A new and especially dangerous class of malware called ransomware has invaded our online world. At risk are not just traditional desktop computers and laptops, but also tablets and smart phones.
While computer viruses and other malware are an ever-present threat to those of us who use computer technology, ransomware differs from traditional threats. Ransomware renders the victim’s computer inoperable and attempts to extort a “ransom” payment in exchange for returning control of the computer. The amount demanded is frequently several hundred dollars. CryptoLocker is the most recent and most serious of this type of threat.
Unfortunately, the bad news doesn’t end there. Hackers have become much more polished and sophisticated in their delivery. The most prevalent vehicle is still email attachments, however. Common themes of these emails are package-tracking notifications, airline boarding passes, travel itineraries, and credit-card notices. It can be very difficult to distinguish these fakes from legitimate notifications; the fakes may include company logos and graphics which make them appear to be very authentic.
The best defense is still exercising caution, and following the old advice to not open email attachments that aren’t expected and avoiding suspicious-looking websites. It is also extremely important to be sure that antivirus software is installed and kept up to date. Equally important is ensuring that security updates are installed regularly. This includes not only software updates from operating system vendors (Microsoft, Apple, Google), but also updates for browser plugins and application software.
The simplest way to assure that needed updates are installed in a timely manner is to enable automatic updates for any software that offers that feature (most products do). Windows versions released over the past ten years or so enable Windows Update by default. It is also essential to keep up with updates for other widely-used software; hackers tend to focus most of their efforts on software that is ubiquitous. The most frequently targeted products include:
Each of the software products listed above offers alert mechanisms for software updates. Increasingly, these update mechanisms are enabled by default. But each generally requires some active intervention by those who maintain computers to actually install the updates. Public access computers in libraries may be locked down by “freeze” software such as Centurion Technologies SmartShield or Faronics Deep Freeze, which requires that administrators unlock computers in order to install updates.
Staff computers do not have “freeze” software installed on them and host important information and software programs that are critical for the library. Performing frequent full-system backups of the library’s staff computers will enable the library to use a full-system restore to recover the computer to a date prior to the ransomware (malware) attack.
Because Microsoft and several other vendors have adopted a monthly schedule for issuing updates, it makes sense for libraries to plan to check for and install software updates once per month. Microsoft releases security updates on the second Tuesday (Patch Tuesday) of every month and Windows Update releases non-security updates on the fourth Tuesday (Patch Tuesday) of every month.
Adobe has begun to release its updates on first Patch Tuesday, too, so that date makes a logical reference point when planning a monthly update schedule.
Remember that keeping all public computers’ hard drives locked for public use enables your library to recover from viruses and malware intrusions by simply restarting the corrupted computer.
For those interested in learning a little more about CryptoLocker and how it works this video provides a great introduction:
A new and especially dangerous class of malware called ransomware has invaded our online world. At risk are not just traditional desktop computers and laptops, but also tablets and smart phones.
While computer viruses and other malware are an ever-present threat to those of us who use computer technology, ransomware differs from traditional threats. Ransomware renders the victim’s computer inoperable and attempts to extort a “ransom” payment in exchange for returning control of the computer. The amount demanded is frequently several hundred dollars. CryptoLocker is the most recent and most serious of this type of threat.
Unfortunately, the bad news doesn’t end there. Hackers have become much more polished and sophisticated in their delivery. The most prevalent vehicle is still email attachments, however. Common themes of these emails are package-tracking notifications, airline boarding passes, travel itineraries, and credit-card notices. It can be very difficult to distinguish these fakes from legitimate notifications; the fakes may include company logos and graphics which make them appear to be very authentic.
The best defense is still exercising caution, and following the old advice to not open email attachments that aren’t expected and avoiding suspicious-looking websites. It is also extremely important to be sure that antivirus software is installed and kept up to date. Equally important is ensuring that security updates are installed regularly. This includes not only software updates from operating system vendors (Microsoft, Apple, Google), but also updates for browser plugins and application software.
The simplest way to assure that needed updates are installed in a timely manner is to enable automatic updates for any software that offers that feature (most products do). Windows versions released over the past ten years or so enable Windows Update by default. It is also essential to keep up with updates for other widely-used software; hackers tend to focus most of their efforts on software that is ubiquitous. The most frequently targeted products include:
Each of the software products listed above offers alert mechanisms for software updates. Increasingly, these update mechanisms are enabled by default. But each generally requires some active intervention by those who maintain computers to actually install the updates. Public access computers in libraries may be locked down by “freeze” software such as Centurion Technologies SmartShield or Faronics Deep Freeze, which requires that administrators unlock computers in order to install updates.
Staff computers do not have “freeze” software installed on them and host important information and software programs that are critical for the library. Performing frequent full-system backups of the library’s staff computers will enable the library to use a full-system restore to recover the computer to a date prior to the ransomware (malware) attack.
Because Microsoft and several other vendors have adopted a monthly schedule for issuing updates, it makes sense for libraries to plan to check for and install software updates once per month. Microsoft releases security updates on the second Tuesday (Patch Tuesday) of every month and Windows Update releases non-security updates on the fourth Tuesday (Patch Tuesday) of every month.
Adobe has begun to release its updates on first Patch Tuesday, too, so that date makes a logical reference point when planning a monthly update schedule.
Remember that keeping all public computers’ hard drives locked for public use enables your library to recover from viruses and malware intrusions by simply restarting the corrupted computer.
For those interested in learning a little more about CryptoLocker and how it works this video provides a great introduction:
