NelsonWerks

Malware, Ransomware, and Poor Life Choices

By now we have all heard about the WannaCry Ransomware attack of last week, that affected thousands of computers worldwide. It was stopped by a security expert, who was fortunate to do some digging and put a stopgap in place. This is not a permanent fix for the virus, nor does it mean you're no longer at risk. Your computing platform of choice can be compromised regardless of the brand name.

Your most valuable information these days is your login information. Most individuals just keep using the same passwords, or a rotation of passwords for almost all of their accounts. This is would qualify as a poor life choice. Yes, they're tough to remember, but with apps that encrypt and remember passwords for you, and even suggest really hard ones, there are fewer and fewer excuses. Even the built-in Safari suggestions that pop up when you are creating new login info are incredibly easy to use, and retrieve.

Yes, I said retrieve. Most people don't know this, but in Safari preferences in MacOS and iOS, you can simply log in and look up any password that you have allowed your device to save for you. This is an encrypted keychain of your passwords, and syncs through iCloud to all of your devices. The keychain allows you to use those complicated password suggestions, and keep your login information protected with just a few clicks. It's so easy to use, yet not a lot of people have set it up correctly. 

The biggest issue with having the same login for everything is that if your information gets stolen in, let's say, the Target hack a few years ago. A hacker now has your usual email and password combo on a list somewhere. They are then free to just start logging into things, until that combination works for them. Then, depending on the type of service or information they can access with that password, you begin to realize how screwed you are, once things start to go wrong. One good resource to help let you know if your information is out there is: https://haveibeenpwned.com. It looks like a shady site, but isn't, I promise. Put in your most often used email address, and you will get an email, should your email that you put in ever come up on any hacked email lists that have been publicly released. I bet it is already on several, mine was

Ransomware is a whole different beast. It basically encrypts and then locks you out of your hard drive. That means that you can't read or access your information until you pay the fee that the criminal is requesting. To me, it seems common sense not to click shady things if your email, but people still do, and they get pwned.

pwn - pōn/verb
informal
past tense: pwned; past participle: pwned
1. (especially in video gaming) utterly defeat (an opponent or rival); completely get the better of. "I can't wait to pwn some noobs in this game"

A few helpful tips to avoid getting yourself in a bind and owing bitcoin to a guy that doesn't care one bit about how sad you are that his software just ate your hard drive:

  1. Don't click things in emails from people you don't know. Stranger danger.
  2. The IRS will always contact you via snail mail, not email.
  3. Apple will never send you an email asking you to 'verify' your information.
  4. Set up Two-factor authentication WHENEVER and WHEREVER if is offered.
  5. Don't click weird links.
  6. Use antivirus software if it is available to you.
  7. Don't install any programs when you are not 100% sure of their source.
  8. Check the email address that is sending the email or message. It might display 'Apple Inc', but if you click the little arrow to see the real address, it will probably read more like 'comradeinc123!@sadness.com'

One other way to avoid some of the misfortune out there is to use cloud services. Now, you might ask, "Why would I do that and put my valuable information at risk?" Well, for the simple fact that the companies running those cloud services have a lot of skin in the game. If their system gets hacked, gets a virus, or suffers a debilitating cyber attack, they have billions to lose. They spend untold amounts of money to keep their system safe at all times. Unless you are an IT person or wealthy enough to pay for that level of security on your own network, you don't stand a chance. If you allow your information to be stored more in the cloud, it is actually safer. Their systems have redundant backups, and it is in the cloud company's best interest to keep your data safe. That way, if your computer gets hacked, your 'valuables' (photos, documents, etc.) are already somewhere else. You can avoid paying the fee, and let the hacker cry in their basement while their software eats your hard drive, and then starves to death.

A final way to mitigate some of these issues is to have someone, like NelsonWerks, secure your home network and set up a secure NAS (Network Attached Storage) device on your network. That way, you can store your files on your network, access them easily, they are not in a cloud somewhere (though you can have the NAS back itself up to any number of services), and you have peace of mind should you decide to see if the Russian IRS really wants you to confirm your login information.

Basically, be smart, and use the tools that Apple and other companies try to provide you with to keep your information secure. If you have any questions, or need a review and some proper set up of these services for yourself, don't hesitate to get in touch.

- Hans