It’s a New Year – which means that the YMCA will be really busy until sometime around mid-February. It’s a great time to review your top goals for 2016 (or resolutions - whatever you want to call them). Perhaps most importantly, it’s a great time to get your technical house in order.
Here are my top 6 recommendations for technology goals you should set for yourself:
1. Change your password regularly.
For those of you who don’t change your password regularly, the top of 2016 is a great time to do that across all of your accounts: personal (like Facebook and Twitter) and professional (such as your Quickbooks Admin password or your O365 password). You really should be changing this every 90 days! I know it’s a pain, but not nearly as painful as someone hacking your account.
2. Review and update privacy settings.
Review your privacy settings, particularly for Facebook and Google Accounts. You may be publicly posting information you'd rather keep private - and information that could be used against you to guess passwords or answers to security questions. Both Facebook and Google add new "features" on a regular basis and tend to opt users in by default. Recently, Facebook even changed their search so public posts now appear when you search for a subject. Review these settings and update them as needed so you aren't broadcasting information you'd rather keep private.
3. Take advantage of unused features and programs.
Take advantage of features you aren't using in services you're paying for. We have a lot of Office 365 customers who don't use the service to it's full potential, simply because they don't know everything it can do. One part that often gets overlooked is Onenote. Personally, I use OneNote heavily (did you know that you can print documents directly to OneNote?) both professionally and personally. It syncs across all my devices so I don’t have to keep up with all my handwritten notes and to-do lists, which is incredibly helpful and goes a long way to keeping me organized.
4. Use Clutter in Outlook.
Turn on Clutter for Office 365. This has truly been a game changer for me. If you aren’t familiar with Clutter, it is a part of Office 365 that moves all mail that it deems as ‘non-essential’ to a Clutter folder. It is remarkably accurate. It uses machine learning to determine what senders you tend to interact with most and what senders you normally just delete (or don’t read). Overtime, your mailbox will be remarkably clean. It takes some getting used to – but now I trust Clutter implicitly.
5. Use a password manager.
Use LastPass (or a similar password manager) to store your passwords. We’ve discussed this on the blog several times but it’s worth mentioning again. One of the worst security mistakes you can make is using the same password across sites or services. It’s a common mistake because it’s so hard to keep up with all your passwords. Lastpass solves this problem for you. I won’t go into all the details here but it generates secure passwords for you and makes logging into your sites and services a snap. It even has mobile apps so you log in, no matter what device you're using.
Unplug more. Our mobile devices have turned into tethers (I heard someone recently refer to it as their leash). While they are extremely powerful, useful, and help keep us productive; if left unchecked their use can interfere with our daily life. (It can even impact your posture and your mood according to a recent study.) I installed an app called ‘Moment’ recently that tracks your time on your phone. I won’t share the number (I am too embarrassed); but suffice it to say that using the app has opened my eyes to the ‘moments’ I am missing!
One of the most popular posts on our blog is about how to block Cryptowall in Office 365. It was written in 2013, but continues to be one of the most visited pages on our entire site because of the devastating effect Cryptowall – and all other forms of ransomware – can have on your business.
Ransomware is a type of malware that infects your computer and encrypts all your files until you pay a ransom fee to the attackers. It will block you from opening your files, in some cases it will take over your entire screen, take over and turn on your webcam or encrypt your files with the intent of scaring you into paying the ransom. Basically, until the bad guys get what they want, your computer has become a useless desk decoration.
As the cherry on this sundae, these attacks require that the ransom is paid in encrypted, non-traceable currency like BitCoin or MoneyPak. In 2015 alone, Cryptowall and other encrypting malware have ransomed some $325 Million from its victims. Doesn’t sound fun, does it?
So is there more than one type of ransomware? Yes. There non-encrypting and encrypting ransomware:
The non-encrypting type tends to fall into more of the “scareware” category. In other words, their bark is worse than their bite. Most commonly, these types of malware display a message that takes up the entire screen and states that your computer has been taken over by a Federal Law Enforcement Agency (i.e. FBI, CIA, NSA) and demands that you pay the ransom or face criminal charges, fines or even imprisonment
These infections are commonly referred to as “the FBI Virus.” There are usually accusations of pirating copyrighted material, distribution of child pornography or attempts to hack into government entities that have been traced back to your computer. The really bad ones go as far as to activate your webcam, if your computer is equipped with one, display your public IP address, Internet Service Provider, and your geographic location.
So what’s the good news you ask? Typically speaking, these infections can be removed with a good scan and removal of malware and rootkits.
Now as scary as these non-encrypting ransomware programs are, there are unfortunately worse things yet to come. That leads us into…
These are the malicious infections who come in through the same Trojan Horse means that their non-encrypting kin enters your computer. Instead of throwing up messages about possible illegal activities, though, they encrypt the files on your computer. That document or spreadsheet that you were editing without a problem earlier today that suddenly won’t open properly or look like someone typed your document in some weird characters are good signs you’ve been hit with the encrypting ransomware.
You may get an error message on your screen indicating that you have a certain amount of time to pay the ransom or the encryption key that was used to encrypt your files will be destroyed forever by the hacker, leaving you with a completely unusable computer. Here’s a screenshot of CryptoLocker, a common encrypting ransomware.
If that wasn’t bad enough, the encryption doesn’t stop at your local computer. If you have mapped network drives that connect back to your corporate server, the infection begins encrypting the files on those drives as well. So now your entire company is at risk.
If you are particularly unlucky, you will get no notification of the infection. One day your files that you were able to open, edit, and save will cease to work. They are at least nice enough to drop a few unencrypted files on your computer: Usually a picture file, a web page shortcut, and a text file laying out the steps to pay the ransom for the key to decrypt your encrypted files, as well as the consequences for attempting to remove the infection without paying.
Newer, scarier variations
In the new version of Cryptowall 4.0, the files are encrypted without notification to the user, the file contents and even the file name are altered. Now that’s just dirty. Unfortunately, the groups behind these attacks are also improving the malware payload droppers (what they use to install the malware), as well as using encrypted web communication, making it even harder to detect an infection (you know, until all of your files are encrypted). It’s a big bad world out there.
How does it get in?
The most common method for delivery is a Trojan Horse program. Like the Trojan Horse from the Greek and Trojan war, it is a program masquerading as some helpful with more sinister motives hidden inside. Once downloaded, it quietly drops it’s “payload” – malware – onto your computer in the background.
What to Do if You Are Infected
So all of this prevention sounds good, but truth be told the people who are deploying these attacks are smart enough to know how to circumvent most of the common anti-virus and anti-malware programs on the market today.
So, what should you do once the infection is discovered? Immediately shut down the infected computer and unplug it from the network. Contact PTG Support as soon as possible so that we can determine when the infection began. This will help us figure out where the infection began and what we can do to mitigate any losses.
At this point, consider everything stored locally on this computer lost. The data isn’t coming back. We err on the side of cautious and will not risk re-infecting a network with a computer that has been compromised by these types of ransomware. The computer will be completely wiped clean and reinstalled from scratch. From here, we’ll work on restoring you from your backups and getting you up and running again as soon as possible.
It seems as though I’m painting a grim picture of the future of cyber security in today’s world. The truth is it’s bad out there and only getting worse. I hope this article will help you identify any issues with Ransomware that may arise. As always please let us know if there is anything we can do to be of service. Stay safe out there.
Send feedback to Eric
As the second member to join PTG, Eric helped define the core culture and technical focus for the entire organization. Born in Fairfax VA and raised in Fredericksburg, VA, Pohl attended The University of Virginia’s College at Wise from 1989-1993.
Pohl has more than 20 years of experience in IT services, ranging from desktop support technician to manager of data processing to systems administrator for a multi-national corporation before joining Reed at PTG.
His career experience has prepared him for a variety of roles at PTG. He delivers IT projects to national customers that range from on-premise deployment of servers, wireless networks, and network assessments to cloud-based services like Microsoft Office 365.
In addition to his primary duties, Pohl assists PTG’s Helpdesk Technicians with more complicated end-user issues and takes a measure of personal pride in mentoring others on the team.
Eric is a Microsoft Certified Systems Engineer, Microsoft Certified Professional, and Microsoft Certified Technical Specialist.
Favorite Piece of Technology
“My favorite advancement thus far has been laptops, because they really sparked the whole movement towards mobility and have inspired all of the smaller, faster, more intuitive devices and software that we see today.”
Eric enjoys travelling and recently, he and his family of 4 traveled 27 states cross country and back in 2 weeks.