RANSOMWARE Attacks

Recently one of the companies I work with, and another I have done work with in the past were hacked. A few years ago my father's computer was hacked in the same way. Each of these attacks involved "ransomware."

What is ransomware and how does it work?
Ransomware is exactly as it sounds, your computer system gets hijacked, the data gets encrypted and your system is not usable until you pay the ransom to get it un-encrypted. Usually the ransom is paid in a digital currency, usually BitCoin.
Here's how it usually works:

  • you get an email with an attachment, or you chose to download some fancy program. NEVER launch an application that you receive in an email, unless you initiate it (still a very bad idea). I recommend that you only download applications from reputable websites.
  • A downloaded application will install a trojan that will "phone-home," giving an attacker remote control of your computer and allow the installation of the ransomware.
  • The ransomware will encrypt your system so that it is unusable.
  • You will be provided with a message, a bitcoin address to pay and an amount to pay.
  • Once you pay the bitcoin ransom, an encryption key will be provided to you to decrypt your computer. There is no guarantee you will be given the encryption key
  • your system is now decrypted, but you have the two applications still on the system. The initial application that created the back-door, and the application that encrypted your data. These will have to be removed.

How to we prevent this?
As Obi-Wan Kenobi said of Mis-Eisley, "a more wretched place of scum and villainy [you] will never find, you must be careful." This is the internet. DON'T download applications you don't need because they sound cool. Definitely don't do it on a computer that you "really" need to function. Test it on an isolated system.

  • Get a good AV program. I recommend Webroot which is now available for users. For enterprises, get a solution that is centrally managed.
  • Don't use the same solution on all of your computers. Provide a different or isolated solution for your servers, different from your desktops.
  • Maintain offline backups. Test your backups periodically / regularly. I do mine monthly. I boot systems from my backups. You need to be able to restore from your backups, or at a minimum retrieve your data.
  • Don't always run as an "administrator." I am guilty of this, I am a local system admin on my own system.
  • Use a strong filewall, and monitor where the traffic goes. Don't keep it completely open, or in "learning mode."
  • Have good password policies, most enterprises have something, but for home users this needs to be the same.
    • Don't use simple to guess passwords.
    • Don't use the same password over and over.
    • Have a very different and complex password for your trading, banking and other valuable site information.
    • Use a password management program. This can be as simple as a paper notebook, cross the old password out and write down the new one. Don't put them in a notepad file that you keep on your computer. Use LastPass or something like it.
    • Change your password, every year at a minimum, or more often.
  • Keep your AV up to date.
  • Keep your Operating System up to date. Some of the vulnerabilities are often fixed.

My company is available for consulting to assist you with implementing any of these procedures and policies.