Life is a bowl of chocolates with a cat peeing on the good ones. [Ransomware, avoidance thereof]
We have, in the herald, another comment about virus pandemics. Talking about something developed in 2011. Sheesh. I know that many people still are running XP, but why? and their advice is facile.
Andy Archibald, of the NCA, said: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. “By making use of this two-week window, huge numbers of people…can stop that from happening to them.“Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action. Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”
Computer users who fear they could fall victim to the virus are advised to install anti-virus software and ensure their operating system has the latest security updates
It is thought that the gang first check if a target’s keyboard is in Russian and only strike if it is another language.Eunice Power is one British victim who has been blackmailed by the cyber criminals. After corrupting files on her computer, the gang offered to fix the problem for several hundred pounds. Miss Power, a chef who runs a business from home, told Channel 4 News: “I could actually feel perspiration coming out through me. “I lost everything: family photographs, recipes, payroll, my accounts package. It was devastating.” The attack was so complex that an external storage unit that was connected to the computer at the time was targeted by the gang, preventing Miss Power from accessing it.
Stewart Garrick, from the National Cyber Crime Unit, said that solicitor firms, police stations in America and academic institutions had been targeted.
Victims are urged to contact a site created by the Department of Homeland Security: https://www.us-cert.gov/gameoverzeus
Heh. That’s 2011. This is much more up-to-date: take over your hard disk and demand ransoms.
We recently encountered another variant that used the Windows PowerShell feature in order to encrypt files. This variant is detected as TROJ_POSHCODER.A. Typically, cybercriminals and threat actors have used Windows Powershell to go undetected on an affected system, making detection and analysis harder. However, once detected, using PowerShell made it easier to analyze as this malware is also hardcoded. Decrypting and analyzing this malware was not too difficult, particularly compared to other ransomware variants.
Since it uses Powershell, TROJ_POSHCODER.A is script-based, which is not common for ransomware. It uses AES to encrypt the files, and RSA4096 public key cryptography to exchange the AES key. When executed, it adds registry entries, encrypts files, and renames them to {filename}.POSHCODER. It also drops UNLOCKYOURFILES.html into every folder. Once all files on the infected system are encrypted, it displays the following image:
Figure 1. Instructions on how users can supposedly retrieve their files
Once users followed the instructions stated in the ‘ransom note,’ they will see the image below informing them to install the Multibit application that will allow them to have their own Bitcoin-wallet account for 1 Bitcoin. When they purchase the application, they are instructed to submit the form that contains information like email address, and BTC address and ID. Users will supposedly get the decryptor that will help encrypt the files.
Figure 2. Users need to fill this form once they avail of the Multibit application
Currently, POSHCODER uses English for its ransom notes and primarily affects users in the United States.
Ransomware and other similar threats are continuously improving as exemplified by the emergence of POSHCODER. Trend Micro protects users from this threat via its Smart Protection Network that detects the malicious file.
Well I hate windows 8 to the point where I won’t buy a macnine on it and accepted a stiniking mac as the work machine simply so I would not have to deal with the effort of wiping that excuse of an OS from the bare iron.
If I got this — and if I cannot remove it by getting at the script files within the software I generally just format everything back to hare metal and start again. I did this over the weekend anyway, when I unstalled voyager on my server and testbed laptop.
Now, I am not a fan of Homeland security and even less so of the NSA. But… there is no such thing as a secure computer. Besides, your cat could pee all over it, and brick it in the process.
So… some advice, which is somewhat cynical.
- Get rid of any windows before Win7. And don’t use win8. Win7 is still reasonable, and it is reasonably well understood. The hardware is cheap. You can easily get virus scanners and security software. If you are running windows, keep it secure and keep it current. However.
- Use a Linux if you can. I recommend Voyager 7: it’s up to date and comes as a version of ubuntu that just works and a more heavy duty debian version for geeks like me. If you have an XP machine, fire up your browser, back up your data, and then delete everything and put a lightweight Linux on your machine.
- Do not use html mail. Plain text does not contain scripts.
- Use Spamassasin or similar at server level. Your ISP should be able to switch this on, and automatically delete most of the spam that exists. I have this running on my personal webserver, and it works:: my employer (most of us have to publish our emails as part of academic good practice and transparency) has a ferally good set of filters and a couple of systems operators running herd on them. And they have had to take the entire stack down a couple of times a year because even then spam gets through.
- Use SSL for email This should be set up as default (and is by most ISPs). Do not send email as plain text.
- If you don’t know the person, delete the mail. That includes emails from any institution. Including IRD, the police, your employer, your bank, your insurance agent. If the person is not known to you and has not introduced you, then bin it. Email is unreliable: there is a reason people are served using paper.
- It in doubt, switch it off. Most modern distributions assume you are connected to the internet and automatically configure a firewall with but a few ports available for access. Leave them alone.
- Keep physical backups. I backup to the cloud, but I have (a) a honking bug USB drive attached to my servers which I manually backup to then unmount and (b) physical copies lf all important documents in a fireproof box.
- Do not internet bank. Seriously. Pay in cash. Use your credit card. Pay by cheque. If it goes down the internet it is inherently insecure.
- Never take confidential information across a border. Take a clean laptop — but have all your data backed up and stored at home and nothing on the machine, Keep everything in google docs if needs be (I set up a gmail email for any new project and keep all documents in a google drive attached to the same, but I’m an academic.
- Keep confidential ideas off computers. Write them down in a notebook. Memorize them. But do not put them in a computer until you are prepared to share them.
- Macs are not immune. My work machine is a mac, and there are some things I like about them. But they can be 0wnzored as easily as any PC. It is just that old, out of date windows machines are ubiqutous and far easier to hack.
- If you need real security, use a USB dongle. Have a generic PC of any version, or a PC in an internet cafe: assume it is full of spyware, but use Tails (which is another reason to use Debian daily: it’s based on that).
There are many good things ont he internet. But any human activity can and will be exploited by criminals. If they can hack wall street, the will hack your computer. And always remember, do not mess with the affairs of systems administrators, for the are not subtle and tend to turn your life into a lving hell if they are angry.