New Ransom malware CAN NOT get data back

CameraQuest said:
due to a coding error, new Power Worm ransom ware can not retrieve your data
so you pay and still don't get data back !

http://www.bbc.com/news/technology-34765484

for anyone not aware of it
malwarebytes.com is awesome getting rid of malware
- but it may not work on ransomware

Stephen
Click to expand...

The Head Bartender is right on the mark here.

Here are my recommendations:
- Remove FLASH and Java from your systems. New vulnerabilities appear continuously.
- OK, we need FLASH for many photo sites; run FLASH only in Google Chrome which is a somewhat protected environment. Chrome will update it automatically.
- If you use an Android phone, seriously consider changing; Google and partners have to figure out how to update these timely
- Install all security updates on all devices immediately as their appear. Automatic updating is a good idea.
- Use a strong unique password at every site and login
- Use a password manager program to make this practical
- Don't click on links in emails. Ransom-ware is often distributed in an urgent-looking email, e.g. "Click here or you'll be fined $1000 for a toll booth violation."
 
ColSebastianMoran said:
The Head Bartender is right on the mark here.

Here are my recommendations:
- Remove FLASH and Java from your systems. New vulnerabilities appear continuously.
- OK, we need FLASH for many photo sites; run FLASH only in Google Chrome which is a somewhat protected environment. Chrome will update it automatically.
- If you use an Android phone, seriously consider changing; Google and partners have to figure out how to update these timely
- Install all security updates on all devices immediately as their appear. Automatic updating is a good idea.
- Use a strong unique password at every site and login
- Use a password manager program to make this practical
- Don't click on links in emails. Ransom-ware is often distributed in an urgent-looking email, e.g. "Click here or you'll be fined $1000 for a toll booth violation."
Click to expand...

Thanks for the advice, those are all great points. I currently have a BlackBerry Passport, and have been considering the BlackBerry Priv. I'm on the fence as I really haven't been a fan of Android as an OS in the past.
 
Agreed on all counts, though I'm not well informed about the phone thing. It is true that OSX and Linux are less vulnerable to attacks than windows, at least for now. Flash is horrible, and I don't know why Adobe is still in that business.

A password manager is a great thing. I recommend 1password, and it will work on your phone too.
 
I don't have Flash or Java on private computers. When site requires Flash I skip it. Youtube is example flash isn't mandatory. Sites not moving on from flash will end up same way.

Regarding backups - when I connect external disk it can get infested as well. How to do backups safely?

I imagine there should be a gate between PC and backup device/site. Share your techniques.
 
btgc said:
I don't have Flash or Java on private computers. When site requires Flash I skip it. Youtube is example flash isn't mandatory. Sites not moving on from flash will end up same way.

Regarding backups - when I connect external disk it can get infested as well. How to do backups safely?

I imagine there should be a gate between PC and backup device/site. Share your techniques.
Click to expand...

Yes, Flash is evil on several levels and Java is security sieve. The former is not worth fixing and the latter may be unfixable.

With regard to ransomware the backup strategy would start with a working system. A few ransomeware variants do encrypt external drives, but these are rare. Whenever new irreplaceable files were added, an external drive would be physically connected and an incremental backup would occur. It is possible to have sleeping ransomware that would wake up when an external drive was detected. I am not aware of any examples of this.

For very important irreplaceable files (such as images), performing automated, incremental backups to the Cloud is a useful defense. I am not aware of ransomeware that affects Cloud storage. By the way, if you have you own, private internet hosting site, you can set up a private Cloud back up system. It is more convenient to use places such as DropBox, iCloud, GoogleDrive Amazon Cloud Drive - just to name a few. Some people feel these sources are untrustworthy.
 
With the cost of external drives and the space they provide on a wacky relationship (costs come down, space goes up) there is no excuse for anyone.

Also USB 3.0 rocks with respect to speed of moving data.

An alternative approach is to try VM Box as an approach for basic dinking around browsing. I'm setting up a Virtual Machine with the basics, making a copy (my baseline) and then when I poke around on the net I use the VM. If I get hit with bad-stuff (e.g. MalWare, RansomWare) I just delete the VM, copy another, and go back to what I was doing. VM Box works on Mac, Window, and Linux. There is a hint that you might be able to run Mac VMs on a Mac in the future (for the rest of us.....).

Backup often, backup to differnt media (different drives) and have fun!

B2 (;->
 
willie_901 said:
I am not aware of ransomeware that affects Cloud storage.
Click to expand...

That asks for some comments. If local program can read and write cloud storage then it's possible to replace files there with encrypted files.

If cloud storage isn't affected then in some sense it looks like a call to move from local storage to cloud. Who looses and who benefits from this? You figure yourself.
 
btgc said:
.....I imagine there should be a gate between PC and backup device/site. Share your techniques.
Click to expand...

I have three different aspects that I use.

First is based on a CD/DVD RW Drive USB 2.0 drive that I got from Wallyworld online for about $25 USD. It works on my macs as well as my windows boxes. One night a month, I put a new DVD into the drive and drag all the folders that hold data to the blank DVD. I have copies of the programs I use also on DVD that are stored in an ammo box down in the basement.

Then I have two USB 3.0 removable hard drives that I drag my files to every couple of days in a round-robin sort of thing.

The third is on my families Macs, I have Time Capsule working on a 2TB drive attached to the router.

I used to use tapes and CDs but the size of DVDs has made life a lot easier.

Another thing is when you system is feeling slooow look at what is going on. What tasks are running in the background that could be encrypting your files. Encryption takes cycles that slow your computer's responce down. Check the task manager, all processes and such places, sort my CPU load, Memory used, and look for something that doesn't feel right. If you think you have something take a picture of what you see (with your phone) and pull the power on the system, just shut it down hard and quick. Then on a different computer try to see what is up. Don't power up your computer that you think is infected until you know the risks.

What I have done for my Windows based systems is build a small flash drive that I can boot each from incase I need to do some scanning. While you can have encryption at the BIOS level, I don't know about any RansomWare doing that. If you boot from a clean drive you should be able to inspect what your main drive was doing. I think I can do the same thing on my Mac, but haven't tried yet.

Hope this helps you guys/gals think about options that would work for you.

B2 (->
 
btgc said:
That asks for some comments. If local program can read and write cloud storage then it's possible to replace files there with encrypted files.

If cloud storage isn't affected then in some sense it looks like a call to move from local storage to cloud. Who looses and who benefits from this? You figure yourself.
Click to expand...

Just because more complicated ransomware hasn't appeared in the wild doesn't meant it never will. So your point is valid. At the same time I think about these things in terms of risk reduction. If criminals make money using a simple tool they are not motivated to develop a more complicated tool. Right now a small percentage of people a backup their data at all and a minuscule percentage use the Cloud for regular backups.

I wouldn't describe using remote data backup as a "a call". I would use the term risk reduction strategy. You benefit since your irreplaceable data is less likely to be ransomed.

I describe a completely different option for ransomware protection in a following post.
 
Update: Whitelisting

Update: Whitelisting

A somewhat inconvenient, but very effective, means to dramatically reduce risk exposure to ransomeware is whitelisting.

Whitelisting is software that only permits execution of code (i.e. privileges, etc ) to a list of specific executables. All other executable calls will be ignored or blocked.

This is the exact opposite to the strategy of blacklisting where a list of malicious executables is maintained to block calls. Most antivirus software is based on blacklisting

The advantage of whitelisting is one does not have to continuously discover and then update the list of blocked executables. The disadvantage is one must add new programs or other valid functions to the list.

In OS X a whitelist can be created in the System Preferences Parental Controls Pane. It is annoying to add every new App (except for those purchased in the App store) to the whitelist. On the other hand, except for a Safari-based social engineering Java script ransomeware scheme (one had to click on a fake FBI Warning), so far ransomeware is unknown on OS X. Fortunately simply doing a Safari Reset removed the problem. That is, nothing was encrypted.

In Windows there are third-party whitelist solutions. Large corporations use these products. In this case the whitelist is implemented and controlled over the company's network. This means the only way for criminals to implement ransomeware is via social engineering (deception of IT employees or IT contractors who have whitelist privileges). Consumer whitelist solutions are available, but I don't know anything about them.

I am told Windows 10 has a Windows Device Guard function that implements whitelisting. I don't know any details. Unfortunately, while Vista had a User Account Control function, it was hacked after a few months.
 
ColSebastianMoran said:
The Head Bartender is right on the mark here.

Here are my recommendations:
- Remove FLASH and Java from your systems. New vulnerabilities appear continuously.
- OK, we need FLASH for many photo sites; run FLASH only in Google Chrome which is a somewhat protected environment. Chrome will update it automatically.
Click to expand...

Isn't FLASH what YouTube uses? Or have I got that wrong? Gee, I would feel really deprived without YouTube! I like to watch and listen to the violinists--especially Sarah Chang!
 
Java (not Java Script) is required for older versions of Adobe CS, is it not? But not for Adobe CC, as far as I can tell. Flash can be manually controlled by the "Click to Flash" plugin in Safari if you don't want to use Chrome.

And Willie - thanks for the tip on using Parental Controls as a whitelist utility! Great idea.
 
MaxElmar said:
Java (not Java Script) is required for older versions of Adobe CS, is it not? But not for Adobe CC, as far as I can tell.

And Willie - thanks for the tip on using Parental Controls as a whitelist utility! Great idea.
Click to expand...

Yes, each time I install a new OS, CS complains about missing Java.

Rob-F said:
Isn't FLASH what YouTube uses? Or have I got that wrong? Gee, I would feel really deprived without YouTube! I like to watch and listen to the violinists--especially Sarah Chang!
Click to expand...

Youtube has moved to HTML 5, mostly because of Apple. They simply could not afford to lock out all Apple users.
 
photomoof said:
Yes, each time I install a new OS, CS complains about missing Java.



Youtube has moved to HTML 5, mostly because of Apple. They simply could not afford to lock out all Apple users.
Click to expand...

Good to know, thanks. I'm thinking maybe this thread should become a sticky. I know I need to take more precautions against losing my images. I am using Apple Time Machine. I would like to learn to use my external hard drives in some systematic way to have better backup. I've been pretty haphazard about it.

I'm also feeling the need for a new brand of hard drive. I've had two western Digitals conk out on me. Any suggestions for a high-reliability brand?
 
ColSebastianMoran said:
The Head Bartender is right on the mark here.

Here are my recommendations:
- Remove FLASH and Java from your systems. New vulnerabilities appear continuously.
- OK, we need FLASH for many photo sites; run FLASH only in Google Chrome which is a somewhat protected environment. Chrome will update it automatically.
- If you use an Android phone, seriously consider changing; Google and partners have to figure out how to update these timely
- Install all security updates on all devices immediately as their appear. Automatic updating is a good idea.
- Use a strong unique password at every site and login
- Use a password manager program to make this practical
- Don't click on links in emails. Ransom-ware is often distributed in an urgent-looking email, e.g. "Click here or you'll be fined $1000 for a toll booth violation."
Click to expand...

Agree on everything here. For Android, consider looking into the Google Nexus line. They are (at the least) on par with Apple in terms of security.

Using a Mac does not absolve you of duty to purchase (and update) antivirus. ~10 years ago Macs were generally secure enough on their own. This is not the case as of 2015.

Using Chrome (on any device) is a good idea in general. Their Sandbox is fairly competent and should be a good first line of defense.

For Android phones, don't install anything that looks suspicious. Even if an app comes from the Play Store, take ~10 second to review the permission requests before installing. A music player has no reason to be peeking in your contacts list.


...and some other (perhaps more technical things):

If you have a windows 8/10 laptop with an SSD, considering encrypting your main drive. HDDs do tend to slow a bit with device-level encryption.

If you have an Apple laptop, make sure your OS is no further than 1-2 generations behind the latest. Running Snow Leopard in 2015 is a bad, bad idea.

Use a secondary email address for mailing lists and general sign-ups. Make sure this has a password that's not shared with your online bank account, etc.

Flash is actually not *too* bad in this age. Efficiency-wise it's a hog, but the true proverbial fault point is Java. Java needs to burn in hell. Don't install it if your work doesn't absolutely depend on it. Java has year-old, glaring security issues yet to be patched. Malware loves them.
 
Rob-F said:
Good to know, thanks. I'm thinking maybe this thread should become a sticky. I know I need to take more precautions against losing my images. I am using Apple Time Machine. I would like to learn to use my external hard drives in some systematic way to have better backup. I've been pretty haphazard about it.

I'm also feeling the need for a new brand of hard drive. I've had two western Digitals conk out on me. Any suggestions for a high-reliability brand?
Click to expand...

For the most part drive failure is quite random. A business-class drive might give you higher life expectancy, but even those might break after a few months (or even weeks, if you're super-unlucky). It has been said that on average, one of Google's server drives breaks every second. So instead of shelling out for so-called premium HDDs, I would simply double-backup anything.

If you have a ton of photos (>2-3T), a RAID 5 solution will save space and money, but those solutions tend to be relatively expensive at smaller sizes.
 
You must log in or register to reply here.

Similar threads

S
Suggestions / advice for new camera
2 3
Replies
45
Views
2K
silvershadelynx
S
J
  • Article Article
How Long Will Your Pictures Last?It all depends on you, your successors, and whether anyone else cares.
8 9 10
Replies
180
Views
13K
Freakscene
Freakscene
lxforrest
A DIY retro digital camera project - Blog #2 Rethinking of retro digital camera
Replies
4
Views
654
lxforrest
lxforrest
lxforrest
A DIY retro digital camera project - Blog #2 Rethinking of retro digital camera
Replies
0
Views
218
lxforrest
lxforrest
F
The Lens Repair Apocalypse: Repair Shops INUNDATED with work, and will get worse.
2 3
Replies
55
Views
5K
WoodallP
WoodallP
Back
Top Bottom