Mac Ransomware found in the wild…… Don’t panic!

AttachmentUpdate:  With the help of security researchers, Apple over the weekend quickly blocked a cyberattack aimed at infecting Mac users with file-encrypting malware known as ransomware.

Facebook, Twitter, and the headlines on all the computer new sites this morning are counting the first occurrence of Mac ransomware found in an application distributed to users computers.  In fact, I’ve already had emails from people I provide support for worried that they may be infected. Here are a couple of things that are important to understand about Malware such as this.

Here is the description of the malware that was found from Appleinsider’s website:

“Users who downloaded the Transmission BitTorrent client on Friday or Saturday are being warned to update to the latest 2.92 version to avoid being targeted by a ransomware that infiltrated an earlier version of the open source software…… The malware then “demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files.” Researchers say the malicious code is “under active development” and seems to be trying to also encrypt users’ Time Machine backups to also prevent them from being able to recover their backed up data.”

So basically, unless you downloaded the transmission bit torrent client recently, you have nothing to worry about this particular instance.

Some of you may ask what is a bit torrent client? Wikipedia says, “BitTorrent is a communications protocol for the practice of peer-to-peer file sharing that is used to distribute large amounts of data over the Internet. BitTorrent is one of the most common protocols for transferring large files, and peer-to-peer networks have been estimated to collectively account for approximately 43% to 70% of all Internet traffic”

Basically, bit torent clients are used to download large files, typically large files such as pirated movies, still in applications, and other things that you can’t make generally available on the Internet.

So again, unless you’re downloading files of this type using this particular software you don’t need to worry about this particular infection.

The big concern about this particular malware is that it’s only the beginning of others that we may see.   Only time will tell, but I fully expect to see more of these in the near future. These types of infections are very prevalent on the Windows side and I have seen a number of computer users lose all their data as a result.

So what’s a person to do?

Back up your data. Not just once, but twice, and keep one copy of the back up not connected to your computer. I typically back up with time machine is my every day back up and then use carbon copy cloner as a secondary back up on a drive it is not mounted to my computer. This way if I were to get infected with something like this, and it were to infect my back up that’s connected, I still have an additional copy of my data to recover from.

People think that’s a little paranoid, but believe me if you ever need to recover files having a second copy certainly makes you feel better. With external hard drive’s running about $60, there’s really no excuse, get a second Drive, purchase Carbon Copy Cloner, and set up a back up routine for yourself. If there are any problems in the future, you’ll be happy you did.

 

Can virus problems on Windows get any worse?

imageJust when you thought you’d seen it all. Spyware that locks up your computer, viruses bit force your computer to crash, annoyances that pop up windows over and over, but you haven’t seen the worst of it. There is a whole new class of virus making its rounds on the Internet, and this one’s about as bad as it can get.

The industry is calling the term ransomware. And that does a pretty good job of describing it. Ransomware is a virus that once installed on your computer encrypts all of your files with a high-quality encryption key and then asks you to pay to have your files released from encryption.

The definition of ransom where is as follows:

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.

It sounds hard to believe, or something you would only see on TV, but it’s very prevalent on the Internet right now. Typically this type of virus gets installed by normal means. Machines that are not running antivirus software, or people who either don’t read the dialog boxes that pop up or pay no attention and click on them. But once it’s installed, this virus is much more than an annoyance. It silently, and in the background, encrypts all of your files so that you can no longer open them up. If you try to open one of the files your ask for the encryption key, which the virus sets and you have no control over. Then, once it’s done all of the damage, it pops up a box on the screen requesting you to pay to get the encryption key. And they don’t ask for just a few dollars like some of the old viruses, they typically ask for between $300 and $500 to get the encryption key and unlock your files.

If your computer gets to the point that it asks you to make a payment you’re pretty much out of luck. The only hope you might have would be if you have your good back up and can recover files from the back up. But if your backup drive is connected and running all the time there’s even the chance that it’s encrypted your back up.

I’ve run into this situation twice in which even though the user was backing up their computer the backup was connected and was encrypted also.  And since these viruses use very capable encryption software, there is really no way to get your files unlocked unless you pay their fee. Most of these ask that you pay the fee through prepaid cards that you purchased at Walmart or Walgreens. You then send the card numbers to a particular website and hope that they provide you the key to unlock your files. If this sounds grim, your understanding correctly. It is.

Often, the ransomware will claim you have done something illegal with your PC and that you’re being fined by a police agency or government. These claims are absolutely false. It is just a scare tactic design to get you to pay the money without telling anyone.

So what’s a person to do? Well if you’ve already been infected with ransomware, it’s pretty much too late. Hopefully you’re back up will not be encrypted, and we can erase your computer reinstall your software, and restore your backup files. But if you’re back up is locked up also, you may just be out of luck. You could always pay the fee and hope for the best. But paying the fee encourages more of this and in the long run may cost you much more in the future.  And there’s no guarantee that your files will ever be accessible again, even if they send you a key.

If you were to pay their fee, you need to recover your files, copy them off of your computer, and then do a full erase and reinstall of the computer.

If you’re reading this, and you use Windows, your best option is to have a back up that is not connected to your computer, preferably offsite to protect you from fire and other catastrophes.  You should also reinforce the rules of safe computing within your household to ensure that no one does anything that might infect you with a virus such as this.

  • Verify that your backup is running
  • Keep your antivirus software up-to-date
  • Install spyware software and run it at least once a month
  • Don’t click on pop ups
  • Don’t update software for my pop up while you’re in the browser. Always go to the vendor website and download from there
  • Be diligent as you compute. If something looks funny don’t click on it. If you see signs that there something wrong with your computer get help immediately and don’t just hope that it will go away

If you follow a few of these rules, and ensure you have that good off-site backup, the likelihood is you can recover from something like this. But most importantly, don’t be the person who tells me they had planned to back up tomorrow when they have an occurrence such as this. Never put off till tomorrow a backup but you could run today.