Technically Easy

Tag: Ransomware

  • Tips on Reducing Ransomware Attack Risks

    Tips on Reducing Ransomware Attack Risks

    As a business owner, there are many things you need to keep an eye on. This includes watching the business finances, dealing with staffing, and making sure you have the right services and equipment in place for efficient operation. Another thing you need to do is protect your business, and one of the things you need to protect against is cybercrime.

    With businesses now more reliant than ever on digital technology, the risks in relation to cybercrime activities have rocketed. Technology has become increasingly sophisticated over recent years, but so have the methods used by cybercriminals. This means that it is up to you as a business owner to ensure you have measures in place to protect your data, files, and systems from problems such as ransomware attacks, which can cause a huge amount of damage to businesses in a variety of ways. In this article, we will look at some tips to help you to reduce the risk of ransomware attacks.

    What you can do

    There are a number of steps that you can take in order to protect your business against cybercrime such as ransomware attacks. Some of the ways in which you can do this are:

    Educate your employees

    One of the things you need to do is to prevent these attacks from occurring in the first place, and this can be done by educating your employees. There are various ways in which ransomware can enter your systems, and often this is due to staff members being unaware that they are doing something that could potentially put the business at risk from this type of attack. This includes opening suspicious attachments or clicking on links in phishing emails. So, make sure your staff are trained to identify the possible risks.

    Have a reliable backup

    Another thing you need to do is to ensure you have a reliable backup of your files and data in case your systems are infected. If you are hit with a ransomware attack, you can wipe the infected files and replace them from a reliable backup source. This can save you a lot of headaches and stress as well as money. Using a reliable cloud backup solution is something that a lot of businesses do, as it offers affordability, ease, efficiency, and convenience. It also means that you can benefit from the advanced security that is put into place by the operators of the third-party servers.

    Protect your backup

    Of course, you must never underestimate the expertise of cybercriminals when it comes to conducting their questionable activities. These days, they can also affect your backed up data, and this means you also need to protect this for additional peace of mind. Using solutions such as Veeam Object Lock can add that extra layer of protection so that cybercriminals cannot access and change your files and data. You can also protect your data with a robust cloud-to-cloud backup solution that backs up data stored in one cloud backup service to another, making it virtually impossible for critical data to be lost from cyber attacks.

    These are some of the key steps that you can take to protect your business from this type of activity.

  • How I Protect My Files From Malware

    How I Protect My Files From Malware

    I have a lot of important files stored on two external hard drives beside my computer. What makes these files important is that they contain photos and videos of my life since 2002 that can’t be replaced. Since that time my life has changed substantially – marriage and raising a family. Losing the files that captured all moments over the past 14+ years is not an option.

    With the rise of malware, more specifically ransomware that encrypts files until a ransom is paid, it has become increasingly more important for me to protect my data files. I already have implement methods of protecting my data – logging in with a standard user account, using OpenDNS and blocking many harmful sites, using browser plugins that block JavaScript until I allow it, as well as having devices outside my home to connect to a segregated guest network.

    Even with the precautions I have in place on both my network and computers, there is still a chance that some form of malware can get access to my files. With my kids using the computers more and more these days, the chances of malware infection increases.

    I decided to revamp how I backup and protect my data files. In turn, making it more difficult to modify those files, even while on the network. Here are the steps I have taken to protecting my data files.

    Backing up my files

    Step 1: Backing up my files

    I have always had a backup process in place but it did require some manual intervention. I wanted to make a more automated backup process. A process that not only included a second local copy, but also an offsite copy of the files.

    Several months ago I setup and Plex Media Server using a desktop that I bought off eBay. The desktop is more than powerful enough to stream media from Plex to any device in my home. Since it won’t be streaming movies constantly, I decided to also use the server as my file storage.

    Local drive mirroring

    My Plex media files are stored on a Western Digital Duo hard drive enclosure. The two hard drives in the enclosure are mirrored using Stablebit DrivePool. I decided to use DrivePool to also mirror my data files from one external hard drive onto another. The drive mirroring provides redundancy in case one drive fails. With DrivePool running, I automatically have two copies of my data locally by simply copying the files to my drive.

    On top of that, I also use Stablebit Scanner to scan my data files external hard drives once a month. Stablebit Scanner also monitors the S.M.A.R.T. data on the drives and reports any issues to me through email. This setup allows me to be proactive in resolving any problems, to avoid any chance of losing data.

    Offsite backup

    The next step is to have my files automatically backup offsite to the cloud. My cloud storage service of choice is Backblaze. I have been using Backblaze for many years without any issues.

    Once I copy my files to my DrivePool drive, the Backblaze service automatically finds the changes and then backs up those same files to the cloud. At the moment I have almost 700 GB (241,740 files) backed up with Backblaze. I can access my files from anywhere even from my mobile devices.

    So I now have two local copies of my data and an offsite copy of the same files. I also have an external hard drive that I store offsite that I update once a month with any changes.

    Of course, all this will be moot if I also didn’t protect my files from malware on my local network and computers.

    Restricting access to the server and files

    Step 2: Restricting access to the server and files

    One of the best ways you can protect your data files is to prevent users from accessing the server. You can also provide read-only access to the files. This is what I have done with my server and files.

    Standard user account but not logged in

    The one issue I have is that I am storing my files on a media server that can be access from devices on my network. This can be an issue if a security issue is discovered in the Plex application. Such an issue could allow a miscreant, or malware, to gain access to my files.

    I reduce the chances of a malware from using Plex to gain access to my files by simply running Plex under a standard user account. This account can’t access my data files. If something tries to exploit a security hole in Plex, and attempt to access the server using the same account that Plex uses, they would be limited to what they can do.

    To add to the user access, I also don’t log into the server, unless I need to manage things on the server. Since everything on the server runs as a service (Backblaze, Stablebit DrivePool, and Stablebit Scanner), I don’t need to log into the server to ensure my data is backed up – it happens as long as Windows is up and running.

    Read-only access to my files

    When I need to access my data files, I map a drive letter to a share on the server from my desktop. The user I use to map to the server has read-only access and can’t change any data file. This means that if malware exists on my desktop, it can’t modify my data files because they are read-only.

    I treat the folders that contain my data files as a master copy. I rarely change the master copy of a file. In fact, when I edit my photos, I use Lightroom, which doesn’t make any changes to my photos. Lightroom simply stores the changes in a database file and then applies the changes internally in Lightroom.

    If I do need to make changes to a file, I will copy the file locally and then make the changes. I never make changes to the master file directly.

    Of course, this begs the question as to how do I modify or add files to the server if I connect using an account that is read-only? Simple – I use a staging area.

    Using a staging area

    Step 3: Using a staging area

    Since I connect to the data files with an account that is read-only, making changes to my files (such as my Lightroom database) is not possible.

    The way I get around this is I use a separate folder as my staging area.

    What is a staging area?

    The staging area is simply a write-able share on the server that is monitored by a service on the server for changes. When files are added to the staging area, the service will move the files to the proper folder within the data folder.

    How my staging area works

    The files are moved, and not copied because once all the files have been processed by the service, the staging area will be empty. Moving the files helps to prevent malware from making changes to any file after it has been moved. This prevents the staging service from updating malware-changed files from being copied over any master file.

    Is this system perfect protection from malware? Nope, but it does reduce any chances of infecting my data files. The entire file moving process from the staging area to the master files area takes seconds. The short time a file is in the staging area may prevent malware from changing the file before being moved. Once the file has been moved, it is now in the read-only share and can’t be changed.

    While this may seem like a tedious way of copying my files to the server, it really isn’t. I just need to map the staging area share on my desktop and copy the files. Everything else – the move to the master files folder, the mirroring, and the cloud backup – are done automatically for me.

    Bringing it all together

    While I have taken steps to protect my data at a network and computer level, I wanted to do more to protect my data files. Using a desktop computer I can easily have my data mirrored locally and backed up offsite automatically.

    Restricting access to my data files, I can make it more difficult for any malware within my network to change my files. By using a staging area, I can add and update my data files without removing any of the restrictions.

    I will continue to make necessary security changes as the world of security (or insecurity) changes.

    Do you have data files that you need to keep safe? If so, how do you keep the files safe?

  • The 4 Most Effective Tips to Protect Your Computer from Ransomware

    The 4 Most Effective Tips to Protect Your Computer from Ransomware

    Ransomware – a class or malware that restricts access to a computer until a ransom is paid – has been around for many years. In fact, one of the first known ransomware – the “AIDS” trojan – was found in 1989. Unlike other malware, ransomware has been in the background, not drawing much attention. In 2013, the ransomware called CryptoLocker began making news as it infected computers, and then began encrypting personal data files. Once the files were encrypted, a ransom message was displayed informing the user to pay a specified amount of money.

    Encrypting files isn’t new, of course, but now malware authors are using such encryption to extort money from unsuspecting computer users. The problem is that the encryption that is used cannot be broken by brute force methods, so either the data is lost, or the ransom needs to be paid. More and more ransomware are starting to make their rounds among computer users, and there could be much more robust, efficient ransomware, with stronger encryption, in the future.

    While this may sound disturbing, there are many ways that you can protect your computer from ransomware.

    1. Backup Your Files

    This first method is probably the most important one – backup your files. Backing up your files is probably the best method as you can just restore your files from the backup if they do become encrypted by ransomware. Of course, you want to make sure you have a clean system to restore your files onto, or you will just re-encrypt the files.

    With regards to backup, you should backup your files to “cold storage” to prevent ransomware from encrypting your backup files. Cold storage means that you can’t access your backed up files directly from your computer all the time. For example, if you backup your files to an external hard drive, only connect the hard drive when you want to backup your files, and then disconnect the hard drive from the computer. Another example of cold storage is when you backup to cloud service online.

    For me, all my backed up files are stored away on cold storage. The first is an external hard drive that sits beside my computer, but is always off until I want to get access to the files or backup new files. A second backup is stored on a portable external hard drive that is connected less often – only when I have many gigabytes of data since the last backup. A third backup is stored online with Backblaze.

    2. Use a Sandbox or Virtual Machine

    A great solution to protecting your data from ransomware is to limit what the ransomware can get access to. Two of the best solutions to this is to browse the Web and check e-mail in either a sandbox or virtual machine.

    A sandbox is the easier of the two to setup as it runs directly in the operating system of your computer. Basically a sandbox is a separate, tightly controlled area, on your computer that you can run applications in. Any application running in a sandbox has limited access to other resources on your computer – including your files. An application in a sandbox, may be able to read a file on your hard drive, but it cannot write to the file. You can also control what applications are allowed to run within the sandbox, access the Internet, and do other tasks on your computer.

    There is a great Windows sandbox application called Sandboxie that has been proven to contain ransomware.

    If you are technical you may want to look into setting up a virtual machine. A virtual machine is basically another computer that runs within your current computer. You main computer becomes the host to the virtual machine. Everything that happens in the virtual machine, stays within the virtual machine.

    With a virtual machine, you can install a Unix-flavor operating system, such as Ubuntu, to give good security, and then access the Web and your e-mail from the virtual machine. If you do download ransomware, it may not even execute in the virtual machine as it isn’t a Windows system, and if it does execute, then the ransomware can’t see the data files on your host computer.

    You can create virtual machines for free by using VirtualBox.

    3. Don’t Use an Administrator Account

    Windows users have always accessed their computers using an administrator account. This account has unlimited access to the computer, and up until recently was the only type of account used. Fortunately, starting with Windows Vista – although more with Windows 7 – Microsoft changed Windows to allow users to use a limited account.

    If you are using Windows Vista or later, you should not be logged in with an administrator account. You should always use a limited user account. The reason is simple: any application you run will run in the same context as your user account. This means that if your account has started a ransomware application, and you are logged in with an administrator account, than the ransomware application will have unrestricted access to your computer.

    While using a limited user account will not protect your data files if you accidentally ran a ransomware application, it will limit what files it affects or what restrictions it places on your computer. A limited user account can only see their own data files, and can’t change system settings, which will help limit ransomware.

    To stress the point about not using an administrator account, over 90% of Microsoft-reported vulnerabilities in 2013 could have been mitigated by using a limited user account.

    I have used a limited user account for 4 years with Windows 7, and haven’t had any issues with running applications. So if you are using Windows 7 or later, don’t log in with an administrator account.

    4. Don’t Open Suspicious E-mails

    While this tips has been mentioned for stopping malware all the time, it is still surprising that people still don’t follow it. CryptoLocker spread by an e-mail attachment, and infected hundreds of thousands of computers. That ransomware could have been stopped, or severely affected, if people just don’t open e-mail, or run attachements from unknown senders.

    Many attachments in e-mails are designed to trick users into opening the attachments. Such attachments would actually have two extensions – such as .pdf.exe or .doc.exe. All the user will see many times is the first extension and an icon associated with that extension. For example, a file called example.pdf.exe file would display just example.pdf with an Adobe Reader icon. Unfortunately, the .exe extension at the end means that the file isn’t a PDF document, but an application that will run when opened.

    One of the first things I do after I install Windows is to display hidden extensions of known file types, so I can exactly see all the extensions for all the files on my computer. This helps to determine if a file has a double or a single extension.

    There are many ways you can protect your computer from various forms of malware. What are some of the tips that you use to protect your computer from ransomware?

  • CryptoLocker – Holding Your Computer for Ransom

    CryptoLocker – Holding Your Computer for Ransom

    In September 2013 a new type of malware was discovered to be making the rounds in computers running Microsoft Windows. This new malware is not really a virus because it typically requires a user to open an infected e-mail. What makes this malware particularly dangerous is what it does once it infects your computer – it holds your files for ransom.

    This may sound funny at first, but this type of malware – called ransomware – is very serious. The malware that was recently discovered is called CryptoLocker, and has begun causing pain for many users around the world.

    Money for Your Data

    In case you haven’t heard about ransomware, it is malware that infects your computer and then restricts access to your computer. Once the restrictions are in place, the malware will then request a ransom to remove the restrictions. If the ransom is paid, the restrictions are removed.

    With CryptoLocker, the restrict is access to your data files. When CryptoLocker infects your computer it will then silently begin encrypting your local data files without you even knowing your files are being encrypted. While you may have an anti-virus product installed, it may not detect CryptoLocker, or it may detect the malware once files have been encrypted.

    When CryptoLocker encrypts files on your computer, it uses what is called a public key, which it obtains by connecting to a command-and-control server online. In order to decrypt the data, a private key is needed, which is stored on a command-and-control server. The private key is, therefore, never stored locally, so you can’t decrypt the data yourself. Decrypting the data yourself is impossible without the private key.

    Once your data is encrypted, you are presented with a message to send a specified amount of money to remove the encryption. The amount of money is about $100 USD or $300 USD. The payment is to be made through MoneyPak, Ukash, cashU or Bitcoin. After a specific time without payment, the key that is used to decrypt your data is destroyed and your data can’t be decrypted.

    What files does CryptoLocker encrypt? Files with these extensions 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, ????????.jpg, ????????.jpe, img_*.jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odc, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pdf, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, sr2, srf, srw, tif, wb2, wpd, wps, x3f, xlk, xls, xlsb, xlsm, and xlsx. This is a long list is contains most common data files that everyone uses.

    Not only can the data files on your local, internal hard drive be encrypted, but it has also been reported that files on attached external hard drives and network drives can also be encrypted.

    Protecting Yourself From CryptoLocker

    The best defense, as it is with most malware, is to ensure you don’t open strange e-mail messages. With CryptoLocker, it is send through well-crafted e-mail messages.

    The e-mail messages may inform you about a customer support-related issue, or perhaps a message from a courier company, such as Fedex, UPS, etc. The e-mail messages will include a ZIP attachment that contains the CryptoLocker program. The program itself is disguised as a PDF File – including the PDF icon – but has a name like FORM_101513.pdf.exe.

    As I mentioned above, if you don’t recognize the e-mail, or it doesn’t make any sense to you, just delete the e-mail without opening it.

    Also, you should ensure that you always backup your data. I recommend you use Backblaze (I use them) to backup your files. If CyrptoLocker, or other malware, destroys your files, then you can always restore them with Backblaze.