The article below has just been shared by Seth Krieger, Ph.D., President of Synergistic Office Solutions, Inc., with our User Group. I thought our blog readers might also be interested.
Many of you are aware that there has been an explosion of so-called “ransomware” malware infecting systems ranging from stand-alone home computers to hospital systems. Once you have been infected, this malware gets busy encrypting files on your drives — including shared network drives — and ultimately notifies you with a screen message that you will have to pay a ransom to regain access to those files.
Two people I know (one a family member, and one a close friend) who work in healthcare were recently infected through email attachments clicked by staff in their offices. Luckily, both were able to stop the infection from getting too far, and had good backups from which they were able to recover the files that had been encrypted.
As with most serious computer threats, these depend on the naiveté of computer users to start the ball rolling. At present there are two main vectors of infection. One is email attachments. Watch out for GIF’s and supposed attached “invoices”, both of which are known delivery mechanisms for ransomware, and could even come from the email address of someone in your contact list.
The other vulnerability being exploited more and more frequently is delivery via flash, java, and acrobat pdf extensions in web browsers. This type of malware is often delivered via web site ads that use these extensions. Your best bet is to disable these extensions, or at least set them to require your approval before running. Most web sites will work fine without them. At present, it appears that the most secure browser to be using is Google’s Chrome browser, which keeps itself up to date automatically, and prevents many attacks that other browsers may not.
SOS recommends that you also install a product called MalwareBytes, which is available in a basic, free version as well as a more rigorous paid version. It works alongside your anti-virus to extend the range of threats that can be detected and disarmed. (We have no business association with MalwareBytes except that we use their software.)
If you should suspect that you are infected with an active ransomware program, immediately disable all network connections to other computers to prevent the infection from spreading. Ultimately, however, full recovery will depend on whether or not you have current backups of files that were, or could be, encrypted.
In the past, backups were insurance against hardware failure, fire, theft, or accidental erasure. These are pretty rare events, so many computer users were less than diligent about backing up their computers and critical business data. Thanks to these ever-increasing malware attacks, the need for good backups is also increasing at the same rate. In addition, some of these infections are sophisticated enough to target backup files that can be located on USB drives and network shared resources, so off-line backups (removable media) are more essential than ever!
PLEASE prepare yourself:
- Use a highly rated anti-virus product, as well as additional malware protection such as MalwareBytes. Make sure that it is set to update itself at least daily.
- Be VERY careful about clicking email attachments. When in doubt, call the sender to be sure it is legit.
- Disable flash, java, and adobe pdf browser extensions. Consider using Chrome as your default browser.
- Backup your entire system periodically, and your irreplaceable data every day, to media that is then disconnected from the potentially infectable computer. On-line backup solutions like Carbonite, Mozy and CrashPlan have their place, but unless you have super-fast internet, having a copy of your backup locally can get you back in business much faster than downloading backups from one of those services.
Be careful out there!
Seth Krieger, Ph.D.
President, Synergistic Office Solutions, Inc.