Tuesday, June 17, 2014

NBC Today show warns about Cryptolocker; more info on security strategies

NBC’s Today show reiterated a warning to the public about Cryptolocker this morning. The video depicts a typical home user as totally vulnerable, and not have taken any precautions to back up important data.

Visit NBCNews.com for breaking news, world news, and news about the economy
Security companies and technology journals have written a lot about this Trojan.  Sophos, which works with Webroot, has a typical article (Oct 2013), and Webroot’s threat blog offers this, on Dec 6, 2013, link,   
External backup drives are likely to be infected simultaneously also.  So an important strategy is to make backups regularly (every day if possible) of your major work, and disconnect the drive.  According to Webroot, cloud backups (like Carbonite) are safe, but I would check on this. Carbonite’s own writeup here  is a bit ambiguous.
It’s relatively trivial for a tech (like Geek Squad) to disinfect a computer from this Trojan, but the encrypted files are lost forever until ransom is paid.  It sounds as though in this case, files are often restored because the object of the criminal activity (a lot of it overseas) is to make money, Putin-style.
It’s a good idea to have several physical backup copies, and to keep one offsite, perhaps in a safe-deposit box, possibly some distance from your home (in case of big natural disasters).   It’s a good idea to use optical discs for backup if EMP ever becomes a threat. It’s always a good idea to think through one’s entire security strategy, which varies enormously by circumstances.
The biggest risk for this form of ransomware seems to come from email attachments.  There is also some risk with botnets, so people who use P2P might be at higher risk, as are those who are attached to other people’s or office network drives.  You might minimize email risk by opening “risky” emails on older computers that don’t have important files.  I find that about 80% of spam has a fishy email sender address  (you can run the mouse over it to see it, usually from Russia or China), but some spam actually spoofs the sender so that this doesn't work. 
Not everyone uses some of the more vulnerable, fast-paced areas of the Internet, and not everyone is at equal risk.  But keep in mind that your circumstances can change when you start to work with or sell content to others. 

Update:  June 21

I've noticed numerous UPS delivery notifications in my spam folder recently, so I suppose these are attempts to send copycat cryptolocker trojans.  To get these when you haven't ordered anything is an obvious red flag.

Besides the usual "Nigerian scams" and bogus warnings about bank accounts and credit cards I don't have (and I've checked my credit reports;  they're clean), I see a lot of business proposals that are really, well, dumb.  

No comments: