It isn't every day you get to see what a real Trojan attack looks like.
When you do, there's seldom time to even take screenshots: you just want to get the heck out of Dodge.
But, this time, in putting together material for our upcoming free workshop when I happened across a real attack I was able to record it.
If you've ever wondered what an attack looks like, here's your chance to see one.
Here's the best/worst part: nothing stopped it.
- Not our Internet Security Software.
- Not any of our browsers' built-in malware protection
- Not even Windows 10 built-in security.
See for yourself how it happened and what you can do to stop it.
This file opens in a new tab / Window for you.
On Feb 18, the entire computer system at Hollywood Presbyterian Medical Center was locked and held for ransom.
The hackers who easily infiltrated the hospital's system locked and encrypted all of the hospital's medical files and computers making it impossible to work and help patients. The hackers demanded $17,000 to unlock the hospital's computer system. The hospital staff had to resort to pen and paper to get anything done, and many critical patients had to be diverted to other hospitals for care.
And if you think you're not vulnerable to ransomware attacks, think again:
The Lockie ransomeware malware can be targeted at anyone, anytime. Whether you're a big company or a single person, Lockie makes it incredibly easy to infect and hold your PC... or many PCs... for ransom. Local resident Brandi C. was hit by Lockie at home.
Brandi had to pay $300 to the hackers so they would unlock and release her computer back to her.
How Does This Happen?
The Lockie ransomware is spread primarily through emails. Proofpoint CEO Gary Steele says their security firm saw 10 million messages go out in one day that contained the Lockie ransomware.
Lockie is typically delivered via email as an attachment. By clicking open a simple Word document attached to your email, you could instantly infect your system with Lockie. Your entire computer would then be locked and encrypted with a demand from the hackers to pay hundreds or even thousands of dollars to unlock your computer.
How To Avoid Lockie and Other Ransomware
- Don't click on suspicious links or attachments in your emails. If you get an email from someone you don't know that has an attachment, you have two options:
- Delete the email immediately without opening. This is your best and safest option.
- Use your antivirus software to scan the file before opening it (most antivirus software has a feature that lets you right click a file and scan it. Caution: be extremely careful that you don't actually double click to open it. If you do, you could instantly infect your PC. If you do get infected with Lockie or any ransomware, try The FixMeStick to get rid of it.
- Delete the email immediately without opening. This is your best and safest option.
- Backup all your data regularly. If you're not already backing up your files... you should be. A good backup software is a critical piece of online security that many people overlook. Backup always and often.
- Be sure you have a good antivirus or Internet Security software installed. We say it over and over, but people still get hit with ransomware and other malware all the time because they have poor antivirus software. A good antivirus program will scan attachments before they can do any damage.
In the end, the hospital paid the $17,000 ransom to get their files back. They panicked because they felt they had no other choice. They should've trained their staff to better identify suspicious email attachments, and they should've had better antivirus software running.
And Brandi, and thousands more like her, was an innocent bystander who got hit with this devious malware... and you could too. Be alert when you're online just like you would in a bad part of town. Keep your eyes and ears open and don't be too quick to click.
We've been getting such tremendous feedback from this story from our newsletter subscribers, I've decided to turn it into a blog, too.
This "Ask the Experts" deals with a personal story from my college days and situational awareness.
It's a short story. Every word is true.
I hope it helps keep you safe online, too.
The story goes like this, I put myself through college managing car washes.
It was a lot of fun, and unlike a lot of my friends, I got to work outside and got priceless experience in ways you'd never imagine: scheduling, managing staff, handling customers, negotiating with vendors, bookkeeping, even welding.
One night after locking up the safe, I'd just turned out the lights inside and as I was walking down the long hallway, ready to head out for the evening, out of the corner of my eye I spotted movement in the bushes outside.
Because of the one remaining light outside, I could see outside, but you couldn't easily see inside the completely dark building.
I was sure someone was there.
At 11:00PM, no one had any business being on a dark car wash parking lot, much less skulking around in the bushes.
As stealthily as I could, I dialed 911 and as quietly as possible explained the situation.
In no time, an officer showed up; we immediately recognized one another as his department routinely brought their cars in.
As he stepped out, he reiterated the situation as I'd explained it to the 911 operator.
Seeing the situation for what it was and my (extreme) concern, and knowing me pretty well personally, he unholstered his weapon. Together we walked the perimeter of the lot.
We found nothing.
I felt silly, but I know what I saw, so I chalked it up to, "Oh well..."
Still shaken, I thanked the officer, and apologized for the wild goose chase.
His words, "Better to feel silly than to be dead."
The words stuck with me.
I nodded, got into my car, and went home.
The next day...
The next day when I came in for my shift, the morning manager said, "Hey, Kevin... did you hear about the Shell station down the street last night?!"
"They got robbed. Shot and killed the night manager. Just after 11 o'clock. You're lucky they didn't come here instead."
I got lucky.
I got lucky that night. Very lucky. But I was also aware of my surroundings and willing to look stupid.
Online, it's harder.
The bad guys are smarter than ever, and like the crooks at the car wash that night, they want your money.
Today's bad guys online make phony bank sites and phishing emails. They make 'em seem so legit it's nearly impossible to tell they're not real.
Even professionals have a hard time telling good from bad.
And, while antivirus and Internet security software can be a big help, your own situational awareness is just as important.
If you get an email, no matter who it's from, if it's got a link: be wary of it.
If you click the link, do not, under any circumstance fill out any kind of form on the site. No usernames. No passwords. Nothing.
If it's legit, you can always go back to the site by typing the _real_ website name into your web browser by hand.
The bottom line...
Be aware of your surroundings online just like you are in the real world.
Keep in mind, too, it's not just bank websites being phished. Be wary of any email claiming to be from anywhere where you use a username and password.
If you think you've got something in the bushes of your PC, feel free to contact Josh and me.
We may not be peace officers, but we do know a thing or two about online safety and security.
After all, it's better to feel a little silly asking for help than the alternative.
By this time, the media seizes on the news and goes after it like a pack of sharks who've smelled blood in the water.
So, are these exploits worth being worried about?
Let's get the answer to this question by asking two more:
- Are you at risk?
- What's the best way to protect yourself?
Let's start with:
What Is Heartbleed?Although not a virus or malware in the traditional sense, the heartbleed vulnerability is a mechanism by which attackers can gain accesss to your confidential information when you access vulnerable websites, email, and other servers.
If one of these websites hasn't patched this vulnerability and you access it over a secure (https) connection, attackers can intercept your (otherwise secure) communication with that website, decode the information, and impersonate you with that server.
Confused? Let me put it in real world terms.
Let's say you go to your bank or credit card online.
You put in your username and password, do your business, and get on with your day. Fine. Or so you thought.
Meanwhile, silently in the background someone was listening in right through the "secure" connetion and stealing your username and password.
And, as you've moved on to other sites and the rest of the day, the bad guys are now logging into your bank account, and draining it.
It's not just bank accounts either.
According to the highly regarded Netcraft, over 500,000 widely trusted websites were vulnerable. No doubt some of them still are.
Many websites you visit to check your email or log into to conduct personal business is potentially vulnerable.
Now, some good news.
- Microsoft web server are not vulnerable. (This doesn't mean people using Windows as their desktop OS aren't vulnerable. It just means the web sites themselves aren't.
- Most banks and other financial institutions that were at risk have now patched their servers, eliminating the vulnerability.
- There's a Plug-In for Google's Chrome Browser called, "Chromebleed," that tests for the vulnerability.
I recommend you take a look at Tom's Guide for complete details, but here's the list in condensed fashion (with some edits I've thrown in for good measure.)
- Change your Google, Facebook, Yahoo!, and Dropbox passwords.
- Log out of all apps on your phone, iPad, etc., then log back in.
- If a website asks you to update your password, do it.
- Update your OS (regardless of what you run, Windows, Mac, Linux, BSD, whatever.
- Set up two-factor authentication. (This is just a smart thing to do anyway.)
What About Shellshock?Shellshock, also called "Bashdoor," is an attack, primarily on servers, that leverages a series of flaws in software called, "Bash," that's commonly installed on web, email, and other servers.
Without boring you to tears with all the technical details of Shellshock, let's just address the important question here: are you at risk?
Unless you're running Cygwin on Windows, Xcode on OS X, or a Linux/BSD variant, chances are no. (If you don't know what these are, you're probably not at risk, since they aren't built into Windows or OSX.)
The bigger problem though is that many, many of the web sites you visit daily are (or at least were) vulnerable.
On top of that, unlike Heartbleed, where there's a very small risk of the server itself being compromised, Shellshock by design does compromise vulnerable servers and allows attackers to take them over.
In an outstanding article on Shellshock by Troy Hunt, he says,
The worry with Shellshock is that an attack of this nature could replicate at an alarming rate, particularly early on while the majority of machines remain at risk.
"In theory, this could take the form of an infected machine scanning for other targets and propagating the attack to them.
OK, brass tacks, what does this mean?First, it means your computers, laptops, phones, and tablets are probably not directly vulnerable.
HOWEVER, it does mean that many ordinary websites out there that we all think are safe and virus free are now places that are vulnerable to attack and that, once compromised, can harbor malware used to infect ordinary users' computers.
This is a strong case for considering Internet Security software over garden varity antivirus.
The two things most commonly found in Internet Security software absent in most antivirus programs are:
- malicious website blocking
- software firewall