Ransomware Spreads Across The Globe: How To Protect Your Computer

A ransomware worm is rapidly taking over computers around the world. Here’s what you need to know to protect your computers and networks.

This particular worm, known by several names including WannaCry and WCry, is a type of computer virus called ransomware. Ransomware, as regular Tech Tips readers know, is especially nasty because it hijacks your computer and encrypts your data, then demands a ransom to decrypt it. A worm is a virus that worms its way through computer networks. Therefore, as you can imagine, a ransomware worm has the potential to wreak havoc worldwide. And that’s exactly what WannaCry and its variants are doing.

Your best protection is prevention. While this virus can be removed, the data it encrypts CANNOT be decrypted. Experts typically recommend not paying the ransom, as there is no guarantee you will recover your data even if you do. A current offline backup is the only way to preserve your information in the event of a ransomware attack.

Windows users, update NOW. If you’re on an old version of Windows and can’t update (anything except Win7, Win8.1, and Win10), this is your wake-up call to upgrade to a newer version. Yes, they released an XP patch. No, that doesn’t mean XP is safe. It means they had to patch XP because it’s used so widely in critical environments like hospitals. And that was an unprecedented move, as Microsoft had previously declared that XP would receive no further security updates. That indicates how serious the situation is. Microsoft has more information about supported versions of Windows on their Windows end-of-support page.

And, everyone – BACK UP YOUR DATA. Seriously. Back it up. Right now. Mac users, you too, you’re not immune to ransomware. Everybody BACK UP YOUR DATA ON A SEPARATE NON-NETWORKED DRIVE AND KEEP IT OFFLINE.

RIGHT. NOW. (Here’s my latest Tech Tips article on backups for Windows and Mac.)

Spread the word. Tell everyone: business associates, friends, family, neighbors, random strangers. Send them a link to this article and remind them to back up and update their computers immediately.

If you’ve already been affected by the WannaCry worm, here’s some information that can help.

Ransomware: A Dangerous Threat To Your Computer

Computer SecurityRansomware is a particularly nasty form of computer virus that encrypts your data, then demands an electronic ransom for the encryption key. Why is ransomware so hazardous, and how can you remove it?

Ransomware is vicious because it doesn’t just render your computer unusable. It encrypts all of your files, including those on networked computers, removable drives, and server volumes. To get the key to unlock the encryption, cyber-criminals demand that you pay. Ransomware has decimated businesses and consumers alike. It’s been around on Windows for ages (see my writeup of Cryptolocker from a few years ago), but recently the first Mac-based ransomware has appeared in the wild.

Should You Pay?
There’s some debate amongst computer security experts as to whether it is better to pay the ransom or not. Sophos’ Naked Security blog has a good overview of the discussion. They also have an excellent article on what you can do if you are infected by ransomware.

How To Avoid Ransomware
You are far better off avoiding ransomware in the first place. Start by making sure you have multiple sets of known good backups. A clean backup is one of your best protections against ransomware and other viruses. Below you’ll find my guide on backup options for Windows and Mac, including how to test your backups to make sure they work when you need them.

All of my usual security recommendations apply as well. Use a top-quality antivirus program, and keep your computer up to date. If you’re on an obsolete version of Windows or Mac, now’s the time to upgrade. Check your default security settings, and use strong, unique passwords on every site.

Here are some Tech Tips articles to help. You can also sign up to receive Tech Tips by email and follow Tech Tips on Facebook for the latest tech support advice for Windows and Mac.

How To Back Up Your Computer (For Windows And Mac)

How To Create Strong Passwords (2016 Edition)

How To Configure Security Settings For Windows, Mac, iOS, and Android

Security Basics For Mac Users

How To Protect Your Web Browser

Donation Scams Another Tool In Hacker Arsenal

When disasters strike, we want to help. But before you click to donate to charity, ask yourself – is it a scam?

Hackers use natural disasters like hurricanes, floods, and earthquakes to scam unsuspecting donors. In The Northwest Herald I talk about donation scams:

What’s behind these fake links? Many of them lead to phony lookalike sites that steal your donation and compromise your credit card number. Others silently install malware on your computer or steal your passwords for Facebook and email. Sometimes they do all of these things, a veritable smorgasbord of hacker delight.

As I said in the article, you should never click on links but instead type the address of the charity into your browser. The Red Cross, for example, is www.redcross.org.

A real charity will never ask for your password, your Social Security number, or other personal information. Most charities also don’t solicit via email unless you’ve specifically signed up for their list.

How can you tell if a charity is legit? Here are some places to start.

If you’ve already been scammed, here are resources that can help:

Do you have questions about donation scams? Ask in the comments! You can also subscribe free to Tech Tips by email for more computer news, security tips and social media advice.

 

The Basics About DNSChanger, The Virus That Could Knock You Off The Internet

Everyone’s talking about this virus that’s going to hit on Monday, July 9, 2012, but a lot of the articles are too technical. Here are the bare-bones basics you need to know.

What is DNSChanger?
A particularly obnoxious virus that affects Windows and Mac computers, and can be transmitted by other types of computers and mobile devices. It can also affect routers.

What does it do?
Changes your Internet settings so cybercriminals can serve you ads, steal your login information, and monitor everything you do online.

Gruesome technical details (optional)
DNSChanger alters your computer’s DNS settings. DNS servers translate ugly network numbers like 127.0.0.1 into nice human-friendly addresses like www.sophos.com. Normally your computer looks to your Internet provider’s DNS servers for these translations. DNSChanger redirects your computer to cybercriminal DNS servers, so everything you do on the Internet silently passes through their servers en route to its actual destination.

What could happen on July 9, 2012?
If your computer is infected with the DNSChanger virus, as of Monday, July 9, 2012, you may not be able to access the Internet. Because of the severity of DNSChanger, Internet providers worldwide decreed that July 9, 2012 was the last day the hacker servers would be allowed to stay online. After that, they pull the plug. If you’re infected and can’t get online, it’s probably because your Internet provider is blocking your computer as a public safety measure.

What do I need to do?

1. Check to see if you are infected.
Visit the DNSChanger Working Group (DCWG) website to see if you are infected. If you are, continue below.

2. Remove the virus from your computer
Most popular antivirus programs will remove DNSChanger. Be sure you are using legitimate antivirus and not lookalike scamwareDCWG has tips on what to do if you are infected.

These Tech Tips articles may also help:

Additional Resources

Image: FreeDigitalPhotos.net

Lessons Learned From The LinkedIn Password Hack

Social media site LinkedIn suffered a major security breach this week as over 6 million passwords were stolen. First, here’s a great quote from eWeek that explains why you need to pay attention to data breaches.

The compromise of a LinkedIn account has three important ramifications, opined Carl Leonard, senior manager of security researcher at Websense. “First, the key concern is the bad actors taking advantage of trust,” he said. “If you are ‘linked’ to a trusted colleague you are more likely to click on a malicious link sent from them, which may open the door to targeted attacks and confidential data theft.”

“Second, because many LinkedIn accounts are tied to other social media services, such as Facebook or Twitter, posts with malicious links can also be propagated to a larger audience,” Leonard said. “And lastly, many of us are creatures of habit and have the same password for multiple accounts. The consequences of a breached password could be extrapolated across email, social media, banking accounts, and mobile phone data.”

There are some valuable lessons to be learned from this catastrophe.

Don’t use dumb passwords.
The vast majority of the passwords revealed in the LinkedIn hack were, quite frankly, stupid. Such as:

linkedin
linkedinpassword
password1
password123
p455w0rd
1234567

plus all sorts of plain-text dictionary words like “administrator” and “computer”.

Do your passwords look like the ones on this list? Then change them! All of us should know better by now than to use easily-cracked passwords, and this is why. Here’s my article on How To Create Secure Passwords which may help.

Don’t share passwords across sites.
During the LinkedIn breach investigators found that many people used passwords containing the words “harmony” or “eharmony”. So it wasn’t a surprise when less than a day later, dating site eHarmony announced they, too, were hacked and 1.5 million passwords stolen.

There is a very easy way to avoid becoming a victim. USE DIFFERENT PASSWORDS FOR EVERY SITE. You think it’s a pain? Try identity theft.

Don’t click links in email.
One of the most braindead stupid moves LinkedIn made in this entire scenario – aside from not using proper security practices to secure our passwords – is that they’re planning to email affected users instructions on how to reset their passwords.

Except the surest way to get hacked is to click on malicious links in email. Email is easily forged and links are easy to redirect. How fast do you think fake password reset emails are going to make the rounds? Oh, wait, it’s already happening. From BBC News: LinkedIn users targeted in phishing scam after hack. Epic fail, LinkedIn. Way to teach people bad security practices and expose them to further risks.

LinkedIn users have been targeted by email scams after hackers leaked more than six million user passwords online. Emails designed to look like they were sent by the social-network website asked users to “confirm” their email address by clicking a link.

Do pay attention to security news.

When a crisis occurs, timing is of the essence. In this case if you didn’t change your passwords immediately, it was probably too late. The hackers were rapidly cracking those passwords and trying to break into other sites like eHarmony.

The best way to stay on top of events like these is to follow IT security news. I regularly post important updates through social media sites like Twitter @trionaguidry as well as through my Tech Tips blog.

Why The Flashback Virus Doesn’t Worry Me – But Every Other Mac Virus Does

By now you’ve heard of the Flashback virus, which has infiltrated hundreds of thousands of Macs worldwide. There’s a lot of talk about whether the Mac’s reputation for invulnerability is shot and what Flashback might mean for Apple’s business.

I have some news for you. Don’t worry about Flashback.

This happens every few years – a major virus outbreak combined with widespread media coverage. That’s why Flashback doesn’t worry me. It’s gotten enough coverage that there are ample removal tools and instructions on what to do if you’re infected:

It’s all the other Mac viruses out there that worry me.

I’ve been in Mac security a long time – over twenty years. And I see the furor rise now and then over one Mac virus or another. The truth is we need to be thinking about Mac security continuously and not just when one particular virus runs rampant.

Macs have never been invulnerable. They don’t suffer the same problems as Windows, but they definitely have their own issues. One, unfortunately, is user complacency. Most people don’t even run antivirus on their Macs. Look through my Tech Tips archives and see how many times I’ve begged folks to do that. It’s a blind spot in the Macintosh mentality, one that needs to change.

Apple tends to encourage rather than counter this complacency, probably because it works to their marketing advantage. Not that they ignore security, but it typically takes a back seat. In that respect Flashback is helping by bringing the problem to the foreground.

Mac users need to take matters into their own hands. Here are my best recommendations on Mac security:

(Like this? Subscribe to my Tech Tips email list to get my latest Mac security news and more – no spam, no jargon, just a little computer help from yours truly.)

“Girls Around Me” App Shows How Stalkable You Are

There’s a creeptastic app called “Girls Around Me” that gleans data from mobile social media platforms to show all the women in your physical location. It’s been pulled since the controversy, but this description from Sophos Naked Security’s Lisa Vaas will give you the chills:

Brownlee’s article describes how he pulled out the app at a party, only to watch female guests recoil at the way data from Facebook and Foursquare was depicted, with each woman represented on the map as a “Matrix-like” silhouette of a naked pole dancer or stripper.

Some of the guests’ comments:

“Wait… what? Are these girls prostitutes?”

“How does it know where these girls are?”

“Do you know all these girls?”

“Is it plucking data from your address book or something?”

The answers Brownlee gave: No, they’re not prostitutes, they’re just regular women. The data from the women (I’ll abstain from calling them “girls,” as I believe they were, in fact, adults), including their specific location, reams of photos, Facebook details including birthdays or relationship status or schools attended, had been publicly broadcast from Facebook and Foursquare’s check-in functions.

Now pull out your smart phone. Do you have Location Services on, and are you using Facebook or Twitter? Shazam! You are stalkable. I’m hearing the Foursquare users scrambling to turn it off. Good. In my view you should always default to not sharing your location unless you have a very good reason to do so.

And there are good business reasons to use location. Realtors advertise open houses, stores promote sales, writers offer book signings… but I’ve also seen people checking in from the grocery store, the gas station, the dentist. Not only does this spam your contacts with needless info, it’s a magnent for the unscrupulous. “Ooh, look! You checked in at the auto repair shop! Which means you’re not home AND you’ve got a ritzy model car. Time for a little breaking and entering!”

Unfortunately it’s not as simple as turning off location. As the Sophos article points out:

…it’s impossible to uninstall Twitter from my phone, as it’s bundled into the operating system. If you want to snip Twitter’s thread, you have to uninstall it (if possible) or quit the application on your phone.

Or turn off Location Services, which stinks if you want to use something like Apple’s nifty Find My Phone or even basic GPS. What’s the use in paying for all these modern features if you have to lobotomize your phone back to the 1990s?

My greatest concern is that most people are using Facebook and Twitter from their phones without thinking about the fact that they are broadcasting their location. If you sign up for Foursquare – okay, you should realize it’s going to tell people where you are. But most folks don’t equate Facebook with “shouting to the world that I’m at the pediatrician.” And that’s another thing: parents, you’re not just broadcasting your location, but your children’s. And if you’ve been publishing stuff about your kids on Facebook, Twitter, or your blog, you’ve just given a potential criminal even more info.

Are you screaming in fury yet? You should be, because this is only going to get worse. Just as we no longer have a choice in using cloud computing, we will soon have no choice in broadcasting our location. We are at the mercy of the device vendors, and our privacy is not exactly their top priority. Get used to being findable by everyone from advertisers to co-workers to total strangers.

Do you use location? Does the idea of apps like “Girls Around Me” creep you out? Share in the comments!

CNet’s Nmap Debacle: When Good Software Comes Bundled With Junk

There’s a big debacle going on in the tech world. It seems that CNet aka download.com, purveyors of downloadable software, took a very popular geek tool called Nmap and wrapped their version of the free installer with the installer for some junky browser toolbar. Two of my favorite tech sites, The Register and Sophos Naked Security, have good descriptions of the situation.

The author of Nmap is a well-known Net.denizen named Fyodor, who is justifiably steamed. His response:

“The problem is that users often just click through installer screens, trusting that download.com gave them the real installer and knowing that the Nmap project wouldn’t put malicious code in our installer. Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs! The worst thing is that users will think we (Nmap Project) did this to them!”

He has an excellent point. I can tell you that any customer I’ve ever worked with would be irate indeed to have their computer messed up by a stupid junky toolbar they never wanted. But what should you, as a consumer, do about good software that comes bundled with junk?

Go to the original download source
Don’t rely on aggregate sites like CNet for your software. Instead, go directly to the web site of the program’s developers. You’ll often find a more recent version there, as well as better support options. This also eliminates the problem of poisoned search engine results when searching for programs (links that look legit but lead to virus-laden sites).

Look at the window before you click
In the Nmap case, the installer for the Babylon browser bar makes it look like you have to install it before you can install Nmap. When installing software, look very carefully for obscure checkboxes and buttons. Most of these installers stealthily install their junk by either making the opt-out checkbox hard to find, or by making the junk look like a necessary part of the install.

In the Nmap case, if you click Accept you’re only accepting the junk because this is the wrapper; you haven’t even gotten to the real installer yet. As Fyodor said, most people will click this then wonder why their Web browser isn’t working. Then they’ll have to find somebody who knows how to remove this kind of junk, because you have to remove ALL of it or it will continue to mess up your computer.

Make your voice heard
If you spot software that is bundled with junk, let the manufacturer know how disgusted you are. Keep your friends and colleagues informed by sending them a link to this article and letting them know about the menace of stealthy junk software.

You should not ever have to install a piece of junk to install the program you want – and if the program you want won’t let you do it any other way, find a different program. Shame on you, CNet. And kudos to developers like Fyodor who actually care about the end users.

(Photo of awesome Tron “I Fight For The Users” shirt from ThinkGeek. And no, I’m not getting any affiliate rewards for telling you that. I just like both the shirt and the store.)

 

Another Emergency Update: Acrobat And Adobe Reader

We’ve got another off-schedule emergency update, this one for Adobe Reader and Acrobat. It applies to both Windows and Mac users and will be released sometime next week. I encourage you to check for updates (under the Help menu) and make sure you install this one when it comes out. You can read Adobe’s advisory here.

The new update will take version 9 users to version 9.3.3 and version 8 users to 8.2.3. However, if you’re still on version 8, I recommend you move to version 9. And if you’re on a previous version (like the omnipresent Acrobat Reader 7), you definitely want to move to version 9. Acrobat 7 was the standard for a long time but is now obsolete and can be used as a entry point for viruses.

In case you’re wondering, the difference between Adobe Reader and Acrobat is that the former allows you to read PDF files while the latter also lets you create them. Adobe Reader used to be known as Acrobat Reader and is still referred to as plain ol’ Acrobat. So, yes, these updates apply to you regardless of whether you have the full version of Acrobat or just plain Reader.

You can also visit this web site to find the latest versions of all your Adobe products.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Emergency Microsoft Windows Update Released

Today Microsoft released an off-schedule update to fix a bug in Windows that could allow your machine to be infected simply by browsing a list of files with Windows Explorer. This emergency update applies to Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008. You can read the Microsoft security bulletin here.

Microsoft’s normal monthly updates arrive the second Tuesday of the month, otherwise known as Patch Tuesday. Off-schedule updates are typically only released in cases like this, where vulnerabilities are being actively exploited by viruses and malware. One particular virus is especially virulent. A variant of the Sality virus, it disables your security software and downloads more malware onto your computer.

If you have Automatic Updates enabled you’ll eventually get this update, but to make sure you are protected as quickly as possible visit update.microsoft.com and make sure you install update MS10-046 (aka 2286198).