A Procrastinator’s Guide to Ransomware

by

It’s affecting our banks. It’s hurting our healthcare organizations. It’s in our pipelines! Let's break it down for those of you who keep meaning to Google the specifics, but to be honest it's all you can do to remember to look up what a "yeet" is.

RansomwareWhat Is Ransomware?

Ransom malware (ransomware) prevents users from accessing their system or files and demands ransom payment in order to regain access. In some cases, the attackers will also threaten to release or leak the data if the ransom is not paid. 

When Did This Become A Thing?

In 1989. This is an interesting story, but to be brief: floppy disks were mailed to 20,000 AIDS researchers in 90 countries under the guise of an AIDS risk survey from biologist Dr. Joseph Popp. Upon loading the disk, researchers’ computers were infected with a trojan horse virus (a type of malware that works exactly how it sounds - you think you’re downloading a fancy wooden horse, but really it’s a fancy wooden horse PLUS some malware). Poetically, the virus laid dormant until the 90th boot, when an angry red page replaced the users’ screen demanding payment of $189 (paid via snail mail) to unlock their files. Popp’s program was relatively rudimentary - it simply changed the users’ filenames and extensions. Once the encryption tables were known, the files could be restored. Popp was arrested, and while he claimed the profits from his crime were intended for AIDS research, no one believed him, and that’s still a crime. He was declared mentally unfit for trial - something about curlers in his beard and condoms on his nose. I think he sounds fun.

What Does Ransomware Look Like?

Scareware

The mildest of the bunch, scareware is named as such because it feeds on your fears. Anyone who has seen the flashing “Warning! This computer is infected!” pop-up has witnessed scareware. Usually it provides a phone number for “tech support,” where you can pay some criminals $80 to put additional malware on your computer. In this case, your data has likely been untouched, provided that you do not click anything or call anyone and give them your private data. If presented with scareware, ctrl-alt-delete yourself back to safety and run an anti-virus scan from your trusted AV.

Screen lockers

Slightly more worrisome than scareware is lock-screen ransomware. In this scenario, you might start up your computer to see a full-sized window accompanied by an FBI or US Department of Justice seal stating that criminal activity has been detected on your device and you must pay a fine. It probably doesn’t need to be said, but this is not how the FBI or the Department of Justice would contact you if they suspected you of illegal activity. While annoying, screen lockers can be bypassed without paying the attackers, provided you have a bit of technical experience.

Encrypting ransomware

Now you're in a pickle. In this type of attack, your locally stored files - and sometimes cloud backups, too - are taken hostage and encrypted. Payment, usually in the ballpark of a few hundred, but sometimes thousands (or, for larger companies, millions) of dollars is demanded in return for decryption and return. Crypto-ransomware uses the same sophisticated technology that encrypts our conversations, banking transactions, and military communication, so unscrambling isn’t possible without paying the ransom. Even worse, there’s no guarantee the criminals will hold up their end of the deal in the event you do pay. 

How do I get it?

Most of the time, it comes as an attachment or link in a carefully crafted phishing email. It can also be spread through "drive-by downloading," which can happen through no fault of your own. You may visit a legitimate site that has been compromised by malicious code. The malicious code hopes to identify software weaknesses on machines and web browsers to determine which systems are vulnerable.

How Do I Keep My Stuff Safe?

  • Most importantly, maintain offline backups. Many ransomware programs will look for connected backups, so this “offline” bit is important. This way if they take your data, you can restore from your backup. Test your backups periodically to be sure everything is working.
  • Keep your programs and operating system up to do date. Those patches are there for a reason - often that reason is security vulnerabilities.
  • Be suspicious of your emails. Even if the alias looks like it’s from someone you know, check the actual email address - is it correct?
  • Use an ad-blocker. Drive-by download attacks often use advertisements to upload infections. An ad blocker can help limit your exposure.
  • Use a reputable antivirus. Bitdefender is good (even if we hate them right now), but our favorite is Malwarebytes OneView.

Lastly, Some Good News

If you’re feeling down about all this crime, or that you didn’t get into the cybercriminal game because it’s great money and you love a hoodie, here’s some good news: In 2013, a man turned himself in to the police after being deceived by “FBI” ransomware claiming to know of illegal activity on his computer. It turned out there was in fact child pornography on the man’s computer, and the man was arrested. Silver linings! The world is an A-OK place, guys. 

If you have concerns about how to accomplish any of the above recommended actions, please reach out to your friendly specialists at Patient Computer Help, Inc. to set up a consultation.

Patient Computer Help, Inc. assists people with their Macs and PCs in the Chagrin Falls and Ohio City areas.

Why Does Your Wi-Fi Suddenly Cut Out?

by

Think back to the last time you had to go without the Internet. Maybe you rolled with the punches, did some laundry, played some Scrabble with your family – good for you. The rest of us were in total chaos, churning butter by hand and spinning yarn into waistcoats (what do we use the Internet for again?). Regardless of your coping abilities, it can be a real headache to lose your connection in the middle of a movie, or during a Super Bowl party, or when you’re up against a work deadline. Many of us know that a quick power-cycling of our modem and router can often do the trick, but why does that even need to happen? Is it too much to ask for things to work perfectly all the time? A little bit of understanding can go a long way to ease frustrations, so let’s delve into what may be going on behind the scenes with your router.

Just like a desktop computer, routers have their own operating system, central processing unit, and memory, among other components. These elements help it manage data traffic to your various devices. Unfortunately, just like a desktop computer, these components can get overloaded. Similar to how your computer can freeze up when you have Word, a few instances of Excel, and 38 Chrome tabs open, pushing tons of data through your router to many devices in your household can also slow it down – sometimes to a complete stop.

Additionally, most home Internet connections use what are called dynamic IP addresses. You can think of IP addresses as street addresses, identifying a given device on a network. Internet service providers will assign a public IP address to each of their routers for only a certain period of time. Once this time expires, your Internet service provider will give the router a new one (this is the dynamic part of the term). In cases where the router is very busy, it might not properly connect to the new IP address, resulting in the router continuing to use the old one. This is sort of like attempting to receive mail that was sent to a previous address.

Yet another issue that can arise is with the private IP addresses within the home network. Private IP addresses are known only to a router and its home network. The router has a pool of these IP addresses that it doles out to the various devices on the network. This assignment process operates dynamically, as well. It uses a network protocol called DHCP (Dynamic Host Configuration Protocol). A computer might be assigned one private IP address for a period of time, removing that IP address from the available pool. Once the computer disconnects from the router, the IP address is thrown back into the pool. Should two devices ever be assigned the same private IP address, the network interface on both of them will get disabled, causing each device to lose connectivity until the conflict is resolved. Why might this happen if the router is supposed to be keeping an eye on this IP address pool? It’s possible, for instance, to unwittingly have more than one similarly configured DHCP server distributing overlapping addresses, a situation that could arise if you have multiple wireless access points or other devices with an embedded DHCP server. For this reason, it’s mandatory to allow only one DHCP server to run at a time. Too many DHCP servers spoil the broth, as they say.

Restarting your modem and router can help to reset the above listed issues and give the devices a little bit of a breather, allowing them to start again fresh with corrected IP addresses and less congestion.

If you have concerns about your Internet connection, please reach out to your friendly specialists at Patient Computer Help for Grown Ups to set up a consultation.

Patient Computer Help for Grown Ups assists people with their Macs and PCs in the Chagrin Falls and Ohio City areas.

Do You Really Have to “Properly Eject” a USB Drive?

by

It’s a situation with which you may be familiar…You’re at work and you just finished transferring a presentation from a coworker’s computer to a thumb drive. You decide to show off a little and just pull that USB right out. You know you’re supposed to eject it first, but you see yourself as a bit of a John Wayne type and you want your coworkers to know it. You strut away as the office looks on, impressed.

Technology tips

I hate to be a wet blanket, but your party trick may actually cause more harm than admiration. The warning to properly remove flash drives is there for a reason – a proper ejection prevents your data from becoming corrupted in the event that your system is busy writing something to the drive. Think of the data transfer between your computer and your external drive like moving people across a bridge. If you eject the drive mid-data transfer, it’s a bit like removing a bridge while there are still people on it.

Even if your computer shows that the data has already been transferred, it is not yet safe to remove because of something called write caching. Your computer uses write caching for removable devices as a way to improve speed. Any data you are attempting to transfer to an external drive is held in a cache in the computer’s system memory. Rather than forcing your program to focus on a data transfer at the very moment you ask it to, the computer puts the data in the cache and waits until the most opportune time to complete the task. Properly ejecting the drive commands the computer to go ahead and finish the transfer.

If you have a Windows computer, you can disable write caching (File Explorer -> right-click on your external drive -> Properties -> Policies -> select Quick Removal) with negligible performance loss, however this is not a fail-safe. There is still a small likelihood of data loss. On a Mac, you’re better off not messing with the write caching and knowing that it is automatically enabled.

How to Properly Eject a USB Drive

On a Windows device, open My Computer and find the USB device you’d like to disconnect. Right-click on it and select Eject. The computer will notify you when it is safe to pull it out.

If you’re a Mac user, locate the external device (likely either on your desktop or in the left-hand panel of Finder), left-click on it and drag it to the trash (bottom right of the screen). If done correctly, the trash icon should change to an eject icon (a triangle with a horizontal line below it). As soon as the eject icon disappears, you can remove it. Alternatively, you can hover over the device in the left-hand panel of Finder and click the little eject button that appears after the name.

Patient Computer Help for Grown Ups assists people with their Macs and PCs in the Chagrin Falls and Ohio City areas.