CHOICE membership

What is " Ransomware " and how to defend yourself

Another article post from BestVPN that delves into a part of computing we should all keep our guard up against .

4 Likes

Always important to have backups of files you don’t want to lose for any reason on a separate external drive just in case and make sure the backup drive is never connected unless you’re actually doing some backups to it to avoid getting the backed up files infected. If you have backups then you can simply wipe your computer’s hard drive and reinstall your operating system from scratch and copy the backed up files back to your freshly installed, now ransomware free, device… No need to pay any ransom that way.

6 Likes

…and have backups of the backups (eg 2 copies of the backup) since a backup or backup device can fail :slight_smile:

4 Likes

And to be safer still - keep one of the backups in a separate location.

6 Likes

Backup is the only answer to ransomware.

Even if you pay the ransom there is no guarantee that your files will be returned to you or that your computer will be left free of malicious software. Ask yourself what kind of person operates ransomware and whether they are trustworthy and reputable.

So you must do frequent backups. The frequency of backup determines how much content you will lose. It is your trade-off to make.

You should have a cycle of at least 2 backup disks/tapes if backing up to disk/tape - so that if something catastrophic happens during the backup, it does not take out both the original and the only backup copy.

Backups must always be kept disconnected from the computer except when doing a backup.

At least one backup copy (presumably the most recent if only one copy) should be kept out of harm’s way e.g. off-site, or in a fire-proof / water-proof safe.

You should do backup anyway (in case of software malfunction or hardware failure or user accident). So ransomware or other malicious software is just one more reason to do backup.

3 Likes

Microsoft, Industry, and the US Military have combined their efforts to disrupt a ransomware spreading botnet called Trickbot. Microsoft were concerned by the potential the botnet had to affect the US elections among other reasons.

From the article by Microsoft from the 12th of October here are some of the details:

"Trickbot has infected over a million computing devices around the world since late 2016. While the exact identity of the operators is unknown, research suggests they serve both nation-states and criminal networks for a variety of objectives.

In the course of Microsoft’s investigation into Trickbot, we analyzed approximately 61,000 samples of Trickbot malware. What makes it so dangerous is that it has modular capabilities that constantly evolve, infecting victims for the operators’ purposes through a “malware-as-a-service” model. Its operators could provide their customers access to infected machines and offer them a delivery mechanism for many forms of malware, including ransomware. Beyond infecting end user computers, Trickbot has also infected a number of “Internet of Things” devices, such as routers, which has extended Trickbot’s reach into households and organizations."

" We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world. We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.

In addition to protecting election infrastructure from ransomware attacks, today’s action will protect a wide range of organizations including financial services institutions, government agencies, healthcare facilities, businesses and universities from the various malware infections Trickbot enabled."

To read the full article the link follows:

5 Likes

While not directly relevant to this botnet, necessarily, on my honeypot in recent years I am seeing more and more attacks into other IoT devices such as PV equipment, GPON (fibre) network equipment and VoIP phones. Add: I am also seeing attacks against Digital Video Recording equipment.

Previous discussion in the Choice forum has also mentioned IP cameras - and, of course, yes, I do see plenty of attacks against known exploits into routers e.g. Netgear, Cisco.

So whatever trojan horse, um, latest tech gadget you just installed in your house, ask yourself things like:

  • how often is it getting software (security) updates, if ever? (it has probably been abandoned by the manufacturer)
  • is it likely to be free of security defects?
  • do I really need this gadget at all?
  • do I know what this gadget does (sends and receives) on the internet?
  • would I notice if it had been enslaved to a botnet?
  • do I really need this gadget to have internet access?

Apart from the last bullet point the answers are generally in the negative.

2 Likes

That must annoy the Trump campaign.

I would change that to:

  • Do I really need this gadget to share the same network as my critical infrastructure?

If you can, put it on a totally separate network using a separate router. If you can’t, put it on a guest network. (My work-issued laptop is on a separate network, as I do not trust it as much as I trust my own stuff.)

2 Likes

That is an additional very valid question.

I was more concerned about “phoning home” but intrusion against other equipment on your network is also a legitimate concern.

1 Like