Let’s talk some more about “Ransomware”

In a prior Blog, I mentioned “Ransomware”. That is when someone, without your best interest at heart, inserts malware on your computer, sometimes a variant called “Cryptowall”, that encrypts your hard drive with a nearly unbreakable application, and makes it impossible for you to retrieve the data from it.

All your personal and/or business information is locked up until you comply with the hacker’s demands, usually payment in some untraceable form, such as “bit coins”. It has generated more than 24 million dollars from victims in 2015, a fivefold increase from the prior year. It typically locks your files such as PDFs, pictures, music, and documents as well as files not linked to the operating system. It can also encrypt any drives mapped to the host computer. It usually does not affect windows files, as it wants your machine to work so that you can pay.

This software has gotten so sophisticated that if you, a large company calls the FBI for help (extortion is a crime), their usual reply is “Pay it if you want your data”. You can file an official FBI complaint with them at WWW.ic3.gov but the encryption clock will be running.

Another scary aspect is that these Ransomware applications are for sale, usually on the “dark web” for 2 to 3 thousand dollars, for those who want to make a quick buck but can’t do the programming.

A horrible variant of this “crime” is attaching the malicious software to an explicit pornographic web site that comes in your email. It also accesses the camera that you have probably forgotten about that’s looking at you on top of your monitor screen. If, for some reason, you happen to merely click on the picture ( or a box that says “click here to reject this message”), the software captures your face and attaches a picture of the embarrassing website. Now it’s pay a ransom or that embarrassing screen shot will be put out on the web or, even worse, sent to everyone in your address book. To work on your nerves, a countdown clock may be on the screen to show how much time that you have left before disaster.

So… now you see the problem, which now can also affect Linux and Apple operating systems. The obvious question is “what do I do to avoid this nightmare”.

Here are some thoughts:

1. DON’T click on websites when you have any suspicion, and be very suspicious. Look at the grammar in the message, many times English is not the native language of the perpetrator and it shows. One of the more successful ransomware programs was “injected” into a computer when you checked on a picture of an elderly lady laughing with the caption – “See what Grandma thought her I phone Christmas gift was”. It was very successful. One interesting one that I recently received was offering a $100 free Amazon coupon because I had recently made an order. They were betting that I, like a million people a day, had recently ordered from Amazon and thus would not think that it was a random email. Also dangerous are emails from Fed-ex or UPS with “click here for delivery information “boxes. The only delivery that you will get is a Trojan infecting and encrypting your computer and a ransom demand.
2. In many mail programs, such as AOL, you can click on “show details” beside the senders “name” and see where it really came from – is it logical? In outlook, the senders “real address” is by the name of the sender – Jonathan Suldo[jonathan@johnsnowlabs.com]. Does it make sense? Is it what you expected to see?
3. Keep your critical software and operating systems up to date with the latest security patches and updates. Apps like Flash and Java are especially vulnerable.
4. Use a robust and always updating anti-virus program. There are also programs that will allow restoring the computer to an older, pre-ransomware infection, state. It only takes about three seconds for all your files to be encrypted.
5. Have realistic rights for users. Does the normal user need to access risky sites at work, or can you block access to groups of users to only safe sites? Users should receive continuing education on this topic.
6. Make sure that the users on your network receive education on this topic and are paranoid about it. Many networks have anti-spam filters so the users will not be tempted, but many times the subject line may be innocent enough to let it slip through.
7. BACK UP FILES every day (or night). If infected, completely “wipe” the drives; reinstall a clean operating system, and your clean files from the backup.
8. Not recommended because it encouragers the hackers, but if you have critical files and the clock is counting down, you may be able to negotiate a lower price and get your files back. Hollywood Presbyterian Medical Center paid $17,000 this year to recover its critical files. Not all files are that valuable. The actual average “ransoms” usually average between $350 and $500 and that is after the initial demands were reduced by 25-50% by bargaining with the HackersDat
9. Remember John Snow Labs is here to support you against this threat. We can educate your users, in person or by “White Papers”. We can examine your systems for vulnerabilities and help to avoid these dreaded situations before they cost money and brand reputation.

The Ransomware Threat is growing exponentially and John Snow Labs has the Next Generation solution to combat this threat. Our Datasets and unique Threat Intelligence service will allow to be proactive in the defense of your network.