due to a coding error, new Power Worm ransom ware can not retrieve your data
so you pay and still don't get data back !
http://www.bbc.com/news/technology-34765484
for anyone not aware of it
malwarebytes.com is awesome getting rid of malware
- but it may not work on ransomware
Stephen
so you pay and still don't get data back !
http://www.bbc.com/news/technology-34765484
for anyone not aware of it
malwarebytes.com is awesome getting rid of malware
- but it may not work on ransomware
Stephen
willie_901
Mentor
This is powerful motivation to invest the time, effort and money to implement a rigorous data back up system.
squirrel$$$bandit
Mentor
Yeah, everyone should have physical backups at home and backups in the cloud! I recommend backblaze, $5/month and it works great.
Scapevision
Well-known
I have a separate computer for all work related things that isn't connected to the internet.
ColSebastianMoran
( IRL Richard Karash )
The Head Bartender is right on the mark here.
Here are my recommendations:
- Remove FLASH and Java from your systems. New vulnerabilities appear continuously.
- OK, we need FLASH for many photo sites; run FLASH only in Google Chrome which is a somewhat protected environment. Chrome will update it automatically.
- If you use an Android phone, seriously consider changing; Google and partners have to figure out how to update these timely
- Install all security updates on all devices immediately as their appear. Automatic updating is a good idea.
- Use a strong unique password at every site and login
- Use a password manager program to make this practical
- Don't click on links in emails. Ransom-ware is often distributed in an urgent-looking email, e.g. "Click here or you'll be fined $1000 for a toll booth violation."
Samouraï
Well-known
Thanks for the advice, those are all great points. I currently have a BlackBerry Passport, and have been considering the BlackBerry Priv. I'm on the fence as I really haven't been a fan of Android as an OS in the past.
squirrel$$$bandit
Mentor
Agreed on all counts, though I'm not well informed about the phone thing. It is true that OSX and Linux are less vulnerable to attacks than windows, at least for now. Flash is horrible, and I don't know why Adobe is still in that business.
A password manager is a great thing. I recommend 1password, and it will work on your phone too.
A password manager is a great thing. I recommend 1password, and it will work on your phone too.
btgc
Mentor
I don't have Flash or Java on private computers. When site requires Flash I skip it. Youtube is example flash isn't mandatory. Sites not moving on from flash will end up same way.
Regarding backups - when I connect external disk it can get infested as well. How to do backups safely?
I imagine there should be a gate between PC and backup device/site. Share your techniques.
Regarding backups - when I connect external disk it can get infested as well. How to do backups safely?
I imagine there should be a gate between PC and backup device/site. Share your techniques.
willie_901
Mentor
Yes, Flash is evil on several levels and Java is security sieve. The former is not worth fixing and the latter may be unfixable.
With regard to ransomware the backup strategy would start with a working system. A few ransomeware variants do encrypt external drives, but these are rare. Whenever new irreplaceable files were added, an external drive would be physically connected and an incremental backup would occur. It is possible to have sleeping ransomware that would wake up when an external drive was detected. I am not aware of any examples of this.
For very important irreplaceable files (such as images), performing automated, incremental backups to the Cloud is a useful defense. I am not aware of ransomeware that affects Cloud storage. By the way, if you have you own, private internet hosting site, you can set up a private Cloud back up system. It is more convenient to use places such as DropBox, iCloud, GoogleDrive Amazon Cloud Drive - just to name a few. Some people feel these sources are untrustworthy.
BillBingham2
Registered User
With the cost of external drives and the space they provide on a wacky relationship (costs come down, space goes up) there is no excuse for anyone.
Also USB 3.0 rocks with respect to speed of moving data.
An alternative approach is to try VM Box as an approach for basic dinking around browsing. I'm setting up a Virtual Machine with the basics, making a copy (my baseline) and then when I poke around on the net I use the VM. If I get hit with bad-stuff (e.g. MalWare, RansomWare) I just delete the VM, copy another, and go back to what I was doing. VM Box works on Mac, Window, and Linux. There is a hint that you might be able to run Mac VMs on a Mac in the future (for the rest of us.....).
Backup often, backup to differnt media (different drives) and have fun!
B2 (;->
Also USB 3.0 rocks with respect to speed of moving data.
An alternative approach is to try VM Box as an approach for basic dinking around browsing. I'm setting up a Virtual Machine with the basics, making a copy (my baseline) and then when I poke around on the net I use the VM. If I get hit with bad-stuff (e.g. MalWare, RansomWare) I just delete the VM, copy another, and go back to what I was doing. VM Box works on Mac, Window, and Linux. There is a hint that you might be able to run Mac VMs on a Mac in the future (for the rest of us.....).
Backup often, backup to differnt media (different drives) and have fun!
B2 (;->
btgc
Mentor
That asks for some comments. If local program can read and write cloud storage then it's possible to replace files there with encrypted files.
If cloud storage isn't affected then in some sense it looks like a call to move from local storage to cloud. Who looses and who benefits from this? You figure yourself.
BillBingham2
Registered User
I have three different aspects that I use.
First is based on a CD/DVD RW Drive USB 2.0 drive that I got from Wallyworld online for about $25 USD. It works on my macs as well as my windows boxes. One night a month, I put a new DVD into the drive and drag all the folders that hold data to the blank DVD. I have copies of the programs I use also on DVD that are stored in an ammo box down in the basement.
Then I have two USB 3.0 removable hard drives that I drag my files to every couple of days in a round-robin sort of thing.
The third is on my families Macs, I have Time Capsule working on a 2TB drive attached to the router.
I used to use tapes and CDs but the size of DVDs has made life a lot easier.
Another thing is when you system is feeling slooow look at what is going on. What tasks are running in the background that could be encrypting your files. Encryption takes cycles that slow your computer's responce down. Check the task manager, all processes and such places, sort my CPU load, Memory used, and look for something that doesn't feel right. If you think you have something take a picture of what you see (with your phone) and pull the power on the system, just shut it down hard and quick. Then on a different computer try to see what is up. Don't power up your computer that you think is infected until you know the risks.
What I have done for my Windows based systems is build a small flash drive that I can boot each from incase I need to do some scanning. While you can have encryption at the BIOS level, I don't know about any RansomWare doing that. If you boot from a clean drive you should be able to inspect what your main drive was doing. I think I can do the same thing on my Mac, but haven't tried yet.
Hope this helps you guys/gals think about options that would work for you.
B2 (->
willie_901
Mentor
Just because more complicated ransomware hasn't appeared in the wild doesn't meant it never will. So your point is valid. At the same time I think about these things in terms of risk reduction. If criminals make money using a simple tool they are not motivated to develop a more complicated tool. Right now a small percentage of people a backup their data at all and a minuscule percentage use the Cloud for regular backups.
I wouldn't describe using remote data backup as a "a call". I would use the term risk reduction strategy. You benefit since your irreplaceable data is less likely to be ransomed.
I describe a completely different option for ransomware protection in a following post.
willie_901
Mentor
Update: Whitelisting
Update: Whitelisting
A somewhat inconvenient, but very effective, means to dramatically reduce risk exposure to ransomeware is whitelisting.
Whitelisting is software that only permits execution of code (i.e. privileges, etc ) to a list of specific executables. All other executable calls will be ignored or blocked.
This is the exact opposite to the strategy of blacklisting where a list of malicious executables is maintained to block calls. Most antivirus software is based on blacklisting
The advantage of whitelisting is one does not have to continuously discover and then update the list of blocked executables. The disadvantage is one must add new programs or other valid functions to the list.
In OS X a whitelist can be created in the System Preferences Parental Controls Pane. It is annoying to add every new App (except for those purchased in the App store) to the whitelist. On the other hand, except for a Safari-based social engineering Java script ransomeware scheme (one had to click on a fake FBI Warning), so far ransomeware is unknown on OS X. Fortunately simply doing a Safari Reset removed the problem. That is, nothing was encrypted.
In Windows there are third-party whitelist solutions. Large corporations use these products. In this case the whitelist is implemented and controlled over the company's network. This means the only way for criminals to implement ransomeware is via social engineering (deception of IT employees or IT contractors who have whitelist privileges). Consumer whitelist solutions are available, but I don't know anything about them.
I am told Windows 10 has a Windows Device Guard function that implements whitelisting. I don't know any details. Unfortunately, while Vista had a User Account Control function, it was hacked after a few months.
Update: Whitelisting
A somewhat inconvenient, but very effective, means to dramatically reduce risk exposure to ransomeware is whitelisting.
Whitelisting is software that only permits execution of code (i.e. privileges, etc ) to a list of specific executables. All other executable calls will be ignored or blocked.
This is the exact opposite to the strategy of blacklisting where a list of malicious executables is maintained to block calls. Most antivirus software is based on blacklisting
The advantage of whitelisting is one does not have to continuously discover and then update the list of blocked executables. The disadvantage is one must add new programs or other valid functions to the list.
In OS X a whitelist can be created in the System Preferences Parental Controls Pane. It is annoying to add every new App (except for those purchased in the App store) to the whitelist. On the other hand, except for a Safari-based social engineering Java script ransomeware scheme (one had to click on a fake FBI Warning), so far ransomeware is unknown on OS X. Fortunately simply doing a Safari Reset removed the problem. That is, nothing was encrypted.
In Windows there are third-party whitelist solutions. Large corporations use these products. In this case the whitelist is implemented and controlled over the company's network. This means the only way for criminals to implement ransomeware is via social engineering (deception of IT employees or IT contractors who have whitelist privileges). Consumer whitelist solutions are available, but I don't know anything about them.
I am told Windows 10 has a Windows Device Guard function that implements whitelisting. I don't know any details. Unfortunately, while Vista had a User Account Control function, it was hacked after a few months.
Rob-F
Likes Leicas
Isn't FLASH what YouTube uses? Or have I got that wrong? Gee, I would feel really deprived without YouTube! I like to watch and listen to the violinists--especially Sarah Chang!
MaxElmar
Well-known
Java (not Java Script) is required for older versions of Adobe CS, is it not? But not for Adobe CC, as far as I can tell. Flash can be manually controlled by the "Click to Flash" plugin in Safari if you don't want to use Chrome.
And Willie - thanks for the tip on using Parental Controls as a whitelist utility! Great idea.
And Willie - thanks for the tip on using Parental Controls as a whitelist utility! Great idea.
photomoof
Fischli & Weiss Sculpture
Yes, each time I install a new OS, CS complains about missing Java.
Youtube has moved to HTML 5, mostly because of Apple. They simply could not afford to lock out all Apple users.
Rob-F
Likes Leicas
Good to know, thanks. I'm thinking maybe this thread should become a sticky. I know I need to take more precautions against losing my images. I am using Apple Time Machine. I would like to learn to use my external hard drives in some systematic way to have better backup. I've been pretty haphazard about it.
I'm also feeling the need for a new brand of hard drive. I've had two western Digitals conk out on me. Any suggestions for a high-reliability brand?
YYV_146
Well-known
Agree on everything here. For Android, consider looking into the Google Nexus line. They are (at the least) on par with Apple in terms of security.
Using a Mac does not absolve you of duty to purchase (and update) antivirus. ~10 years ago Macs were generally secure enough on their own. This is not the case as of 2015.
Using Chrome (on any device) is a good idea in general. Their Sandbox is fairly competent and should be a good first line of defense.
For Android phones, don't install anything that looks suspicious. Even if an app comes from the Play Store, take ~10 second to review the permission requests before installing. A music player has no reason to be peeking in your contacts list.
...and some other (perhaps more technical things):
If you have a windows 8/10 laptop with an SSD, considering encrypting your main drive. HDDs do tend to slow a bit with device-level encryption.
If you have an Apple laptop, make sure your OS is no further than 1-2 generations behind the latest. Running Snow Leopard in 2015 is a bad, bad idea.
Use a secondary email address for mailing lists and general sign-ups. Make sure this has a password that's not shared with your online bank account, etc.
Flash is actually not *too* bad in this age. Efficiency-wise it's a hog, but the true proverbial fault point is Java. Java needs to burn in hell. Don't install it if your work doesn't absolutely depend on it. Java has year-old, glaring security issues yet to be patched. Malware loves them.
YYV_146
Well-known
For the most part drive failure is quite random. A business-class drive might give you higher life expectancy, but even those might break after a few months (or even weeks, if you're super-unlucky). It has been said that on average, one of Google's server drives breaks every second. So instead of shelling out for so-called premium HDDs, I would simply double-backup anything.
If you have a ton of photos (>2-3T), a RAID 5 solution will save space and money, but those solutions tend to be relatively expensive at smaller sizes.