Ransomware Archives - Geek for Hire

Security Summit Thoughts – Hack-Proof Your Mac or PC

Posted on March 20, 2018November 2, 2019 by Gail Eddy in Hackers, Microsoft, Phishing, Ransomware, Technology Tips

Last week I attended Microsoft’s “Virtual” Security Summit. I have the word virtual in quotes because I didn’t have to travel anywhere. My son and I watched the live streaming video in our living room! While I like the buzz of meeting new people, staying at home and learning new things has its advantages as well. The Summit was primarily targeted towards management of large enterprise firms, I did pick up a few nuggets of information that will help the average person with the security of their machine as well.

First tip for Security:

Make sure the user permissions on your account are set to “Standard User” and not “Administrator”. This cuts down on the chance that viruses or other malware can be easily installed on your machine. This also protects a random bad operator from installing a bitcoin mining operation on your machine. You provide the computer and electricity, they get the benefit. If anyone has ever installed the SETI program on their machine, it would work similarly to that. (The “Search for Extra-Terrestrial Intelligence” program gave the opportunity for ordinary computer users like Chris Eddy to allow SETI to use some of their computer operating power.)

Make your machine harder for the bad guys to get access to. Use a very secure password, set up two-factor authentication wherever you can. Install updates to your Operating System as soon as they are available.

Finally:

Use good security practices. Patti Chrzan, head of Microsoft’s cyber-security fraud division said this:

“90% of all cyber crime starts with a phishing email”

A reminder that the phishing email is an attempt to get access to your personal information, like your birthday or password. A phishing email might also install a virus, ransomware, or other malware.

Being hyper-alert of every click, and every email you open puts you way ahead of the average person. Even if the email seems legit, never click on a link in an email from a corporation until you have confirmed its legitimacy. Call the company to confirm that your account has been hacked, or your password was changed, or a large purchase was made. Never take the word of an email at its face value!

The highlight of my day was when Microsoft retweeted my comment:

Just because you have an antivirus installed, does not automatically make you secure. You must have good personal systems in place too.

Past blogs you may find helpful:

20 February 2018 – Secure Passwords
28 November 2017 – Phishing
4 April 2017 – Two-Factor Authentication

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years. We like the free and fast shipping. With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

Mac OS Malware – What you need to know

Posted on June 6, 2017June 26, 2017 by Gail Eddy in Apple, iMac, Mac's, Malware, Ransomware, Technology Tips, Virus

It’s finally happened. Mac’s have finally reached that magic threshold where more and more people are purchasing MacBooks and iMacs. The “bad guys” have recognized that and are writing Mac OS malware, viruses, and ransomware. Yes, they are specifically targeting the Mac OS. They’ve had years of practice on Windows machines. They know Mac users are a bit more discerning, so their malware needs to be even more subtle to trick those Mac users. Their products look like the real thing – a real email from Dropbox, a real pop-up from Adobe.

It’s a jungle out there, so don’t think you’re immune just because you have a Mac!

Two versions that are targeting Macs are MacSpy and MacRansom. MacSpy does the usual data scraping, browser history harvesting, etc. MacRansom is a straight-up ransomware. The cost to retrieve your data is about $650-750. You can read more about them in this article from Dark Reading.

Another Mac OS malware that’s spreading is installed when you think you’re installing an Adobe upgrade. You do get the upgrade, but you get a “snake” program as well. For anyone interested in reading more, check out this article.

Another Trojan, named OSX/Dok, is also relatively new and spreads it’s program through a sophisticated phishing email. So far, it seems to be targeting primarily European Mac users. Checkpoint says that:

“This new malware – dubbed OSX/Dok — affects all versions of OSX, has 0 detections on VirusTotal (as of the writing of these words), is signed with a valid developer certificate (authenticated by Apple), and is the first major scale malware to target OSX users via a coordinated email phishing campaign.”

Have you learned something about Mac OS malware? If you found this helpful, please forward it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fifteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years. We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet. I’ll try that next! Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission if you sign up.)

Save

Ransomware

Posted on July 12, 2016March 23, 2018 by Gail Eddy in backup, Cloud, Data Backup, Malware, Ransomware

Chris has seen several Ransom Ware infections in the past 18 months or so. Ransomware is just about the worst of the malwares the “bad guys” have thought up. Essentially, once you get infected, the ransomware installs a nifty little program which encrypts all of your data. Then, they’ll give you a pop-up letting you know that you have so much time to pay a ransom to receive the encryption key.

Here is a screen shot of one of the ransom notes Chris has seen.

I’ve asked Chris to tell you what ransomware looks like, what you can do if you’re infected, and how to protect yourself.

I’ve seen three actual instances of ransomware in the past few years.

The first instance occurred about two years ago at a customer site. I found that their personal and business files were all encrypted. Since they had a fairly recent backup of their data, the thought process was relatively quick: remove the old hard drive, install a new one, rebuild their server, and restore their data. This took several hours to complete, but it was successful and very little data was lost.

The previous instance occurred last summer, to a customer I hadn’t served in many years. I forget the nature of the problem which motivated the service call, but I soon discovered that their personal data was unreadable. I turned off the computer and removed the hard drive, so that I could see what customer data was there without allowing the infection to proceed if it was still active. Turns out the customer already had a secondary infection which had been running for the past six months. This created a huge volume of temporary files and greatly delayed my getting permission to access to their data. Somewhat fortunately, every personal folder which had been encrypted had had a text file and an HTML file added, which contained a document from the ransomware software. The document indicated that the data was encrypted, and if you wanted to get it back you had pay a fee in BitCoin at one of 4 different IP addresses. Note that only one IP address was responsive. The ransom cost started at some amount, and would increase as time went on. To prove that they were indeed the ones which encrypted the data, they offered to decrypt one file immediately and at no charge. In talking with the customer, they identified the one file that was the most critical, and this one file was successfully and promptly decrypyted. Eventually, the customer decided to pay the ransom, which was about $700. It it took a long time for the customer to get the BitCoin payment into a spendable account, and then the payment could not be given because none of those IP addresses were accessible. We were ultimately declined access to provide the ransom payment because their servers were too busy to receive another connection. Apparently their servers were being crushed with activity from their own success.

The most recent occurred a few months ago at a business I frequent. The symptom to them was that the computers which run their business management application displayed an error message saying that the database was corrupt. Since I was there at the time this happened, my recommendation was that they turn off all of their computers. Turns out they received an encrypting infection called “Locky”, because the customer files are encrypted and renamed to have a “.Locky” extension. But there was no opportunity to pay a ransom to get the data back. Another problem was that there was no backup of their data for several years. The solution was to replace the old hard drive with a new drive in the server computer, reinstall and update the operating system, and coordinate with the manufacturer to reinstall the application and look for old data. Fortunately, a copy of the database that was 6 months old was found; so there was a 6 month gap in time, but at least they had not lost 20 years of customer data. Also, a good antivirus was installed on all of their computers, which they did not have before. They did not understand that they needed a good antivirus installed. This was actually a problem that was waiting to happen. It could have been avoided if their usual “IT Guy” had taken the initiative to see what they did and did not have, rather than just doing a technical task they were called in to do. They are hopefully in the process of getting a backup procedure, because hindsight showed that having a 6 month gap in customer data could have been avoided if their usual “IT Guy” had implemented backups of their data.

There are lessons to be learned from these experiences.

Have a good antivirus on all of your technology. Note that there is no antivirus on the planet that can protect you from all things all the time.
Have your computer prepped by a competent IT person.
Make backups of your data. Backups never go out of style. It can be to an external hard drive, or a USB thumb drive, or to a cloud based backup service like Dropbox.
Know the completion status of that backup. I’ve lost count of the number of customers who believe that they have been backing up for long time, but turns out that their data is actually old because the backup has not worked for years.

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

We’ve been using Amazon Prime for the past few years. We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet, but I’m tempted! Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)