Virus Warning

I’m not big into virus warnings unless something radically changes. Well, it has. So, read up and rethink your backup strategies.

New Ransom Ware

There is a new style of ransom ware that has come to America. Europe has apparently been dealing with it for weeks. It is called Ransom Ware 2.0 or CryptoLocker.

To understand what Ransom Ware 2.0 is doing read: Destructive malware “CryptoLocker” on the loose – here’s what to do. It’s a bit techie.

As best I can tell, the program leaves your readable copies of files in place while it makes encrypted copies using strong encryption. When it finishes encrypting your files, it then erases your readable copies and displays an extortion notice. If things go as they planned, you will probably not notice a problem until you see the notice.

The prime targets of Ransom Ware 2.0 are people’s personal files. The full list of targeted files is in the linked article. They are going after your music, images/pictures, video, Word Docs, spreadsheets, email, etc. In other words, all your stuff.

I suspect the malicious program is smart enough to search every drive connected to the computer in its attempts to find them. So, that includes inserted USB memory sticks and external USB drives.

Paying Ransom

You have watched enough TV to know this is a dicey proposition. I have heard no word of anyone that has tried to pay the the US$300 ransom to buy the key needed to decrypt their files. The bad guys may give you the key just to keep you busy while they drain your back account, now that you have given them account info, or repeatedly tap your credit card. Or they may just take the money and try draining your accounts without giving you anything.

Oh, they are big on Bitcoin…

The ransom ware says it will destroy your decryption key within 72 hours. Once that key is destroyed, there is no practical way to decrypt the files. So, your files are as good as gone.

You will not be able to afford the computer power or time needed to break the encryption. Since these are random generated keys based on RSA duel keys (this is military grade encryption from about the 90’s) typically 16 to 128 characters long passwords/keys of which there is no chance of guessing.

Prevention

How Does It Get In?

  • Adware programs have backdoors that can be used by bad guys to infiltrate your computer.
  • Banner ads on even reputable web sites can lead to infected web sites.
  • Email and email attachments.

Backing UP

The ideal backup these days is to external USB drives. They are fast and can be moved off site, or at lease disconnected from the computer. They are cheap. The thing is we now need to remember to connect the drive, backup, and then disconnect the backup drive until the next backup needs to be made. Otherwise, the virus could encrypt our backup files too.

There is cloud storage, having an offsite drive the computer connects to over the Internet. Your data will literally be stored in the remote drive of a computer at the service providers, but it may look just like another drive on your computer. If it behaves like a drive and has a drive letter, that data would likely be vulnerable too. If a user ID and password are required before you can move files there, it is probably safe.

If you use a backup service (Carbonite seems well know), using the automatic backup in background is likely to get you in trouble. I have not used any of these services, so I am not sure how they do things. I am speculating based on my experience.  Unless they allow you to keep dated backups (like QuickBooks does) or use file versions so you have older versions of the backup, the backup system may just backup the encrypted files. If it is keeping only one copy of your data, it will then toss the previous good files. You would still be screwed.

Files like QuickBooks and address books are small and they can be backed up to USB memory sticks. 32gb sticks are cheap US$20-$30. They hold the equivalent of about 6 DVD’s or about 45 CD’s.

If you think you may be infected, backup now. As long as your files are readable, they can be backed up and are safe to use. So, even if you suspect you are infected, make a new, separate backup. Be sure to save your previous backups.

Summary

The computer virus wars are escalating so fast, it has generally become pointless to send out warnings unless there is a change in tactics, like Ransom Ware 2.0. Otherwise, your computer is updating at least once per day and your anti-virus several times during the day. By the time you see an email, blog post, news cast, or whatever it is probably too late to do anything.

Most things you can be warned to do, you should already be doing. See Prevention above.

In this case you need to consider changing your backup strategy. So, I hope this article helps.

On another note: absolutely DO NOT use the same password for all your web site logins. Have a separate password for every online account that will allow the withdrawal of money from the account. Have a separate and STRONG password for accounts that provide access to your personal information; birth dates, parents names, friends names, addresses, etc. They can be used against you because people trust friends.

2 thoughts on “Virus Warning

  1. There’s an even, more radical solution to stay away and safe from virii, worms and root-kits: use Linux !!!

    Think about it: with Linux, you don’t even have to pay a ransom to Micro$oft for running programs on your computer (*all* OSes should be free !… Would you buy a car without an engine and then have to buy the engine from another maker ?… Because, it’s what Micro$oft is doing: they make you pay for an engine for your car).

    • Yes, I may pay Microsoft for my engine but I don’t have to spend hours setting it all up manually before I can use it as I want to, the when I want to go somewhere new, spend hours looking at engine settings to find out why it isn’t working 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *