Avoid Paying a King’s Ransom

Click, click, click. Your computer or network is now in big trouble.

Despite all of the commerce, knowledge and connectedness that the internet provides us, we feel betrayed when we’re hit with the stark reality that not everybody in the community has the best intentions.

Beyond run-of-the-mill malware, adware and virus attacks, the most insidious is ransomware. A downloaded piece of code can encrypt your entire drive and require you to purchase a “key” to access your content. That’s just wrong on a number levels.

Ransomware similar to this looks “official” and triggers emotional response. Fight back with preparation and information. Image from the State of New Jersey Cybersecurity website.

NO ONE IS IMMUNE
You may be thinking, “I’m glad I’m not a Windows user.” Think again.

Recently, the iOS version of the Transmission bittorrent client was downloaded 6,500 times before it was determined that the file had been corrupted with ransomware. Apple responded quickly by changing security keys. It was the first ransomware attack for the Apple iOS platform. You can rest assured there are more attacks on the way.

However, there are ways to minimize your exposure to such attacks. It all depends on becoming a smarter consumer of the internet.

The number one method to protect yourself and your network from these assaults is a firewall between your computer and the internet. I’ve written about the one we use (radioworld.com/clearos) for our market. In fact, we’ve standardized on it in all of Crawford Broadcasting’s markets for both office and radio automation networks. Putting a barrier that filters websites and links against established blacklists is the single best way to make sure your computer or network remains healthy and safe from the internet at large. A firewall simply overrules a user’s bad internet browsing habits before your network is exposed to them.

Still, the harsh reality is that without ongoing user education about good computer practices, even a good firewall at your place of business doesn’t protect you from users who bring their own devices.

Users need reminders about not opening attachments on emails they were not expecting, keeping all of their software up to date and downloading software and media only from reputable sites.

NOT ALL OF THE BEST THINGS IN LIFE ARE FREE
Sometime during the heyday of peer-to-peer networks, the term “on the internet” became synonymous with the term “free.” Malware creators take full advantage of that belief by attaching their code to music, video and software downloads.

Torrent and the dark websites that house seemingly free media content can lead to disastrous consequences for computer operating systems.

Recently, one of our email server users downloaded a torrent file laced with malware. His email account was compromised, and soon after, our email server landed on email blacklists everywhere. One user had caused our nearly 450 email accounts to become virtually useless!

It is also a common practice for malware pushers to mimic the look of legitimate websites in order to dupe people into believing they are at the right place to get software.

If you are a Firefox, Chrome or Opera user, one of the best ways to ensure you are connecting to legitimate websites is to use an add-on called HTTPS-everywhere. The add-on basically determines if the web page you are browsing is available as a “secure” page and then loads the secure page. Seeing the “s” in “https” in a URL always gives me more confidence that I am on the correct site and can trust its contents.

DEALING WITH THE CONSEQUENCES
There are a number of commonsense things you can do to limit harm from viruses, malware and ransomware.

If you suspect your computer has contracted malware code, pull the network cable. Don’t forget to turn off or disable your Wi-Fi. Malware is co-dependent on your computer host and the internet, but you can get rid of one of those enablers pretty quickly! By removing the network connection, you cut off the malware’s ability to phone home and mitigate the damage to other computers in your system.

The word “backup” needs to become an integral part of your computer vocabulary. There are too many good file duplication solutions, and large capacity external hard drives have become too inexpensive, to have the excuse that you just couldn’t do it. In fact, the first backup is always painful as it generally covers all of your data, but subsequent procedures only back up the changes that have been made and are much quicker. If you back up with regularity, the idea of ransomware attack on a system really isn’t that scary.

I am a huge fan of “live” CDs (or USB thumb drive) to troubleshoot computer problems and malware issues. A live CD is simply a bootable disk image with (usually) a base Linux operating system that has a number of useful programs that include anti-virus and other scanners. Live means that nothing is installed on the physical hard drive of your machine as everything runs from the computer’s RAM memory and the actual disk or stick. The scanners are able to download the latest virus definitions and generally knock out what is ailing the machine.

As a starting point, the one that you should have in your arsenal is called the Bitdefender live CD, but there are a number of them, including full-blown Linux operating systems and other specialized distributions.

Additionally, Bitdefender has recently come out with a “vaccine” of sorts against certain families of ransomware. When users pay the ransom to unlock their computer, several ransomware authors leave a trace piece of code signifying that the user has already paid the ransom once. It helps the criminals when people go to search for a solution and find that users who paid the ransom report removal of the infection, but also that it doesn’t return again. Bitdefender is capitalizing on that knowledge by creating a code inoculation that makes it appear that the computer has already paid the ransom before.

Last, let’s look at your actual machine.

It is imperative that the individual computer’s firewall is active. It isn’t helping your machine if it isn’t on.

Make sure restore points are enabled on your system. Restore points allow your computer to use registry settings from a previous time when your computer wasn’t compromised by malware. Restore point settings can be found in the control panel under system settings. If registry values were changed by a malware infection, restoring settings to a previous time may remove the infection. Many times, malware is simply short-circuited by booting up in safe mode — without networking.

For Windows users, safe mode is where a base minimum driver set and system function is loaded. In order to get into safe mode, simply reboot the machine and, in between the BIOS screen and the initial Windows bootup, hit the F8 key a number of times. Once loaded, safe mode starves the malware’s ability to function in the way it was intended and lets you go to work removing the infection.

Increasingly, the internet is becoming a place of incredible potential — both good and bad. Vigilance and a little knowledge will go a long way to minimizing your exposure to the seedier side of the internet. Hopefully, these tactics will not only keep your systems protected, but also compel you not to panic, or pay, in the face of an actual malware infection.

Todd Dixon is an assistant engineer at Crawford Broadcasting’s Birmingham, Ala., facility and a regular RW contributor.

Got a question for Todd to discuss in a future article? Email radioworld@nbmedia.com.



Receive regular news and technology updates. Sign up for our free newsletter here.

Share This Post