Do you recall “WannaCry”, the nasty malware of early 2017 that tried to infect your computer and encrypt all its contents? It was unfortunate for those whose device got encrypted, as all data was lost unless you dared to pay the ransom requested by the attackers. And even if you’d paid, it was not certain that you would get your data back – that’s why we usually do not suggest paying any ransom… Now attackers have started increasing the pressure. In the past, infections blocked computers, stopping them from working, spreading their infection, or making fun of their owners. Then, networks of devices were misused to spam the world, attack web sites and web services. Staying silent and monitoring owner activity came next: spying on your banking activities, your passwords, etc. “Ransomware” like “WannaCry” holding your data hostage was the last level (“Ransomware - when it is too late..."). And now comes the next level: “Doxware”.
For many of us, our computer, and even more so our laptop, smartphone or tablet, are the central digital focal points of our lives: we store our personal photos and videos on them, as well as lots of private documents, and we use them as a central hub to access our bank accounts, to communicate with our closest friends (on Facebook, Twitter), or to consult our favourite health application to check out our wellbeing. Where is your smartphone now? You recall that panic when you do not know where it is? With a successful attack against our devices, lots is lost. “Ransomware” destroys our local data, malware like “Dridex” extracts banking and transaction details to extort money, other malware aims at harvesting the passwords for your social media accounts, etc. Already bad, isn’t it? “Doxware” is taking this to the next level. The word stems from “Doxing” (where “dox” is an abbreviation for “documents”), which is the Internet-based practice of researching and broadcasting private or identifiable information (especially personally identifiable information) about an individual or organisation. Like “Ransomware”, “Doxware” will encrypt your hard disk and ask you to pay some ransom money to get that data decrypted. But this time, a simple backup won’t help as the attackers will also threaten to expose all your personal and private data on the Internet if you don’t pay… It’s a difficult call to make, isn’t it?
Thus, keeping your devices secure is once more essential for your privacy and the protection of your (digital) belongings. Keeping your computer, smartphone and tablet up-to-date is one of the central paradigms of computer security. Only if they are kept updated can you be sure that at least the known vulnerabilities and weaknesses are fixed and your device cannot be exploited:
- If you have a personal computer with your own Windows operating system, check for “Windows Update” in the program listing on the Start button. Switch to the recommended “automatic” update method!
- On Linux distributions, make sure that you regularly run “yum update” or even better, enable automatic updates. Don’t forget to reboot your computer when a new kernel is installed, in order to properly apply kernel patches!
- For Apple Macs, use the software update mechanism, which is accessible under the Apple menu.
- For iOS or Android devices, check out the system settings.
Running antivirus software on your Windows or Mac device is a great plus, giving you additional protection and prevention capabilities. And such software comes for free for CERN personnel. The CERN anti-virus software for Windows and Mac can also be used at home… for free! If you can, get rid of Acrobat Reader, Flash and Java as these applications are regularly exploited to break into computers. If you can’t, make sure that these and any other applications are kept up-to-date. If you are in doubt (and are running a Windows system), you can install and run this fine program from Secunia which checks your computer for outdated software. Take care with your password and only provide it to websites you fully trust. Never put your passwords in e-mails, not even in reply to someone asking for it. And have separate passwords for different web services. Finally, infection vectors are usually either malicious e-mails or websites. Hence, STOP – THINK – DON’T CLICK when considering clicking on a link or opening an attachment. Only proceed if you trust the origin of the attachment/link. Here are some hints on how to identify malicious e-mails. Yes, it is very difficult. But it is this weakness of human nature that attackers try to exploit first…
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, visit our website or contact us at Computer.Security@cern.ch.