Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Your hard drive held hostage– Ransomware*

You turn on your computer and see, “Your files have been encrypted–send me $500 for the key.”
An article in Newsweek calls this a “new” phenomenon, but I assure you it is not — it even has a name: ransomware.

As my loyal readers know, I am constantly advising security, security, security! I have a “thing” … I detest digital Evil Doers.
Ransomware is a type of worm and/or trojan horse that runs a RC4 encryption algorithm on your hard drive. This ‘scrambles’ your files and makes them unreadable … unless you have the ‘key’. The malware leaves several (readable) read_me.txt files which tell you what has happened, and where to send money to buy the key. Your data held hostage. Without the key, all you have is gibberish. Without paying the ransom, you have no key. Or, that’s the idea anyway.
I haven’t talked about ransomware before because it has not been a very common, or rewarding attack.

What this means to you is that it is more important than ever to have an off-machine backup and up-to-date malware protections in place. You do have a recovery backup … don’t you??? Please click this link to read my article on creating backups. It is important to understand that what this piece of code does (and this is true of most malware), it does, or tries to do, to every drive it can find. That means every storage device attached to your computer, such as the hypothetical drive “E:\” in the ‘how to auto-backup’ article, will get scrambled. If you store your backup (and/or backup image) on a partition, or USB attached hard drive, it is effectively gone as a result.

Tip of the day: I will reiterate, because it’s so gosh-durned important, that you should store a recovery backup in two locations; usually this means two different storage media types. In this case I’m referring to CD’s or DVD’s.
I use a 3rd party “disk imaging” application (I happen to have got a deal on Norton Ghost [free after rebate], but my reco is Acronis True Image) which automatically breaks the system backup into disk-sized pieces. But you do not need such a program; you can use your zip program (see today’s free link) to do the same thing to a Windows Backup.bkp file. It will take several disks, so be sure to stock up.

If you have Windows Vista Home Premium or Ultimate Edition, you have a powerful system backup utility (built in) that will copy a recovery backup to disk, or other storage, that works through an easy to follow wizard. And you also have a delightful command line imaging tool called Ximage that I suggest you look into.

The main point I want to get across is that if you should, one day, discover that some Evil Doer has scrambled your files and wants money to descramble them, DO NOT SEND THEM MONEY. RC4 can be broken. You can find the password (the ‘key’) posted on the Internet, and use it to get your files back. You also should take a seriously critical look at your Internet protection apps … either you didn’t have them, or they let you down. Fix that.
If this happened to me, I wouldn’t bother with trying to decrypt my files. I wouldn’t trust that the trojan wasn’t still lurking, (possibly as a rootkit)ready to pull the same stunt again and demand another ransom. I would format my hard drive and boot my first recovery CD and restore my system from the backup. This backup would not contain the trojan, because I make system recovery DVDs once a month, nor my most recent files … those I would recover from a network drive, or live without.

So. You do have a system backup, right?

Today’s free link: there are many zip utilities out there, and Windows comes with a “compressed folder” zip tool, and selecting one is a matter of taste. They all do basically the same thing: take a big file (or folder) and run a compression algorithm to make them smaller (“zipped”). Some are free and some are for sale — typically under $20. The free zip tool I use is 7-Zip. It has all the features you need, and actually does compress.

Can I ask you a favor? I am a bit curious as to how Tech–for Everyone readers are feeling about the Olympic Games being held in China, and so I’ve created a very brief survey. Click Here to take survey

Update 8/16/07: There’s a report on Sunbelt of a new ransomware, and this one only demands $150. Click here for an interesting read.
Update 8/9/08: Bill Mullins discusses a newer, and meaner, type of ransomware in this article.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

August 9, 2008 Posted by | advice, Backups, computers, cyber crime, encrypting files, how to, PC, ransomware, security, tech, Windows | , , , , , , , , , , | 2 Comments

Secure Gmail, repair Internet Explorer

A couple of quick tips to start the week, which were stimulated by reader questions.

Tip(s) of the day: How about that? Two for the price of one!
Tip 1) In response to public demand, Google has added a feature to its Gmail service which will force it to always use SSL encryption when you logon (https). This is particularly beneficial to those of you who use wireless, public computers, and/or public ‘hotspots’. All you need to do is turn it on.
[note: a secured session is not the same thing as encrypting your individual messages. For my How To on that, click here.]

To turn on the “always use” feature, log on to your Gmail account, and in the upper-right area, find, and click on the “Settings” link.
Now, scroll down to the bottom, and in the “Browser connection” option, click on the “always use https” radio button, and then click on “Save Changes”.
https 
That’s it. You’re done. Now your connection to the mail server will be encrypted and you’ll be protected from packet sniffers.

Tip 2) Sometimes programs get “corrupted” and just refuse to work right, and usually the way to repair them is to uninstall them (Add/Remove Programs), and then re-Install a fresh copy.
One of my more popular articles has been how to repair the hyperlinks function in IE when clicking on a link doesn’t open a new page (if that’s your issue, click here), and this tip goes a little further than that. (To see all my articles on Internet Explorer, click on “IE 7” in my Categories widget.)

You can resolve many troublesome IE issues by “resetting” it (which also re-registers .dll’s).
For IE 7:
Click on “Tools” and then “Internet Options”.
On the Advanced tab, and then click the “Reset” button.
reset

For IE 6:
[note: I highly, sincerely, and ardently, urge you to stop using IE 6, and switch to 7, or Firefox 3, or Avant, or whatever. Please? It’s only the most hacked piece of software ever!]
a: Click Start, click Run, type “%systemroot%\inf” (no quotes) and then press Enter.
b: Find the Ie.inf file that is located in Windows\Inf folder.
c: Right-click the Ie.inf file, and then click Install.
d: Restart the computer when the file copy process is complete

Today’s free link: In one of the tips above, I mentioned Windows’ Add/Remove Programs tool (found in your Control Panel) which is the standard method for uninstalling programs from your machine. Long-time Windows users can attest that this utility doesn’t always work as it should, and completely remove all traces of the app you want gone. To really remove a program, you may want the power of a 3rd-party uninstall program, and the one that’s most recommended in the Geek community is Revo Uninstaller (also available in a portable version).

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

August 4, 2008 Posted by | advice, computers, e-mail, how to, IE 7, Internet, PC, privacy, security, tech, troubleshooting, Windows | , , , , , , , , , , , , , , , , , , , , , , | 6 Comments