Ransomware Woes

Ransomware:
This is any software that tries to extort value from you by either locking your files which requires a payment to unlock, or blackmails you by stealing copies of your data to publish elsewhere,
maybe both.
The Partial Prevention Solutions (not Cures!)
are at the end of this article if you want to Skim-
But a part of that solution is to Understand How It Happens- & prevent it. : )

It can end up on your machine for all sorts of reasons.

1) You ran some legitimate or valid looking software that additionally contained the ransomware
(someone breaks into a well known site and messes with their library of files which you then Download and Use)
or
2) You mistakenly ran the ‘wrong’ software from the wrong place (For example: Googling an HP printer software and ending up on a likely looking fake site & getting that software & running it)  
or
3) Your Machine was in some way vulnerable to have external forces trigger it, so you did nothing but the software ‘got in’
So, Stay Up To Date, Always! 
or
4) (Esp in these Lockdown times) an improperly configured remote control software was left running unsupervised and let someone or something ‘in’ to do the harm.
Note: This is not often so much a human as a script : )

5) You were tricked into viewing  an eMail attachment from someone you thought you ‘knew’-
These can be faked, as with anything else on the Internet : )

The Ransomeware rarely triggers instantly.
Like a Human virus it intentionally ‘incubates’ for some undetermined time before acting. Minutes or days.
This helps hide how it got in. Usually it’s a very small piece of code which waits and then pulls in its cohorts and main artillery software off the Internet, perhaps when your machine is Idle meaning you are away and less likely to notice activity.
Eventually, you will find out after some Page pops up with the Blackmail Instructions to pay the  ransom in cryptocurrency,
like BitCoin, which is largely untraceable : ( 

The Warning to Pay Up pops up after many of your files are already encrypted.
This pop up can itself be faked to freak you out into doing the wrong thing precipitously…
If you are lucky, you will notice unusual disk activity or a Virus Warning. If you are SURE then it’s that rare opportunity to power your machine off as quickly and brutally as possible.
Turning it back on will likely re start the problem, so:
Don’t.
Sit Back And Think! if this has already happened to you.
ALSO warn others on your same Network if in an Office, etc.
BUT NEVER DEPEND ON ANY SOFTWARE SUCH AS ANTIVIRUS TO DEFEND YOU!
These Operator guys are too smart, too well-motivated  and too elusive!

Things to Watch Out For:
1) BOGUS WEB PAGES pretending to be Ransomeware Fixes, offering Bogus Tech Support.
These are very easy to create and can trick you into, for example “downloading a simple program to recover your files”
where they were not touched after all initially,
but then get Locked by the ‘Fix’.

2) Software that promises to Protect you. If you think they can,
ask what financial guarantee they offer.
They Cannot & Won’t. Told you so.

3) Lending your machine to someone. Enough Said.
Or, drop-by activities by Clueless Teenagers. Malice.
Disgruntled co-workers…

4) Some corporations & organizations it is thought were compromised by an ‘inside job’ where the perpetrator got some kickback for launching the attack.

5) Thinking Backups Will Save You.
While always a  Good Idea, Ransomeware will try to Encrypt ANYTHING IT CAN WRITE TO including your Backups,
even over a Network. 
It may even use these means to spread to other machines on the network.

6) Network Shares (IE in the Office environment).
“If the Ransomeware can Write to your files anywhere at all, it will”
This will INCLUDE video files, images, documents, Nothing is safe 

7) Cloud Backups are a bit safer but again- it’s relatively simple to Subvert the files in such a way they end up ‘in the Cloud’ too…
The software can do anything you can do- and more- and worse.

8) Misconception: you will not be able to use your machine. You will: But some or all of its data will be unusable.
Having been compromised, 
however, the odds are very high the machine remains ‘snooped’ so ON NO ACCOUNT log in anywhere important. Your ‘saved’ passwords for websites etc will be difficult for the attacker to steal, BUT it is assumed they will ‘log’ your keyboard typing and send it off for analysis somewhere… USE ANOTHER MACHINE

9) Getting rid of the ransomeware will solve the problem. It won’t, the files will remain encrypted and the ransomeware operators will not be able to fix things even if you DO pay them.

10) Don’t assume they will not Decrypt your files for you.
The Operators will often demonstrate their ability to mess with your system by showing you your own list of Filenames, and decrypting a few to show they can do it. Should you Pay?
I will not address that here. Too Complex a Question : )

11) Somebody Human is Doing this, Human write the Ransomeware but it’s almost entirely robotic and scripted.
Anecdotally People HAVE spoken to the ‘operators’ to get things decrypted- Just please never get to that by staying Vigilant.
Security and Convenience are Mutually Exclusive.
One or the Other– Never Both

X) Avoiding hotel & coffee show wifi WILL NOT HELP whether they are ‘open’ (No Password Required) or not.
3 Reasons:
a) Inconvenient, and add false sense of Security
b ) These days, ANY important transactions are encrypted end-to-end, (HTTPS:// etc) IE between your Computer and the Bank, as everyone assumes the internet in general is full of snoops even over totally ‘open’ links.
Also true of Email, Messaging, FaceTime, Skype, etc etc
c) All modern computers have Firewalls. So long as you are not knowingly ‘sharing’ anything for Networking, you are okay, and cannot be ‘got’ from ‘outside’ your Machine  If you ARE- these days- Turn Shares Off. It’s Very Unusual to take ‘servers’ on the Road and there is no need. Keep your Servers at Home or In the Office!
_____________________
Okay- Now the Measures to Take to Prevent this.

1) Anything but the newest operating systems (MacOS, Windows, IOS) are helpless against these attacks. Use a new enough machine!
3) Run your Windows computer as a NON admin user. (Windows)
as usual this is a horrible and over complex Mess,
4) MacOS- same story- make sure you are a ‘Standard’ not an ‘Admin’ User
5) Latest MacOS, Windows have built in safeguards called by 
 various names such as:”Protected Directory Access”

This will show up with a message like
“Do you want to permit program X to write to folder or directory Y?”
when you FIRST run the new Program and do something useful.

Let’s suppose you install Microsoft Word. The FIRST time you try to Save a WORD document to the Documents folder, you will be asked this, like:
“Do you want Microsoft Word to be able to write to Documents?”
Your answer will be saved, you will not be asked again.

Just be absolutely clear what asked to do this and whether it’s a reasonable and expected question is all.

Alternating Backups– take one unit Offline as the second is used.
A really simple example is having two identical  USB thumb drives labelled A & B and using only one at a time,
The one that’s not plugged in cannot be infected : )

  • To Be Continued —

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.