Computer security: Malware, ransomware, doxware and the like

Computer security was easy in the last century, when malicious infections usually just involved people misusing a computer to spread or, in the worst cases, delete files. But all that has changed. Today, your computer and smartphone are the centre of your life and people with malicious intent are on the prowl, seeking to compromise them and extort money from you!

The world has changed. Today’s attackers are no longer just a few script kiddies hiding away in dark rooms, as Hollywood suggests. “WarGames” is long gone. Instead, they have created illegal enterprises with Mafia-like structures, where management, attacks on end users, computer exploitation, blackmailing and exfiltration of money are separate activities, partially outsourced to “subcontractors” or just bought from third parties:

1. Certain despicable experts create malware that exploits as-yet-unknown vulnerabilities in your favourite operating system or application;

2. Others provide lists of e-mail addresses and deliver that malware as an attachment (e.g. as an infected PDF or Microsoft Office document). Alternatively, they run e-mail campaigns asking the recipient to click on a malicious link (see our Bulletin article “Protect Your Click”). The website behind that link has already been compromised by other malicious parties, who have managed to install the malware on it (e.g. as rogue advertisements);

3. The malware is just the vehicle. Top management decides what happens next: “ransomware”, “doxware” or just creating chaos*. If it is about money, the malicious parties provide the infrastructure required to extract it (“pay us $300 in Bitcoins”) and harvest the virtual money;

4. Finally, yet more groups convert the virtual money into real dollars – clean dollars, which cannot be traced back…

Attacking the centre of your life has become a serious, but illegal, commercial business. There is a lot of money to be earned and someone will always pay. Don’t let it be you!

1. Make sure that all your computers, laptops, smartphones and tablets are up to date. Have your operating system’s update mechanism enabled and ensure that it is automatically applying any new security patches. If possible, run some decent antivirus software on it, and remember that CERN’s antivirus software for Windows computers and Macs is free to you, even for home use. That should prevent some variants of the malware in step 1 above;

2. In order to thwart step 2, do not click on links or attachments sent to you in unsolicited e-mails. Rather, check the context first: Is the e-mail addressed to you? Is it relevant to you? Does it look legitimate? If in doubt, contact us at Computer.Security@cern.ch. The same is true of browsing web pages. Watch your click. If in doubt, better to Stop – Think – Don’t click! Again, if in doubt, contact us;

3. Finally, back up your important data. CERN data should be backed up on AFS, DFS or EOS – services that are designed not to lose data. At home, back up to an external hard disk (but don’t keep it permanently connected!) or buy a network-attached storage (NAS) device. If you are blackmailed, it’s unfortunate, but do not pay any ransom. This will prevent steps 3 and 4 from happening. The likelihood of getting your data back is very small. If your computer is infected with ransomware, you may be able to recover your files using the tools provided on the following website: https://www.nomoreransom.org/en/index.html (which also contains excellent advice on how to avoid becoming a victim of ransomware).

It’s your life. It’s your computing device(s). Don’t let them get you.

 

* If you are lost, have a look at this helpful article:

http://www.zdnet.com/article/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software.


Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, visit our website or contact us at Computer.Security@cern.ch.