Fein-Lines: Virus, Phishing, Ransomware…Oh My!

ransomware_graphic1.JPGMalware, the collective name for viruses, Trojan horses and other malicious software that can infect your computer, has been in the news lately, probably more than at any time I can remember. Over the years, malware has evolved; it can affect smartphones and tablets as well as all computers. No matter what you hear from the fake news outlets, no computer, no brand, and no type is 100% safe. Malware on a computer is as old as the first computers. In fact, the first computer virus was called Elk Cloner and was found on an early Apple Mac in 1982.

Back in the day, a few years after I first started using a personal computer (an Apple II+ in 1979-80), the first virus strains were spread by infection obtained through inserting a contaminated floppy disk into your computer. Viruses spread globally but this took many months, sometimes years. Now we have the Internet and a zillion more PC users, and the incentive for those who produce malware is no longer mischief or experimentation. There is now a large financial incentive as seen with the explosion of the latest ransomware, the WannaCry malware.

I will cover malware in more depth overall in articles over the next few months, but for now, let’s focus on the two most widely and commonly seen contaminations, and the most dangerous and expensive to eradicate today—at least once you have been infected—and the browser lock-up junior version which can be frightening but which is much easier to fix.

By now I am sure that most of our readers know what ransomware is. Briefly, it is malicious code that, once it gains access to your computer or your network, can lock up all files on your computer as well as all computers on the network it is connected to and all drives, including back-up drives connected to any computers on your network, be they your home, work or even a public network you are connected to. Once it is established and it has locked your files, it gives you a very stern notice that it has locked your files and that to get them back you must pay a ransom. Not only that, you must go out and buy bitcoin to pay it, as bitcoin is untraceable. In addition, you only have a relatively short period of time to pay or the ransom increases. If you still do not pay, all of your files will be destroyed.

ransomware_graphic2.JPGI know that all of you do back-ups of your computer’s data on a regular basis, right? Right? After all, if you do not, you will eventually lose your data anyway from a number of other accidental or malicious events such as hard drive failure (they all can fail eventually, some quicker than others), loss or theft of the device or many other forms of malware. Doing back-ups is a critical and easy-to-do form of insurance. However, in the case of the latest ransomware, once you are infected a standard back-up that is always connected to your computer may not save you as your back-up drive may also have become infected.

OK, so what to do? Here are your best choices, in order of preference, IMHO.

  1. Avoid and/or block the ransomware so that you do not get infected in the first place.
  2. If you fail to avoid or block and you become infected, you can reload your computer from a good, non-infected back-up.
  3. If you do not have a non-infected back-up, reformat everything and start over or buy a new computer, regretfully losing all your data (files, pictures, videos, your Great American Novel that you have been writing for years). Or you can pay the ransom (you still may not get your data back or you may still have the infection that can be reactivated by the hacker at another time).

So, a little more about ransomware, and then let’s discuss how to do the above choices in order of preference.

The most widely known ransomware variant, due to the recent outbreak is WannaCry (actual name: .wncry) This latest ransomware attack has become so extensive because it abuses various security holes in Windows SMBv1 and SMBv2, which most users have left unpatched or do not even know about. This is prevented by the critical update released by Microsoft in March 2017. In addition, Microsoft has just announced that they have just made available an update that blocks WannaCry for Windows 7 and, amazingly, also one for the obsolete Windows XP. Many people, however, do not do or let their computer do updates on a regular basis. Big mistake unless you are using legacy software that may not be compatible with some updates. If that is the case it may be time to stop using QuickBooks 1998 and get an updated version.

There are other ransomware versions; some even newer and more resistant ones have been introduced. In the last few days (as of 5/18/17) another ransomware variant, Uiwix, has appeared and has now begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Uiwix can be an even bigger threat than WannaCry ransomware because it does not include a kill switch such as exists in most versions of WannaCry. This kill switch is a domain which, when blocked, can contain its distribution. And in fact the latest round of ransomware was essentially halted by doing just that. With no dial-back option to block, the only way of protecting against Uiwix for now is to patch the affected operating systems. Of course, if the operating system updates had been installed in the first place, you would not have a problem.

I expect that this is only the latest of many versions that we will see that will try to exploit this vulnerability or vulnerabilities on other operating systems and infect as many devices as possible. Just this week Malwarebytes announced a new ransomware aimed at Macs (see their executive summary from a seminar they gave this week as well as their projections for the next few months).

malwarebytes_webinar.JPG

malwarebytes_webinar2.JPG

You will not be safe until you at least update your operating system and apply the necessary patch. Also remember that it is possible to contaminate any computer. While WannaCry does not affect Macs or Linux there are other versions of ransomware that are written just to target Apple and those do not affect PCs.

 Just like a bank robber, the criminal will try to rob the bank with the most money, and with about 90% of the world’s computers running a version of Windows, they are the big target. With Apple’s market share approaching 10% globally, however, they are also vulnerable and finally they are starting to admit it. 

Please note: If you get an elementary form of malware, one that just locks up your browser and tells you that you should call the fake Microsoft number for help, this is NOT true ransomware and it can be dealt with. When this happens, you then cannot close your browser and even if you restart your computer and then reopen your browser it comes back to that same webpage or browser tab. Do not worry; that is a cheap and dirty form of ransomware. If you call that number, the criminals will say they are with Microsoft and ask to take control of your computer, and if you are really stupid enough to do that, then you have a much bigger problem. There is an easy fix, however, as long as you do not contact them. All you have to do is make a different webpage active. You can do that by doing a search for a known site such as bing.com or Google.com, then close the offending tab then close and restart your browser, and all should be well. Another way is to just close your browser. I can hear you saying, “It will not let me close it.” OK, so do a CTRL-Alt-Del hot key, and then you will have the option to open Task Manager. Once Task Manager is open, select your browser then in the lower right-hand corner of the Task Manager window choose “end task.”

task_mgr.JPG

The browser will close, so close Task Manager and then you can open your browser again and all should be well. Again, remember that this fix applies only if you are contaminated by a malicious site that you happened upon—not by true state-of-the-art ransomware.

Now, let’s go on the offensive and look at your options.

Option 1: Avoid or block the ransomware so that you do not get infected in the first place.

Just as with any malware, ransomware is dependent to a great extent on the ignorance or just plain stupidity of the user. Most ransomware infections start with a user clicking on a link in an e-mail. “Click here and I will show you how to get a million $,” or “Your e-mail account must be updated, click here to do so,” or “This is your bank, we have noted an issue with your account, please click here to…"

I am sure you get the idea. If you get such an e-mail and you are concerned, call the institution and inquire. You can also “mouse over” (put the mouse pointer over the link), but do NOT click, and observe the URL that pops up. I bet it will not be from your bank. Remember that Bankofamerica1.com is NOT bankofamerica.com. The first thing to do is to not click on links in phishing e-mails and if you are not sure if they are phishing links, then call your bank. Be careful.

The next thing to do is to be sure your computer is up-to-date. Look, Windows XP was a great OS back in 2003, but it is time to relegate it to the scrap heap. Windows 7 was an excellent OS in its day also but it is outdated and can NOT be made as secure as Windows 10. If you have an older computer, however, and you are happy with Win 7, then stay with it but be aware that you are more vulnerable and also that you are missing out on some great performance and feature enhancements. After all, even Win 7 is now an eight-year-old program.

Be sure that you are running an anti-malware utility; there are a number of good ones, both paid and free. Norton, Kaspersky, AVG, and Avast are examples of the good ones. The one I use and have found to be effective and reliable is Windows Defender; it comes with and is designed for Windows 10. And I find it to not be a resource hog. Whichever one you choose, be aware that none of them are 100% no matter what you see on TV. In addition to Windows Defender I recommend adding a second layer of protection by using a second line of defense utility such as Malwarebytes Pro. It is compatible with most other antivirus programs and it has recently been updated to provide good defense against WannaCry ransomware.

In addition, for those of you who are tech-savvy and willing to venture into the more advanced settings arena, you can disable SMB 1.0 file sharing support. This makes most of the present ransomware unable to corrupt your computer. The Server Message Block (SMB) protocol is an old network file-sharing protocol; when implemented in Microsoft Windows it is known as Microsoft SMB Protocol. Basically, it assists old software run in a modern operating system or a very old antique printer with 20th century firmware do a scan. SMB1 isn’t modern or efficient and when you use SMB1, you lose key performance and productivity optimizations, and 99% of you will never need it. I disable it on my computers as I am a freak for maximum performance,

It is easy to disable and if for some reason, you are running a 20-year-old piece of software that will not run without it you can always turn it back on. Let me state that if this is beyond what you are comfortable doing then just ignore this section. 

If you wish to disable it go to control panel, then go to programs and features, then in the upper left there is an option to turn Windows features on or off. Click that, then in the small window that opens scroll down to SMB 1.0/CFIS File Sharing Support and uncheck it. Choose OK, then close the control panel and reboot your computer, done. If you ever need to, you can always turn it back on.

windows_features.JPG 

Let’s move on to Option 2: If you fail to avoid or block and you become infected, you can reload your computer from a good, non-infected back-up.

Assuming you have done none of the above and you have become infected, you can either do a complete reinstall of your computer drives from a clean back-up or if you only have backed-up file history in Windows 10 or just backed up your data you can reformat your drives, reinstall Windows and your programs/apps and then put your data back in from the clean, non-infected back-up. Yes, that will take a few hours, but there are other advantages to doing a full clean reinstall, and you will then be free of the malware. You will be able to give the ransomware developers the one-finger salute.

OK, I hear you. I said earlier that some ransomware corrupts not only your computer but also your back-up drives. This means that a back-up, while valuable in case of other types of malware of hardware failure, will do you no good in the case of WannaCry-type ransomware.

The solution is easy. I always recommend more than one back-up just in case; I use a second external drive. After all, they are relatively inexpensive now. Get yourself a 2 or 4 Tb external drive, copy your file history or do a back-up to it and then disconnect it, unplug it, put it on the shelf and redo it every week or so. Yes, you may not have the absolute latest files on it depending on how often you connect it and do the extra back-up but you will probably have 98% of your valuable pictures, files and data totally safe and insulated from any malware that may come in contact with your computer. Do a reformat and reinstall from the separate drive that was not connected at the time of infection.

It really is a shame that we must go through this but it is also a shame that we have to lock our doors, have an alarm system, and do all the things that are necessary to protect our family and belongings. It is just the world we live in.

If you did not protect yourself and you became infected and you do not have a back-up, then the last two options come into play and neither of them are good.

Option 3: If you do not have a non-infected back-up, reformat everything and start over, regretfully losing all your data.

The only thing good about this is that it is easy. You reformat your drive, reinstall you operating system and then your programs and apps and you basically have a new computer. You can of course also just buy a new computer.

And then, there is Option 4. You can go figure out how to buy bitcoin or you can mine for it for a few months and pay the ransom and take a chance that they will in fact release your files—quite often they do not—and you can also live with knowing that somewhere in your computer that ransomware still may exist just waiting to be reactivated.

ransomware_graphic5.JPG

For this article, we have focused on ransomware as it is the hot topic but there are other forms of malware out there. Some of scariest ones include new versions of Rootkit malware, persistent malware (advanced persistent threat malware), and firmware-based malware, in addition to the seemingly more pedestrian viruses and hacks. 

We will be publishing a series of articles regarding computer maintenance and security in the coming months and we will cover some of these other threats as well as provide an update on ransomware. As I often say, stay tuned.

Back

2017

Fein-Lines: Virus, Phishing, Ransomware…Oh My!

05-25-2017

Malware, the collective name for viruses, Trojan horses and other malicious software that can infect your computer, has been in the news lately, probably more than at any time I can remember. Over the years, malware has evolved; it can affect smartphones and tablets as well as all computers.

View Story
Back

2016

CES: Day One

01-05-2016

CES Unveiled is the official media event for CES. It is the first official happening of what promises to be a very busy and fascinating week. At this event, members of the press get to preview a number of innovative startups as well as some new products from a few established global brands.

View Story
Back

2015

CES 2015: A Retrospective

01-20-2015

Columnist Dan Feinberg believes that this was the most interesting CES in many years, perhaps ever. "Yes, there were the expected hundreds of smartphone cases and battery chargers and cables galore. But there were also strong indications of formerly embryonic trends becoming actual mainstream technology."

View Story
Back

2014

Fein-Lines: Computer Security Tips

11-17-2014

Many scams are perpetrated on unknowing computer users. They come in all flavors and no one--no matter what type of computer you use--is immune. This month, Columnist Dan Feinberg focuses on the "I am from Windows and I'm calling to fix your computer" scam.

View Story
Back

2013

Fein-Lines: Do You Still Need a PC?

04-12-2013

Millions of PCs are still being sold each year, but shipments were down substantially in the last quarter. Do you still need a computer? If so, why? Dan Feinberg ponders these questions and more in his latest column.

View Story
Back

2012

Fein-Lines: Dealing with Problamatic Links in E-Mail

09-11-2012

For the last several months Dan Feinberg has had a number of students, friends, and clients ask for help with e-mail links that do not take them to the desired website. This webcast describes what he thinks may be the issue, and also provides a fix that has worked for him 100% of the time.

View Story
Back

2010

Fein-Lines: 32-Bit Versus 64-Bit--What's the Difference?

06-09-2010

One question Dan Feinberg often gets during his seminars is: "What is the difference between a 32-bit and a 64-bit operating system and why should I use either?" In this issue of Fein-Lines, he explains the difference and what choice you should make--and why--along with things to consider when making your choice.

View Story
Back

2008

Fein-Lines: Copper Dissolution Interview, Part I

06-18-2008

Dan Feinberg begins a series of interviews, with Michael Carano, Global Business Development Manager of Cleveland, Ohio-based OMG Electronic Chemicals, tackling the topic of copper dissolution with lead-free solder--an issue that is certainly not new to the industry.

View Story

Fein-Lines: Friends and Business Do Mix

05-08-2008

Senta Wong, of WKK Trading Company Ltd., is a man considered to be one of the fathers of the PWB and electronics assembly industry in Hong Kong and China. Dan, who's known Senta since the mid 1970s, discusses how Senta successfully mixes business and friendships--a fact evidenced by his most recent gathering of close friends and associates at APEX in Las Vegas.

View Story

Fein-Lines: Me Too

04-24-2008

In Dan Feinberg's latest audio column, he joins others in our industry in giving his opinions on the recent IPC Printed Circuits Expo, APEX and the Designers Summit 2008 and Nepcon China. Dan also fesses up about Los Angeles and vents about the growing number of regional shows--are there just too many?

View Story
Back

2007

New Column: Dan Feinberg

10-24-2007

Listen to Dan Feinberg's newest audio column.

View Story

Fein-lines: An Interview with IPC President Denny McGuirk

10-10-2007

I-Connect007 Columnist Dan Feinberg and Steve Gold speak with IPC President Denny McGuirk. Their conversation addresses changes in the focus of IPC's Government Relations committee, as well as the effect of globalization on IPC's mission.

View Story
Copyright © 2017 I-Connect007. All rights reserved.