The Sky Is Falling!
With a nod to Chicken Little…
Massive Ransomware Outbreak!
By now I’m willing to bet good money you’ve all seen the various news articles telling you to bend over and kiss your ass goodbye if your computer is connected to the Internet today.
In point of fact, the ransomware issue is getting worse by the day. There are also new articles every day telling you how screwed you are about to be.
Is all this true?
Well, as with most things the media gets into, the answer is yes… and no.
- if you have all of the current patches and updates from Micro$oft – and
- if you have a good antivirus that is correctly updated – and
- if you have a current backup – and
- if you don’t click on the bad things –
You’re going to be OK.
But those are a lot of ifs in one sentence.
Let’s take those one at a time.
Windows patches and updates can be a two-edged sword. I’ve seen more occasions of a Windows update completely hosing a computer that I can even remember. A few years ago we had a brand new network of Dell computers that came up with no email on Monday. This was due to a Windows update a 3 AM that completely vaporized the email accounts on every single computer. This is why I personally do all the security updates and then SHUT OFF UPDATES.
This is also why you should go to Windows Update and make sure you have all the current patches and updates. NOT drivers or software updates. But Security, Rollups, Patches – YES. To do this, click on the Start button (at the end of your task bar) and type in “Windows Update”. Click on the top item in the results and click on the “check for updates” option. Check off all of the above and tell it to install. This could take some time, so make sure you’ve closed all open applications and that you can leave your computer alone for awhile to complete this task. Odds are you will need to reboot to complete the update. This also could take as much as an hour to complete. Be prepared for this.
That brings us to Antivirus
I’ve covered this topic more times that I can possibly count over the last 20+ years (feel free to search this blog) but I’m going to say it again. All antivirus products are NOT created equal. Most people assume that as long as they have any antivirus, they are protected. That is very simply not true. In the course of my work I use a handful of different products. I use cleaners to remove debris, Malwarebytes to extract some of the bugs and unwanted add-ons, manual registry and file system cleaning – and AVG for the full scrub of the system.
Then I uninstall everything but AVG.
From my experience, Malwarebytes is a fine tool, but it causes significant performance degradation. Also, every single time I have removed bugs with Malwarebytes, I have found even more that it missed with the AVG scan.
Additionally, NO Antivirus product is fully effective in its default install condition. They all need to be fine-tuned to be completely effective.
And to top it off, NO FREE Antivirus is the protection you NEED. There is no anti-malware company giving away their flagship product. And you do want their flagship product.
It’s a lot like motorcycle helmets.
Do you want the cheap one or the best one?
What is your head worth to you?
The same goes for your data.
And then there is the Backup issue
You DO have a backup, right?
You need both a local physical backup and a cloud-based backup to truly be covered.
If you have a local (physical hard drive) backup, you want to disconnect it this morning until you know your computer and antivirus are updated. If you are hit with ransomware, it will encrypt any data drive it can reach, which includes other computers, servers and external hard drives. If you have cloud-based backup, you will want to have your storage provider scan the cloud data before you try using it to restore any files lost to encryption.
There are numerous sources of distribution for ransomware and Identity Theft scams. Emails are high on the list for phishing scams, but there are so many infected web servers that will ruin your day that it is literally impossible to keep track. Any web server without fairly iron-clad security is a target. Once it is compromised, the attackers load it up with malware and push out ads and fake web listings the redirect your browser to the infected server – and VOILA! Your day is ruined. Always be circumspect about what you click on. Emails that purport to give you airline vouchers (the latest scam), FedEx, USPS, UPS, delivery notifications have all been sources of infection lately. Anything with an attachment or live link in your email should be carefully evaluated before clicking on anything. Even emails from people you know can be infected. I would go so far as to suggest contacting anyone you get something like that from and verifying they intended to send it to you.
Back to the latest news
There have been numerous reports of the latest ransomware attack (code-named WannaCry) that to date has affected 200,000 people in 150 countries. And that’s in a span of about 3 days. The irony of this little gremlin is that at its core, it gets its hooks into your computer using “tools” developed by our very own NSA for purposes of exploiting Windows computers and eavesdropping on Americans. If the irony of this fascinates you, read this article in The Intercept. This latest viral outbreak took down hospitals across England, forcing cancellation of surgeries and a plethora of other problems. It attacked universities, FedEx, the Russian Interior Ministry and a Spanish telecom company among others. This particular event targeted large corporate entities more than run-of-the-mill end-users, which is far more lucrative. This alone sets WannaCry apart from its predecessors.
Ransomware, for those unfamiliar with the term, is a situation where a malicious script infects your computer, encrypting every file you care about and demanding money to decrypt it. This concept has been a problem for roughly the last 3 years, with millions of dollars raked in annually by cyber-bullies primarily in Russia. The odds of you getting your data back from a ransomware attack without forking over the money is near zero. Don’t think you’re going to find some magic bullet to recover your data. It very simply will not happen. If you have a backup (that escaped encryption) you’re golden. Otherwise – you’d better give them what they want. In fact, that is the FBI’s advice.
If you see any of these images
(or anything like them):
PULL THE PLUG
Literally – unplug your computer from the wall IMMEDIATELY. This gives you some hope of recovering some of your data.
If this happens to your laptop, hold the power button down for about 10 seconds – or until it powers off. Then remove the battery if possible.
This is because your data files are not all encrypted simultaneously. They are encrypted one at a time. If you pull the plug (and then bring your computer to me) you stop the encryption process at that point in time. If you reboot your computer, though, the process picks up where it left off. Then you will definitely need to cough up some serious dough to the perpetrators if you ever want to see your data again.
I have a hard drive on ice for 3 years waiting for some bright individual to reverse-engineer the decryption to one of the early reansomware products. Every single photo this family ever took is encrypted on this hard drive – with no duplicates or backups.
If you have fallen victim to this nasty bit of ransomware, you’re in luck. A WannaCry Decrytion Tool has just been released. Every now and then there is some good news…
I’ve recently seen people telling the world that Macs are as much at risk as PCs for ransomware. That very simply is not true. Until very recently, the only mass-market infections capable of compromising the venerable Mac OS were essentially proof-of-concept viruses. The only way to contract them was (and is) to download pirated software. Recently, a fully functional ransomware was released against Mac OS. Again, you had to be downloading pirated software to run afoul of it. There recently has been a widely distributed phishing scam in Europe, which has not made it to the US as of this writing. Apple, however, has neutralized it and at this time there is nothing “live” on the horizon. That, of course, will change.
PCs will always be a bigger target than Macs. It’s a numbers thing. Macs are a very small percentage of the overall computing market. When you set out to target computers for purposes of outright theft or Identity Theft – or Ransomware, you want to cast a very large net. In other words you want the most bang for your buck. So do you target the Apple platform with roughly 6% of market share? Or do you target the other 94%? Go ahead. Take a minute before you answer.
That’s right! You target the largest market share. This is why there are a LOT more viruses for PCs than for Macs. But that doesn’t mean you can assume you are entirely without risk because you use a Mac. Those days are over.
So what do you do today?
Run Windows Update manually and ONLY install service packs, security updates, security rollups and Windows Defender updates. Then reboot.
Update your antivirus. Hopefully it is AVG CloudCare or Business Edition and I personally configured it. If so, you have the best possible protection money can buy. If not…
If you have a Mac, I personally use, install and recommend ClamXAV. It’s a great product that won’t dramatically impact your performance.