{"id":309,"date":"2019-08-18T23:59:34","date_gmt":"2019-08-19T04:59:34","guid":{"rendered":"https:\/\/carlosthomas.net\/blog\/?p=309"},"modified":"2025-11-17T18:46:03","modified_gmt":"2025-11-17T23:46:03","slug":"ransomware-in-2019","status":"publish","type":"post","link":"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/","title":{"rendered":"Ransomware in 2019"},"content":{"rendered":"\n<p>So yeah&#8230;&#8230;&#8230;.it&#8217;s almost a year in between my posts. It&#8217;s fine I guess &#8211; since the information is still good. Good things come to those who wait right?<\/p>\n\n\n\n<p>First I&#8217;d like to make reference to an older post, and also say that this post will be updated with additional resource links later on.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-carlos-039-tech-blog wp-block-embed-carlos-039-tech-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"XhFqKasOPV\"><a href=\"https:\/\/carlosthomas.net\/blog\/2015\/02\/viruses-spyware-in-2015\/\">Viruses &#038; Spyware in 2015<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"&#8220;Viruses &#038; Spyware in 2015&#8221; &#8212; Carlos&#039; Tech Blog\" src=\"https:\/\/carlosthomas.net\/blog\/2015\/02\/viruses-spyware-in-2015\/embed\/#?secret=sAcbIDc6Sg#?secret=XhFqKasOPV\" data-secret=\"XhFqKasOPV\" width=\"474\" height=\"267\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#INTRODUCTION\" >INTRODUCTION<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#EMAILS\" >EMAILS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#WEBSITES\" >WEBSITES<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#FLASHTHUMB_DRIVES\" >FLASH\/THUMB DRIVES<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#USER_DATABASE_COMPROMISE\" >USER DATABASE COMPROMISE<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#PREVENTATIVE_STEPS\" >PREVENTATIVE STEPS<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#PASSWORD_MANAGER\" >PASSWORD MANAGER<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#SAFE_BROWSING\" >SAFE BROWSING<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#ANTIVIRUS\" >ANTIVIRUS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#BACKUP_SERVICES\" >BACKUP SERVICES<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#EXTERNAL_SOURCES\" >EXTERNAL SOURCES<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/#IN_CLOSING\" >IN CLOSING<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"INTRODUCTION\"><\/span>INTRODUCTION<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The landscape with viruses have changed and ransomware is the thing you don&#8217;t want to get. I&#8217;ve seen businesses come to a halt as a result of infections. And the main ways you get infected are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Emails<\/li>\n\n\n\n<li>Websites<\/li>\n\n\n\n<li>Flash\/Thumb Drives<\/li>\n\n\n\n<li>User Database Compromise<\/li>\n<\/ul>\n\n\n\n<p>So let me clarify each area so you know what to look out for.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"EMAILS\"><\/span>EMAILS<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>This is the way I&#8217;ve seen most business places get infected. It starts out with one person innocently opening an email that either looks like it&#8217;s business-related, or it actually is business-related. <br><br>If it&#8217;s from a legitimate business contact then their system got infected. Other times it&#8217;s just random spam that seems legitimate. Usually opening the email does nothing &#8211; but you do have some which you should just avoid. Normally what happens is there&#8217;s a link or file attached and once the link is clicked or file is opened, then the system becomes infected.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"WEBSITES\"><\/span>WEBSITES<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Sometimes a legitimate site can be hacked or get compromised. Links may be there along with pop-ups which may get accidentally clicked on. Some ransomware really just needs to get on the system &#8211; they don&#8217;t need user interaction &#8211; and then they start to work.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FLASHTHUMB_DRIVES\"><\/span>FLASH\/THUMB DRIVES<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>This is somewhat self explanatory &#8211; you get infected once a drive is put in your system. Most times this method will require something to be run from the drive &#8211; and an AUTORUN file may assist the malicious program with installation.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"USER_DATABASE_COMPROMISE\"><\/span>USER DATABASE COMPROMISE<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>This one involves your password\/s being stolen by hackers. A website that you may have access or membership to may get compromised and the user database gets leaked.  These files are usually encrypted, but there are times when they may either not be encrypted, or the type of encryption used is easy to break by hackers. In this case you may either get emails including your password with threats to leak data. These can usually be ignored, but your common passwords should be changed immediately should this happen.<br><br>In other cases your email may be broken into &#8211; especially if your passwords are similar across sites &#8211; and then your details may be stolen or your account may be used to send out malicious software to your contacts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"PREVENTATIVE_STEPS\"><\/span>PREVENTATIVE STEPS<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>There are a number of things that you can do to help with online safety. These include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using a password manager.<\/li>\n\n\n\n<li>Practicing safe browsing.<\/li>\n\n\n\n<li>Using an antivirus application.<\/li>\n\n\n\n<li>Using backup services.<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"PASSWORD_MANAGER\"><\/span>PASSWORD MANAGER<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Many different tools exist. The most popular ones are probably <a href=\"https:\/\/www.roboform.com\">RoboForm <\/a>and <a href=\"https:\/\/www.lastpass.com\">LastPass<\/a>.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"SAFE_BROWSING\"><\/span>SAFE BROWSING<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only go to sites that you know. <\/li>\n\n\n\n<li>Don&#8217;t follow multiple links.<\/li>\n\n\n\n<li>Beware the lure of web-based games on less known sites.<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"ANTIVIRUS\"><\/span>ANTIVIRUS<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>Most antivirus programs have free and paid solutions. While the free solutions work, they only offer basic protection. You would need to supplement with free anti-spyware applications as well. Purchasing one of the antivirus suites will usually provide adequate protection.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"BACKUP_SERVICES\"><\/span>BACKUP SERVICES<span class=\"ez-toc-section-end\"><\/span><\/h5>\n\n\n\n<p>This is by far the best route to go if you have critical files you don&#8217;t want to lose. Either as a business or an individual, it&#8217;s best to have some form of backup &#8211; locally or cloud based.<\/p>\n\n\n\n<p>The disadvantages with local backups would be:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some ransomware will lock the backup device.<\/li>\n\n\n\n<li>Device failure.<\/li>\n\n\n\n<li>Responsibility falls on you to maintain.<\/li>\n<\/ul>\n\n\n\n<p>The disadvantages with cloud backups would be:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Time to download (if internet is slow).<\/li>\n\n\n\n<li>Finding one to suit your needs and pocket.<\/li>\n\n\n\n<li>Finding one with versioning.<\/li>\n<\/ul>\n\n\n\n<p>Versioning is the ability to go back in time with a file. So if it gets infected you can go back a few dates\/revisions to find an uninfected version.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"EXTERNAL_SOURCES\"><\/span>EXTERNAL SOURCES<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Here I&#8217;ll be placing some links to information about some known and not-so-known ransomware. LOCKY is probably the most popular one, and has had removal programs available. NOZELESN has been around for a few years and there&#8217;s still no &#8220;cure&#8221; for that as yet.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.ccn.com\/florida-man-fired-after-lake-city-suffers-massive-ransomware-attack\/\">https:\/\/www.ccn.com\/florida-man-fired-after-lake-city-suffers-massive-ransomware-attack\/<\/a><br><br>The link above shows some of the things that can happen when your business gets infected.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p> On February 18, 2016, the\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Hollywood_Presbyterian_Medical_Center\">Hollywood Presbyterian Medical Center<\/a>\u00a0paid a $17,000 ransom in the form of bitcoins for the decryption key for patient data.<sup><a href=\"https:\/\/en.wikipedia.org\/wiki\/Locky#cite_note-Hollywood_Hospital-17\">[17]<\/a><\/sup>\u00a0The Hospital was infected by the delivery of an email attachment disguised as a Microsoft Word invoice.<sup><a href=\"https:\/\/en.wikipedia.org\/wiki\/Locky#cite_note-Davis-18\">[18]<\/a><\/sup>\u00a0This has led to increased fear and knowledge about ransomware in general and has brought ransomware into public spotlight once again. There appears to be a trend in ransomware being used to attack hospitals and it appears to be growing.\u00a0<sup><a href=\"https:\/\/en.wikipedia.org\/wiki\/Locky#cite_note-19\">[19]<\/a><\/sup><\/p>\n<cite>You can see the original article on Wikipedia here: <a href=\"https:\/\/en.wikipedia.org\/wiki\/Locky\">https:\/\/en.wikipedia.org\/wiki\/Locky<\/a> <\/cite><\/blockquote>\n\n\n\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/forums\/t\/679953\/nozelesn-ransomware-support-help-topic-nozelesn-how-fix-nozelesn-fileshtm\/\">https:\/\/www.bleepingcomputer.com\/forums\/t\/679953\/nozelesn-ransomware-support-help-topic-nozelesn-how-fix-nozelesn-fileshtm\/<\/a><br><br>The link above shows how discussions have been going on for years about NOZELESN with no fix.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IN_CLOSING\"><\/span>IN CLOSING<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The digital landscape changes every day, and protection is needed against malicious programs and persons. Sometimes we cause misfortune upon ourselves due to lack of knowledge, but sometimes we&#8217;re just unfortunately at the wrong site at the wrong time. <\/p>\n\n\n\n<p>Being Jamaican I&#8217;d like to point out that there have been many incidents where local government sites got hacked. The major issue is that businesses and individuals give little thought to cyber security. This is something that needs to be taken seriously.<\/p>\n\n\n\n<p>Hopefully this article helps. Keep safe online. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>So yeah&#8230;&#8230;&#8230;.it&#8217;s almost a year in between my posts. It&#8217;s fine I guess &#8211; since the information is still good. Good things come to those who wait right? First I&#8217;d like to make reference to an older post, and also say that this post will be updated with additional resource links later on. INTRODUCTION The &hellip; <a href=\"https:\/\/carlosthomas.net\/blog\/2019\/08\/ransomware-in-2019\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Ransomware in 2019<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"pagelayer_contact_templates":[],"_pagelayer_content":"","_eb_attr":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10,1],"tags":[30,29,28],"class_list":["post-309","post","type-post","status-publish","format-standard","hentry","category-endorsed","category-info","tag-ransomware","tag-spyware","tag-virus"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4XHmQ-4Z","_links":{"self":[{"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/posts\/309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/comments?post=309"}],"version-history":[{"count":3,"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/posts\/309\/revisions"}],"predecessor-version":[{"id":677,"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/posts\/309\/revisions\/677"}],"wp:attachment":[{"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/media?parent=309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/categories?post=309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/carlosthomas.net\/blog\/wp-json\/wp\/v2\/tags?post=309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}