“Ransomware” Prevention Tips

What is Ransomware?

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.

Ransomware has been around for more than a decade, but cybercriminals have resurrected the scam over the last couple of years and have been immensely successful. Once the victim’s files are infected they are asked to pay a ransom-in the virtual bitcoin currency if the victims want their files unlocked.

Cryptowall Ransomware one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers. CryptoWall uses strong public-key cryptography to scramble files with certain extensions. Aside from paying the ransom, the only other way to counter it is by restoring files from a backup, although CryptoWall hunts around and tries to encrypt those files as well. Please see Cryptowall Ransomware Variant has new defenses.

One of the new variants in the crypto ransomware family is the CTB-Locker which encrypts the victims hard drive and the victim has to pay a large sum in order to get the decryption key. The most famous strain of this is the CryptoLocker, which FBI and other authorities took down GameOver Zeus infrastructure which was used to distribute the Cryptolocker which significantly reduced the malware’s effectiveness.

Peace was only for a short time until the ransomware came in form of the Curve-Tor-Bitcoin (CTB) Locker. Traditionally CTB has been distributed through the Angler Exploit Kit. Now the new wave of CTB is being distributed from malicious spam messages.

The common infection vector of CTB is via an email containing a fake invoice, compressed in a “.zip” or “.cab” file. Once the archive is decompressed displays a decoy RTF document, and after 5 minutes drops the CTB-locker payload and then performs the encryption routine. Users infected are asked to pay two or three bitcoins and those who do not risk losing their files.

In early December 2014, there were several reports about yet another type of ransomware, VirRansom (see Protect Against Virulent Ransomware). Not only does it make data unavailable and lock your computer until you have paid the crooks the ransom they demand, but the key feature of the virus is in addition to taking your computer hostage it has a mechanism by which it spreads to others. Not only will it take your system hostage but also other systems which you communicate with by spreading the virus.

How can you prevent becoming a victim of Ransomware attacks?

  1. Get educated about phishing. Never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting as you are reading it but you could end being a victim.
  2. Make backups of all your critical data and software on a separate storage device that is not attached to your network or computer except only when backups are made (during which time you should be offline). Once backup is complete disconnect that drive from the network.
  3. Use effective and constantly updated anti-malware tools.
  4. Keep your operating system updated with the latest patches.
  5.  Don’t click on photos or videos without first considering the consequences. If the person who sent it is someone you know, ask them. Better verify than being sorry later.
  6. Download email attachments only from trusted sources.
  7. If you think you are infected immediately disconnect your system from the network. Run your updated antivirus program. If it is a University owned asset (work computer) run McAfee antivirus and call IT Service Desk.
  8. Educate your employees, family members and friends about destructive malware. Please read this security alert by US-CERT on Crypto Ransomware

Do not pay the criminals. If you take the required precautions especially backing up your critical software and data, you can reinstall and have a clean copy of your files.

P.S :For Your Information- FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker (Please see Decyptolocker).

It’s Data Security and Privacy Month!

Data Privacy Month (DPM) is an annual effort to empower people to protect their privacy and control their digital footprint, as well as escalate the protection of privacy and data as everyone’s priority.

Data Privacy Month is currently being celebrated in 2015 starting January 28th and running through February 28th.

Several research studies have been conducted on digital rights and privacy. According to studies conducted by Pew Research Center, 91 percent of Americans believe they’ve lost control over how their personal information is collected and used by companies; 64 percent think the government needs to do more to regulate the way advertisers use personal information.

University employees need to ensure they maintain trust with students regarding handling of student data, whether it is the Registrar’s office, IT department, Admissions, Student Activities, or even the various student groups like the Outdoors Club or athletic teams.

As stated in the blog Hey Students are Consumers Too, no one wants student data leaked through the internet or to suffer the cost of a significant data breach. One University of Maryland cyber-attack in February 2014 compromised sensitive information of 300,000 staff, faculty, and students. The cyber-attacker targeted a university website meant for uploading photos and instead uploaded a Trojan horse containing malware that found the passwords for some IT managers. Armed with those credentials, the hacker was able to elevate their own privileges and accessed social security numbers and other personal information.

In a recent article in Computer World, “How-three-small-credit-card-transactions-could-reveal-your-identity”, just three small clues (receipts for pizza, coffee, and pair of jeans) are enough to identify a person’s credit card transactions from amongst those of a million people.

We leave our digital footprints everywhere. The more you think about it, the more you can virtually see it piling up: the email we send, the credit transactions we make, Facebook or Twitter, the apps we download from various sources, the websites we surf, and even how we dispose of our sensitive information (shred it or throw it in the garbage). One never knows how this information can and/or will be used or misused.

 

You can take charge by following some of these tips listed by Stewart Wolpin in the article International Privacy Day Protect Your Digital Footprint:

  • “Fracture” your digital identity.Strategically use different email addresses, browsers, credit cards and even devices for different web activities (like personal, work and online shopping) to make it more difficult for entities to assemble one cohesive data set about you.
  • Check privacy settings.Browsers, devices and apps often are set to share your personal data out of the box. Find and review default settings to see if you’re comfortable with data that is automatically shared.
  • Regularly review your browser’s cookies.You may be shocked by how many cookies have been set on your browser by sites you weren’t even aware you visited.
  • Read the fine print.Know the privacy policies of the devices, websites, social sharing services and applications you use. Find out what permissions apply to the content you upload and how it can be used.

Data privacy is something you should care about every day – from what you say, to what you type, and what you share. Since this is the Data Privacy Month, let’s make a start by watching and sharing this year’s recorded Educause webinar, “The Power of Privacy and the Passion to Build Something Better.”

What is Ransomware?

 

 

What is Ransomware?

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.

Ransomware has been around for more than a decade, but cybercriminals have resurrected the scam over the last couple of years and have been immensely successful. Once the victim’s files are infected they are asked to pay a ransom-in the virtual bitcoin currency if the victims want their files unlocked.

Cryptowall Ransomware one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers. CryptoWall uses strong public-key cryptography to scramble files with certain extensions. Aside from paying the ransom, the only other way to counter it is by restoring files from a backup, although CryptoWall hunts around and tries to encrypt those files as well. Please see Cryptowall Ransomware Variant has new defenses.

One of the new variants in the crypto ransomware family is the CTB-Locker which encrypts the victims hard drive and the victim has to pay a large sum in order to get the decryption key. The most famous strain of this is the CryptoLocker, which FBI and other authorities took down GameOver Zeus infrastructure which was used to distribute the Cryptolocker which significantly reduced the malware’s effectiveness.

Peace was only for a short time until the ransomware came in form of the Curve-Tor-Bitcoin (CTB) Locker. Traditionally CTB has been distributed through the Angler Exploit Kit. Now the new wave of CTB is being distributed from malicious spam messages.

The common infection vector of CTB is via an email containing a fake invoice, compressed in a “.zip” or “.cab” file. Once the archive is decompressed displays a decoy RTF document, and after 5 minutes drops the CTB-locker payload and then performs the encryption routine. Users infected are asked to pay two or three bitcoins and those who do not risk losing their files.

In early December 2014, there were several reports about yet another type of ransomware, VirRansom (see Protect Against Virulent Ransomware). Not only does it make data unavailable and lock your computer until you have paid the crooks the ransom they demand, but the key feature of the virus is in addition to taking your computer hostage it has a mechanism by which it spreads to others. Not only will it take your system hostage but also other systems which you communicate with by spreading the virus.

How can you prevent becoming a victim of Ransomware attacks?

1) Get educated about phishing. Never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting as you are reading it but you could end being a victim.

2) Make backups of all your critical data and software on a separate storage device that is not attached to your network or computer except only when backups are made (during which time you should be offline). Once backup is complete disconnect that drive from the network.

3) Use effective and constantly updated anti-malware tools.

4) Keep your operating system updated with the latest patches.

5)  Don’t click on photos or videos without first considering the consequences. If the person who sent it is someone you know, ask them. Better verify than being sorry later.

6) Download email attachments only from trusted sources.

7) If you think you are infected immediately disconnect your system from the network. Run your updated antivirus program. If it is a University owned asset (work computer) run McAfee antivirus and call IT Service Desk.

8)  Educate your employees, family members and friends about destructive malware. Please read this security alert by US-CERT on Crypto Ransomware

Do not pay the criminals. If you take the required precautions especially backing up your critical software and data, you can reinstall and have a clean copy of your files.

P.S :For Your Information- FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker (Please see Decyptolocker).