Ask Bob Rankin - Friday, June 7, 2019 at 12:07 AM
Ransomware: Are You at Risk?
The “No More Ransomware” Project
The U.S. National Security Agency has issued an advisory warning Microsoft
Windows users to update their computers to protect against a new security
vulnerability called BlueKeep. The NSA is worried that it could spread rapidly,
enabling a massive ransomware attack wave, similar to the WannaCry outbreak
that wreaked havoc in 2017.
You are a potential ransomware victim whether you are a major corporation, a
small business, or a home computer user. Ransomware doesn’t care whose computer
it infects. Distributors of ransomware will tailor their demands to the
victim’s pocketbook, and often adjust the price of decryption up or down during
communications with a victim. The group behind the Baltimore attack demanded a
$70,000 ransom, but city officials took the advice of the FBI and refused to
pay.
Outdated software with known security vulnerabilities is a common attack
vector. But ransomware attacks don't necessarily need to exploit software
flaws. They often come in the form of clever "phishing" emails that encourage
you to click a link, or open an important-looking document.
[No More RansomWare!]
The threat has become so great that several international organizations have
teamed up to fight it. The “No-More-Ransom”<https://www.nomoreransom.org> site
is an initiative of the National High Tech Crime Unit of the Netherlands’
police, Europol’s European Cybercrime Centre, Kaspersky Lab and Intel Security.
Its mission is twofold: preventing ransomware infections and helping the
infected recover their data without paying the crooks.
When you first visit the site, you’ll be asked whether you’re already infected
with ransomware. Answer “no” and you’ll be taken to the Prevention
page<https://www.nomoreransom.org/prevention-advice.html>, which is full of
advice on how to avoid becoming a victim. Many of these tips are things I have
urged upon my readers for years, including making multiple backup copies of
vital data, using robust anti-malware software, and keeping operating system
and application software up to date with the latest security patches.
Trust No One
Other good advice there includes “Trust no one. Literally.” Do not click on any
link or file attachment - even if it seems to have been sent by your bank, your
brother the IT administrator, or your Mom - until you know what you are
clicking on. If a message seems out of the ordinary, call your contact and ask
if he or she sent it. No account is safe from hacking or impersonation
(“spoofing”).
For further protection, enable the ‘Show file extensions’ option in the Windows
settings on your computer. To do so, type “folder options” in the Start menu’s
search box and click on “Folder Options” in the search results. In the dialogue
window that opens, select the “View” tab. Uncheck the box next to "Hide
extensions for known file types". Click “OK” to save this change and close the
dialogue window.
The purpose of showing common file extensions is to help you spot executable
files (programs) that are disguised as non-executables. With “hide extensions”
enabled, a file named WatchMe.avi looks like a video file. But with all
extensions revealed, it may be WatchMe.avi.EXE and that is a big red flag. If
you see multiple file extensions, delete the file without opening it.
Are You Infected?
If you answer “yes” to the question, “Are you already infected with
ransomware?” you will be taken to a series of pages that can help diagnose and
treat the infection. The site’s “Crypto Sheriff” page asks you to upload two
samples of encrypted files from your hostage hard drive. These are analyzed for
patterns used by known variants of ransomware.
You will also be asked to send “any email or/and website address you see in the
RANSOM DEMAND.” The ransom note itself contains clues to the identity of the
hostage-takers and the ransomware that infects your computer.
The site will look for a decryption key or method in its extensive database of
known ransomware. Hopefully, it will provide a solution that you can use to
decrypt your data without paying the bad guys any money.
You might also benefit by reading the Ransomware
Q&A<https://www.nomoreransom.org/en/ransomware-qa.html> page, which goes into
detail on the history of ransomware, the various forms it can take, and how a
ransomware attack works.
I urge you to take the preventive measures listed on the
NoMoreRansom.org<http://NoMoreRansom.org> website, and keep the address handy.
You or a friend may find it handy one day.
Your thoughts on this topic are welcome. Post your comment or question below...
https://askbobrankin.com/ransomware_are_you_at_risk.html
David Goldfield
Assistive Technology Specialist
Feel free to visit my Web site
WWW.DavidGoldfield.info<http://WWW.DavidGoldfield.info>