Grammy Nona Gave Me a Virus: A Ransomware Story
It might be easier and more prevalent to be infected by ransomware than you think. And it doesn’t just impact big companies. Learn what you can do to protect yourself.
Not all people who deliver ransomware are evil doers in dark corners of the world working in Batman villain-like hideouts. And they don’t all live in their mom’s basement huddled around an LCD screen in a dimly lit corner eating cheese puffs and slamming energy drinks. Sometimes they’re the people who gave you hot chocolate on a cold winter’s day while making fresh hot pizzelles and watching their “stories,” aka soap operas, on TV. That’s right, Grammy Nona just infected you with RANSOMWARE.
Well, she didn’t, it was really some dude that got her email from the time she signed up for something that she thought was something else and it looked “so real” in her email. It never occurred to her that it wasn’t really a pizzelle-of-the-month recipe swapping message board with a CompuServe email address. It also never occurred to her that Password1 or 123456 is not really a secure password—it was just easier for her to remember so she never got around to changing it.
Education is the best protection
You might think the best way to help protect yourself and your company from getting hit in the first place would be to buy the latest high-tech device and big-time protection software. While it is vital to have a good solid end-point security to prevent malware infections, as well as security that protects web browsing, controls outbound traffic, protects system settings, and proactively stops phishing attacks and continuously monitors individual end points, remember that the guys doing this are always a step ahead of us. That is all they do is try and find ways around what we deploy, ways around the technology. What they can’t program for are … educated users.
That’s right. Our best protection is to educate users and the weakest link is uneducated users. No matter what tech is in place, the user that clicks on that link from Grammy Nona who doesn’t have the latest whiz bang firewall and whose password is 123456 can give you ransomware. Have a bi-monthly, or at least monthly, training and information update meeting on the latest phishing and spam threats that are out there. Show them how to protect themselves and they will protect you. Also make sure this training is included in new hire orientation.
Put your Computer on lockdown
Creating strong Windows policies is another must, including such actions as:
- Blocking executables in temp or temp+appdata (this just means not letting programs run in certain directories);
- blocking access to VSS copy service (This is a program that has to do with making a quick backup copy of your data that Windows uses for security. When used properly it is a very useful tool); and
- Putting .SCR, .PIF and .CPL files in the user’s temp, Program Data or desktop (These are file types that hackers use to trick the system into locking down your files).
In some programs you can automate frequently used tasks by creating and running macros. A macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Disabling macros and autorun is another area to lock down. Lots of Crypto Ransomware use macros. Macros can easily be disabled in the Trust Center in Office. You can selectively turn on ones you know and trust if you use them in your business.
While autorun is a nice feature, it is also used as a back door to get access to your data by malware. Here’s an example: Say you get a nifty promotion USB drive in the mail. You plug it in to take some files home for the night and as soon as you plug it in, autorun looks there and runs any .exe file. Suddenly, your screen starts flashing and you can’t stop it and before you know it, your files are all changed to .enc files and there is a countdown clock on your screen telling you to send $300 to a bank in some third-world country along with a bag of cheese curls and some Red Bull.
Better have a backup
Make sure you not only have a backup, but also a business continuity plan in place. If you have a USB drive attached to your PC, that’s not a business continuity plan. That is not even really a backup because it’s connected to your PC and all you’re really doing is copying files from time to time, so it will also be encrypted. Your data needs to be “Air Gapped,” meaning not directly connected to the source of the infection.
Now, I know some of the things I wrote here sound complex, but really, they are not. Believe it or not, this article is not aimed at big companies with IT departments the size of Texas. I wrote this for the small- and medium-sized businesses of the North Coast. The things I mentioned here are not out of your reach nor should they be. Frankly, I get more phone calls from people I have contacted in the past who said, “No, we don’t need any of that stuff,” than you might think. It is that exact line of thinking that these bad guys depend on.
Ransomware is a $325 billion a year business. You only hear about it when the big guys get hit but the bulk of that $325 billion comes from companies just like yours. Companies that thought, “I have Google Drive and I backup my things there” or “I have Office 365, so my data is safe in the cloud.” Neither of those things will protect you. Just because your data is in “the cloud” doesn’t mean it can’t get infected. There are reasons people say, “I got hit by a virus.” A virus spreads and without prior immunization or a proven cure, you will get sick just like these malicious programs will spread to “the cloud” from your desktop.
Vic Manfredi is president of Affordable-IT, which provides an array of technical helpdesk support, computer support, cloud computing services and consulting services. Affordable-IT has been serving businesses in the Northeast Ohio area since 2006. You can contact Vic via email at firstname.lastname@example.org.