There are two methodologies in the world of security. Those who anticipate and prepare, and those who react after the fact. It’s becoming less and less desirable to be the “reactor”. Proper planning and the right security policies and procedures could be the difference between safety and total destruction of data. Lately, here’s why.
We recently have become aware of a new variant on a classic ransome-ware virus. You may recall a similar one, the FBI has locked your computer (it’s not the FBI) and in order to regain access, you need to wire-transfer money at CVS or Walgreens? That infection was simple to remove and no money had to transfer hands. However, hackers seem to be getting desperate to get paid. A new encryption virus has been released that is much, much more dangerous – to the point where the virus is guaranteed to win!
…unless you can avoid it in the first place.
This ransome-ware virus silently installs on your computer and gradually encrypts files. You don’t even know it’s there. Then after a period of time, puts a notification on your screen that says if you want your files, you have to pay. Here’s the kicker though, not only do the hackers lock up your files, the virus will also get into network drives and lock up those files too! So it’s not just the data on your computer that’s at risk, your entire home or business network is at risk.
The virus currently uses 2048 bit strong encryption. In simple terms, think of it as a two thousand forty eight character password that’s completely random. Unless you protect yourself and keep that virus from getting into your network in the first place, all your important accounting, customer records, contracts, design data, photos, videos, databases, everything… could be gone in a flash. “But encryption can be broken?” You ask, “People say they can break cyphers given enough time and resources.” Yes, this is true, but unless you want to invest the time and money into hacking into it, once you’ve been compromised, you might be better off accepting your losses because breaking in can take months or years to complete, it’s gotten to the point where it might not happen in our lifetimes. Oh and if you’re thinking of paying those people, please, PLEASE, DON’T! It will only support and encourage them to break in more and more. You would provide them with the resources to become even more destructive.
Encryption works almost perfectly. It is extremely difficult to decrypt anything that gets encrypted with very long, very strong keys. How can you protect yourself? Here are 10 principles that increase your ability to protect yourself before an incident occurrs.
1. Have multiple security, recovery, and safety procedures in place! This is absolutely critical, the most important thing you can do is to use a combination or ALL of the items listed below. How far you go, well, only you can assess your specific needs best, but we can offer recommendations.
2. Defend yourself NOW. Don’t wait. The longer you wait, the more likely you will be next.
3. Think before you click. The virus mimics common update notifications to look like legitimate software updates. Many internet ADs are also designed to trick you into installing viruses, malware, and other junk or bloat-ware.
4. YES! By all means, UPDATE! Legitimate security updates are released from companies daily. Whether it’s Microsoft, Apple, Java, Adobe, it doesn’t matter, from the legit providers, you need them more than you think! It is never safe to avoid running updates. If you’re not sure, update security software first and run full scans immediately and prior to updating other programs (especially if it has been a while) – you may find you can’t update because a virus has already taken out your security.
5. Backup, backup, backup, and back up some more. This is your ONLY way to prevent significant problems created by this virus. By the time you get the infection, you’re too late and your data is safely locked away in the largest, most secure vault you can imagine. Have a backup solution in place where you can go to retrieve your data. (Backing up within the same computer such as with one, continuously connected, external drive is not safe against this virus.)
5a. TEST your backups. Backup data can get just as corrupt as your live data. Try restoring your data to a temporary computer or folder. This is often overlooked by many people. Just because your backups are running successfully, doesn’t mean you can retrieve your data. Take this opportunity while it’s fresh in your head, NOW! Go ahead, we’ll wait, it’s that important.
5b. Run backups to multiple places or locations. Storing your backups on multiple drives, servers, and also off-site will help make sure data is retrievable or re-constructable in the event part of the system gets compromised.
6. Install ad-blocking software. Many infections come from compromised advertising networks. In some cases, as soon as the advertisement loads, you’re infected.
7. Use only well-known, paid, anti-virus and anti-spyware programs. Keep in mind, nothing is 100% perfect and these can still be breached, so all the more reason to have multiple levels of protection. Free stuff is, well, FREE. Would you put as much effort into something that’s free if you were getting paid by others? No. Why would you expect anything different from the free software developers? With paid, you avoid scareware ads that can lead to this situation in the first place. You’re better off with paid, well-known, established products.
8. Manually run “full system” antivirus and malware scans from time to time. As much as the real-time protection helps, it also misses things. Full scans take hours and don’t always run regularly so yes, it does take some time to complete a full scan, but as automated as scanners can get, running each program manually from time to time puts you (a human) in front of what is going on and it will help you become aware of problems. You will also become familiar with the product’s “normal” operation and be more likely to notice problems.
9. Make sure your firewalls are turned on and system integrity is intact. Infections can easily disable firewalls and replace legit operating system files with forged files. The first thing we check after cleaning out our client’s computers is system security and integrity. Security verification is a MUST!
10. Implement a file integrity solution to watch over and monitor changes to your data. There are many programs that will take snapshots of various aspects of your system and alert you upon changes. Using third party software for system integrity as opposed to relying on the built-in software, increases your chances that the detection will be caught and blocked. Most viruses target and disable the most common and widely distributed programs so adding an element of uniqueness can alter the playing field in your favor.
Read more about the severity of this infection at bleepingcomputer.com.
If you’d like an evaluation of your situation, feel free to get in touch with us. You can either fill out our online form or call our office direct at (414) 208-4682.