Sunday, 22 December 2013

16 Ways To Beat Cryptolocker and Ransomware

Posted by Gary Newell  |  at  21:00 9 comments

Introduction

Cryptolocker and Ransomware are the latest tools used by cybercriminals to part us with our hard earned cash.

Over the years we have seen a number of different methods utilised by the online scammers including phishing, fake lottery wins, fake inheritance scams, eBay scams, PayPal scams and a whole load more.

Cryptolocker and Ransomware are by far the most severe methods used thus far.

For those of you who have not heard of this type of malware the theory is as follows:

The scammers send out thousands and thousands of emails purporting to be from someone you would expect to hear from such as your bank, ISP, tax man, council or phone company.

The email claims that it contains important information. Now ordinarily we have all seen these emails before and the normal concept is that they contain a fake link to a fake website which harvests your login details.

Ransomware emails don't contain links but there will be a file attachment and the text within the email is designed to make you want to open the file attachment. The attachment itself isn't an executable so you might think you are safe from harm. Instead the attachment will be a zip file or even a PDF file.

When clicked the file will extract itself onto your computer and will start its trail of destruction.

The way Cryptolocker works is to encrypt every file on your computer and the only way of unencrypting them is to pay a ransom using bitcoins. At the moment the least you can expect to pay is £300.

What happens if you don't pay?

The ransom is time limited. If you don't pay within the time limit your files will be encrypted forever.

Previously the scammers stated that there was no way back after the time limit has passed but they are a little more forgiving now. Oh yes, their generosity is endless. As you failed to pay in time you can still get your files unencrypted but you will need to pay a lot more money in order to do so.

Realistically you don't want to ever have to deal with these people. You can't trust that the rules won't change and as the payment is in bitcoins you have no recourse for getting your money back should the scammers change their minds.

The following is a list of things you can do to beat Cryptolocker and any other Ransomware kits that undoubtedly are going to be the weapon of choice in 2014.

If you have a swimming pool in your back garden then there are 2 things you can do to stop your children from drowning.

The first thing you can do is build a wall around the swimming pool to stop your kids getting into the pool.

The second thing you can do is teach your kids to swim.

What does this have to do with Cryptolocker you might ask?

Well, you can also do 2 things to beat Cryptolocker. The first thing you can do is stop yourself ever getting Cryptolocker in the first place. The second thing you can do is make sure you have a recovery path should the first thing fail.

I am going to tackle these in reverse order, recovery first and then prevention.

Disaster Recovery

You can employ any or all of the following techniques to save yourself if Cryptolocker or any other ransomware infest your computer.

1. Create a system repair disk

The system repair disk will enable you to get Windows back in a useable state.

Of course Linux users do not have to particularly worry about this. Linux users should be able to download the operating system from the download page of their chosen distro.

Follow this guide for creating a system repair disk for Windows 7.

Follow this guide for creating a system repair disk for Windows 8.

Follow this guide for creating a system repair disk for Windows XP.

2. Create a system image

A system image creates a complete copy of disk partitions and stores them to external media such as USB drives, DVDs or external hard drives.

If Cryptolocker infects your computer you can use the system image to restore the backed up partitions to the state they were in at the point the image was taken.

Using this method obviously relies on you backing up an image regularly.

Personally I would use this in conjunction with other methods in this guide. Maybe take a system image monthly and perform normal file backups as often as required.

Everybody will have different requirements, especially for home use.

Follow this guide to create a system image using Windows 7.

Follow this guide to create a system image using Windows 8.

Follow this guide to create a system image using Windows XP.

3. Perform regular backups

If you regularly add files to your system whether it is by creating documents, software development, photography or video capture then you should set up a regular backup routine to copy your files off onto external media.

Follow this guide to backup your files using Windows 7.

Follow this guide to backup your files using Windows 8.

Follow this guide to backup your files using Windows XP.

This guide shows a list of backup tools for Linux.

4. Use Clonezilla to create a disk image

Clonezilla is a specialist Linux based operating system that enables you to create a system image of your computer.

It works in a similar way to Norton Ghost used to work and therefore if you get any nasties you should be able to recover to the point in time the last image was taken.

Here is a guide showing how to clone a drive using Clonezilla.

5. Backup your files to Dropbox

The sudden realisation that all your files have been encrypted and that your children's photos are no longer accessible, your small company accounts folder is locked or your entire music collection has been rendered useless would be a sickening feeling for most people.

Services such as Dropbox enable you to synchronise your files between your computer and an online location.

This sort of service doesn't just protect you against ransomware but it protects you against disk failures, fires and burglaries.

If you do happen to get Cryptolocker then you could use a recovery disk to restore your operating system and simply synchronise back from Dropbox to your own computer.

Dropbox is free for the first 2gb and you can increase this to 16gb by referring other people.

You can get 100, 200 and 500 gb starting at $9.99 a month.

6. Backup your files to Google Drive

Google Drive is an alternative to using Dropbox.

With Google Drive you receive 15 gb of space for free and then a further 100 gb for $4.99 a month.

7. Backup your files using Ubuntu One

Ransomware has not yet become a major issue for Linux users.

Backing up your files is still a good idea however for reasons mentioned earlier such as protecting against disk failures, fires and burglary.

If you are a Ubuntu user you can backup your files to Ubuntu One. If you aren't a Ubuntu user guess what? You can also use Ubuntu One, even if you are a Windows user.

You get 5 gb data free on Ubuntu One.

For $3.99 a month you can get 20 gb storage as well as music streaming on your mobile. There is also an annual package for $39.99 a year.

8. Backup to DVDs, USB and External Hard Drives

When you do something on your computer such as synchronising photos from your digital camera, downloading music or creating documents you should consider whether you can afford to lose those files.

Synchronising to an external service is a great idea because it can happen automatically.

You should also consider backing up the files yourself to a blank DVD, USB drive or an external hard drive.
. By backing up to different DVDs regularly you lesson the impact of ransomware.

provide more space for backing up files. They are more expensive than DVDs but can be reused again and again.

provide even more space again which is useful for backing up video files.

9. Test your recovery media

There is no point in doing any of the first 8 steps if you aren't going to check that the backup paths you have chosen work.

If you have gone to the effort to create a recovery disk, insert it into the drive and make sure you can boot to it.

If you have backed up to Dropbox or Google sites make sure the files aren't corrupted.

If you have backed up to DVD, USB or external hard drive try and view the files to make sure they work.

Prevention

Having a disaster recovery plan is great. If the worst should happen then you now know that you can get back all of your files and you will have saved yourself £300. (minus the cost of any services or disks that you buy).

Have you ever installed an operating system before? How confident are you that you know how to recover your operating system.

It is very easy for me to sit here and say "just insert the system image and hit restore" but for those of you who are technically challenged this probably makes your palms just as sweaty as the idea of handing your credit card details over to a known bad guy.

If you are technically challenged then you may need to factor in the cost of getting a local computer store to recover your operating system and files.

Therefore the best course of action is prevention.

10. Don't run with elevated privileges

If you are a Windows user make sure you have more than one user account and make sure that the account you use to access the internet is just a standard user account.

The worst that can happen to a standard user is that the files in their own area are affected. You can simply destroy that user account if you so wish.

Running as an administrator is fraught with danger.

The same advice goes to Linux users as well. Don't run as root.

11. Install Antivirus software

Most of the good antivirus service providers will have Cryptolocker in their sights and so you should be protected.

Even if you are a Linux user you should consider installing antivirus software.

Just because there have been few reports of viruses doesn't mean that it can never happen but the main reason to install antivirus software for Linux is so that you can scan any files that you plan to send to your friends, relatives and work colleagues.

That picture of a cute kitten that is harmless on your Ubuntu machine might well be riddled with viruses that destroys your company network after a dozen colleagues open it.

12. Keep antivirus software up to date

Seriously there is no point having antivirus software that has out of date virus definitions. It is like having a lock on a door and leaving the window open.

13. Have your wits about you

If your bank has anything important they need to tell you then they will never use email to do so.

If you become overdrawn you will receive a letter in the post and you can always check your online bank account.

Most banks provide information via their online bank portals.

If there is anything in that email that just doesn't look right then get rid of it.

This theory works for all major companies and government departments. They don't (or shouldn't) send out anything via email that requires you to follow links or open files.

14. Use a virtual machine

Now this may seem a little overkill but you could consider using virtual machines for opening attachments in emails or for visiting sites that may be a little off the beaten track.

Windows has a virtual machines option but I would consider using Oracle's Virtualbox software.

Windows users can use a virtual machine to get their first taste of Linux.

Read my article "5 ways to try Linux without messing up Windows" for more information.

15. Use Linux

There have been no reported cases of Ransomware taking over anyone's Linux based operating system so why not join the millions of people who have left Windows behind for a more secure way of working.

And remember.....

16. Never pay up

As tempting as it may seem when everything has gone wrong never ever pay the ransom.

By paying the ransom you are encouraging these people to do it again and again and again.

Unfortunately this advice can be hard to take when even a police force thinks it is a good idea to pay.

http://www.theguardian.com/technology/2013/nov/21/us-police-force-pay-bitcoin-ransom-in-cryptolocker-malware-scam




To make it easier for everyone who wants to read my Ubuntu based articles and tutorials I have formatted them, rewritten them and added extra content which has resulted in the eBook "From Windows To Ubuntu".

The book isn't massive like a SAMS guide so it isn't going to take you forever to read it but there is certainly a lot of content.

9 comments:

  1. "4. Use Clonezilla to create a disk image"

    Tho Clonezilla is a powerful tool. Can be daunting for users with limited knowledge.
    Would recommend Redo Backup http://redobackup.org/

    Same powerful under the hood engine as Clonezilla but much easier to use. Also has extra tools like gparted,File manage and built in networking like wifi. Much easier to use than Clonezilla.

    Nice presentation and outline on how to protect yourself.
    Now if we can just get them to use these steps and tools to protect themselves.
    .

    ReplyDelete
  2. Backing up to Google drive or Dropbox is not a sure way to save yourself. Your locked files may be replacing your good files before you know about your infection. You will have to be able to go back to a clean version of each file.

    ReplyDelete
  3. ransomware has not taken over my computer, it is a linux mint 15 laptop only the open browser window got jacked

    ReplyDelete
  4. Use ubuntu privacy remix. Or you can get 2 OS. 1 in your harddisk for offline usage, and second at USB (using puppy tails for example) for online usage.

    ReplyDelete
  5. No backup strategy will help from this type of damage unless it keeps the old versions of the files. Ideally you will want to have the backups automated so you don't have to remember to launch it. But when the ransomware corrupts your files, if you don't catch it right away the backup job will simply overwrite the good documents with the corrupt documents. Your backup software MUST do version tracking AND allow you to restore all files from a previous date/time (so you don't have to restore one file at a time).

    We just experienced one user running cryptolocker and it corrupted 160 files on a shared Dropbox folder. We looked up the "event" in Dropbox when this occurred and asked their Customer Service to undo the event, which they did within a couple of hours of us asking. Saved our bacon!

    ReplyDelete
  6. Bitcoin is a form of digital currency created through a special process known as mining. The mining process involves difficult mathematical algorithms that make the currency scarce. Read more
    Bitcoin to bank transfer || Bitcoin|| Bitcoin to Bank wire

    ReplyDelete
  7. Got the ransomware lockup in my firefox browser in my linux mint 17. only the browser is locked up, Am searching for linux anti malware. Problems are always more exciting in linux because I'm not familiar with where to go to fix things like I am with windows. I'll bet you in another 5 or 6 years hackers will be crashing the stock market at least once a week because, hey, there's lots of money there. Am I right?

    ReplyDelete
  8. It is also necessary to keep your important data backed up, and also install good antivirus and internet security software. crytowall removal guide at how-to-remove.org

    ReplyDelete
  9. In the event that you are persuaded that your PC has been contaminated by an infection, you should instantly run a full framework sweep to permit the antivirus program to recognize and evacuate the infection. check over here

    ReplyDelete

Feel free to comment on any of the blog posts. Please try to be constructive.

Offensive messages will be removed as will blatant adverts for misleading products and sites.

Thanks for visiting my blog

    Popular Posts



back to top