Ransomware 2.0

The latest internet scam is simple but the scammers’ bitcoin wallets show it to be very lucrative.

Hackers steal passwords in bulk from websites such as Facebook, Adobe, and especially smaller online retailers or niche websites who can’t employ the dedicated IT security engineers. As you can see from the list of publicly admitted thefts here, bulk password theft is shockingly common. Chances are you have had many of your passwords stolen (which is why you should not use the same password for more that one service, but that’s another story).

The stolen passwords are sold on the dark net, where other scammers buy them. These scammers use simple scripts to create emails that prominently display the stolen password, plus a story about how they have also stolen your contacts list, and used your webcam to video you in compromising situations. They simply threaten to send this video to all your contacts unless you send payment (usually via bitcoin).

The good news is that it’s all a bluff and an empty threat. They do not have any video of you, nor your contacts list, nor any idea of what websites you have visited (other than the one where your stolen password came from). They are counting on a fraction of their victims being so rattled by the threat that they send payment, even though they haven’t proven they have anything, and even though paying an anonymous ransomer is literally hoping for honour from a proven thief.

The risk from this scam is low if you know to ignore the ransom threat, but the risk of having your password stolen may be high. If you have been re-using passwords, now is the time to fix that by changing all your passwords.

Anti Virus Drawbacks

Security threats have been the bane of Windows users. Ever since computers were connected to the internet, hackers have taken advantage of the worldwide network to launch attacks with virtually no fear of repercussions.

The first malware was little more than a electronic graffiti, but it soon graduated to malicious vandalism and then on to the money-making ventures. This led to the development of antivirus software. Antivirus applications seek to detect and eliminate threats before they can cause damage. Sadly, this is a cat and mouse game where the hackers have first-mover advantage. Even the top ranked anti-virus products cannot protect against threats that they have not been programmed to detect, and new threats are constantly being developed. Estimates are that even from the most sophisticated antivirus programs fail to detect around 20% of malware.

Malware might be the biggest source of problems with Windows computers, but problems caused by antivirus software itself is a close second!

Antivirus software has it’s own drawbacks. It can hog system resources, slowing down even the most powerful PC. It introduces more complexity into an already complex system. It can interfere with the functioning of applications, or the computer as a whole. Ironically, antivirus software can sometimes make the computer less secure in some ways. This is because it opens up new targets for the malware creators to attack. It is also ironic that the most powerful antivirus software is also the one that is most likely to have unintended consequences.

Given the problems with running antivirus, and its limited efficacy, prevention is by far the best cure when it comes to security.

NEVER open emails from an unknown sender, and always be suspicious of attachments even if it looks like you know the sender. Opening an infected attachment is the number one cause of infections. If you ever have an email that you are not sure about, you can always forward it to me for verification before opening the attachment.

Fortunately, Windows 10 is more secure than previous versions of Windows. It has built in security in the form of “Windows Defender” which is quite effective and importantly, is less likely to interfere with legitimate software.

The article below makes a strong argument for ditching 3rd party anti-virus software, although in some cases I believe the extra security from a good AV product is worth the extra maintenance associated with it.


Ransomware Threat

There is a currently a particularly nasty form of malware circulating the internet dubbed “ransomware”.

It can completely wipe out a computer, plus any external drives or network drives attached. Once infected you are effectively locked out of your PC and files. All your computer does is show you a message about paying a large ransom in a crypto-currency like BitCoin. The ransoms I have seen have been for US$500, but there is no guarantee that paying the ransom will undo the damage.

Infections are usually caused by opening an email attachment, but the malware can also be disguised as music, movies or software from torrent and download sites.

Prevention is important as recovery is expensive and some or all of your data could be lost permanently. Once infected, the only guaranteed cure is to recover from a backup. If the backup is connected at the time of infection it is likely to be lost too.

Unfortunately, antivirus software cannot stop all threats. Some estimate that more than half of malware attacks are able to bypass the best antivirus software. Those who produce the malware are always 1 or 2 steps ahead, and there is so much money involved now that they are very motivated and organised.

The best prevention is to never open any attachment that you are not expecting, and to be very careful with which websites you visit. Be particularly suspicious of emails purportedly from Australia Post and other delivery companies, and bank or government agency messages. If in doubt, call me or check with the sender via an independent communication method (ie don’t use the email address or phone number supplied in the email).

More information.