It wasn’t that long ago that anti-virus software was the epitome of computer security, especially if you were a Windows user. However, ransomware and crypto malware attacks are rising at a terrifying rate and show no signs of stopping. Unfortunately, traditional anti-virus software alone is not effective in dealing with these types of attacks
Although experts still recommend using anti-virus software to protect your computer, this is now only the first part of a “layered approach” to keeping your PC and personal information safe.
The second part of the “layered approach” is to ensure your computer’s other software (especially the operating system) is up-to-date. Remember the WannaCry ransomware attack which struck the NHS’ (amongst other organisations) Windows machines in May? Microsoft had already provided a software update about two months before the attack that protected users running operating systems like Windows 7 or Windows Vista from WannaCry. However, PCs that hadn’t been updated or that were Windows XP were left vulnerable. Microsoft says users who were running Windows 10 weren’t affected by the attack.
Don’t forget to keep your anti-virus software, like Windows Defender, updated too. The software can't fight a threat it doesn't yet know about, and that information is found in regular updates.
The third layer is to recognise that phishing attacks are the most common way for attackers to get into your system. Phishing attempts happen when you receive an email with a malicious link in it, or are asked to enter your username and password on a website that impersonates your bank’s website, for example. So, try to be smart about what email service you use. Google and Microsoft are good choices, because, as they have effective inbuilt controls and security, they help prevent phishing in their Gmail and Outlook.com email services.
DO BACK UP YOUR DATA REGULARLY, because should your computer become infected by ransomware, you can wipe your computer, install the operating system from scratch, and then restore it from the backed-up version. OK, so it can be a pain to do, however it’s better than losing everything. Don’t forget to unplug your back up drive from the computer once the backup is done, otherwise it too will become infected.
Finally, as I have mentioned many times before, vigilance and common sense are crucial factors in helping prevent malware and ransomware attacks:
Never follow links from e-mails. Instead open a new tab or window and enter the URL of your bank or other destination manually.
Enter your username and password only over a secure connection. Look for the “https” prefix before the site URL - if there is no “s,” beware.
It will come as no surprise to you that this week’s article will cover the recent malware attack on the NHS and other major enterprises across the world.
The ransomware in question is called WannaCry (also known as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2) and in less than four hours, it had infected NHS computers, beginning in Lancashire, and then spreading throughout the NHS’s internal network.
Although the NHS does not seem to have been specifically targeted, many NHS trusts still use Windows XP, a version of Microsoft’s operating system that reached its “End of Life” on 8th April 2014. This meant that Microsoft stopped providing security updates or technical support for Windows XP, which instantly made the system vulnerable to a huge array of threats. Even though, in March, Microsoft released a patch for XP & Vista, the NHS failed to implement it!!
In case you missed the furore surrounding this cyber-attack, ransomware is a type of malware that infects a PC and then encrypts data files or even the entire system. Once all the files are encrypted, it posts a message asking for payment (usually in Bitcoins, a digital currency) for a code that will restore the files and threatens to destroy the information if it doesn’t get paid, often with a timer attached to put the pressure on. Even worse is that the hackers often take the payment but still do not unlock the data.
Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.
So, it has now been proven that computer users who continue to run Windows XP are playing a very risky game. Unfortunately, this irresponsibility then puts other computer users at risk because their systems end up hosting and distributing malware and viruses. Continuing to use Windows XP on the public internet is very much like going out in public with a virus and coughing on people.
If you are still using an XP machine, STOP! You need to upgrade your existing computer or, if your existing computer is too ancient to upgrade, buy a new one.
For users of the most recent Microsoft operating systems, do protect yourselves by installing antivirus software and keeping your operating system and applications up-to-date. Don’t visit any suspicious sites or open email attachments from unknown sources. Most importantly, you really must perform regular back-ups of ALL YOUR DATA onto an external hard-drive, then immediately unplug the device from your computer since ransomware can encrypt what is on that as well as what is on the computer.
Once again I feel the need to write another article warning about hacking and identity fraud as I have visited several customers over the last few months whose emails have been hacked. In some of these cases the email hijackers created “forwarding policies” from the customers’ email addresses. But what does this mean and why is it dangerous?
Well, in one instance, a lady received a fake email from BT asking her to login to her BT email account to retrieve her statement. By clicking on the link within the email and then entering her email address and password on the fake BT email page (which looked incredibly convincing by the way), she'd unwittingly given the hacker all they needed to get into her real email account. Once in the BT account, the hacker altered the lady’s email settings so that all of her emails were automatically forwarded to the hacker’s email address.
In another instance a customer called me because he had not been receiving emails for several weeks. It turned out that his BT email account had also been compromised and once inside his email account, the hacker had set up an auto-forward which was sending all his emails to an email address he had never heard of. We only got to the bottom of this because the hacker hadn’t ticked the box to keep a copy of the emails in the in-box; hence he was not receiving any emails.
The reason that this email forwarding scam is so dangerous is because the hackers will receive everything you receive, including bank statements, personal messages, log-in information for other websites and accounts and much more. How long would it take, I wonder, for a hacker to build up enough information from your emails to create a new identity based on you? Not long at all is most certainly the right answer.
My advice therefore to all email users is to check all your email settings, in particular ensuring that the box to forward email on is not ticked. I would also recommend being careful when clicking on a weblink within an email. Personally speaking, if I am asked to log into any of my accounts – be it email, banking, Apple, Google, Paypal or anything - I do it directly through their website and not through an emailed weblink.
I would also like to take this opportunity to stress once again the importance of strong passwords for all your accounts. The longer the password the better and the more characters there are in your password, the longer it will take for a hacker to break it, making it less likely they will continue trying. Do use a mixture of numbers, lowercase and uppercase letters and special characters as it increases the complexity of your password and increases its strength.
You may well remember my article last year warning of the scam whereby someone claiming to be from Microsoft or Windows technical support calls to tell you that your computer has been attacked by a virus and that they need to take control of it in order to remove the virus. In return, naturally, for a large fee. Of course, the caller is not from Microsoft and there is probably nothing wrong with your PC.
It would appear that since many people are now failing to fall for the “Microsoft Scam”, the scammers have put in place a twist on an old trick and are now purporting to call from ‘BT’s support team’ and have very believable answers when challenged.
They warn you that they have detected a virus which needs to be “fixed immediately” and then get you to download a piece of software onto your PC so that they can access it remotely to be able to remove the virus. In reality, what this software does is to give them access to your computer, therefore providing them with all your passwords and log-ins etc. Not only do they then access your bank accounts, they also make purchases using your credit or debit card details.
The alternative trick is to get you to pay the best part of £400 to remove the non-existent virus from your PC.
But the scammers are not stopping at phone calls. There is now an on-line scam in which fraudsters pose as legitimate internet service providers (ISPs) offering fake technical support. It works as follows: you are happily browsing the internet when a warning pop-up appears on your screen. This pop up is supposedly from your actual internet provider warning that “malware has been detected” and urges you to call a number "for immediate assistance”. When you call the number, you will be charged an excessive call fee and be asked to install software that compromises your computer.
It is scarily realistic because the scammers know which internet provider you are subscribed to. But how? Basically they place adverts which are infected with malware on perfectly legitimate websites. The user browses these websites and without even having to click on the advert, the malware in the advert redirects the user to a website in the background which checks their computer and finds their IP address. From the IP address it is easy to find out which ISP owns which IP address.
If you’re called by one of these scammers, whether they purport to be from BT, Microsoft or another company, NEVER let them remotely access your PC and NEVER hand over your bank details. It is simply not possible for a caller to know whether your PC is infected with viruses.
If you think you’ve been a victim, run a virus scan, alert your bank and contact Action Fraud to report the scam.
We are often asked what the differences are between malware and viruses and why an anti-virus cannot stop everything. This week I’d like to try to help out a little.
Malware (malicious software) is the big umbrella term. It covers viruses, worms, trojans, adware, spyware etc. Malware can be unwittingly downloaded from infected bogus email attachments, USB sticks, pirated material and hijacked websites.
There are 2 major categories of malware: hidden and visible.
This is malware that is predominately installed without the user’s knowledge. Its intention is to cause damage or for financial gain:
Virus - this may corrupt or delete data on your computer or even delete everything on your hard disk. Viruses spread when the software or document they are attached to is transferred from one computer to another.
Worm - a malicious computer program that is able to copy itself incredibly quickly from machine to machine, usually by exploiting a security hole in a piece of software or the operating system.
Trojan - like the mythical Trojan horse, they are often disguised as a piece of software that looks innocent. Trojans are one of the most common methods a criminal will use to infect your computer and collect personal information.
Visible Malware (Grayware)
Grayware refers to applications or files that are non-malicious, but can still adversely affect the performance of a computer:
Spyware - installs components on a computer for the purpose of recording internet surfing habits. Spyware sends this information to its author or to other interested parties when the computer is online.
Adware - displays advertising banners on web browsers, which many computer users consider invasive. Adware programs often create annoying pop-up ads and a loss of network connection or system performance.
PUPS (Potentially Unwanted Program) – software that uses high amounts of system resources and is a common cause of spam e-mails and slow systems.
The reason your anti-virus won't stop all types of malware is because the release rate of malware is so high. New malware is released on a daily basis and the anti-virus companies just cannot keep up. We advise that you protect your computer as best you can by:
Keeping up-to-date with the latest operating system updates and patches.
Installing anti-virus software and downloading updates.
Ensuring that Adobe Flashplayer is up-to-date. Use their official website (never use a pop-up which informs you that you need to update it): https://get2.adobe.com/flashplayer/
THINK BEFORE YOU CLICK. The best way to prevent a malware infection is YOU. Avoid downloading and installing anything you do not understand or trust.