What would you do if one day, you turn on your computer only to find an alarming message stating that your personal files have been hacked, encrypted and can no longer be retrieved unless you pay a certain amount? Unbelievable, right? But this horror story has happened so many times before, and it’s still being experienced worldwide! The culprit: a type of virus called the ransomware.
What is a Ransomware and how does it work?
The first well-known ransomware discovered in 2013 was called Cryptolocker. It was a Trojan Horse virus that infected Windows operating systems, mostly in the US and UK. It came as a phishing e-mail coming from seemingly legitimate companies, like FedEx, HSBC, Outlook, or even Amazon. The e-mail had an attached ZIP file that when opened, becomes an executable (.EXE) program immediately encrypting computer files, leaving the victim incapable of accessing them. The only way to retrieve the files is to get the unlock ‘key’ to decrypt your files but this isn’t stored on your computer. You have to pay a certain amount of bitcoins – not the normal type of money that we use everyday, but the decentralised
internet currency mainly found on the Dark Web. Bitcoins in exchange of valuable computer files, that’s why it’s called a “ransomware” – the only way to get the “key” is to pay for it! The Cryptolocker network was taken down in 2014 and no new occurrences are reported since then. But just recently, a new type of ransomware is making its way into headlines around the world, causing mayhem and panic to even the most secured networks.
NotPetya / GoldenEye : Deadly and Controversial
On June 27, 2017, a global cyberattack started hitting big banks, shipping ports, airlines, law firms, telecoms and other firms in Eastern Europe, specifically Ukraine being the worst victim. It was first believed to be the same as the 2016 ransomware called Petya, as it has the same behaviour of attacking Windows operating systems by infecting the master boot record (MBR), modifying it to encrypt the files on the hard disk then displaying a ransom message on the next start up. But it was later on dubbed as ‘NotPetya’ by networking security experts in Kaspersky and ‘GoldenEye’ by Bitdefender, because it’s basically much worse than the original Petya. One reason is that, as soon as it enters a corporate network, the bug spreads from computer to computer, encrypting the network’s file systems.
It was reported that GoldenEye made its way to corporate networks through a malicious software update of MeDOC – Ukraine’s most popular accounting software. This intel was also verified by Cisco and Symantec in their respective blogs.
To make it more controversial, most recent reports say that making money is not the real reason for the attack. Some security agencies now speculate that it was a deliberate attack on Ukraine’s compromised network systems, including those at Chernobyl Nuclear Power Plant, the scene of the world’s most devastating nuclear accident. Just last week, Ukraine’s cyberpolice raided the servers of the accountancy firm being blamed for all this, but later on denied the assumptions.
How can I prevent my computer from being infected by Ransomwares?
The thought of being a victim of viruses like Cryptolocker or GoldenEye can be terrifying. But there are things that you can do to prevent this from happening to you.
1. Use and maintain a trusthworthy security suite.
As the saying goes, “Prevention is better than cure.” Invest in a high-quality security program, more specifically the ones with real-time cyber security and malware protection. These safety features can shield your programs and files from offline/online security threats as well as prevent them from being held hostage by ransomwares.
But you don’t stop from there! Another part of having a powerful security system is maintenance. Your antivirus programs need to be updated regularly and your computer needs to be fully scanned and cleared all the time.
2. Keep Windows Security up-to-date.
Because of the recent happenings related to ransomware, it’s easy to say that it’s a Windows-only dilemma. Fortunately, Microsoft has already provided a remedy months ago by releasing the necessary patches to combat EternalBlue vulnerability in Windows, the exploit used by ransomwares like WannaCry and NotPetya to target vulnerabilities in Windows. If you haven’t installed the patch, now would be the perfect time to do it, otherwise, your computer is still at risk. It’s also highly-recommended to turn on automatic security updates for Windows just to be sure.
3. Backup your files on a regular basis.
It may sound like a lot of work, but having a secure backup of your important files will eventually pay off. If your computer gets infected by anything and your files are gone, you will thank yourself (and the gods of technology) for creating backups. There are also a lot of ways to do it. You can burn your files to CDs/DVDs or save them to a removable USB flash drive or an external hard drive. Your computer may also have a backup-and-restore utility that you can use or you can install a backup software. However, you’re not doing it right if you don’t have offsite backups. Aside from having backups on separate physical drives, you also have to store them in separate locations, such as in another place or on an online server.
4. Learn to identify phishing e-mails.
Most phishing e-mails disguise themslves as a respected person / company / organisation to trick you into thinking that the message came from a legitimate entity or contact. Aside from that, the sender could ask you to go to a certain link/URL to update details or unlock you account etc. It also usually requests for your personal information, especially bank account details. This is how they obtain and use the needed data for their attacks. Phishing e-mails can also ask for a payment together with a threat or warning if you don’t make the payment in time. Finally, phishing e-mails often have incorrect grammar and typo errors, something that a real company would never have in their e-mails.
If you receive an e-mail from a company you’re not associated with or from a person you’re not expecting a message from, forget about it. If in doubt, it is better to be safe than sorry.
5. Show hidden file extensions.
By default, Windows OS doesn’t completely show filenames. It normally hides the extensions. For example, the complete filename is ‘file1.doc’. Windows Explorer will only show this as ‘file1’. Similarly, with Cryptolocker, the attached file is named with the ‘.pdf.exe’ extension. So if you did not set your computer to show hidden file extensions, you would think that it’s just a normal and safe PDF file which can result to clicking it without suspecting. For the step-by-step procedure on how to show file name extensions in Windows Explorer, check this link.
6. Do not provide your personal details to unsecured sites.
Before giving out your information, especially your bank account details, to any website, ensure that it’s trusted and secured. Always remember that for a site to be considered safe, its URL has to begin with ‘https://’ and there should be a closed lock icon close to the address bar. Otherwise, it might be a phishing site in which your personal data can be used to malicious attacks.
7. Think before you click.
Most security threats launch and spread with a single click of a mouse. If the owners of the computers that got infected by ransomwares thought twice before clicking on the infected files/programs, they would have been saved from a major crisis. So always be careful in clicking random links especially from out-of-the-blue e-mails or instant messages. One way to preview the destination of a link is to first hover your cursor on the linked word, then wait for the target URL to appear. If the destination site seems suspicious, don’t bother going there. Viruses can immediately launch themselves and harm your computer in just seconds! There are also available plug-ins and add-ons that you can install on your web browser to keep your internet use safer.
These add-ons can do different things – like block unwanted advertisements from showing, prompt you if you’re going to an unsecured site or block your download if it’s unsafe.
8. Block .EXE attachments.
You can actually prevent your computer from receiving executable file attachments. Luckily, by default, Microsoft Outlook doesn’t allow receiving of .EXE files as attachments because of their potential risk of containing programs with viruses. Still, since Office 365 represents most e-mail services online, it is best to set it to block all attachments that contain .EXE files. Here is how to do it.
9. Move to Cloud Computing.
When your most important files are stored and accessed in the Cloud and not on your computer’s hard drive or on any other physical storage devices, there’s very little chance of these files being corrupted or affected by ransomwares. Aside from that, Cloud computing services utilise different security features to ensure that stored data are safe from these attacks. Even using these services for a backup of important files can save the day, but make sure you use a trusted provider like Google Drive, DropBox, iCloud or OneDrive for example.
What we can learn from these attacks is that while proper solutions are being discovered and some security threats are being taken down, more and more viruses and malicious programs will be developed by the bad guys. So what we need to do is always update ourselves on the latest trends and practice secure accessing and management of our files, may it be personal or organisational.
Remember, backup is the key as well! Make sure you have good backups offsite and do a regular test to make sure you can restore from them too. We have dealt with clients that have password protected backups then forgotten what the password was – almost the same as ransomware when the time comes and you need to restore!
To Our Clients
At Bureauserv, our Accountants use the most trusted cloud-based Accounting softwares like QuickBooks, Xero and MYOB so you can rest assured that your company’s private files and data are always safe and secured.