Editor’s note: In late March we, the SLO Chamber, were hacked. More specifically ransomware infected one of our servers and brought a portion of our work load to a halt. It was let into our system, innocently enough, through one of our work stations and was discovered a couple of hours later when computers started to slow and files became inaccessible. Thanks to work from our IT provider, and frequent backups, we were up and running in less than an hour, with all information restored by early the next day.
Always looking for a learning moment and in an attempt to help our members avoid similar attacks we asked the people who know to share the prevention information below.
By Brian Weiss
What is “Ransomware?”
- Ransomware is malicious software (Malware) that cyber criminals use to hold your computer or computer files for ransom, demanding payment from you to get them back.
- A private decryption key must be purchased from the ransoms in order to decrypt the data. It is not possible to decrypt the data without the private key.
- Typical names of viruses and/or malware that behave as described above are: Crypto locker, Crypto Defense, Torrent Locker, Crypto wall, Tesla Crypt, and other similar variants.
What can users do to prevent ransomware, and other malware and viruses?
- Back up your data – The single biggest thing that will defeat ransomware is having a regularly updated backup. Maintain offline and offsite backups.
- Work cautiously with email
- Start with education – The best defense is an educated user that looks with suspicion at each email, URL, and attachment that comes their way.
- Always check who the email sender is – If the email is supposedly coming from a bank, verify with your bank if the message is legitimate. If the email came from a personal contact, confirm if your contact sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.
- Double-check the content of the message – There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
- Refrain from clicking links in suspicious emails – In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly without clicking the link. Links can be spoofed and take you to a different website than the link text displays.
- Refrain from opening attachments in suspicious emails – Do not open any attachments from suspicious emails.
- Show hidden file-extensions – One way that Crypto locker frequently arrives is in a file that is named with the extension “.PDF.EXE”, counting on Window’s default behavior of hiding known file-extensions. Un-hide file extensions to see the full file name.
- Patch or Update your software – Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto your system. It can significantly decrease the potential for ransomware-pain if you make a practice of updating your software often.
- Install security updates – Some vendors release security updates on a regular basis but there are often “out-of-band” or unscheduled updates in case of emergency. Maintaining security updates is a great defense against any Malware.
Infected? If you find yourself in a position where you have already run a ransomware file your options are limited. There are 3 steps you can take that might help mitigate the damage.
- Disconnect from Wi-Fi or unplug from the network immediately – If you run a file that you suspect may be ransomware, but you have not yet seen the characteristic ransomware screen, if you act very quickly you might be able to stop communication with the server before it finishes encrypting your files. If you disconnect yourself from the network immediately, you might mitigate the damage.
- Shutdown your computer immediately – Unplugging from the network or wireless will prevent network files from becoming encrypted, however there are still local files on your computer that will be compromised. Shutting down your computer will prevent further infection.
- Call your IT professional.
Brian Weiss is the owner of ITECH Solutions, a San Luis Obispo-based IT firm.