Here’s a very useful article from the EMSISOFT Blog:
Category Archives: Malware Tips
The Latest Ransomware Attacks
You all have probably heard of the latest threat–ransomware that hit a number of countries, but hit Russia the hardest. Are you vulnerable?
You really should have the latest version of your operating system installed. Remember that Windows XP is an end-of-life product and is no longer supported. It is vulnerable. Windows 7 and 10 are safer–but they need to have all the latest updates installed.
In addition–you need to have a current version of anti-malware/internet security software installed. Scan your system regularly. And, most importantly, you need to have your data backed up. Ransomware only attacks your data. If you have a copy of all your date, you can replace the encrypted files. BUT–that backup needs to be offline. If you have a system that is constantly backing up your data, it will back up the encrypted data and you’ll be out of luck. If you have a backup that is offline, your data can’t be overwritten.
We recommend having your data stored on an external drive and plug it in only when you are doing a backup. If you are using cloud backups, talk to the company’s tech support to be sure they have a second copy of your data archived so it can be retrieved if your data is compromised.
Latest Internet Threat
Recently, there has been a noticeable increase pfishing attacks–notably using the Google Docs scam. You get an email from someone offering to share a document on Google Docs. If you don’t have a Google account, don’t use Gmail or don’t have anything stored in Google Docs, you don’t have to worry. However, if you do use Gmail be advised that clicking on the link you are sent will allow hackers to download your entire Google history and Google contacts, etc. Just delete the mail. DO NOT click on the link!
Here’s a link to an article that talks about remediation: steps: https://motherboard.vice.com/en_us/article/massive-gmail-google-doc-phishing-email
The growth of online extortion
Ransomware first stated getting noticed around 2007. It grew slowly until 2014 and 2015. Between 2015 and 2016, the growth sharply increased. Experts predict that it will get worse in 2017 by about 25%.
Personal computers are not the only targets. It will be immensely more profitable to attack servers and hold them ransom. This can be very costly by causing business disruptions.
So–what to do? Install good anti-malware software and keep it updated, View unusual or unexpected email with suspicion, When in doubt, delete it. You can always reply to the sender if you think it might be legit.
let them tell you why they sent it.
Ransomware
This is really spreading. It can mess up your day. It can cost you big bucks!
The result of this nasty piece of malware is the encryption of your files that render them unreadable.
Here’s a link to a site that describes the problem:
CryptoLocker and clones
It’s been barely 19 months since the CryptoLocker virus started infecting computers around the world, but in that relatively brief time it has made a significant impression on thousands (some say millions) of computer users. It has also spawned a whole new category of cyber-criminal activity, known as encrypting ransomware.
Unlike earlier infections of this type, CryptoLocker and its successors follow best practices in their encryption methods. As a result, a user whose data files have been encrypted by one of these recent incarnations stands virtually no chance of successfully decrypting their encrypted files on their own.
The best way to recover from such an infection is to restore the files from a recent, unencrypted backup. But many users have discovered, too late, that their backups are nonexistent or, worse, have also been encrypted by the ransomware. In that case, the only reasonable chance of recovering those files is to pay the ransom.
But, is this a viable option? You will hear different opinions from different sources, many with their own built-in bias. I believe the most clear-headed, rational discussion of this issue appeared recently in a post by the British anti-virus software company Sophos, in their Naked Security newsletter. The article is titled “Ransomware – should you pay?” Here is a link to it: https://nakedsecurity.sophos.com/2015/03/19/ransomware-should-you-pay/.
Thanks to The Virus Doctor (Ken Dwight) for this article, as well as Sophos for their link.
Smartphone Security
I have written many times to make everyone aware that the bad guys are out there trying to infect your computer with bad stuff (malware). People are starting to take action to protect themselves.
With the increasing popularity of smart phones, the bad guys are out to make a buck where they can. They have written some pretty nasty stuff that can infect your phones. Some of this stuff is just meant to steal your data–like passwords, account numbers, etc. Others do to a phone what the software like CryptoLocker does to a computer. One such piece of malware is called Android/Simplocker. This malware, after gaining access to an Android device, scans the SD card for certain file types, encrypts them, and demands a ransom in order to decrypt the files. Needless to say, it could ruin your day.
Much of this bad software comes along with downloaded apps that are downloaded from unofficial sites. So a word to the wise–apps can be very useful for things from tracking your exercise history to showing you the best places to buy gas. Just watch where you get them. If in doubt, remember that Google is your friend–look for problems reported by other users and learn from their mistakes.
Oh–and another warning–you can also infect your iPhone! This is done mostly by clicking on questionable links on websites. The resulting malware spies on you and reports your vital stuff to those who can profit from it.
Scareware
In the past, we discussed rogue anti-virus programs. They are still around. They call themselves things like “Antivirus 2014.” I’m frequently asked why, if there is an internet security program installed on the computer, do these things keep showing up? Well, they are not technically a virus. Many are programs created with Flash and act like a movie playing. The problem is it’s a movie that you can’t turn off! No matter how many times you click on the “X” the windows keep appearing. Some versions open 10 or more windows in a really short time. Annoying, to say the least.
While many of these programs aren’t harmful (they aren’t busy deleting data), they can ruin your day and make your computer useless—they just fill up the screen and try to get you to pay money to get them to go away. They can also prevent you from navigating to an antivirus site where you might find a utility to remove them. When you try to access one of the many antivirus companies’ sites, you’ll be blocked.
There are a number of ways to get this junk to go away, but ror right now, restarting the computer in safe mode and doing a system restore may help. Once you do the restore, run MalwareBytes (you can get it from www.malwarebytes.org). This should pick up the bad stuff. If you don’t scan for malware, you will probably find yourself right back where you were at the beginning of the day. If this procedure makes you uncomfortable, just give us a call and we can assist you.
Celebrity Name Scams
A popular mail scam by those who are trying to get your personal info involves sending a mail with a link claiming to show you sensational news or pictures of celebrities or other famous people, including pop stars and politicians.
Don’t be fooled. Don’t click on the attachments. A big red flag would be if the attached file has a .zip extension. This guaranteed to cause you grief! Don’t do it. Use only your delete button here.
You are not going to learn anything about celebrities by clicking on these links, nor will you see pics of them in awkward situations. You will, however, most likely become infected with malware.
Also noted was the hacking of celebrities’ Facebook and Twitter accounts. Hackers take over these accounts to post malicious or outrageous comments.
Thanks to the Scambusters.org site for these hints.
Rogue Anti-Virus Scams
You all have heard of viruses. Like viruses that infect living beings, computer viruses infect your computer. They are software, and are often attached to other software or documents you might receive. When you run the virus’s software or the file the virus has infected, the virus can infect your computer’s software.
Viruses can gather email addresses from your computer and send itself to everyone you know. Sometimes this is just an annoyance—spreading spam and other useless messages. But sometimes it can carry what we call a “payload” that installs itself on your computer and really messes you up. We can save the discussion of the various kinds of viruses for another time. This time we’ll talk about something else.
I’ve had many calls from people who say their computer is infected because there is a big message on the screen that says it is infected. Then the message starts a “scan” that scares you to death. This is called a “Rogue Anti-Virus.” It’s actually a program that sneaked into your computer and is generating the message. The problem is, you can’t work, ‘cause the messages won’t go away. They keep popping up and trying to get you to give money to someone to clear it up. Don’t do that!
Don’t despair—get a trusted computer tech to help out. It takes just a little effort by someone who knows what they are doing to get rid of this pest. I’ll be posting some easy fixes on our website as soon as I get time.