WARNING Last week, we discussed a particularly vicious type of virus, one that poses a severe risk to your computer’s contents. It’s called RansomWare and it’s coming to a computer or cell phone near you. This week, we offer specific steps to protect yourself.
Viruses– and more typically a variant called Trojan horses– work the same way. A colleague hands the victim a flash drive, or she (or he) clicks a disguised download button or the attachment of an email. Voilà, she’s unknowingly invited the devil into her life.
Sometimes the effects are relatively minor– they may quietly turn the target into a zombie server, a computer that sends out spam, illicit files, and even malware without the owner’s knowledge. The truly bad infections can suck the lifeblood out of the system. Ransomware falls into this latter category.
Recently, Dale Andrews received an apparent email from Velma with an attachment. Strange… she rarely emails and I knew our secretary hadn’t emailed anything since the beginning of the year. Fortunately Dale didn’t open the attached payload. It may have been nothing more than a Nigerian scam letter… or it could have been considerably worse.
My colleague Thrush keeps enough computers to power Bulgaria, nearby Serbia and Romania. He thinks like a pro; he takes security very seriously.
His friend Mark phoned– he’d been hit with ransomeware. Arriving home in the evening, Mark had sat down at his computer, tired and less than alert. One of his emails raised the spectre of a lawsuit; it included attached court documents.
He downloaded them and… innocently unleashed the wolves. Whatever had been attached, they weren’t pleading papers. A screen popped up… his computer had been encrypted by ransomware, demanding a few hundred dollars to return his goods.
The man immediately detached his computer from his local network (LAN), one that included his backup mechanism and his wife’s computer, which fortunately contained their most critical files. His desktop was done for, but quick action saved their most important files.
The best protection against malware (malicious software) and ransomware in particular is to prepare your fortress now.
Back up, back up often. I previously mentioned it’s critical to back up to drives or discs that can be detached. The reason is that if your backup drive is on-line when malware strikes, you could lose your backup and everything on it.
A simple strategy used in the early days of computing is to make grandfather-father-son backups: You cycle through your discs (or tapes or other media) reusing your oldest backup each time. This includes one vulnerability in that you may back up defective or damaged files without realizing it. For that reason, archive a backup each month or so. Tuck it in a drawer or bank vault and exclude it from the recycling.
Consider using Blu-Ray discs with write-once technology. Those discs are not only less expensive than rewritable discs, they’re safer in that they cannot be later altered and their life span could last for decades.
The Macintosh includes a backup program called Time Machine. It can operate in manual mode, which is useful for detachable drives. It also offers a continuous mode in which changed files are backed up every hour to an attached drive, the cloud, or a NAS (network area storage) unit. Continuous backing up is great unless ransomware attacks the backup files.
A method of safe continuous backup is possible for desktop computers using these steps:
- Ensure files you want backed up are either in your public folder or outside your home folder altogether. In other words, make sure items to be backed up are visible beyond the confines of your user folder.
W-D My Passport back-up USB drive
- Attach a back-up drive, cloud storage, or NAS using a password. Only the Backup account should have the passwords readily available. Don’t access these drives from your main user account(s). (Western Digital external drives not only provide good back-up programs, they also allow the drive to be password protected.)
- Start the back-up program, providing its security services with passwords if needed. Don’t log off the Backup account when returning to the main user account.
While you’re working, the Backup account will quietly save your data. If you are attacked, malware won’t be able to get at the back-up drive. You need only consider this for continuous automatic back-up programs like Time Machine.
II. Modems, Routers, and Firewalls
With the router, keep open ports to a minimum. Use long passwords for both your modem and your router. Be careful whom you let into your network. Some wireless routers allow ‘guests’ with imposed limitations. If both your router and your guest’s computer, tablet, or phone features a WPS button, you can permit guests to connect without giving out a password.
III. Computer Settings
Say you get a breezy email purportedly from a friend containing an attachment called FamilyFotos.jpg. You start to open it but, if you’ve activated the showing of extensions, you’ll see the full name is FamilyFotos.jpg.app … uh oh!
Or, say you visit SexyBuns.com, download HunkyGuys.mp4 (yes, I’m talking about you, Jan Barrow Grape of 103 Rodekyl Lane, Armadillo, Tx 78657) and spot that the complete file name is hunkyguys.mp4.exe
These are big clues that those files are not friendly.
Show extensions by visiting Control Panels Files and Folder Options (Windows) or Finder Preferences (Mac) and checking the appropriate box. Now you can have more confidence that LegalPapers.pdf is truly what it claims.
|☑ MacOS X show extensions|
If you wish to peek at unknown Word files, use WordPad (Windows) or TextEdit (Macintosh) or equivalent text processors that ignore embedded macros. Whenever possible, use .rtf instead of .doc as a far safer alternative.
|☒ Windows hide extensions|
IV. Too Helpful
Be wary of too-helpful emails and pop-up windows that offer updates to Flash, Silver Light, or Java, and especially shortcut links to your banking web site. If you receive an email supposedly from PayPal, your financial institution, HealthVault, IRS, Social Security, or other site containing personal and financial information, don’t click on any embedded links. Instead, type in the URL address yourself to be assured you’re not accessing a ‘spoof’ site trying to trick personal information from you.
|Consider the irony|
Such notices may try to trick you into installing nasty stuff. If you think you might need a newer Flash player or Java component, then hie directly to their web sites and check for download versions.
V. AntiVirus Protection
Obtain a good anti-malware suite, either free (like AVG) or from Kaspersky Lab, Symantec/Norton, BitDefender, Malwarebytes, or WinPatrol. They each take different approaches. BitDefender’s defense works as a sort of vaccine. The free Panda Ransomware Decrypt Tool tries to restore deliberately damaged files.
If at all possible, remove the wounded drive from its computer, or create and boot from an external drive to work on the damaged device. It’s possible the infection has altered the boot sectors of your hard drive. If you’re able to decrypt your damaged files, move them to a safe place and totally reformat the damaged drive.
The Myth of Customer Service
One of the internet ‘memes’ floating around the web speaks of ransomware ‘customer service’. This irresponsible wording is tantamount to insisting a rapist gives good customer service if he doesn’t kill the victim. Even professional developers who should know better use this expression, an indication of naïveté rather than an expert opinion. A paid criminal that restores files only 50-60% of the time does not exhibit good customer service.
More on that next week. In the meantime, avoid zombies, vampires, and malware.