by Kay Kirscht
Quick Summary
In the following interview, Jenny Blaine, an information security analyst at the University of Minnesota, reacts to the circumstances detailed in The ransomware threat to libraries, Part 1: A true story.
In the following interview, Jenny Blaine, an information security analyst at the University of Minnesota, reacts to the circumstances detailed in The ransomware threat to libraries, Part 1: A true story.
"This sounds like the work of ransomware called “Locky.” Different programs do different things and leave a different trail of damage. The threats also look different, as there are quite a few varieties and practitioners of malware (and even kits for sale, now) enabling people who have little technical knowledge to conduct their own viral rollout, because those who do know how to program found making malware available very profitable.
What is Ransomware?
"Ransomware falls into the malicious software category of malware. Social engineering is a related threat. Breaking into someone’s stuff with programs like Locky is hard work, but it’s much easier to trick someone into giving you access using a socially engineered e-mail.
"Malware can spread through the ‘I shared a document with you’ type of email. It could also come from your mom, kid, coworkers, best friend, professor. It could be a link asking you to log in at which point it steals your ID and password. Malware could also hide in a wrapper: a DOC or PDF with a script that instructs the malware (like Conficker) to launch. Sometimes your antivirus software can detect the wrapper and stop malware from installing. Sometimes your antivirus software notes that malware has intruded, but cannot stop it.
"Many times people click on these phishing emails, are shown a login page, enter their ID and password, and then see nothing, so they close it and forget. Six months later, the bad guy starts testing out all the passwords he collected. You’re not going to remember what happened six months ago.
"The most common types of ransomware use encryption, which is usually a protection mechanism. Having encryption on your computer is a good thing, but you want to be the one controlling the encryption! Ransomware isn't typically about stealing data. Criminals don’t care about your data, but the criminals know that data is important to you. Ransomware is about control over the data: holding the data so you can’t get at it or taking it away entirely. Your data sits on an infected system, with a different file name, because all the file names are encrypted.”
Dealing with Ransomers
“Dealing with ransomers is not a good idea. The thing to remember is you would be dealing with criminals and that will always be risky. In giving in and paying up, you’re expecting thieves to be honorable, and you can get victimized all over again. In general, we do not recommend paying. Unplug from the network, clean up the computer, restore stuff, and get back up.”
Back Up Your Data
The key has always been having good backups! The best are automatic backups, performed daily and incrementally so any files you’ve changed that day are backed up. A caveat on backups: you need to make sure they work. Do a test restore so you don’t end up discovering your backups don’t work only under the stress of a real-life situation.
Backups on Offline Computers
“I’ve heard about restored systems reconnecting rapidly with ransomware and becoming infected all over again once they're put back online. But how would you get the files onto that computer-in-the-storage-closet? Flash drives? Transfer cable? A cable would re-introduce the system to the network. It’s problematic. Flash drives can be encrypted by malware, too.”
Backups on the Cloud
“Backing up to the cloud is not a terrible idea. You pay someone for the responsibility of keeping your data safe. You can backup files to Google or Dropbox. We have seen backups to Dropbox files encrypted, but Dropbox can restore files via their backup system.
It’s almost safer to use a vendor (i.e., paid solution). Crashplan may be a solution for smaller organizations and individuals. It only costs $5 a month. You could upload all of your files to Google Drive, and remember to synchronize. If you get hit, and your files get encrypted, your files would count as a “new revision” to Google, and you could go back to a previous revision. Until ransomware figures out a way to get those files, too.”
Backups on External Drives
"Those don't happen automatically. Most people don’t back up often enough, and you’re at risk to lose all the work you've done since the last backup if you get hit. The best solution is a backup you don't have to trigger yourself, that is itself safe from encryption, i.e. not plugged into the drive it's backing up.”
No Silver Bullet
“There is no absolute prescription for avoiding this stuff. Viruses, malware, and ransomware are all moving targets. There is no silver bullet. Scams are nothing new; people have always tricked each other. It’s just that the internet happens to make it very easy for criminals to get really close to your stuff. Unfortunately, people don’t take precautions until they learn the hard way by losing data or having their identity stolen.
"It’s not that you need to be scared of computers and the digital age - just be aware and know there are practices and tools to help you stay out of a criminal’s clutches."
Computer Safety Tips:
- Keep your software updated.
- Use a firewall on all network connections (and while you’re at it, enable security features on your device or system).
- Ask questions. If you get an attachment you weren’t expecting or a message that seems strange, call the sender and find out if they did indeed send it.
- Before you click on that link, check to see where it’s actually taking you. If the link doesn't match the website you are heading to, do not click!
- Use strong passwords. The longer the password, the better. Consider using a password manager to keep track of all those letters, symbols, numbers and caps. Password managers are an arguable topic, even in the security world: “If I get into your password manager, I have the keys to the kingdom!” But again, practice good computer safety habits: use a long password and a different password for every system. We recommend Password Safe (for local machines and if you are an admin for several computers) and LastPass (a cloud solution). Or write your passwords down and keep them in your wallet along with your other valuable paper. Just don’t provide a clear key as to which sites the passwords belong to.
- Install antivirus software. The University likes to go with free options. Combine Windows Defender (free with every system since Windows 7), and an excellent, self-updating antivirus program that won’t keep bugging you to upgrade: Malwarebytes Anti-Malware, and Malware Bytes Anti-Exploit. Those three programs, installed all at once, offer good coverage.
- If you’re running a Mac, consider excellent free options like Sophos or Avira AntiVirus.
- Keep good browsing habits: stay away from lurid celeb-news sites, free games, and porn sites.
- MacAfee WebAdvisor is still good for recommending websites before you visit, just stay away from the entire antivirus package. You can still download it for free - just be careful when installing, and uncheck additional options. Ad-Aware is also good.
For more information, visit Safecomputing.umn.edu and read Jenny's Ransomware Case Study (February 9, 2017).