Category Archives: Endorsed

Ransomware in 2019

So yeah……….it’s almost a year in between my posts. It’s fine I guess – since the information is still good. Good things come to those who wait right?

First I’d like to make reference to an older post, and also say that this post will be updated with additional resource links later on.

INTRODUCTION

The landscape with viruses have changed and ransomware is the thing you don’t want to get. I’ve seen businesses come to a halt as a result of infections. And the main ways you get infected are:

  • Emails
  • Websites
  • Flash/Thumb Drives
  • User Database Compromise

So let me clarify each area so you know what to look out for.

EMAILS

This is the way I’ve seen most business places get infected. It starts out with one person innocently opening an email that either looks like it’s business-related, or it actually is business-related.

If it’s from a legitimate business contact then their system got infected. Other times it’s just random spam that seems legitimate. Usually opening the email does nothing – but you do have some which you should just avoid. Normally what happens is there’s a link or file attached and once the link is clicked or file is opened, then the system becomes infected.

WEBSITES

Sometimes a legitimate site can be hacked or get compromised. Links may be there along with pop-ups which may get accidentally clicked on. Some ransomware really just needs to get on the system – they don’t need user interaction – and then they start to work.

FLASH/THUMB DRIVES

This is somewhat self explanatory – you get infected once a drive is put in your system. Most times this method will require something to be run from the drive – and an AUTORUN file may assist the malicious program with installation.

USER DATABASE COMPROMISE

This one involves your password/s being stolen by hackers. A website that you may have access or membership to may get compromised and the user database gets leaked. These files are usually encrypted, but there are times when they may either not be encrypted, or the type of encryption used is easy to break by hackers. In this case you may either get emails including your password with threats to leak data. These can usually be ignored, but your common passwords should be changed immediately should this happen.

In other cases your email may be broken into – especially if your passwords are similar across sites – and then your details may be stolen or your account may be used to send out malicious software to your contacts.

PREVENTATIVE STEPS

There are a number of things that you can do to help with online safety. These include:

  • Using a password manager.
  • Practicing safe browsing.
  • Using an antivirus application.
  • Using backup services.
PASSWORD MANAGER

Many different tools exist. The most popular ones are probably RoboForm and LastPass.

SAFE BROWSING
  • Only go to sites that you know.
  • Don’t follow multiple links.
  • Beware the lure of web-based games on less known sites.
ANTIVIRUS

Most antivirus programs have free and paid solutions. While the free solutions work, they only offer basic protection. You would need to supplement with free anti-spyware applications as well. Purchasing one of the antivirus suites will usually provide adequate protection.

BACKUP SERVICES

This is by far the best route to go if you have critical files you don’t want to lose. Either as a business or an individual, it’s best to have some form of backup – locally or cloud based.

The disadvantages with local backups would be:

  • Some ransomware will lock the backup device.
  • Device failure.
  • Responsibility falls on you to maintain.

The disadvantages with cloud backups would be:

  • Time to download (if internet is slow).
  • Finding one to suit your needs and pocket.
  • Finding one with versioning.

Versioning is the ability to go back in time with a file. So if it gets infected you can go back a few dates/revisions to find an uninfected version.

EXTERNAL SOURCES

Here I’ll be placing some links to information about some known and not-so-known ransomware. LOCKY is probably the most popular one, and has had removal programs available. NOZELESN has been around for a few years and there’s still no “cure” for that as yet.

https://www.ccn.com/florida-man-fired-after-lake-city-suffers-massive-ransomware-attack/

The link above shows some of the things that can happen when your business gets infected.

On February 18, 2016, the Hollywood Presbyterian Medical Center paid a $17,000 ransom in the form of bitcoins for the decryption key for patient data.[17] The Hospital was infected by the delivery of an email attachment disguised as a Microsoft Word invoice.[18] This has led to increased fear and knowledge about ransomware in general and has brought ransomware into public spotlight once again. There appears to be a trend in ransomware being used to attack hospitals and it appears to be growing. [19]

You can see the original article on Wikipedia here: https://en.wikipedia.org/wiki/Locky

https://www.bleepingcomputer.com/forums/t/679953/nozelesn-ransomware-support-help-topic-nozelesn-how-fix-nozelesn-fileshtm/

The link above shows how discussions have been going on for years about NOZELESN with no fix.

IN CLOSING

The digital landscape changes every day, and protection is needed against malicious programs and persons. Sometimes we cause misfortune upon ourselves due to lack of knowledge, but sometimes we’re just unfortunately at the wrong site at the wrong time.

Being Jamaican I’d like to point out that there have been many incidents where local government sites got hacked. The major issue is that businesses and individuals give little thought to cyber security. This is something that needs to be taken seriously.

Hopefully this article helps. Keep safe online.

Shopping With USD Cards

INTRODUCTION

Jamaicans have been shopping online for some time now and this has given birth to various shipping companies. These companies will give you a US address that you can ship your items to once purchased. Some companies may even allow you to use their card (at a higher rate) to buy your things online. This information applies specifically to Jamaicans but may also be used for other countries.

THE PROBLEM

Visa Debit cards are becoming the norm with various banks and this means everyone can shop online. That’s good, but the bad is the exchange rate. Unless you have a USD account your price for USD$1 may range from JMD$127-JMD$135. I kid you not. The exchange rate is set by the vendor – not the bank and their daily exchange rate – and you will then also have to pay the bank a conversion fee. This makes no sense if you use your card locally as you’ll have to pay the conversion fee for local purchases, and some banks don’t allow you to have an additional card.

THE SOLUTION (PART A)

Use a second bank with a USD account and card strictly for online purchases. This allows you to buy USD at a lower rate from the bank and do your purchases in USD. But – there’s another problem. If you only use your card then that’s great! But sometimes vendors or services (like Amazon and PayPal) may detect that your account / card is located in another country and attempt to help you by offering to convert the USD to your home currency. This brings us to:

THE SOLUTION (PART B)

First you need to get to the checkout section of your purchase. For this we will be using eBay and PayPal since Amazon is somewhat more straightforward. For Amazon just tell it to bill you in USD and not in JMD.

So – for eBay/PayPal you first need to get to the point where you’re going to checkout.

Checkout 01You’ll get your total in USD and then the highlighted section will show you your total according to their conversion rate in your local currency. You don’t want this. You want it in USD to avoid additional fees of converting to JMD. So. There’s a small X in the right corner of the highlighted area. Click it or click on the little balloon icon in the bottom left of the highlighted area to show the next section.

Checkout 02This will now show you the conversion rate and there will be a small down arrow that you need to click.

Checkout 03Once you click that small arrow you’ll see an option that says “USE CREDIT CARD EXCHANGE RATE” – click on that.

Checkout 04Once done you will notice that the total is displayed in USD only and there is no JMD (local currency) listed anymore. This will allow the transaction to take place in USD which will not incur any additional fees for conversion.

If you don’t do this process you’ll end up paying more as the currency will be converted from USD to JMD then back to USD and you’ll be billed for each conversion plus have to pay at a higher rate when going back to USD.

Hopefully this will help when making your purchase online.