In my last article I covered the growth of early viruses. In this article I’ll cover more recent viruses and the steps you should take to protect yourself from falling victim.
2000s and onwards
Malware as a Business!
As with all things, if there’s money to be made, someone will make it and malware creators are no exception. Over the last 10 years, there have been viruses that do the following which can help the creator make money:
- Collect personal data such as banking information or gaming information that can be sold.
- Create large “botnets” which a victim is part of. This allows the creator or controller to send out SPAM messages to any email address lists that may have been gathered previously.
- Botnets that can create “Denial of Service” attacks against companies and not relinquishing the attack until they have paid a ransom.
- Botnets that scour the internet for further vulnerabilities on internet facing services.
- Banking injection – if infected and the virus detects access to a bank will key-log all entries and ’phone the details home’ i.e. send the details to the virus creator.
The biggest and worst of all viruses currently are RANSOMWARE . I’ve capitalised it because it is definitely worth addressing it as such.
If you are infected by a variant of Ransomware, you will not be able to access any of your files until you pay a ransom for the key to unlock.
Ransomware notices are getting increasingly sophisticated. The most recent examples can now contain your home address and other contact information and appear to be from people you know making the phishing email seem very real. The only protection is to avoid clicking on links on an email that you are not expecting until you’ve checked with the originator (if you recognise them).
Another safety precaution is to take away administrator rights from the user account you use daily. If a virus then wants to install on your machine the machine will ask you for the administrator’s password before being able to install it’s payload. Since you won’t be expecting anything to be installed this may you give an extra clue not to proceed.
The BBC and many other media outlets have covered this recently partly because a number of broadcasters and TV presenters have received phishing emails with their home addresses on.
The best and only failsafe protection is to have regular backups but please note the following -
WARNING REGARDING BACKUPS ON NETWORK FILE SHARES AND CLOUD STORAGE
Be extra careful if you have any mapped drives to a network file share or rely on cloud backups. Recent ransomwares will encrypt any files on all of your mapped drives as well as your PC.
If your cloud backup or network drive is mapped to your PC, you will find your backups are encrypted as well as your main PC. Meaning you’re snookered. The only backups that you can rely on are those that are physically disconnected from your PC such as those on USB drives and other media.
A recent Financial Times article discusses it here:
What you can do to avoid infection
Staff Education – this includes only going to known legitimate websites and being vigilant and using common sense when opening emails. Don’t click on links from emails if you are at all unsure of where they’ve come from or if you recognise the recipient yet you’re surprised they’ve sent you the email. They’ve probably been spammed!
Backups – Ensure you have good regular backups of your data should the worst happen and make sure they are disconnected from any drive mappings.
AntiVirus – Always use a reputable AntiVirus solution and make sure it’s always up to date.
Switch off Administrator Rights – Do not use Administrator rights on the user account you use for email and general computing activity. If you want to install something Windows will ask you to enter the Administrator password which can be an early warning if you’ve not asked to install anything.
Patching your machine – Your computer (and this includes any servers you have) should always be kept up to date. Sometimes you can be in a rush and just put your laptop to sleep by closing the lid, but it pays to spend 10mins rebooting and updating when prompted.
Ask your IT department about their polices – They will be able to help you work out the best way for your business to be protected.
Be aware that the tips above are pretty basic and by no means complete so be sure to check with your IT department about anything. They’d be happy to help.
There are also some very good resources from the UK Government:
https://www.cert.gov.uk/resources/external-content/useful-links/ - Good for business related security information.
https://www.cyberstreetwise.com/ - This site is a Government lead site with several third party partners, but is a bit more friendly to read.
One last thing, if you think you have accidentally opened a strange email, immediately shut down your computer and contact your IT department. Do not turn it back on. They will thank you for it!
IT security is a massive subject and I can’t really do it justice in a blog entry but I hope you’ve found it useful or interesting. If you have then please share the blog with your colleagues and friends.
IT Infrastructure (Support)