The Crypto Crunch - Ransomware Run Amok

Courtesy of  commons.wikimedia.org

By Carl Weiss 

The Crypto Virus is unlike anything you have encountered in the past.  Sure, other forms of malware can disrupt your web browsing, slow your machine to a crawl or pop up an endless stream of annoying ads.  But this nasty bug has the ability to ratchet up your angst a number of ways.  That’s because not only can Crypto encrypt your hard drive and hold your machine for ransom, but it can also infect any other peripheral connected to it, including the cloud.  This is the same virus that so infected the servers of a local police department in Georgia that when the cops asked the FBI what to do, the feds told them to pay the ransom.  Before your wired world gets turned upside down and your computers are held hostage, you had better read on so you can beef up your immunity to the nastiest bug in Cyberspace.

2016 is shaping up as the year of ransomware – and the FBI isn’t helping.

So reads the headline on a recent LA Times column.  In it, writer Michael Hiltzak details the digital mayhem caused to a local hospital, the LA County Department of Health Services and a school that lost access to their records due to Crypto.  He also pointed out the fact that when it comes to calling the authorities, the FBI, while encouraging victims of ransomware to notify the Bureau, isn’t exactly going to mount a manhunt to bring the perpetrators to justice.

Courtesy of  www.flickr.com

Last year, its cybercrime chief in Boston, Joseph Bonavolonta, was quoted telling a gathering of 

cybersecurity experts, "To be honest, we often advise people just to pay the ransom." 

So the onus is on the public to cover their online assets by installing anti-malware, by backing up their data, and by being careful about the software they install and the emails they open.  Even worse is the fact that this is a growth industry, where the bad guys can buy ransomware on the gray market and they can use Bitcoins to cover their digital tracks. 

Ransomware Takes a Byte Out of Apple

Even Apple computers, which are some of the most secure in the world, are not immune to ransomware.  An app called KeRanger proved that when it quickly infected thousands of Macs by encrypting online photographs, spreadsheets, invoices and other targeted documents before demanding a ransom of $400.  A blog on Wired.com reported that,

Anyone who downloaded one of two installers of Transmission version 2.90, between the hours of 11 a.m. PST on March 4 and 7 p.m. PST on March 5 is potentially affected. It’s not clear currently how many people that is, but if you downloaded that BitTorrent client recently, you should be aware of what’s coming.

The Clock is Ticking

Courtesy of  www.youtube.com

Like most forms of ransomware, KeRanger gives victims only 72 hours to pay up, or risk having their files permanently deleted.  That leaves victims with precious little time to find an alternative to their problem.  Even more terrifying is the fact that Crypto Viruses have the unnerving habit of evolving just as their biological counterparts do.  To start off with, there are two genres of malware: Crypto and Locky.  The first allows access to the machine but it encrypts infected files.  The second simply locks the owner out of their machine.  Recent developments have created subphylum of ransomware that hone in on soft targets.

ScareWare is a sheep in wolf’s clothing that sends victims an alert that their system has been compromised and demands payment to correct the situation. This form of ransomware can easily be dealt with by any competent IT tech.

Lock-Screen Viruses will lock up your computer before displaying an FBI or Dept. of Justice logo that purports to inform you that you have violated the law and must pay a fine.  Just like scareware, most lock-screen viruses can be eliminated by a skilled IT technician.

KeRanger targets Macintosh computers.

CTB-Locker goes after WordPress websites.

GameOverZeus while neither a Crypto or Locky virus, it still inflicts financial losses since it specifically targets banking information.  It then enslaves the infected machine which it uses to send out copies of itself via spam.  It can also be used to directly infect machines or enslave them for use in Distributed Denial of Service attacks.

Courtesy of  en.wikipedia.org

VirRansom called the AIDS of ransomware, this bug is a parasitic virus that leaves hundreds or even thousands of infected files on a system.  This means that even one copy that goes undetected can spread the virus anew.

CryptoLocker arrives via email. This last variant according to the US Computer Emergency Readiness Team can wreak the most havoc.  That’s because CryptoLocker is designed to find, infect and encrypt files located on networks, external hard drives, USB drives and even the cloud.

If you want to take a crack at resolving scareware or lock-screen issues on your own, check out the blog on PC World entitled, “How to rescue your PC from Ransomware.” 

Preventing Infection

Of course the best way to protect you and yours from the perils of ransomware is to do the following:

1. Make sure you use a top notch antivirus/malware application installed and running on your system (including tables and smart phones). We use TrendMicro, but there are many top notch products out there. Avoid the free products, they generally have gaps in their protection.
2. Add a second level of virus protection to your system by installing an anti-malware program such as Malwarebytes.
3. Make sure you keep your antivirus/malware apps up to date. Having an expired or non-updated AV application is asking for trouble, and more often than not, you find it.
4. Actively scan your computers, tables and smartphones on a regular basis. Not scanning on a regular basis widens the gap of discover. The longer a virus has time to do its dirty work, the harder it is to remove and eradicate.
5. Make sure you have a bulletproof backup of your system that is not connected to your machine or network. This can be a backup to a flash drive, USB drive you use to make backups (that is not always connected) or an online service that you connect and disconnect from.
6. If you're using a cloud backup service, make sure in includes revision management so that you keep earlier versions of your documents. This way, if a ransomware virus breaches your cloud connection, you may still have earlier revisions you can access and retrieve.
7. It's also a good idea to make different kinds of backup and restore points on your computer. Have multiple and frequent restore point could allow you to roll back a system to a date before the ransomware infection.
8. Avoid opening any email attachments unless you know specifically where they came from and what they represent. (Remember, the first thing many viruses do once they infect a system is to sniff out email addresses to which they send a copy.) Since many crypto viruses come disguised as an email from FedEx, UPS or USPS, beware of any suspicious emails from shippers.
9. If you must open unfamiliar emails or surf questionable website, use protection. Install a program that prevents other programs from making changes to your system. One such program is Sandboxie (http://www.sandboxie.com) which works with a number of popular web browsers to intercept and isolate your machine from programs that try to run programs on your system. Also, there are many antivirus and utility applications that will lock your system setting to prevent 3rd party apps from making changes. A good one that comes a freeware is Spybot Search and Destroy.
10. Don’t leave your computer running all the time. If it's running, it’s usually connected to the internet and thus, it is vulnerable to attack. Shut your system off at night, or at least set it to sleep mode. At Working the Web to Win, we do system maintenance weekly on our computers. The software we use (advanced system care) allows us to automatically shut the machine down when maintenance is complete. So at least once a week, we set it do maintenance, then the computer shuts itself off.
11. Keep your Browser up-to-date and make sure you use antimalware plug ins to help keep the drive by anti-malware at bay. Many antivirus products provide browser support so make sure you install their plug-in’s as well.
12. There are also browser plugin’s designed to rate the risk of many URLs’, even before you click on them. One such plugin is “Web of Trust”. This product flags URL with a color code, (Red=bad, yellow=caution, Green=good and gray=new).
13. Many security threats begin in the social network world. That’s why my last suggestion is to have your anti-malware products audit your social networks for security weaknesses. Products like TrendMicro do these scans. Also, make sure you follow the suggestions of the social networks you use. Many of the big names, are actively asking their subscribers to self-audit and plug security loopholes.

The bottom line is this, unless you want to revert to using a typewriter, you had better take heed as well as an ounce of prevention so you won’t wind up getting caught up in the Crypto Crunch.

Get your free copy

In this article I have covered the latest attacks and threats caused by the Crypto viruses like KeRanger and other Ransom malware hitting the streets in 2016. I cover everything from the many variants of Crypto viruses to how to avoid getting attacked and infected. I even provide links to articles that provide help for removing such viruses.

If you found this article useful please share it with your friends, family and co-workers. If you would like to learn more about this subject, visit the notes page on this blog and listen to the podcast on BlogTalkRadio show dated 3/15/16. I recommend checking out "Is There a Silver Lining Inside Cloud Computing?“, “The Trouble with Texts - New Text Virus Hits Europe”,  “Are You Prepared for the Onslaught of Cyber-Attacks?”, "The endless Scams of Christmas (and Beyond)“, “It’s Time for Some Hi-Tech Spring Cleaning”,  and “The Hack Attack is Back”. You can also search for other related articles by typing in “Ransomware”, “Scams” or “Hacking” in the search box at the top of this blog.

If you feel your business could use some help with its marketing, contact us at 904-410-2091,We will provide a free marketing analysis to help you get better results. If you'd like a free copy of our eBook, "Internet Marketing Tips for the 21st Century," please fill in the form below and we will give you immediate access to it. Your information is always kept private and is never sold.

Carl Weiss is president of WorkingtheWebtoWin.com a digital marketing agency in Jacksonville, Florida that routinely works with bloggers and other online marketers to grow their businesses. 

Related articles

• UPDATED: Ransomware becomes big business as hackers demand $3M to relinquish control of hospital files
• Cyber criminals hit US hospital in ransomware attack
• Hollywood Hospital Goes Low Tech As Hackers Hold Computer System Hostage
• Ransomware: L.A. hospital pays 17K to computer hackers
• PadCrypt Ransomware
• February 22 Cyber Intelligencer: Three Lessons From the Latest Ransomware Incident
• The rise of Android ransomware
• Ransomware: People Would Pay Ransom to Recover Photos, but Not Work Files
• Ransomware Extortionists Land $17,000 in Bitcoin
• CTB-Locker for Websites - Ransomware targets and encrypts hacked websites