In my last post I explained how lockerware was a new type of virus that encrypts a users data and gives them an option to pay a ransom to get it back. This post will be dedicated to the three options that this new persistent threat presents: ignore it, cure it or pro-actively avoid it.
I will combine ignoring and curing together because they are related and simple. Ignoring the threat can be done by just doing business as usual; continue to download all or most attachments from email, click on internet and email links without scrutiny and install random software from the internet. Following this route will surely get some form of Lockerware on your system. Once infected you can either just erase all your data and start fresh or pay several hundred or thousand dollars for the criminals to unlock your data so that you can use it.
A pro-active strategy is probably where most people want to be, however it will involve sacrificing some convenience for the extra security.
First, have a solid backup strategy in place. This strategy will be different for consumers vs businesses, however the common element is to have 3 copies of your data. The first is the data itself. The second is a backup copy that is stored onsite on a separate drive, preferably in a separate area of the building. The third is a backup copy that is stored far enough away that a local/regional disaster would not whipe out all data.
Second, be critical of the things you receive in email. Email is similar to a postcards because the sender could easily forge where it is coming from. So in email, it is trivial for a hacker to set their email as being from “Bank of America”. This trick is particularly bad because users have a tenancy to grant trust to email from respected sources like Bank of America or the FBI that they would not to other sources. This trust usually causes users to ignore the common preventative steps that I recommend at the end of this article.
Hackers also use email content to trick people. The most common method is through clickable links. People get links all the time that may say something like “watch this super cute cat video” but the truth is that the link that is sent can be programmed to say one thing but send users who clicks it to a completely different site. In English, that means that if you click cat video link, it could actually send you to a malicious website. Even worse that site could contain a virus that your phone or computer could download and run automatically.
A great real world example of these email tricks is from a friend that is paid to test banking security. During his last test he was able to hack a Bank President through email links. He was able to do this by researching the President on facebook. He discovered the the President was a member of a quilting club. Using that knowledge, he crafted an email that appeared to be from the quilting organization that had a link to a new membership information file. By clicking the seemingly trusted link, the President unintentionally put her entire organization at risk. Luckily though, it was just a drill and an opportunity to improve security.
So how do you avoid being fooled through email? Here are the guidelines that I recommend.
1. If you did not ask for or expect the file, don’t open it, ever
2. Don’t believe the return address…just because it says it is from your bank or friend does not mean that is who actually sent it
3. Even if the email is from your friend, assume that the contents are malicious and scrutinize the content
4. If you have to visit an email link, copy it to your clipboard and past it into your browser
5. If you have to download something from email, scan it with you anti-virus before opening it
By following the steps above you will avoid a good portion of the bad things that are sent through email.