Tag Archives: ransomware

Ransomware in 2019

So yeah……….it’s almost a year in between my posts. It’s fine I guess – since the information is still good. Good things come to those who wait right?

First I’d like to make reference to an older post, and also say that this post will be updated with additional resource links later on.

INTRODUCTION

The landscape with viruses have changed and ransomware is the thing you don’t want to get. I’ve seen businesses come to a halt as a result of infections. And the main ways you get infected are:

  • Emails
  • Websites
  • Flash/Thumb Drives
  • User Database Compromise

So let me clarify each area so you know what to look out for.

EMAILS

This is the way I’ve seen most business places get infected. It starts out with one person innocently opening an email that either looks like it’s business-related, or it actually is business-related.

If it’s from a legitimate business contact then their system got infected. Other times it’s just random spam that seems legitimate. Usually opening the email does nothing – but you do have some which you should just avoid. Normally what happens is there’s a link or file attached and once the link is clicked or file is opened, then the system becomes infected.

WEBSITES

Sometimes a legitimate site can be hacked or get compromised. Links may be there along with pop-ups which may get accidentally clicked on. Some ransomware really just needs to get on the system – they don’t need user interaction – and then they start to work.

FLASH/THUMB DRIVES

This is somewhat self explanatory – you get infected once a drive is put in your system. Most times this method will require something to be run from the drive – and an AUTORUN file may assist the malicious program with installation.

USER DATABASE COMPROMISE

This one involves your password/s being stolen by hackers. A website that you may have access or membership to may get compromised and the user database gets leaked. These files are usually encrypted, but there are times when they may either not be encrypted, or the type of encryption used is easy to break by hackers. In this case you may either get emails including your password with threats to leak data. These can usually be ignored, but your common passwords should be changed immediately should this happen.

In other cases your email may be broken into – especially if your passwords are similar across sites – and then your details may be stolen or your account may be used to send out malicious software to your contacts.

PREVENTATIVE STEPS

There are a number of things that you can do to help with online safety. These include:

  • Using a password manager.
  • Practicing safe browsing.
  • Using an antivirus application.
  • Using backup services.
PASSWORD MANAGER

Many different tools exist. The most popular ones are probably RoboForm and LastPass.

SAFE BROWSING
  • Only go to sites that you know.
  • Don’t follow multiple links.
  • Beware the lure of web-based games on less known sites.
ANTIVIRUS

Most antivirus programs have free and paid solutions. While the free solutions work, they only offer basic protection. You would need to supplement with free anti-spyware applications as well. Purchasing one of the antivirus suites will usually provide adequate protection.

BACKUP SERVICES

This is by far the best route to go if you have critical files you don’t want to lose. Either as a business or an individual, it’s best to have some form of backup – locally or cloud based.

The disadvantages with local backups would be:

  • Some ransomware will lock the backup device.
  • Device failure.
  • Responsibility falls on you to maintain.

The disadvantages with cloud backups would be:

  • Time to download (if internet is slow).
  • Finding one to suit your needs and pocket.
  • Finding one with versioning.

Versioning is the ability to go back in time with a file. So if it gets infected you can go back a few dates/revisions to find an uninfected version.

EXTERNAL SOURCES

Here I’ll be placing some links to information about some known and not-so-known ransomware. LOCKY is probably the most popular one, and has had removal programs available. NOZELESN has been around for a few years and there’s still no “cure” for that as yet.

https://www.ccn.com/florida-man-fired-after-lake-city-suffers-massive-ransomware-attack/

The link above shows some of the things that can happen when your business gets infected.

On February 18, 2016, the Hollywood Presbyterian Medical Center paid a $17,000 ransom in the form of bitcoins for the decryption key for patient data.[17] The Hospital was infected by the delivery of an email attachment disguised as a Microsoft Word invoice.[18] This has led to increased fear and knowledge about ransomware in general and has brought ransomware into public spotlight once again. There appears to be a trend in ransomware being used to attack hospitals and it appears to be growing. [19]

You can see the original article on Wikipedia here: https://en.wikipedia.org/wiki/Locky

https://www.bleepingcomputer.com/forums/t/679953/nozelesn-ransomware-support-help-topic-nozelesn-how-fix-nozelesn-fileshtm/

The link above shows how discussions have been going on for years about NOZELESN with no fix.

IN CLOSING

The digital landscape changes every day, and protection is needed against malicious programs and persons. Sometimes we cause misfortune upon ourselves due to lack of knowledge, but sometimes we’re just unfortunately at the wrong site at the wrong time.

Being Jamaican I’d like to point out that there have been many incidents where local government sites got hacked. The major issue is that businesses and individuals give little thought to cyber security. This is something that needs to be taken seriously.

Hopefully this article helps. Keep safe online.