Sunday, August 30, 2015

Ransomware: a serious and growing threat

Last month I explained how you could avoid visiting "bad" web sites. This article describes the very serious threat of Ransomware. I don't like to write "scary stories" about online dangers but this one is serious and has afflicted several acquaintances. The latest plague on the Internet Land is dubbed Ransomware because these attacks take control of your computer and demand payment. There are two different versions - one not too serious and one really, really serious.

In the first case, clicking on a link in an email message or web page takes you to a fraudulent web site. You will immediately lose control of your computer which is now controlled by code in your browser. The web page displayed will be overlaid by messages saying your computer is locked and you need to "call this number" (don't) for assistance. You cannot get rid of the message or do anything else with your computer. Even if you restart your computer or the browser, the problem often persists. There are so many browsers and operating systems versions I can't tell you exactly what to do. I will say the problem is usually not "fatal" meaning no loss of data and there are ways to deal with it that should be found by a search - obviously on another computer.

The second case is much more serious. Again, clicking on a malicious link (do you see a pattern here?) can cause a total lock up of your computer AND YOUR DATA. Your data is encrypted (unusable) and you will be instructed to pay a fee of several hundred dollars to fix the problem - which of course they may or may not do when you pay up - remember these people are criminals. Sometimes your data can be retrieved by an expert and sometimes not. What can you do?

Prevention is the only good approach because there is no certain cure; you should have a good back up system. Assume all your data will be lost sometime. This can include a backup disk strategy that is well thought out - unconnected backup disks (otherwise they might also be corrupted), disk rotation including off-site copy, etc. Increasingly we are turning to cloud storage to put our information in an entirely different location. Dozens of these service exist - Dropbox, Box, Sugar sync, MS iDrive, Google drive, Apple iCloud, etc.

Of course the best strategy is to use more than one - combine local storage with a remote service. I was a cautious at first but my preference now is to use cloud storage - iCloud and Dropbox - for my "originals" and make copies on to my local hard drives from time to time. Having the originals stored in the cloud makes them accessible from any device anywhere. I use the word "originals" advisedly since the original meaning of original no longer applies. My originals are the cloud based working copies - which are occasionally backed up locally.

Sunday, August 2, 2015

Recognizing suspicious websites

You would certainly be cautious when opening your door to let someone into your house. You should be just as careful when opening your computer to someone you don't know. A single mouse click can let a total stranger take control of your computer and all the information in it. We often hear you should only click on links sent to you by people you know. The bizarre assumption here is that you don't know how to spot bad web sites but all of your friends do - so apparently ALL of your friends are smarter than you. I doubt that.

The important thing to remember is that a web site is identified by two different character strings. The first one is the one you see displayed as a "link". It might be something like "click here" or www.IBM.com. It could also be a picture. The words are usually underlined and often a different color. The second string is the real "website address". It is always a string of characters such as www.com.com/abcde/mnop.html and it is always hidden from view. This is the one that matters. The one you can see may have no real meaning at all and if someone were trying to get you to go to the Toyota web site, they could show www.Honda.com but connect it to the address www.Toyota.com.

More likely scammers would link www.Honda.com to a fraudulent web site. That's how it works - what you see is not what you get. If you are not certain a website link is legitimate you need to view the actual (hidden) website address. How you do this varies from device to device but you can usually right click or copy the displayed link and paste it into the address/search field of your browser. The supposed www.IBM.com link might look more like "www.companyyouveneverheardof.ch - a company you've never heard of with a website registered in China (ch). Be very suspicious when there are two unrecognized letters following the first period. These are country codes - MX Mexico, RU Russia, etc.

NEXT MONTH I'll explain the two versions of Ransomeware - and what you can do about them