Technology Practice Tips: Ransomware (Transcript)

This is a transcript of a podcast discussing ransomware, what it is and how to avoid downloading it onto your device.

Speaker Key:   PB: Phil Brown, DW: David Whelan

PB:  Hi, it’s Phil Brown and I’m here with David Whelan. Today we are going to talk about ransomware.

DW:  Ransomware is an attack that has been around for quite a while, and it is really what it sounds. It is a mixture of the word ransom and software.  It is software that will do something to your device, your computer, phone or tablet, and then requires you to pay a ransom in order to get it back to where it was before.

PB:  Ransomware is not new; it has been around for a few years and I guess technically would be classed as a type of malware.

DW:  Right. It just seems to have gotten very popular in the last six to eight months and I think part of what has happened is that people have developed ransomware kits, just like when you would build models when you were a kid, that are available for sale.  If you have the money, you can buy a kit and implement it or tweak it, and make it your own. Or you can just use it out of the box and infect peoples’ computers with the ransomware software.

PB:  They are not all the same so you cannot stop it with just one particular malware blocker built into your system.

DW:  Right, and we have talked on other podcasts about being wary where you click.  This is a really good example of being wary where you click and where you visit because it is a piece of software that has to be downloaded. In order to get Criptolocker or Simplelocker or one of the other ransomware applications on your device, you would have to be doing something proactive to make it start.

PB:  They can be disguised in a simple email in a number of different ways.  We recently spoke to someone who had one disguised as what looked like an emailed fax.

DW:  Right, and when he clicked on the fax to open it, “Bob was your uncle”.

PB:  His entire hard drive, perhaps not the entire one but certain types of documents were encrypted, and the only person who had the key was whoever was at the other end of that ransomware Trojan.

DW:  Right. And they are pretty pernicious - they will go through your entire hard drive and encrypt all the files. They tend to be what is called “network aware” so that if you are connected to a network, even if you just have an external drive that you connect to over the network, or it is plugged into your laptop, it will go through and encrypt all of those files too.  Then, if any of those files are synchronized up to the Cloud, this synchronization to drop box or whatever, will upload the newly encrypted file and replace your open file. So everything you have will be locked down by this ransomware.

PB:  So chances are, if you had a Cloud-based backup as your only backup, and this infected your computer and was network aware, there is a very good chance that the entire backup for your firm could be encrypted.

DW:  If you think you have clicked on something and started the transfer process, then one of the things to do is disconnect yourself from the network so you limit yourself to whatever damage is happening on your local drive. If you have a good backup of your documents or the files that it is encrypting, then you can probably just throw those encrypted files away. In other words, reinstall your operating system, reinstall your applications and then pull the files from your backup over and you won’t have to pay for the ransomware.

PB:  Right. Let’s talk a little bit about paying for the ransomware because we know that a number of people have been paying for the ransomware for quite some time.

DW:  Yes, the ransomware is interesting. I think it is very interesting to think of them not as evil-doers behind masks with little hoodies sitting in their mom and dad’s basement, but as business people. What happened with the original ransomware is that once it was installed on computers, the people whose files had been infected did not have enough time to figure out how to pay. The files were being wiped out and the ransom people were losing money, so they said “Hey, this isn’t working. We’re going to move from a three-day window to a seven-day window because we want to give these people enough time to pay.” It is tricky and not just a matter of getting out a credit card and walking down the street to pay. In most cases you have to pay using something called “bit coin”.  This is an encrypted money that exists only on the internet.

PB:  Right, and typically, with some of the ransomware that we have heard about, they are looking for $300-400 US converted into bit coin.

DW:  So it is a matter of figuring out how to pay, getting the money to the right place, buying the bit coin and then transferring it.  Once you have transferred it you will receive a key that allows you to unlock and decrypt all of the files that have been encrypted.

PB:  And desktop computers are not the only devices that are vulnerable.

DW:  Right. It is very interesting because a lot of these ransomware will get around your antivirus and malware software, so you need to keep those up-to-date anyway. If it does get around your software then you will need to look for a way to unlock.  Some devices, like android devices, have downloads available, for example Avast simple locker. Avast is an antivirus tool but it also has a way to unlock the simple locker ransomware.  That is the sort of thing you will have to do. Although, the first thing is, you should really be proactive about locking down your computer to block the software from getting there in the first place. There are sites like which has a free download and will make some sub changes to your Windows computer so that if the Criptolocker is ever downloaded it is not able to execute.

PB:  Right, and earlier this year there was also a hole exploited in the “find my iPhone” app with iPhones.

DW:  Yes, that is an interesting one, a problem masquerading with ransomware.  Someone got a hold of a bunch of iCloud accounts from some Australian iPhone users and probably just figured out what their passwords were or otherwise how to gain access to their accounts. They logged in, set their phones as being lost, and then sent them a message over the screen. They were able to totally control the phone without actually downloading any software; they were just using software built into the iPhone. Those people just had really poor passwords so they were subject to this attack.

PB:  Right, and they could not really do anything with their phone other than wipe it, start forward, or pay somebody I suppose.

DW:  Yes, and those people were pretty reasonable too. I think they only wanted about $100.

PB:  Now, again, the message here is to think before you click.

DW:  Yes, and with ransomware you really need to plan in advance.  It is not even enough to just do training to make sure that you are thinking about it and aware that it is happening.  You really need to plan in advance and make sure that your NFR malware software is up-to-date. You may also want to consider whether you have a firewall turned on and whether it is watching for these sorts of things. You will want to make sure that you are aware of tools that will block things like Criptolocker from downloading. The good thing is that security experts think that we are sort of past the big blowup of ransomware and that we are moving on to other, different attacks that still will put your information at risk, but ransomware is hopefully something that will just be bubbling on the horizon rather than the big issue it is right now.

PB:  Right, so I guess one of the parting messages would be that even if you know the source of the email and it purports to be from someone you know, you should still ask yourself, “Was I expecting any sort of attachment from this person?” or “Why would this person be sending me a link to go to a particular website?”.

DW:  Right. And if you end up on a website where you really ought not to be, and I am not suggesting that anyone go to a porn site but those tend to be common sites that are exposed this way, and click on an advertisement or something on one of the sites, you may find that that has done the damage and downloaded the ransomware.

PB:  Right. So anytime you are out there looking at untested sites and something odd is happening on your computer, it is a good idea to disconnect from the network. That is our look at ransomware. Thanks very much David.

DW:  Thanks Phil.