logo

Practical Computing Advice and Tutorials

Sun: 26 May 2019


Site Content

Programming
&
Development


Technical Knowhow


Command Line Interface


Security

Ransomware

'Ransomware' is a breed of Malware that, if it gets into your computer, will encrypt your personal data files and then try to extort money from you, with a promise of decrypting your files, once you've paid the Ransom. If, at the time that the Ransomware hit, the account with which you were operating your computer was a admin account, you've very little chance that your system restore will work, as those files will have also been encrypted. But, if you were using a non-admin account at the time, there's a chance that the restore files will have been protected, thus giving you a 'get out of jail free' card.

Ransomware (A.K.A: Crypto Malware) can be traced back to 1989. Back then, it was very targeted and distributed by hand, via a floppy disk, and was not very sophisticate. Today it's distributed (mostly) via the Internet (typically email) and is very sophisticate, using readily and publicly available data encryption techniques. Although it's still targeted (no point in demanding money from people that don't have any; better to demand money from a large organisation) it can and does hit individuals. Corner cases aside, if you get hit and you've not backed up your files, you're sunk!

A thought that I've just had on this is that as large organisations spend money on mitigation to fend off Ransomware and become a harder target, it's likely that individuals will become more targeted.

Talking of file back-ups, you also need to make sure that any back-ups you have got are 'off-line', because unlike the Ransomware of past, today's breed will look for any network attached storage (A.K.A: NAS) devices and go encrypt those files also. This includes any USB devices, any Dropbox (and the like) files; safe to say, if you can get at your files with no more than a couple of clicks with your mouse, Ransomware will find and encrypt them. This is not only a MS Windows OS threat, but also MAC OS and Linux OS.

Prevention is better than cure

Although it's not 'Ransomware', there's another form of Malware that's becoming more prevalent and finding its way onto P.Cs in the same way; and that's 'Cryptocurrency Miners'. You've maybe heard about the explosion in the value of Bitcoin, but that's just one of many Cryptocurrencies out there. Another one that's becoming more popular as its value increases is Monero. I've seen some reports about web sites that run a Monero mining JavaScript on the browsers of anyone that visits said site. If a site makes it clear to its visitors that the way the site operates is to use your computer to mine for Monero while you are browsing, as a way to finance the site, instead of showing you advertisements, then fine, if that's the business model and visitors are made aware of this and agree to it. But, in the reports that I've seen this is not the case and it's being done in an underhand way.

I've also seen reports that WordPress sites are being targeted in so much as 'Hackers' (a term that I intensely dislike) are deploying attacks in order to turn the server on which the site is being hosted into a Monero Miner. I can relate to this because when this site was run using the WordPress software, I saw dozens of attacks a day trying to brute force my admin login. I used a 20 character randomly generated passphrase as well as a user name that nobody would be able to guess. I also put every IP Address that was logged, at times entire blocks of IPs, in my .htaccess file so as to deny any future connections. So, although my site was as robust as I could make it, it was none the less unnerving and a worry for me. I had (as many do) plugins installed that could have been chinks in the armor. These attacks were the main reason that I moved away from using the WordPress software. This story can be found on the SC Media site, for anyone that may be interested.