Newsletter – October 2015
Keeping your files safe from trojans
Cryptolocker first appeared in 2013. It was a new kind of trojan – an ordinary-looking file that, when opened, releases malware into your computer. Cryptolocker’s twist was that it would encrypt all the files on your machine and demand a ransom to decrypt them. It also displayed a timer and if you didn’t pay before it ran out your files would be gone forever.
The good news is that in June 2014, an international team of cybersecurity experts was able to neutralise Cryptolocker and indict the head of the crime syndicate responsible for it. The bad news, however, is that other criminals had already started work on copycat Trojans.
Now ‘CryptoWall’ and ‘TorrentLocker’ are making the rounds, forcing many Australian business owners to choose between financing illegal activity and surrendering valuable data. So what can you do to protect yourself from these programs?
Prevention is better than cure
Unfortunately, there’s no ‘cure’ for CryptoWall and TorrentLocker – if you decide not to pay the ransom, you’re unlikely to ever retrieve your files.
So here’s how you can prevent your computer or network from being attacked: both CryptoWall and TorrentLocker spread using false attachments that usually arrive with unsolicited emails from government departments. For example, the Australian Communications and Media Authority has warned consumers to be on guard against emails that appear to come from Australia Post but contain suspicious attachments.To stay safe, it’s a good idea to introduce rules on how to treat unwanted emails.
You should also take steps to limit damage in case of an infection. For example, Spiceworks has released a CyberLocker Prevention Kit that also works for the CyberLocker clones – it isolates infected computers and can prevent the Trojan from spreading through your network. You can apply the same changes automatically to a single computer using the CryptoPrevent tool. And of course you should always also use a strong and regularly updated antivirus program with active scanning.
Back up regularly
Backing up you files is the most important step you can take towards protecting yourself from ransomware. With regular backups, you can restore important files even if your network or computer is compromised. However, it is vitally important that you back up your files to an external source. Otherwise, a Trojan like Cryptowall might encrypt your backup files too.
Consider your cloud solution
In July 2015, Heimdal Security reported that CryptoWall 3.0 had begun to spread to files stored in Google Drive, the popular online storage service. At around the same time, Cryptowall was also detected in Dropbox. Many users were shocked to learn that they couldn’t retrieve their files from these sites – and that’s why it’s so important to distinguish between file syncing and file backups.
File syncing services like Google Drive and Dropbox immediately mirror changes to files on your computer or network – even if those files have been corrupted. However, they don’t perform incremental backups, which means that you can’t retrieve an earlier version of a now encrypted file. That’s where cloud backup services come in. Not only do they back up files in real time, they save copies of each file version in a separate location for future retrieval.
So, if you’ve moved to the cloud, ensure you’re using best practice backup procedures. And if you’re committed to Google Drive, consider a service like Backupify which automatically copies your files on Google Drive to a secure location.
Keeping ahead of the crypto-villains
According to the FBI, CryptoWall infections cost American consumers US $18 million dollars between April 2014 and June 2015. And in Australia, TorrentLocker alone has infected more than 9,000 computers, demanding payments of up to AU$1,500. Make no mistake – they’re dangerous programs and can paralyse your business if you’re unlucky enough to open the wrong attachment. So be proactive, educate your colleagues, and make sure that your files are kept out of harm’s way.
back to top
Three ways to secure your Windows 10 device
When you buy a new car, you expect that it will come with robust security features: an immobiliser, central locking, and maybe even an alarm for good measure. New operating systems are the same and on this score, Windows 10 doesn’t disappoint. The latest version of Microsoft’s desktop and mobile OS, it boasts three in-built security features designed to keep your data and devices safe.
1. Device Guard
Would you like to install this app? Most of us click yes without much thought – but what if the app in question secretly contains malware? Or what if you’re not even notified of the app’s self-installation?
Device Guard takes care of this by blocking executable and script-based malware. It also allows organisations and individuals to identify trusted apps, giving them exclusive permission to run updates and perform other automatic functions.
Importantly, Device Guard has been endorsed by several manufacturers. With its ability to neutralise malicious apps, Device Guard offers an easy way to keep your devices safe from harm.
Traditional passwords pose a problem: the more secure they are, the harder they are to remember. Fortunately, Microsoft Passport gives Windows 10 users a safe and easy way to access password-protected services.
Users first complete an easy two-factor authentication process that requires a PIN or biometric signature and an authorised Windows device.
Once authenticated, users can select a unique gesture to use for future log-ins. This allows Windows to complete other log-ins (for example, to online services) on the user’s behalf. It’s a safe solution, and a convenient one too – after all, not only are gestures harder to crack than passwords, they’re also much harder to forget.
3. Windows Hello
Windows Hello works with Windows Passport to provide enterprise-grade security without the need for a password. Using Windows Hello, you can teach your device to recognise a unique biometric.
In other words, you can start signing in by using a scanner to read your fingerprint or a camera to identify your face or iris. It’s a form of security that nobody else can guess or replicate – and, to make it even safer, the authentication data is encrypted and, to protect it from online assailants, stored only on your device.