military, our hospitals and in our cars!