Important: Facebook & LinkedIn Ransomware

Ars Technica reports a security flaw in Facebook and LinkedIn that can cause ransomware to be unleashed on your computer. Please read:

Are you feeling Locky? —
Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts

for the details. Of course, the best protection against ransomware is to not download anything and to never open a file or attachment, but that is not real in today’s world. Consequently, I highly recommend two software programs. I use both and have no financial or other interest in either program, other than being a long-time user of each.

The first is BitDefender Internet Security, which includes ransomware protection. There is a special Black Friday deal which is accessible here:

BitDefender Black Friday Deal

The second is Sandboxie, which allows you to open nearly any program automatically in a sandbox. The result is that even if malware is downloaded, it is downloaded to a sandbox, not to your main operating system files. Even if opened, the files are in a sandbox and thus can be checked and deleted without ever exposing your computer to permanent harm. Sandboxie offers an inexpensive lifetime license.

Sandboxie Lifetime Licensing

Be safe, be aware.

Richard Adin, An American Editor

Articles Worth Reading: Ransomware Strikes Again

The Ars Technica article, “Big-Name Sites Hit By Rash of Malicious Ads Spreading Crypto Ransomware,” is worth a few minutes of reading time. We have discussed ransomware previously (see, e.g., “Articles Worth Reading: More on Ransomware,” “Articles Worth Reading: Inside CryptoWall 2,” and “The Business of Editing: Playing It Safe“) and as I reported in an earlier essay, I was struck by ransomware, although I was able to fix the problem without paying a ransom.

This article addresses a problem I would not have expected — ransomware at big name websites. I encourage you to read the article and to develop a strategy for dealing with the growing problem of ransomware.

Big-Name Sites Hit By Rash of Malicious Ads Spreading Crypto Ransomware

We rely on our computers for our livelihood. Protecting ourselves is a worthwhile investment.

Richard Adin, An American Editor

Articles Worth Reading: Inside CryptoWall 2

A bit more than a year ago, I wrote about my experience with ransomware in “Business of Editing: URLs, Authors, & Viruses.” A week later, I followed it up with “Articles Worth Reading: More on Ransomware.” And just a few weeks ago, I wrote “The Business of Editing: Playing It Safe” in which I discussed Sandboxie.

Well, here we go again.

If you have been dithering about Sandboxie or similar protection, I encourage you to read “Inside CryptoWall 2.0: Ransomware, Professional Edition” from Ars Technica. As the article notes:

The installation components of CryptoWall 2.0 are cloaked by multiple levels of encryption, with three distinct stages of installation each using a different encryption method to disguise the components installed. And like many modern pieces of malware, CryptoWall 2.0 has a virtual machine check in its code that disables the attack when the malware is installed within a virtual instance—in part to prevent security researchers from isolating and analyzing its behavior.

The VM checker code, in the first stage of CryptoWall’s dropper sequence, checks the system for running processes, searching for VMware and VirtualBox services or the Sandboxie application partitioning library. If the coast is clear, the code does some best practices-based memory handling to release memory used in the initial drop mode, then launches another dropper disguised as a Windows Explorer process.

Note that before it tries to install itself, CryptoWall searches for a running process like Sandboxie. If it finds Sandboxie (or similar software) running, it doesn’t go any further; if it doesn’t find Sandboxie running, it proceeds to the next installation step.

Since I originally bought Sandboxie, the licensing has changed. Now you can buy a lifetime license for up to 3 home computers for $49.95 or for 5 computers for $74.95. For just 1 computer, the lifetime license is $34.95. For pricing information click here. (Again, I have no connection or interest in Sandboxie other than having bought a license for my computers.)

I think the price is cheap for the protection it affords. And contrary to popular belief, your antivirus and malware programs do not protect against ransomware. Although ransomware exploits holes in the operating system, it does not attack the operating system, which is what antivirus and malware programs protect against; ransomware attacks your data files — your Word documents, your text files, your picture files, and the like — by encrypting them, not destroying them.

If you haven’t yet checked out a program like Sandboxie, I encourage you to do so.

Richard Adin, An American Editor

The Business of Editing: Playing It Safe

Some time ago I wrote about my experience with ransomware (see Business of Editing: URLs, Authors, & Viruses, The Business of Editing: Backing Up Is Easy to Do, and Articles Worth Reading: More on Ransomware). As I made clear in the first essay, I attacked the problem aggressively and prepared for disaster.

Sandboxie

Recently I took yet another step. This step is ideal for those of you unable or unwilling to invest in the type of computer setup I did, which I admit is not cheap. But this step is very inexpensive — it cost me $20.50 (the price was €15 and this was the conversion price). More important than the price is the protection I gained.

Sandboxie is a great way to access the Internet in protected mode. Sandboxie is for more than accessing the Internet, but that is all I use it for. Sandboxie opens programs and browsers in a “sandbox,” which means that anything that gets downloaded doesn’t get downloaded to your computer where it can do harm; it gets downloaded into a sandbox.

I use Internet Explorer as my web browser. I have now set it so that when I open IE, it opens in a sandbox. When I download, for example, client files from an FTP site, Sandboxie asks me whether I want to first open the files in a protected sandbox or save them to my hard drive. Basically, what Sandboxie is doing is setting off space on my hard drive as protected space that prevents malware from accessing my real files. Should it turn out that I have downloaded malware, I can instruct Sandboxie to delete it, knowing that the malware never got the chance to compromise my hard drive.

How important is this? The impetus for my looking for a program like Sandboxie was news reports about Cryptolocker. Cryptolocker is ransomware of the most vicious type. It attacks your data files and encrypts them. You either pay the ransom or never get access to your data files. Apparently even the data recovery companies, which charge several thousand dollars to recover data, are unable to break the encryption or if they can, not for a reasonable price and not for anything close to the price of Sandboxie.

In speaking with my computer technician about Cryptolocker, he said I had two choices should I get infected: pay the ransom or completely reformat my hard drive and reinstall all files (assuming I have backups of all of the data files). Both are expensive alternatives to Sandboxie.

Paying the ransom is problematic. They do send you the decryption key but they also leave on your computer the means to reencrypt. I have heard of instances where several months later that is what happened — renecryption with a new ransom demand.

Reformatting the hard drive is also problematic because it takes quite a bit of time and it assumes that (a) your backups are current and so you do not lose any information, (b) that your backups aren’t of encrypted files, and (c) that the backup doesn’t include Cryptolocker or similar ransomware malware.

This video from Sandboxie explains how it works:

It is pretty hard to go wrong for €15. The only thing I do not like is that the license is for one computer and for one year. I mind the one year less than the one computer limitation, but the bottom line is that this is very inexpensive protection from a very serious — and potentially very costly — problem. Sandboxie does offer a 30-day trial period; I tried it for 5 minutes and bought it.

Startpage

The other thing that I dislike about the Internet is that whenever I look for something online, I am leaving a trail for spammers; there is a lack of privacy. So I have started using Startpage, for my searches.

Startpage is free. Basically it is an overlay to Google. Instead of directly running a search through Google, you run it from Startpage. Information about Startpage is available here.

All searches and website accesses done via Startpage are done from Startpage’s servers, so it is Startpage’s IP address that is seen, not yours. And cookies are downloaded to Startpage’s proxy servers, not to your computer.

There are limitations. For example, it doesn’t support JavaScript, which means some features on some websites are not usable. But Startpage gives you an option to connect direct rather than via its proxy servers. (For a video on Startpage Proxy Servers, click here.)

This is an excellent free service. Check it out.

Richard Adin, An American Editor

Articles Worth Reading: More on Ransomware

Recently, I wrote about being attacked by ransomware (see Business of Editing: URLs, Authors, & Viruses). It appears that the problem is getting worse. I thought you would be interested in this short Ars Technica article (and the comments that follow it):

“Soaring price of Bitcoin prompts CryptoLocker ransomware price break.”

The ransomware mentioned in the article is even more frightening (to me) than the ransomware I “caught,” and makes clear that it is more important than ever to regularly backup and image my hard drives.

Although the article is short, it is worth spending a few minutes to read. There are a lot of comments, but the first few are enough to emphasize the danger of ransomware and the need to be increasingly vigilant.

Business of Editing: URLs, Authors, & Viruses

One of the things I most dislike about editing is the need to check author references. Aside from the mishmash manner in which the references are provided (e.g., it is not unusual to find two journal cites, one following the other, in completely different formats), I find that I am becoming increasingly angry at having to check URLs.

The Internet Age has brought many positive things to our world, but one negative is that authors increasingly cite URLs as a reference. Aside from the transience of URLs, they present a hazard to the editor who has to verify them.

Checking URLs has become expensive for me. Why? Because the links provided have become dangerous.

Twice in the last 3 months, I have inadvertently (i.e., unknown to me) downloaded ransomware (malware) to my computer as a result of clicking an author’s reference URL cite. Each of those incidents cost me several hundred dollars to remedy. In addition, my antivirus/antimalware software has protected me against another half dozen potential threats.

I’m not so angry about the threats against which I was protected by my antivirus software as I am about the ransomware ones that cost me money to cure. Fortunately, I have a local computer expert (the person who built and maintains my computers) who is willing to put me at the top of the list when I have a problem. Of course, it also means I pay for the service — and clients are unwilling to reimburse that expense.

What happened is that I clicked on a URL, found it was not good, and then moments later found that I could not access my computer’s primary screen — instead, I was faced with a demand for $300 to unlock my computer. Apparently, this is a regular scam. Sometimes the demand is labeled as coming from the FBI, sometimes it is from Homeland Security. According to my computer expert, if you pay the $300, you get a code to “unlock” the screen but then, sometime down the road, it locks up again and another demand for payment is made.

At least this bit of malware is less vicious than it could be. It only blocks access to the screen; it doesn’t attack data files.

I would be less angry about this if I thought the authors even cared a little bit, but considering that 75% of the URLs cited in the reference list in the latest project were either invalid (the URLs returned “Error 404: File Not Found” errors) or took me to clearly irrelevant sites, I have little faith in the idea that the author cares that at least one of the listed cites caused major problems for me — and would do the same for the reader who decided to check the cite.

We all know that the Internet can be a dangerous place. For the young, it is a source of never-ending bullying; for the elderly, it is a way to lose life savings; and for editors who have to check the validity of a cited URL, it is a way to infect one’s computer and suffer financial loss.

I am also mad at myself for getting caught by this malware twice. I am very careful about how I use the Internet and I make sure that I use up-to-date protection software. I even use the “pro” versions so that I get hourly updates. I also avoid likely troublesome sites. And for years I never suffered an invasion of malware.

Getting caught twice in 3 months is making me wonder what else I can do. It is hard to avoid the risk exposure when I have to check URLs as part of my job. And there is no way to know (at least not that I am aware of) in advance that a particular URL is going to make me wish I was retiring.

One colleague suggested that I simply not check URLs. Unfortunately, I cannot see an ethical way to do that. Instead, I am thinking of adding a clause to my “contract” that basically says, “client warrants that all URLs cited in the manuscript are virus- and malware-free. In the event that verifying a cited URL causes a virus or malware attack on my computer and/or network, client agrees to pay the cost of expert removal plus for my lost work time.”

I suspect that few clients would be willing to accept such a clause, especially if the client is a publisher or service provider rather than the author. But I need to do something, and the additional clause seems the best option at the moment. It would at least make my client aware of the potential for the problem.

For those of you who are interested in seeing what this particular virus is about, here is a link to Yoo Security. Should you get the virus, getting rid of it is a problem because you can’t easily access your desktop and rebooting doesn’t get around the problem. I suggest that you go now to your antivirus software’s website and search for ransomware under Support. There should be an article that tells you the steps you need to take to rid your computer of this malware. Print it and save it. Even if you can’t do it yourself, it may save you some money when you have someone else do the fix.

Have you experienced virus or malware attacks from client files? How did you deal with it?