Home‎ > ‎Tech Tips‎ > ‎Problems Index‎ > ‎

Ransomware

Updated: 08/09/2016

https://sites.google.com/a/thectgroups.org/the-ct-groups/TechTips/problems-index/ransomware/Infection-Table.PNG
(Click to enlarge image)


Ransomware is your worst nightmare.  It is often the direct result of you:
-  going to a web site that you know nothing or little about,
-  opening an attachment you know nothing or little about,
-  click on a link to go somewhere that you know nothing or little about,
-  doing something that, in hindsight, really made no sense at all.

This article provide insight into what it is and some steps you can take besides transferring money to an unknown party hoping they provide you any release codes, or unlock you remotely, or their malware just doesn't start deleting things on your computer because you move to slowly.  It is a nightmare.



  DEFENSIVE POSTURES

  Ransomware is any virus that infects a computer, encrypts files and threatens to (or
  actually does) render the files useless UNLESS the victim pays money for a key code
  to decrypt the information.


  Sounds horrible?  Keep reading!

  1.  Payment is nearly always in Bitcoins to avoid any traceability and accountability.
       Where can you purchase thousands of dollars worth if Bitcoins on short notice
       assuming you had the cash available and could move it quickly?

  2.  The bad guys are protecting their identity with great effort.  What happends if
       they just take the payment and never provide you the key code you need?
       Who are they?  What country are they from?  Is this a state sponsored attack?
       Is there any legal authority who has not been paid protection money by them?

  3.  What happens if you get the wrong key code?  Maybe it's been a busy day for them
       and they got confused.  Who can you call?  Who can you e-mail?  No one.

  4.  You get the key code, apply it, wait several hours and find your files are either still
       unuseable or their decryption scheme has a few major bug in it?  Your action to get
       justice for your losses?  It does not exist.

  The minute your files start becoming encrypted they own you and your data.

  Good practices on downloading files and links is a good first step.  Thinking through
  items you receive to see if they make sense versus rushing into action is the next.
  Finally having a good, trusted, current and readily available backup is the final key.


  Begin taking steps to be vigilant and prepared against any virus or malware coming
  into your computer.  It is not impossible, it just requires thought and good practices.

  GOOD PRACTICE STEPS

  1.  Use EXTREME Caution when Clicking on Links Inside of e-mail
       The most common means of spreading malware is through links embedded            into e-mails.  Why?  An e-mail can be sent to nearly anyone and many are
       still emotionally bound to click on any link they receive to find out what it is.

       THIS PRACTICE OF CLICKING ON ANY LINK MUST STOP IMMEDIATELY.

       Take time to read the e-mail, multiple times of necessary.  Are you sensing an
       implicit or explicit sense of urgency for you to act quickly?  If the "Bad Guys"
       get you to ACT FIRST THEN THINK, they win!  If you THINK THEN CONSIDER
       YOUR NEXT STEPS they nearly always lose!  What are some examples:

            a)  Some e-mails create ALL LINKS and ALL PHOTOGRAPHS and ALL
                 PARAGRAPHS to spread a unwanted software to your computer.

                 Assume all content is hostile in unknown e-mails are hostile.
                 Simply delete the e-mail using your Browser or E-mail software.

            b)  The US Internal Revenue Service is prohibited by law from sending
                 communications by ANY OTHER MEANS than the US Postal Service.

                 The link will cause you great pain of you click on it.  If you have ANY
                 question, call the Internal Revenue Service about what you received.

            c)  Demands or Notices from Courts or Law Enforcement that does not
                 include specifics like the specific issue at hand, such as:

                   -  specifics on the date, time and address you are required to appear,
                   -  specifics of any materials under court order required from you,
                   -  specifics of any legal action pending against you
                 In many states, this notification is by US Mail, often Certified Mail

            d)  An e-mail from any government or company you do business with
                 that:
                   - never lists your name or address which they have available to them
                   - no mention on type of account or last four digits of the account
                   - no details as to why they are not doing their job but you must help
                   - anything that does not tie the e-mail directly to you EXCEPT it has
                      your e-mail address
                 The e-mails again call for your prompt action so you will suffer.

            e)  Any e-mail requesting you verify your information with them.
                 That data is so heavily backed-up the odds of loss are out of this world.
                 And the last thing they will do is ask you for the information thus giving
                 admission they have a massive problem on their hands.

            f)   An e-mail AND TELEPHONE attack involves representatives that either
                 claim to be employees of Microsoft or work with Microsoft and found
                 a virus in your computer and will remove it free or charge.

                 All you need to do is point your browser to a web site or click on a link
                 they will send you and it will be quickly and fully fixed.

                 If an e-mail: Delete It.  If a phone call: Hang Up
                 What company proactively monitors computers without billing you?

                 Why?  Microsoft does not e-mail or call customers in general and you
                           and I are not on their contact list.  The Phone calls involve them
                           getting you to give them 100% control of your computer so they
                           can do anything they want while you watch.

            g)  There are so many more we can't start to list all of them.
                 BE ON GUARD, QUESTION, AND DO NOT CLICK ON UNKNOWN LINKS.

            h)  IF YOU STILL HAVE RESERVATIONS:
                 a)  position your mouse on the link in question.  DO NOT CLICK!
                 b)  you will see a link displayed.  If that link DOES NOT include the
                      company or agency name you can safely assume it is BOGUS.
                      1.  Corporations to not use employee e-mail account to send items
                      2.  Company communications never have spelling errors in them
                      3.  Company communications always include their corporate logo
                           that is perfect in all aspects, never blurred, wrong shaped, etc.
                      4.  Company communications always are very carefully written to
                           send a clear and concise message with no misunderstanding
                      5.  Company communications often go through multiple phases of
                           review and approval before they may be sent

   2.  Keep your firewall, anti-virus and security software up to date          
                For most software, if you do not see an update multiple times in a week, you
                may not be receiving the updates automatically.  Set the updates to be sent to
                you automatically so you do not fall behind.  If you can't figure it out, ask for
                help from the software provider's Help Desk.  If all else fails, set a DAILY
                CALENDAR REMINDER on what needs to be updated that day.

                DAY 1 attacks are the concern of many companies as these are attacks sent
                where no known protection or removal process exists yet ... a totally new way
                to attack computer security.  This is why you want daily updates if possible.
                Do not let yourself be seen by the Press as the person who helped spread a
                dangerous virus, malware or other unwanted software that prevented Police
                or Fire dispatching to save lives, prevented on-line medical devices from
                operating, or worse ... killed cellular telephones.

           3.  Busienss Users:
                If you own a business, set clear security policies and education your people
                A business has so many potential weak points in their security, most of them
                being people who did not follow policies and procedures and exposed the
                business to potentially significant losses in computer outages, released data
                that is confidential or classified, destruction of records including back-ups,
                destroyed the the trust between the business and their valued customers.  A
                need to protect yourself and your business is a legal matter.

           4.  Back up your files.
                Should you be attacked something will be lost but only since the last back up.
                Have a "Plan B" to protect against data loss whether it is from Ransomware or
                a disk failure or someone made a really big bad mistake.  Use external disk
                that is kept off-line from your computer EXCEPT during back-ups to reduce
                the risk of loss during this period of time.  Whether you are a Fortune 100
                company or an old desktop computer, the need and processes should be
                the same.

                There are commercial services who can provide this to you at a monthly fee
                which often includes a variable cost for amount of data protected.  These can
                setup for automatic backup.  These services can be very costly, often more
                than doing it yourself and buying multi-terabyte external disk drives that can
                be connected and disconnected easily and quickly.  The initial backup of your
                computer will be lengthy, potentially many hours to nearly all day.  It is less if
                you use a local detachable disk drive as you eliminate Internet transfers of all
                your data.  Restores can also be lengthy unless using a local disk drive.  In
                the end it is about having strong backup protection, costs, effort to use,
                skills required to restore, and time to restore.  Using a local disk is simply a
                copy from one disk to another ... the rest is handled by Windows.