I have droned on and on about not clicking links or attachments in emails as this can provide an avenue of attack and a loss of security for everyone from the home user to the professional with a large office staff.
Years ago, when I was at Viacom on the help desk, the “I Love You” virus was quite prevalent and was easily spread from an attachment disguised as a document. Since MS Word had some ability to use Basic Programming language for customization, hackers could send a virus coded into a message that once clicked could cause downtime and damage to systems.
A user would click it, and within three minutes, 15,000 email accounts were now down. Most of the time, it took a few hours to a couple of days to bring back the corporate email service for everyone.
In today’s computing world, attachments are more insidious.
Atlanta just paid out millions of bucks after their ENTIRE city system got encrypted with ransomware – I can pretty much guess how it got in and how fast it replicated itself to other computers. (https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/)
Here are a couple of ransomware screenshots just for your edification…these are from “WannaCry” and “Cryptolocker”
In that article, it mentions another firm I worked for, Edelman. I was the MIS Manager there for a short spell. I still hate 20 hours days and 140 hours a week.
The ransomware attacks are quite prevalent in certain email services. I have seen Yahoo! emails get hacked and I have seen AOL emails get hacked. The Yahoo! issues had me switch many clients to private email servers attached to their domains or to other services such as gmail.
Worse is when an attachment gets through and the user has no clues that underlying that click is a dance with an encryption program.
What is an encryption program?
Let’s imagine that you have a Toyota Camry that is outright owned by you. You get to the curb to unlock your car, and there is a guy standing there who has just changed all of the locks – physically and electronically – and won’t let you back into the car until you pay him money. (No I am not referring to your car being towed or booted in NYC, that’s a whole ‘nother ballgame!!)
Ransomware is the same thing, but your computer is pretty much locked down. If you are lucky, it will boot up.
All of the files are encrypted with a key that you have to pay to get. Many times, payment is made and no decode key is given – the user is out of the money sent and now has to recreate files, pictures, documents and such.
Some scammers try to get users to get Bitcoin accounts to pay them using that “currency”.
(Remember all of the blog posts and emails that reminded everyone to ensure you have a backup drive? Especially one based in the cloud like iDrive?)
If the user is fast enough to power down the computer, they might be able to save some of the data.
Ransomware will encrypt ALL user data, including PDFs, pictures, spreadsheets, word files, databases, custom programs for medical, retail, and other businesses. Some variations have also been able to encrypt the external backup drive as well, rendering all user data stored locally inaccessible.
One of my clients realized he had clicked what appeared to be a PDF attachment as he was waiting on an invoice. Suddenly his computer started the encryption process and he was able to pull the plug, press the power button and take the battery out.
This was a rare case where I was able to get the data back using one of the specialized tools I found for this purpose. The operating system, Windows 8.1, was toasted. That was a loss and he ended up on a Macbook Pro. All I did was recover the data and move it.
Another method that has seen a recurrence is the fake pop-ups that can state you need to update Adobe Flash. Once downloaded, you are infected if you run that program. Some of the pop-ups will lock down your screen and make exceptionally horrible warning sounds and state the you must call that number on the screen since your computer is infected.
What happened? The hackers managed to get in infected page to lock up your computer via the browser. The best thing to do? Turn off the computer.
If there is an infection, the folks that you are demanded to call might be stealing your personal data while showing you normal Window’s directories and claiming they are infected.
At worst, you will be taken for a few hundred dollars and your credit card will be considered hacked by me. Your bank will not necessarily help out as you VOLUNTARILY gave them your credit card information to “help” with a computer problem.
Charges for some have been in the hundreds, with automatic payments for “upgrades”. Cancelling the card brings about irate calls from the scammers with exceptionally bad accents that I can only imitate in person. Even two years after that encounter, one of my clients kept receiving calls and charges kept appearing on her card statements.
Ransomware is somewhat avoidable if you have followed advice and not clicked on anything suspicious.
Best practices are to make sure that you know what you are clicking on and if it seems fishy, send it over to me and I will do my best to see what is going on.
If you have gotten infected, please, give me a call. I am happy to help! And if something really strange is happening such as the mouse slowed to a crawl after clicking something or on a site, TURN OFF THE COMPUTER and gimme a holler!!