October 2020 – JBB3, Home of Benediktson Computer

Ransomware is making a comeback

Alert, the bad people are back at it again. If all the new scams weren’t enough, ransomware has a new twist and it is booming. Instead of the authors deploying ransomware in its latest incarnation, they have gone to contracting it out, designing it to be custom configured by middlemen and deployed by ghosts, who collect their money and disappear only to reform under new names, identities, you name it.

This new style of ransomware comes with some really clever new techniques to avoid detection and some new approaches to maximizing the income potential of holding someone’s data hostage. And, this new incarnation of ransomware also steals data while encrypting it.

First, a hint of the new techniques. Since the ransomware is sold as a configurable suite of exploitative modules, it isn’t easy for anti-virus software, devices, or even behavior watching protections to recognize. Second, one of the features is a really slick module that can funnel disk requests to the operating system’s cache manager and then use (Windows or Apple) built-in operating system components to encrypt the data while in the file cache, tag it as new, requiring synchronization with physical storage and let the operating system finish the dirty work as part of its normal duties.

Deceptively, the ransom for most of these attacks is very affordable; because they (the bad people) really want folks to pay the ransom. This identifies for them the people and companies whom they can then apply further (virtual) blackmail upon with an expectation of getting further money. So, you pay the $150 ransom and are contacted by a representative of the ransomers who often sets up and performs the decryption of part of the files only to be told that your data was also stolen and will be publicly posted if you don’t pony up lots more money. And they aren’t bluffing, there have already been a few very embarrassing cases where they did just that (posted the “secret” data, identified the source, and advertised it on the open web).

So, how do you protect yourself against this kind of assault? Keep your operating system up to date, your antivirus and antimalware up to date, do regular “full” scans of the data holding machine, and all machines that have access to that machine. Keep your firewall on and as restrictive as possible (in an office consider an adaptive firewall appliance or gateway server). Honest, if you don’t get occasional firewall violations and refusals, your firewall is not restrictive enough.

Having good, current, and disconnected (not available to be “live” updated and thus also corrupted) backups is the best way to recover from most ransomware attacks and many other forms of exploitation. Also having company-wide policies in effect (no alien machines, no disks or drives introduced without proper verification of safety, no gaming, no use of unsecured email services, etc.) can go a long way to reducing your risk and attractiveness to “the bad” people.

Finally, if you do become a victim of hackers, or scammers, or ransomers, please do not pay the ransom. Instead, seek the assistance of law enforcement, your data insurance provider, IT security professionals, and other professionals as appropriate (each will likely have important insights to help you get through the event with a minimum of damage and cost).

Censorship

Well, Benediktson Computer is once again in its Southwest office in Silver City, New Mexico. Yes, we were chased out of Montana by snowstorms and luckily made the trip safely with no major challenges or issues. I want to try and tackle a difficult topic for me; it has to do with what folks are calling a violation of their right to free speech. I may have a unique perspective on this topic.

First off, the right to free speech is not one that is provided by our government, the bill of rights (first amendment) protects us from infringement of this right by the government. I know there have been some appellate court decisions that appear to have broadened the scope of this protection; but, I am not aware of any high court decisions that have broadened this protection to the point that we are protected from censorship on private lands, services, hosts and so forth.

So, to be clear, Facebook, Twitter, etc. are private services hosted by corporations (presumably for profit) on privately owned and operated servers. Any act of censorship, restriction of content, or removal of content may be annoying; but, it in no way is a breach of anyone’s rights. If (and this is a big if) our government were to offer a similar type of service, then the first amendment might offer us some protection against content censoring on that service.

In addition, private groups hosted on any of these corporate services (please do not make the mistake of considering them government-sponsored or supported) have been given considerable freedom to choose what content they find acceptable (within the framework of the hosting service) and this may be quite a bit more restrictive in many ways (all of this without violating anyone’s rights).

As each of us joined (Facebook for example) we were offered a chance to view and then required to accept and agree to the terms of service for that service. While I will entertain the notion that there are some rights and priveledges of being an American Citizen that we simply cannot sign away, this, in no way, applies to content that we publish onto privately or corporately owned and operated services. One last point, when we publish content on a service (like Facebook) we are making that content public on that privately operated service, potentially causing the owners of that service to be responsible for that content (legally).