Tech Talk #30 – July 23, 2016
Ransomware is malicious software that attackers use to encrypt your pictures, documents, and other files for ransom; demanding payment from you to get them back.
The ransomware code encrypts files stored on local and network drives using RSA public-key cryptography, with the private key stored on the attacker’s command and control servers. The ransomware then displays a message which offers to decrypt your files after you pay up. Payment is usually demanded in bitcoin or by a prepaid cash card because both are hard to track. If payment isn’t made before the deadline expires, the attacker threatens to delete the private key making your files unencryptable.
When ransomware started plaguing us in late 2013, the early victims who paid the ransom had a good chance of getting their files back. But the newer versions of ransomware don’t seem all that concerned about getting your files back to you, just about getting your money.
The actual ransomware code is easy to remove, most antivirus or antimalware programs will detect and remove it no problem; but your files will still be encrypted. The encryption the attackers use makes it pretty much impossible to get your files back. That’s why having a ransomware prevention plan is your best defense.
- Just don’t click. Ransomware is commonly distributed by email. The email might pretend it came from UPS or FexEx or Amazon, and it will have an attachment. The email will probably have a subject line about tracking your package or your receipt. When you open the attachment, the ransomware code gets to work on your files. We need to be careful about opening attachments, people.
- Back that computer up. If you have a good backup, recovering from a ransomware attack means simply removing the virus and restoring your files. A “good backup” is either not attached to your computer when you get infected or has versioning turned on (like Windows File History or Carbonite) so you can restore unencrypted versions of your files. Without a good file backup, all you can do is delete the encrypted files and carry on.
For people that like to click on things and then open attachments while throwing caution to the wind, there are some anti-ransom software packages out there:
Malwarebytes has a (very) new product called Anti-Ransomware: http://www.bleepingcomputer.com/download/malwarebytes-anti-ransomware/
BitDefender also has an anti-ransomware product: http://download.bitdefender.com/am/cw/BDAntiRansomwareSetup.exe
Both are free, for now.
How fast is your internet?
For many years https://speedtest.net has been my go-to site for figuring out how fast an internet connection is. Speedtest shows you download/upload speeds, your ISP and your external IP address, and where the other end of your connection is. But it is burdened by ads.
There’s a new kid in town, though. https://fast.com is powered by Netflix (who has a vested interest in how fast your internet connection is) and just shows you how fast your download speed is. Nice, simple site with no ads.
Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at firstname.lastname@example.org.