Protecting Yourself from Computer Ransomware

This article originally featured in a local magazine. I thought I might as well stick it up here…I’ve been working in computer security for many years and I thought it might be useful to share some tips about staying safe online. There are many and varied threats – even Mac users are having to be more careful these days (more later) – and an article of this size cannot hope to address everything. So I’m going to look at just one problem – but it’s probably one of the biggest: “ransomware”. This is “malware” (malicious software) that holds you to ransom, typically by encrypting your precious files and demanding you pay to get them back.

You’re probably already aware that keeping your computer up-to-date with security fixes (aka “patches”) is vital. Even so, some nasties do not rely on missing patches. Certain document formats like Word, Excel and PDF support powerful features that can be abused to unleash mischief. A good example is “macros” – mini-programs that come as part of a document and allow richer functionality. In general, recent versions of the software used to open the kinds of files I’m talking about will warn you about documents with enhanced content. But if you accept the warning then a badly behaved document can run something just as if you downloaded some software and installed it. So it’s crucial to trust the source of a document like this.

Malicious files usually arrive by email as an attachment. We’ve been conditioned to be suspicious about attachments, so many attacks use emails with links to malicious sites instead. These sites work by targeting browsers or plugins that are out of date, or by enticing you to download and run software. A few things to mention here. First, you cannot trust the sender’s name and address in an email. This information can be spoofed and while efforts have been made to stop this, they may not be working in your corner of the Internet.

Second, there’s some pretty clever tricks criminals (let’s call them what they are) can use with links. A simple example is that an upper case ‘i’ (I) looks exactly like a lower case ‘L’ (l) in certain fonts – fonts that tend to be preferred by email software. So this link to www.barcIays.com is in fact a link to www.barciays.com. Hovering over such a link should show up the trick but what about something like www.lloydssecurebanking.com? There are no funny letters in there and yet it has absolutely nothing to do with Lloyds Bank. I just made it up and it’s a domain I could buy if I wanted to (at the time I wrote this anyway). And because I’d legitimately own it, I’d have no trouble sorting out what I need to make the padlock appear in the browser address bar for a ‘https’ connection. When your browser reports the site as ‘secure’ because you’re using ‘https’, it isn’t necessarily the same meaning of ‘secure’ that you’re thinking of (I’ll have to leave it at that for now).

A third trick is that malicious emails often have some urgency about them. There will be an attachment to open or a link to click because you’ve been charged for something, or someone has tried to access your account, or an unbelievable offer is about to expire (if it sounds too good to be true, it probably is)…The key message is that if you find yourself moved to act then stop. You can always check things out another way. Fire up your internet browser, go to the sender’s website (via Google should be okay but bookmark important sites if you’re paranoid), log in to your account and check your balance. Or phone up the sender and check that way – not using any telephone number in the email, of course!

Other sources of malware are file sharing sites promising music, films, TV programmes or “cracked” versions of software that you’d normally have to pay for. These sites are best avoided: you may get more than you bargained for. Depending on how the attack is packaged, it may not need to take advantage of missing security patches to install something nasty.

Here’s another common trick: you’re browsing the web and see a pop-up claiming you need to install or update some software before being able to see the page in full (Adobe Flash is a favourite). Stop. Think about how you got there – do you trust what’s going on? Even if you do, find the software independently through the official site, then go back to the site you were on (and if it still says you need to do something then you know something is fishy).

A worthwhile recommendation is to take back-ups of the files you care about. The more regularly this happens, the less you risk losing should the worst happen. It’s also worth testing your back-ups – just choose a couple of files to make sure you can recover them. It’s important the back-up destination isn’t permanently linked to your computer as otherwise ransomware could find it and encrypt your back-up files too (or they become overwritten with encrypted versions). Equally, if you find yourself having to use your back-up solution in anger, don’t fire it up on the infected machine – you’ll risk corrupting your precious back-ups. If your back-up solution does “versioning” (where multiple copies going back in time are kept, not just one) some of these scenarios may be less of a risk.

The last thing I’ll mention is to run an anti-virus solution. It’s not fool-proof and it’s only effective if kept up-to-date but it’s a good barrier. It is fair to say there’s less malware targeting Apple OSX than Microsoft Windows but that’s not to say Mac users are immune. That’s borne out by the fact that Apple runs a rudimentary anti-virus solution of its own, baked into the system (called XProtect). Malware known to affect Macs has been found hiding in bogus installers for software (in some cases, worryingly, on the genuine websites) as well as in cracking programs that supposedly make commercial software free to use. Researchers have even discovered Mac malware for sale on the black market, available to any wannabe techno-criminal willing to invest. Although the Mac landscape is different to that for Windows, much of the advice in this article applies equally to Mac users.

As I said at the top, this is by no means a comprehensive review of the subject but I hope you found it useful. Remember, though, that if you share your computer (and especially a single account on it) then everyone who uses it needs to read this too!