Do You Pay the Ransomware?

Of all the malware, Ransomware terrifies me… imagine your entire digital life is held hostage.

The Attack

How it works: a message takes over the screen > hi your entire computer is locked, along with all your files > want the key? > pay the ransom > get key, unlock (more here)

The bigger problem is whether or not to pay, because there’s no definitive evidence which is more successful.

Possible Scenarios – pay, they want more, withhold key / pay, they keep their word and send key / don’t pay, and you haven’t backed up in 7 months, imagine the cleanup and rebuilding

The keynote speaker at the recent SecTor security conference manages the Secret Service’s Cyber Intelligence Section, and even those guys haven’t seen a pattern.  Jason B. Brown says it’s consistently 50/50 the key will actually be sent, so they don’t feel comfortable advising either way.

(how to edit a photo before uploading here)

The Defence:

Think before clicking

– Weekly backups

– Strong passwords, stored in a password manager

– Surf stupid sites on a laptop that’s independent of your online life.  No using it to log into email or social media accounts. Photos and documents are moved to your main computer, then deleted. Oh you locked up my empty hard-drive? Wipe & rebuild.

Blog tag = SecTor

 

 

The Scariest Type of Malware – Ransomware

Of all the types of malware, this one scares me the most.

Ransomware – a type of malicious software that locks, and sometimes encrypts, the victim’s entire computer. The victim is then informed that removal is only possible, when they pay a ransom fee to the creator of the malware. Basically, ALL your files get locked up, and someone else has the key. 

The Attack

On my other computer, I was catching up on celebrity gossip, and streaming TV from a sketchy Eastern European site, when this page overtook my browser.

1 – informs me all my files have been encrypted
2 – shows my IP address, which didn’t pinpoint my exact physical location, but was pretty close
3 – ransomware often uses this popular ‘police-theme’, to give the illusion of authenticity, and heighten fear
4 – a scary countdown timer; I have 24 hours to pay the ransom

The Defence

Ransomware is usually installed from clicking a bad link on social media, in a website or email, opening a malicious email attachment, or sometimes just visiting a malicious site.

closer investigation reveals this is mostly scareware. The English is poor, I’m on a Mac not a PC, the “Internet Police Department” uh-huh, and child p0rn phft as if, I don’t even really like kids.

Plus, 24 hours have passed, and my computer is fine.

Notice though, I said “my other computer“.

Because never would I visit those sites on my work computer. Which is why, had this actually happened, my solution would be to wipe the entire laptop, wouldn’t matter, there’s nothing on it. Opposite of this computer.

Keep your anti-virus software updated, your firewall on, and be careful what you click.

The Fix 

It’s up to you if you decide to pay the ransom.

F-Secure has removal instructions, as does Norton.  Or take you computer to your trusted IT repair place.

Regularly backup your files.

 

 

A QR Code Attack

The Attack

A flyer is posted, it says, “scan this QR code, and a really great thing will happen to you!”

The code is scanned > which tells your phone to open a browser > and go to a URL, Whatever.com > where there is a virus / malware / etc >  ready to be installed onto your phone.

The Defence

In the settings of the scanning app, choose to allow / deny an action, before it executes.

In the above scenario, the URL might have looked off, and you decided not to click it, not to visit the webpage.

A Better Defence

Just don’t scan any, ever.

Stay sharp out there.