Don’t let this happen to you!

Life on the internet is becoming incredibly dangerous and, unless you stay alert, the consequences can be dire – as one of my acquaintances discovered.

These good people had been in business for many years and were in the process of putting their business on the market. They arrived at their computer one morning only to discover that it displayed a frightening message on the screen. It was a demand for 50 bitcoins to have their computer made operable. If they did not comply, their files would be deleted. At the time of writing, a bitcoin was worth $768 so the demand was equivalent to around $40,000.

Usually, ransomware encrypts files so that they remain inaccessible but this time the threat was by far more serious. In the case to hand, it was more than serious; it was catastrophic. You see, their company records, financial details, passwords and so on dating back eight years were on that machine and no, they did not have a backup!

To make matters worse, this particular ransomware was such that if you tried to re-boot your computer it would delete all files during the re-boot process. Usually, first steps for recovery would require booting into safe mode but that was obviously out of the question. There was no answer.

[pro_ad_display_adzone id=”15046″ align=”left”]

But how did these people get into such a predicament? That answer, as always, was very simple. First, a lack of a reliable backup regime. That is so simple and only takes some minutes to perform every evening. You simply have two backup drives, which these days may well be the ubiquitous USB stick.

Back up all your critical files and take the drive home with you or store it in a safe place away from your office. On the following day, repeat the process onto a second drive and deal with it the same way. The following day, return with the first drive and backup that day’s work.  In that way, the most you can lose is one day’s data.

Better still, use a reputable cloud service and lose nothing at all. Google is a good starting point for cloud storage.  Personally, I would use both methods in case one had internet connection problems at a critical time. All this would be at an insignificant cost when compared with the catastrophe that could eventuate.

Besides the lack of backup, the start of the tale was very much as expected. An email containing a link, which when clicked installed the ransomware. That information was offered up with the usual excuses of being too busy to carefully inspect each email and its links and anyway, the mail looked legitimate.

What we should all understand is that email is an incredibly dangerous medium and readily lends itself to forgery. The problem lies in its structure and coding capabilities rather than a deliberate attempt to cause harm. Another one of those unintended consequences where mal-intent can leverage some of these features.

Did you know that an email knows the type of system software you operate under? Including your email programme, your location, what time you received the mail, what time it was read and indeed who read it. If it is composed in HTML, as almost all emails are these days, it is possible to include pictures. One can even include one pixel images, which is invisible to the human but can act as triggers on remote servers to provide all this information to the sender who may be waiting to launch his attack. Most of this information is also included in the header of the email all readily visible if you care to check.

So rule number one is to disable display of all images. Most email clients have that as their default setting but if you normally see images then please disallow that setting. It will also save you money with your internet charges.

Rule number two is to never ever click on a link in an email unless you trust the sender and even then check the actual URL it is pointing to. For instance, if you use Thunderbird it will display the actual URL at the bottom of the screen. This way, just floating your mouse over a link shows you where the code is pointing to.

If you see plain text, such as “click here”, then simply copy that and paste it into your web browser’s search bar where it will be deciphered for you.

Rule number three is to distrust the sender’s address. It is very simple to create a false return address and hide the factual one.

Rule number four is the most important one of all. If you do not recognise the sender, the subject or the text then just delete it immediately.

Remember that no legitimate institution be it a bank or the ATO or debt collector will send you emails unless you have requested such action. If in doubt, delete and phone the organisation to get verbal assurance that their communication was legitimate.

There are also some good self-help resources available. If you really have a need to confirm the source of your email and all you can see in the link are the IP numbers, a simple piece of free software called IPNetInfo is a good choice.

IPNetInfo is a small utility that allows you to easily find all available information about an IP address: the owner of the IP address, the country/state name, IP addresses’ range, contact information (address, phone, fax, and email), and more.

This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses.

There are many malware unlockers available with each specifically written to unlock your computer from one particular piece of malware. However, unless you are very computer savvy I do recommend that you leave that path for the professionals. An error made here could destroy any slim chances you may have had to restore your computer. It is widely acknowledged that paying the ransom does not usually bring the episode to a happy end.

One resource, which I do recommend, is funded by your tax dollars and comes from www.communications.gov.au/stay-smart-online. It provides an alert service and advice on how to recognise and deal with everyday threats and does so on a weekly basis at no cost to you.

So please find the time for good housekeeping and protect yourself and at least follow my above suggestions, lest you want to join the good folks who have suffered enormous and shattering consequences.