# Ransomware?



## Southern Presbyterian (Apr 18, 2016)

A question for the computer gurus of the PB:

I keep seeing ads on places like FB, and getting emails from my virus software vendor indicating thatthere is an "increasing threat" of ransomware these days. Is this true? Has ransomware suddenly become a bigger threat to average computer user? I've always thought that it was primarily targeted towards businesses.


----------



## Edward (Apr 18, 2016)

Southern Presbyterian said:


> "increasing threat" of ransomware these days. Is this true?



Yes. Ransomware is becoming a larger problem. Major sites have allowed distribution of ads infected with ransomware. (Google, AOL, NYTimes, BBC are some of the guilty parties). (Google ransomware google ads ) On the other hand, a lot of the 'services' being offered to combat this are themselves scams 

Folks used to debate the ethics of ad blockers - I didn't use one for years, but since the major players won't protect us from ransomware laden ads, we have to do what we can to protect ourselves. 

While there are no guarantees, at the very least, you should run Firefox with AdBlockPlus, Ghostery, and NoScript. It's a pain going through the process of learning what to let through and what to block (there are, for example, 4 trackers on this page alone, 3 of which I have currently blocked.) Offline backups are also a good idea, as is keeping your anti-virus software updated.


----------



## jwithnell (Apr 18, 2016)

Yes, it's a threat. Businesses just make the news. The "average" payment is somewhere around $300, and that means smaller folks are getting hit too. What's really bad, is that the malware coders use delays in their code and are even targeting backup systems, so even if you have a mirrored backup system, as we have, the code is designed to track any drive that has been connected to your system and will hit the next time you are signed on, which may happen before you realize your computer has been compromised. Common sense is critical -- do not be signed on as administrator all the time. Have defaults for emails set to txt only. The emails or documents with plausible subject lines need to be regarded with caution, especially if you didn't initiate contact (that's how hospitals have been infected -- just one employee opening something with executable code.)


----------



## OPC'n (Apr 18, 2016)

Even a small number of mac users were hit which is new in the life of macs. Here is the link. 

"Palo Alto Networks Inc. said Sunday that it had detected that the installer for a certain file-downloading app, the Transmission BitTorrent client for Apple’s OS X operating system, was infected with so-called “ransomware.” Transmission is used to download files in a crowdsourced way from other users of the application."

Thankfully, after around 6500 downloads of the Transmission Apple stepped in quickly and pulled the developer certificate so users could not unknowingly continue to install the affected app.


----------



## Ask Mr. Religion (Apr 18, 2016)

All are vulnerable these days to ransomware.

Never click links from another that even seems to be valid as written until you are confident. Hovering over said web links, email addresses, etc., usually reveals that, while an email message may say it is from _[email protected]_ when you hover over it you will see _[email protected]_ or whatever in a popup or at bottom left of an email window. The same for a link in an email from what appears to be Chase Bank, but when you hover over the link you will see some odd link versus the expected chase.com. This also applies to nice looking web pages with links for downloading things.

Many browsers have modes to use when surfing about, e.g., incognito mode, that offer protection that should be used when just goofing around on the internet.

Have a good malware scanner installed, some of which are included with the usual antivirus utilities.

Backup all personal docs to an external drive, USB stick, etc.

Finally, the best defense is having multiple images of your entire computer backed up (do this daily or at least weekly). An image is basically a bit-for-bit snapshot of the entire state of the computer at the time it is made. So if I created an image of my laptop right now, when I restored that image I would see this very window I am typing in right now and all other windows and software I have running at this time.

With image backups you can recover the entire state of your computer some time prior to your ransomware attack. This means you will lose some things depending upon how frequently you create image files, but it will beat paying to recover your files.

Windows 10 has an option that lets you create hard drive images using the Windows 7 image backup utility. I use a commercial product, Shadowprotect, for creating frequent images. Commercial tools have utilities that allow an "operatively dead" but "able to be regenerated" (heh!) machine to be booted from a CD, USB, DVD disk, etc., bypassing ramsomware's insertion into the boot process which would prevent using the plain vanilla Windows image creation process. (Some ransomeware now deletes a few hundred of your personal files each time you attempt to reboot the infected computer.) Note: image files are large, at least as large as the used storage of your computer, so you will need plenty of external storage space to keep some around. Tools like Shadowprotect have features for merging incremental images that are created to limit the amount of space required.

When out and about, pay attention to the WiFi open access domains that you connect to. Some are just spoofs of valid WiFi services that are intended to gain access to your credentials and online activities. If you watched 60 Minutes last night you already know how scary this all can be.


----------

