March 23, 2016
The Crypto Virus is unique. It is unlike anything you have encountered in the past. Sure, other forms of malware can disrupt your Web browsing, slow your machine to a crawl or pop up an endless stream of annoying ads. But this nasty bug has the ability to ratchet up your angst a number of ways. That’s because not only can Crypto encrypt your hard drive and hold your machine for ransom, but it can also infect any other peripheral connected to it, including the cloud. This is the same virus that so infected the servers of a local police department in Georgia that when the cops asked the FBI what to do, the feds told them to pay the ransom. Before your wired world gets turned upside down and your computers are held hostage, you had better read on so you can beef up your immunity to the nastiest bug in Cyberspace.
This is a headline on a recent LA Times column. In it, writer Michael Hiltzak details the digital mayhem caused to a local hospital, the LA County Department of Health Services and a school that lost access to their records due to Crypto. He also pointed out the fact that when it comes to calling the authorities, the FBI, while encouraging victims of ransomware to notify the Bureau, isn’t exactly going to mount a manhunt to bring the perpetrators to justice.
Last year, its cybercrime chief in Boston, Joseph Bonavolonta, was quoted telling a gathering of cybersecurity experts, “To be honest, we often advise people just to pay the ransom.”
The public is responsible for covering their online assets by installing anti-malware, by backing up their data and by being careful about the software they install and the emails they open. Even worse is the fact that this is a growth industry, where the bad guys can buyransomware on the gray market and they can use Bitcoins to cover their digital tracks.
Ransomware Takes a Byte Out of Apple
Even Macs, which are some of the most secure computers in the world, are not immune to ransomware. An app called KeRanger proved that when it quickly infected thousands of Macs by encrypting online photographs, spreadsheets, invoices and other targeted documents before demanding a ransom of $400. A blog on Wired.com reported that:
Anyone who downloaded one of two installers of Transmission version 2.90, between the hours of 11 a.m. PST on March 4 and 7 p.m. PST on March 5 is potentially affected. It’s not clear currently how many people that is, but if you downloaded that BitTorrent client recently, you should be aware of what’s coming.
The Clock is Ticking
Courtesy of www.youtube.com
Much like many forms of ransomware, KeRanger gives victims only 72 hours to pay up, or risk having their files permanently deleted. That leaves victims with precious little time to find an alternative to their problem. Even more terrifying is the fact that Crypto Viruses have the unnerving habit of evolving just as their biological counterparts do. To start off with, there are two genres of malware: Crypto and Locky. The first allows access to the machine but it encrypts infected files. The second simply locks the owner out of their machine. Recent developments have created subphylum of ransomware that hone in on soft targets.
ScareWare is a sheep in wolf’s clothing that sends victims an alert saying their system has been compromised and demands payment to correct the situation. This form of ransomware can easily be dealt with by any competent IT tech.
Lock-Screen Viruses will lock up your computer before displaying an FBI or Department of Justice logo that informs you that you have violated the law and must pay a fine. Just like scareware, most lock-screen viruses can be eliminated by a skilled IT technician.
KeRanger targets Macintosh computers.
CTB-Locker goes after WordPress websites.
GameOverZeus, while neither a Crypto or Locky virus, still inflicts financial losses because it specifically targets banking information. It then enslaves the infected machine which it uses to send out copies of itself via spam. It can also be used to directly infect machines or enslave them for use in Distributed Denial of Service attacks.
Courtesy of en.wikipedia.org
VirRansom, known as the AIDS of ransomware, this bug is a parasitic virus that leaveshundreds or even thousands of infected files on a system. This means that even one copy that goes undetected can spread the virus anew.
CryptoLocker sneaks in via e-mail. This last variant according to the US Computer Emergency Readiness Team can wreak the most havoc. That’s because CryptoLocker is designed to find, infect and encrypt files located on networks, external hard drives, USB drives and even the cloud.
If you want to take a crack at resolving scareware or lock-screen issues on your own, check out the blog on PC World entitled, “How to rescue your PC from Ransomware.”
To best protect yourself from the perils of ransomware is to do the following:
- Use a top notch antivirus/malware application installed and running on your system (including tables and smart phones). We use TrendMicro, but there are many top notch products out there. Avoid the free products, they generally have gaps in their protection.
- Add a second level of virus protection to your system by installing an anti-malware program such as Malwarebytes.
- Make sure you keep your antivirus/malware apps up to date. Having an expired or non-updated AV application is asking for trouble, and more often than not, you find it.
- Actively scan your computers, tables and smartphones on a regular basis. Not scanning on a regular basis widens the gap of discover. The longer a virus has time to do its dirty work, the harder it is to remove and eradicate.
- Have a bulletproof backup of your system that is not connected to your machine or network. This can be a backup to a flash drive, USB drive you use to make backups (that is not always connected) or an online service that you connect and disconnect from.
- When using a cloud backup service, make sure in includes revision management so that you keep earlier versions of your documents. This way, if a ransomware virus breaches your cloud connection, you may still have earlier revisions you can access and retrieve.
- It’s also a good idea to make different kinds of backup and restore points on your computer. Have multiple and frequent restore point could allow you to roll back a system to a date before the ransomware infection.
- Avoid opening any e-mail attachments unless you know specifically where they came from and what they represent. (Remember, the first thing many viruses do once they infect a system is to sniff out e-mail addresses to which they send a copy.) Since many crypto viruses come disguised as an e-mail from FedEx, UPS or USPS, beware of any suspicious e-mails from shippers.
- If you must open unfamiliar e-mails or surf questionable website, use protection. Install a program that prevents other programs from making changes to your system. One such program is Sandboxie (http://www.sandboxie.com) which works with a number of popular web browsers to intercept and isolate your machine from programs that try to run programs on your system. Also, there are many antivirus and utility applications that will lock your system setting to prevent third party apps from making changes. A good one that comes a freeware is Spybot Search and Destroy.
- Don’t leave your computer running all the time. If it’s running, it’s usually connected to the internet and thus, it is vulnerable to attack. Shut your system off at night, or at least set it to sleep mode. At Working the Web to Win, we do system maintenance weekly on our computers. The software we use (advanced system care) allows us to automatically shut the machine down when maintenance is complete. So at least once a week, we set it do maintenance, then the computer shuts itself off.
- Keep your Browser up-to-date and make sure you use antimalware plug ins to help keep the drive by anti-malware at bay. Many antivirus products provide browser support so make sure you install their plug-in’s as well.
- There are also browser plugin’s designed to rate the risk of many URLs’, even before you click on them. One such plugin is “Web of Trust”. This product flags URL with a color code, (Red=bad, yellow=caution, Green=good and gray=new).
- Many security threats begin in the social network world. That’s why my last suggestion is to have your anti-malware products audit your social networks for security weaknesses. Products like TrendMicro do these scans. Also, make sure you follow the suggestions of the social networks you use. Many of the big names, are actively asking their subscribers to self-audit and plug security loopholes.
Unless you want to revert to using a typewriter, you had better take heed as well as an ounce of prevention so you won’t wind up getting caught up in the Crypto Crunch.
Carl Weiss has been working the web to win since 1995 and has helped hundreds of companies increase their online results. He is president of W Squared Media and co-host of the weekly radio show Working the Web to Win which airs Tuesdays at 4pm Eastern on BlogTalkRadio.com. Click here to get his latest book "Working The Web to Win: When it comes to online marketing, you can't win, if you don't know how to play the game!".