DIY: ransomware and how to protect yourself

FBI Ransomware, Trend Micro

***

Today my email had a surprise message. Trend Micro, my current antivirus, informed me that I should get an anti-ransomware tool. I thought "Great, another way to separate me from my money." But I still decided to check into it.

Turns out there is ransomware (also a way to separate you from your money) and it's use is growing. Ransomware typically

propagates as a trojan like a conventional computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload: such as one that will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is the only party that knows the needed private decryption key. Some ransomware payloads do not use encryption. In these cases, the payload is simply an application designed to restrict interaction with the system, typically by setting the Windows Shell to itself, or even modifying the master boot record and/or partition table (which prevents the operating system from booting at all until it is repaired).(Wikipedia)

One prominent flavor is Cryptolocker which worked differently but still requires payment, usually via Bitcoin or a pre-paid cash voucer and within 3 days. Wikipedia notes that "It was estimated that at least US$3 million was extorted with the malware before the shutdown" in late 2014. More recent versions are CryptoLocker.F, TorrentLocker, and Cryptowall.

More information can be found at Microsoft's Malware Protection Center and Trend Micro's Security News. The site We Live Security gives some very good tips in 11 things you can do to protect against ransomware, including Cryptolocker.

Trend Micro offers a free anti-ransomeware tool for download and instructions for using the tool. And here's more information on how to protect yourself.

About email safety. Never click on a link or attachment unless you're sure who sent it. Look at the sender's address--if it's you (a spoofed address) or someone you've never heard of delete it. If the email looks like it's from your bank or credit card company, but the sender's address doesn't look right, go to company's site (bank or credit card) and look for information on what to do about phishing. Often you will find an email address for forwarding the email to. Let the company deal with the nasty, fraudulent thing. Then be sure to delete the original message.

Never, never, never just click on an attachment that has an *.exe file extension or one that has *.doc or *docx. Detach the document and virus check it before opening. Again, if the sender is unknown, just delete the email first. The only documents I'll open without checking are *.pdf and from a known sender.

On dealing with spam, forget about unsubscribing--you're just letting the spammer know that your email address is live. You can set up filters to keep the spam out. Although I don't filter (except porn and sex-related stuff) because it's fascinating to watch what the most recent hot topics are. It's easy enough to delete the spam after you've reviewed the subject lines.

While I was checking on ransomware, I came across this article at Tom's Hardware (a very useful site)--Report: Security Of U.S. Agencies In Dire State, Employee Logins Widely Leaked.

-- Marge