Beware of Ransomware

  • What is Ransomware?
    • Also known by its pseudonym "Crypto-locker", At its core Ransomware is any software that takes your data (documents, files, software) 'hostage' by encrypting everything on the computer other than Windows itself.
    • Ransomware is not by definition Trojan horse (what people typically think of when they say 'computer virus'.  Ransomware can be delivered through or packaged with a Trojan horse, but this is a relatively new type of threat.                                                                           
  • What is affected by Ransomware?
    • Ransomware typically doesn't affect Windows (or iOS) itself - The goal isn't to force you to reinstall or replace your PC and to leverage your necessity to access your data that's stored on that PC.   This would typically be your financial software, Master keying programs, Instacode, Job booking software, etc. 
  • How does Ransomware take my data and software hostage?
    • Everybody's favourite buzzword lately - Encryption!   Just like your bank encrypts traffic to and from your web browser when you do online transactions, Ransomware uses something akin to AES 256 encryption to 'lock up' anything it wants.   This typically occurs unbeknown to the user, and can be remarkably fast. 
  • I don't care, I'll pay an I.T. wizard to unlock it!
    • ​Nope.  Just nope.  Crypto locker and other Ransomware is built well, and doesn't rely on 'good workmanship' to encrypt files well - It relies on mathematics and a process called Elliptic Curve cryptography, which at its core can be described as "Really fast to Encrypt - Ungodly slow to De-crypt".  The time scales to measure decryption of AES 256 starts at the hundreds of thousands of years.
    • There is no super-dooper-secret backdoor.  It's mathematical. 
  • Well, I'll just pay the Ransom.  I need my data / computer!  The police can then track them down through the money trail, right?
    • Nope, sorry.  Smart criminals.   Typically these sorts of systems will only accept payment through untraceable methods (by design) such as Bitcoin.    
    • Once you send the money, it's gone.  Whether you get your data unlocked is a roll of the dice, and normally it doesn't happen anyway.   This is where the catch gets people who are unprepared, especially in a business ecosystem.   Not only are you down a (potentially) critical PC, but now you've also paid $500 - $10,000 to an untraceable source and they've disappeared. 
  • Well, all this sounds gloomy.  What can I do?
    • Adblock & Windows Defender
      • Regardless of the controversy around Adblocks and their effect on website revenue, Ad networks are notoriously the most effective channel for Ransomware delivery.   Block the ad, Block the script it maliciously loads, and you've cut off an attack vector that nobody could avoid.
      • Windows Defender is, by surprise to many, actually pretty good as an anti-virus.  It's right up there with any other tools that are paid-for or subscription based, it comes pre-installed for free with Windows, it self-updates and scans, and it doesn't consume 70% of your PC resources to run simple scans.  This one is definitely a second-line of defence after an Adblock.
    • Simple rule in life,that you already apply to other areas:  One is None, Two is One.  If you were to lose your Phillips screwdriver on a job, do you have a backup?  If you're working hours from the workshop and you've only got one way to fasten Phillips screws, I don't think anyone can help you...
      • Automatic Backups.  
        • Don't re-invent the wheel when someone sells them just down the road.  The process of plugging in an external hard drive and doing a backup once a week is tedious and boring and we all have other things to do with our lives.  A service based off-site like Mozy.com (link is external) provides this as an automatic service, so you don't have to be concerned when everything gets hit by Ransomware.  You simply download an entire copy of your computer from them, throw in a DVD and restore back to a period when you know it was safe.   Worst-case, if the Ransomware still exists, you or your I.T. wizard can manually recover and save the data, because you have it in an unencrypted state.
      • Cloud-backups with Version History.  
        • Services like Onedrive, Dropbox, Google Drive, Box.com - These all exist as file storage drives that are by definition off-site and secure when something like Ransomware hits
        • When I edit a file that is backed up to Google Drive, I only see one file.   But if I make a mistake, I can call on the Version History (link is external) to restore to a previous version - for the life of the file. 
  • Protection Methods (in summary)
    • Pre-emptively; Adblocks and Windows Defender 
    • Fail-over protection; Online Automated backups and/or Version History are the keys to thwarting Ransomware if you can't stop it getting in.   By having a robust method of restoring your data, the only cost to your operation if something does go wrong is the cost of time to spin-up a new PC or restore the old one to a known working state.   This can be a vastly different cost, depending on the business and what data they have.
    • Ongoing:   Move all your software save directories to a system like Google Drive.  It costs $2.00 per month for 100GB of online storage, which is plenty for Admin documents, Pro-Master software & database, Client records & document trails.   Change your systems to save documents directly to Google Drive and you're covering yourself in the event of an emergency, ongoing and seamlessly.
  • What can I do if I've been hit?
    • Well, what would you do if you lost your only Phillips screwdriver on a job, and you were three hours from anywhere that sells a new one?     You're more than likely up a certain creek without a certain boat propulsion device (paddle).  
    • In some rare cases, with the earlier versions of Crypto locker, it was possible to break them.  This was iterated on quickly, and that's no longer the case in most cases. 
  • Somebody help!  I want to protect myself, but can't.
    • Operating a business in this day and age almost requires some level of I.T. knowledge, whether it be from an internal or external resource.   If you're operating on a computer that's five years old, has no backup system, and all of your key records are only stored on that computer, you need to change this now.  
    • This is not an insurmountable problem; 95% of things you need have been solved before, by smarter people with bigger problems.   Steal (borrow) their solutions yourself, or hire somebody who can.   I.T. infrastructure (software, hardware, architecture) is something that's commonly overlooked in Locksmithing, but it can save you enormous headaches and make your daily operates incredibly streamlined and fast.
    • This is not a $10,000 problem.   Find a good, local I.T. support company that work with businesses.  Ask for a quote, and if needed, pay for them to do an infrastructure survey.   You'll be surprised at how cost effective being pre-emptive and ahead of the problems can be (almost like installing the right lock for the application, and servicing your locks before they break, huh?)

 

Harvey Poyntz  Northern Chapter Member