Malware

A Procrastinator’s Guide to Ransomware

May 25, 2021 by Karen Poccia

It’s affecting our banks. It’s hurting our healthcare organizations. It’s in our pipelines! Let's break it down for those of you who keep meaning to Google the specifics, but to be honest it's all you can do to remember to look up what a "yeet" is.

What Is Ransomware?

Ransom malware (ransomware) prevents users from accessing their system or files and demands ransom payment in order to regain access. In some cases, the attackers will also threaten to release or leak the data if the ransom is not paid.

When Did This Become A Thing?

In 1989. This is an interesting story, but to be brief: floppy disks were mailed to 20,000 AIDS researchers in 90 countries under the guise of an AIDS risk survey from biologist Dr. Joseph Popp. Upon loading the disk, researchers’ computers were infected with a trojan horse virus (a type of malware that works exactly how it sounds - you think you’re downloading a fancy wooden horse, but really it’s a fancy wooden horse PLUS some malware). Poetically, the virus laid dormant until the 90th boot, when an angry red page replaced the users’ screen demanding payment of $189 (paid via snail mail) to unlock their files. Popp’s program was relatively rudimentary - it simply changed the users’ filenames and extensions. Once the encryption tables were known, the files could be restored. Popp was arrested, and while he claimed the profits from his crime were intended for AIDS research, no one believed him, and that’s still a crime. He was declared mentally unfit for trial - something about curlers in his beard and condoms on his nose. I think he sounds fun.

What Does Ransomware Look Like?

Scareware

The mildest of the bunch, scareware is named as such because it feeds on your fears. Anyone who has seen the flashing “Warning! This computer is infected!” pop-up has witnessed scareware. Usually it provides a phone number for “tech support,” where you can pay some criminals $80 to put additional malware on your computer. In this case, your data has likely been untouched, provided that you do not click anything or call anyone and give them your private data. If presented with scareware, ctrl-alt-delete yourself back to safety and run an anti-virus scan from your trusted AV.

Screen lockers

Slightly more worrisome than scareware is lock-screen ransomware. In this scenario, you might start up your computer to see a full-sized window accompanied by an FBI or US Department of Justice seal stating that criminal activity has been detected on your device and you must pay a fine. It probably doesn’t need to be said, but this is not how the FBI or the Department of Justice would contact you if they suspected you of illegal activity. While annoying, screen lockers can be bypassed without paying the attackers, provided you have a bit of technical experience.

Encrypting ransomware

Now you're in a pickle. In this type of attack, your locally stored files - and sometimes cloud backups, too - are taken hostage and encrypted. Payment, usually in the ballpark of a few hundred, but sometimes thousands (or, for larger companies, millions) of dollars is demanded in return for decryption and return. Crypto-ransomware uses the same sophisticated technology that encrypts our conversations, banking transactions, and military communication, so unscrambling isn’t possible without paying the ransom. Even worse, there’s no guarantee the criminals will hold up their end of the deal in the event you do pay.

How do I get it?

Most of the time, it comes as an attachment or link in a carefully crafted phishing email. It can also be spread through "drive-by downloading," which can happen through no fault of your own. You may visit a legitimate site that has been compromised by malicious code. The malicious code hopes to identify software weaknesses on machines and web browsers to determine which systems are vulnerable.

How Do I Keep My Stuff Safe?

Most importantly, maintain offline backups. Many ransomware programs will look for connected backups, so this “offline” bit is important. This way if they take your data, you can restore from your backup. Test your backups periodically to be sure everything is working.
Keep your programs and operating system up to do date. Those patches are there for a reason - often that reason is security vulnerabilities.
Be suspicious of your emails. Even if the alias looks like it’s from someone you know, check the actual email address - is it correct?
Use an ad-blocker. Drive-by download attacks often use advertisements to upload infections. An ad blocker can help limit your exposure.
Use a reputable antivirus. Bitdefender is good (even if we hate them right now), but our favorite is Malwarebytes OneView.

Lastly, Some Good News

If you’re feeling down about all this crime, or that you didn’t get into the cybercriminal game because it’s great money and you love a hoodie, here’s some good news: In 2013, a man turned himself in to the police after being deceived by “FBI” ransomware claiming to know of illegal activity on his computer. It turned out there was in fact child pornography on the man’s computer, and the man was arrested. Silver linings! The world is an A-OK place, guys.

If you have concerns about how to accomplish any of the above recommended actions, please reach out to your friendly specialists at Patient Computer Help, Inc. to set up a consultation.

Patient Computer Help, Inc. assists people with their Macs and PCs in the Chagrin Falls and Ohio City areas.

Should you shut down your computer every night? What is sleep mode?

May 17, 2018 by Bruce Corson

One of the most common questions a new computer owner will ask is “Should I shut down my computer every night?”

The simple answer is no. Or, not necessarily. Or, it depends.

In the early days of home computers, we used to shut down our machines at least nightly, and during the day if it was going to be more than an hour or so between uses. Back then, computers didn’t really have the power management features they do now. A computer was either ‘on’, or it was ‘off’. A computer which was powered on but sitting idle was wasting power, generating a fair amount of heat, and adding wear and tear on the hardware.

[Read more…]

Viruses vs Malware

January 4, 2017 by Bruce Corson

Hackers attack personal and business networks at an alarming rate. Victims most often use the term virus to describe the attacks. However, computer security experts classify most threats as malware. Despite the type, all cyber threats can cause serious harm.

Cyber Attacks Increase Annually

In 2015, hackers stole or destroyed almost half a billion files and continue to discover new computer vulnerabilities almost every week. They exploit 75 percent of those vulnerabilities on unwitting Internet users through commandeered websites.

In the same year, businesses experienced a 55 percent increase in security breaches, and a single virus protection firm reported 100 million information theft attempts via technical support ruses. When these attacks succeed, hacking victims often find themselves left with damaged computers.

Why the Confusion?

Differentiating between malware and viruses is sometimes difficult because computer attacks share similar characteristics. As Internet users grow more cautious, hackers find new and complex ways to find and attack victims. Affected computers may show several symptoms, such as:

• Unwanted pop-up advertising
• Sluggish operation and startup
• Unexplained crashes
• Disappearing files
• Numerous error message

Hackers attack all device types including desktops, laptops, tablets and cellular devices using several methods that computer experts classify in different ways.

Differentiating Threats

Malware is a technical term combining the words malicious software. This includes several software attack classifications, including viruses. Other cyber threats include Trojan horses, worms and spyware. Hackers sometimes use one method to introduce other cyber threats. Different threats affect computer systems with variable impact. As a rule, if an unsolicited virus warning pops up on the screen, do not follow the instructions.

One thing the programs share is the intention to harm computer systems and ultimately the users. Some threats spy on users’ activities to discover sensitive information, while others mine unique identifiers to sell to rouge businesses. Other programs hijack computers and instruct them to perform illegal acts without the owner’s consent or knowledge. Once hijacked computers complete the tasks, they are often severely crippled.

Internet security experts classify malware threats in several ways.

Worms attack computers by jumping from network to network without human input and damaging each infected network.

Spyware observes user activity and may change system security settings.

Ransomware locks down a user’s computer and demands payment to free the system.

Hackers use bots – originally intended to gather information for legitimate purposes – to execute illicit commands on hijacked computers, which can include other malware or a distributed denial of service (DDoS) attack. DDoS attacks employ many hijacked computers to query a single web page at once and disrupt service.

Hackers also use rootkits – intended to allow computer support technicians remote access – to covertly enter systems and deploy other malware.

What about Viruses?

Viruses are a type of malware that infects multiple files on a user’s computer. They jump to other computers and networks via email or removable storage media. The National Institute of Standards and Technology (NIST) credits a pair of software retailers for creating the first official virus to curtail illegal software duplication, which went on to spread exponentially as users shared the stolen software. According to Technopedia, hackers began to exploit viruses for their entertainment, then later moved on to hijacking computers for other, more illicit, reasons.

These malicious programs operate invisibly on unsuspecting computer users’ mcahines. Once installed, the programs duplicate, corrupt data and destroy files. This continues until the computer can no longer process the many programs and freezes. Due to viruses’ long history and devastating impact, victims commonly use the term as a catchall phrase to describe computer attacks, while the term malware has only recently grown popular as more software vendors advertise the term. Viruses are malware, but all malware are not necessarily viruses.

Computer attacks, frequently labeled viruses, are increasingly crippling important systems around the world. Yet, hackers deploy several kinds of computer threats. Identifying the attack method is the first step to recovering a damaged system. It is also important to know how to recover a damaged system without causing more harm and possibly losing data forever. If your computer is functioning poorly, you may have contracted malware.

Contact Patient Computer Help today to schedule a support session and return your computer or network to optimum performance.

We have recently begun recommending and installing Emsisoft Anti-Malware/Anti-Virus. It is a great program that does its job without slowing down your computer. Our preferred method to install it is with Kabuto, which gives us remote-monitoring of your Emsisoft’s performance, as well as other health-check items on your computer itself. Call us if we can help.

What is My Firewall and Should it be Turned On?

December 7, 2016 by Bruce Corson

A firewall, just as in a car or a building, is a layer of protection between the risks and you. On a computer, that layer protects your computer while it’s connected to the Internet. With all the sneaky malware floating around, you need one, and you definitely should have one in place.

What is a firewall?

Some organizations might have three firewalls (or more): one on each Internet-connected server, one on the internal router, and one on each computer. The firewall is the first line of defense against any cyber attacks. Most computers today come with firewalls installed, and for good reason. When you’re connected to a global network like the Web, your computer is always at risk. Many attacks are filtered and blocked by your firewall without you even knowing, while allowing traffic that you choose to download, such as webpages or music. A firewall can tell the difference between traffic you initiate and traffic you didn’t. In IP (Internet protocol) technology, data is broken up into chunks, or packets, each with its own network addressing information.

Basic Types

Hardware firewall – this is a device, whether external or internal, between your Internet connection and your computer that acts as a router (or may be a router). Routers send incoming traffic to the computer with the specified IP address; if an incoming transmission doesn’t have a specific IP address, or one on your network, it goes nowhere.

Software firewall – if you aren’t using a router, all network traffic will reach your computer. Software firewalls are programs that monitor this incoming traffic so that suspicious traffic never reaches internal systems. This is not dissimilar to a hardware firewall, however a software firewall on many networks can also be configured to block out-going traffic from you computer (i.e., to prevent a virus from affecting other computers). Most PCs come with a software firewall turned on by default.

How firewalls work

Your firewalls use one or more of three basic approaches to control traffic coming in or out of a network:

Packet filtering – This packet information is checked against a set of filters. If the packet is prohibited by any filter, it is discarded.

Proxy services – incoming information is held by the firewall until it can be verified by the requesting computer.

Stateful inspection – key identifiers in each packet are compared against a database of approved senders. If the packet info doesn’t match any of these trusted sources, it gets discarded.

Trusted sources, like your favorite website or cloud storage, get recorded and information from them is allowed through your firewall. But any suspicious Internet packets that were never requested by your computer are simply cut off.

Leave it on

Firewalls work in one critical sense – they protect you from computers that your network doesn’t trust. Nothing can guarantee safety from all the clever hacker tricks out there, so you really shouldn’t trust any network. If you have kids at home on their own computers, make sure that both their devices and your WiFi router are firewall-protected. If you connect to the Internet via someone else’s WiFi, you want your software firewall active.

Newer firewalls on both PC and Macs are checking each packet in micro-seconds, so they don’t have much drag on speed or system resources. Turning them off won’t give you any real benefit, so it’s better to leave them on and have that extra layer of protection.

If you have any questions about firewalls or computer security, we at Patient Computer Help can assist you with all of your Internet concerns.

Why do Hackers Want Access to My Email?

October 12, 2016 by Bruce Corson

You might not take the security of your email seriously because you might be thinking that nobody would want to see correspondence between you and members of your family. In truth, there’s more connected to your email than you might realize.

There are normally 3 reasons that a hacker would want access to your email.

#1 Havoc on Your Account

The first reason involves a sort of vandalism. A hacker can change your password, gain personal information stored in your profile and send email to your contacts. This is how friends can get the message that you’re trapped in Belize and need money wired to come home. Not good. They could also delete all your contacts and messages so you don’t have access to them anymore.

This can be a serious problem. When you sign up for most services, they’ll send you login and account details through your email. Without that information, you won’t be able to get access to your accounts. If your password is changed so you don’t have access to your email, you might not be able to restore your accounts.

#2 Gaining Sensitive Information

With access to your email account, a hacker could gain access to other accounts connected with the email. They can not only stop you from getting past emails. They could contact the accounts from places like your bank or credit cards that are linked through email. Hackers could use that information to change passwords, change the address and request new cards to that new address.

Much of your personal information is available in your email accounts, and hackers can gain that information quite easily. With control of your main email account, they have access to other vital accounts. For example, Miriam’s email account is hacked. The hacker contacts her bank online and asks for a new password. The bank sends an email to her asking that she verify the request. The hacker clicks the verification and has access to all her money.

#3 Spamming Your Contacts

Some hackers can use your email address to send an email to someone you know asking for money. This has happened a lot. The hacker sends all your contacts an urgent email saying that you lost your phone, and you’ve been in an accident. Your friends and family are worried, so they’ll immediately send money to the place selected by the hacker. They have no reason to suspect that it’s not you emailing them.

They can also send emails to places you do business with asking for information about you that will help them hack into more areas of your life. They’ll pose as you to get your account information from third parties.

Protecting Yourself

Your bank accounts, in fact all accounts, should have a unique passwords. Some people recommend using a separate email address for your financial accounts and your social media. Make abso-darn-lutely sure you’re not using the same password for every single account you have. Have extra security measures in place like two-step authentication on your vital bank or credit card accounts.

If you notice that you have a virus, or your computer is running slowly, you can contact us at Patient Computer Help to remove the virus.

Backup Strategies to Prevent Ransomware From Blackmailing You

September 28, 2016 by Bruce Corson

The internet is a valuable tool that you can use to stay in touch with friends, conduct research and more. As more people start using the internet than ever before, they are becoming more dependent on it, and criminals see this trend as an advantage that they can use against you. By the time you notice that your computer has been infected with ransomware, it’s too late to do anything. From the moment it gets installed, ransomware will start encrypting the files on your hard drive.

Your family photos, tax records and important projects will be locked. The encryption algorithm is so strong that the only way to access your files is to submit to the hackers’ demands, and they will likely ask for a significant sum of money. If you are not yet infected, then taking action to keep yourself and your data safe from harm is vital.

Backup Your Data

When you want to protect yourself from ransomware, backing up your important files is a good place to start. You can use an external drive to store the backup. However, with most ransomware, your external drive, if connected, will also get infected.

Thus, we recommend as a minimum to have TWO backups. One is the backup as discussed above, the second is an additional hard drive that is alternated with the first. In this way, if the computer and the backup are infected, you always have the second one to fall back on. We typically recommend alternating the backup drive every day or every week. (For further safety in the case of disasters, such as a fire or electrical strike, taking one drive home or to the office will ensure that you will always have a fairly recent backup of your files.)

For those not wanting to worry about plugging and un-plugging drives, a third option is to go with an online backup, such as from Carbonite or Gillware, both of which we re-sell. With online backups, while they are not immune from infection, if you contact us as soon as you discover the infection, we can restore files from the day before the infection started. This presupposes that you notify us less than thirty days after infection, as the typical plans call for retention of data for only that period.

A good belt-and-suspenders approach uses both the external drives and the online options. The online option is safest and most convenient. However, a full restore of your data via an online provider can take some time. Physical external drives are quicker.

You should back up your important files each time you make changes or updates to them if you don’t want anything to get lost or permanently destroyed. If you get infected with ransomware after backing up your files, you won’t need to worry because they will still be safe from harm. If you store anything valuable on your computer, backing up your files is always worth the effort. What’s valuable? Your Quickbooks? Your children’s pictures? Letters you’ve written? Tax filings? You decide…help us help you save it all.

Run Virus Protection

Not having an anti-virus program on your computer is risky, and you will have no way to defend against malicious programs that were designed to steal your information and harm your computer. Some people install and a run program that offers protection from harmful software, but they don’t keep it updated, rendering it useless.

An updated anti-virus program will scan for known versions of ransomware, and it will attempt to contain it before the ransomware takes control of your computer. No program can offer complete protection from ransomware, but it will go a long way in keeping you safe and reducing your risk of an infection.

In addition to a good anti-virus program, we are now recommending inclusion of active malware and anti-exploit technology from Malwarebytes. Exploits are compromises in your internet browsers (Chrome, Firefox, Edge, Internet Explorer) that the bad guys take advantage of as soon as they’re discovered. Infections through this route are not technically viruses. This is a common way for ransomware to enter your computer when you visit an infected website (this happened to thousands of visitors to the New York Time’s website last year). Malwarebytes Anti-Exploit(r) can help prevent these attacks.

Lastly, if the worst happens and your data is ransomed, Patient Computer Help maintains a small stash of BitCoin, the currency normally needed to pay off the ransom. Typically getting BitCoin for the first time is a lengthy process, and somewhat daunting as well, so we have this as a service to our customers.

Take Preventative Measures

In addition to running system backups and using anti-virus software, learning the proper steps to take when your computer gets infected can help you minimize the damage. Once the ransomware has done its job on your system, it will start looking for other computers in your network to infect.

So, it’s vital you disconnect your computer at the first sign of trouble when you don’t want the virus to spread to other systems. At this point, the damage to your machine has already been done, but you need to ensure that the other computers were not infected if you don’t want the cycle to repeat. If you have enough experience, you can scan each system to prevent further damage from occurring.

Final Thoughts

Most people are caught off guard when ransomware strikes, and they lose a lot of important data as a result. The time to act is now if you don’t want to end up at the mercy of a hacker who wants to extort money from you. Never overlook the importance of making backups consistently.

For help with Backup Strategies to Prevent Ransomware please contact us today.

How to Minimize The Threat From Computer Viruses

August 1, 2016 by Bruce Corson

What is a Computer Virus?

People associate the word “viruses” with unpleasant diseases, such as colds and influenza. Of course, unlike people, computers don’t really become sick.

Yet unfortunately, in the online world, some individuals and organizations create hostile self-replicating code that acts like a virus to cause computer hardware or software programs to malfunction. Experts refer to some of these intentionally created malicious codes as “computer viruses”.

Computer Virus Damage

Computer viruses today cause a wide variety of problems. Different types of computer viruses typically produce different symptoms. For example, the damage cause by viruses varies widely sometimes:

Some viruses cause no damage at all, but the replicating code does not belong on your computer;
Certain viruses disrupt software programs, or cause them to malfunction.
Some virus makers create code designed to embarrass or hurt other people at random; a virus may send a lewd email to everyone in your email address book, for instance, or cause malfunctions that send all your emails to other people;
A virus may prevent you from using your computer to access online websites or from obtaining accurate information online;
Some computer viruses infecting your computer may spread at random whenever you use your computer online;
A virus may send inaccurate information to your computer;
Malicious viruses in some cases can infect a hard drive, wiping out important information and data and potentially causing millions of dollars in damage.

These types of mean, inconvenient and potentially expensive disruptions make computer viruses something to avoid whenever possible. These anti-social snippets of code produce a lot of human heartache.

The Virus Problem

In addition to viruses, a wide variety of closely-associated threats exist today. These problems include malware, scareware, worms, trojans and other threats outside the scope of this brief blog post.

Today, experts believe that literally millions of computer viruses exist. So many viruses threaten online users, that no single antivirus program will detect every virus reliably.

Important Anti-Virus Measures

To help protect your computer from viruses, experts recommend taking several common sense steps:

Never use your computer without first installing a good anti-virus software program. Today, many computer vendors install these products with new computers to help protect customers.
Make sure you keep your anti-virus software updated and current.
Retain a company such as Patient Computer Help to help repair damage to your computer caused by contracting a virus.
Don’t open emails sent to you from unfamiliar sources.
Periodically, scan your computer offline for “rootkits” and other damaging programs (ask us).
Keep your operating system and browser well maintained and up-to-date.
Always scan for viruses before installing software programs on your computer, and never download programs sent to you from unknown sources.
Don’t visit online sites if your anti-virus program alerts you to the presence of malware or some other security threat.
Back up data so you’ll have copies available if a virus strikes.

Adhering to these steps won’t necessarily protect your computer system from every virus, but you’ll significantly minimize threats from viruses. Businesses in particular often encounter security hazards online, since some cyber criminals target merchants. By relying upon skilled assistance from Patient Computer Help, you’ll obtain the peace of mind that comes with having expert anti-virus and repair assistance available whenever you require expert computer repair services.

Think You’ve Been Infected?

Contact Patient Computer Help for assistance in keeping your computer in good working condition. We offer help to customers seeking to minimize threats from computer viruses.

With so many dangerous viruses and associated hazards circulating in cyberspace today, you’ll appreciate the ability to obtain our rapid, responsible professional computer repair expertise. Let us help you safeguard your computer assets.