August 2022

Malware: Viruses, Ransomware, and Phishing

Alex Soya - Brevard Cloud
System Hacked

Computing has become a risky task. Long gone are the days when most computing problems were caused by bugs or hardware issues. Our computers are no longer boxes sitting isolated in a room to be used for specific purposes only. Today, our computers are constantly connected with each other, through the Internet, and used for a multitude of tasks ranging from entertainment to serious scientific research. Unfortunately, the ‘bad guys’ are also connected to our computers and are constantly trying to invade our privacy through the use of Viruses, Malware, phishing, and Ransomware.

Attacks are performed using different methods and entry points (vectors) into the computer. One of the most common attack vectors is e-mail. By employing links, or attachments the ‘bad guy’ can place code containing viruses, malware, or ransomware into our computer and with that cause damage to our data, to the point that it is irretrievable. You may say “I never had a problem; I’m protected by my antivirus software” – wrong! We are all at risk. No matter how good the antivirus software is, as long as your computer is connected to the Internet, you are at risk. Other methods include trying to attack the computer directly through the Internet connection. To protect against connection-based attacks we usually employ some sort of firewall. Our firewall at Brevard Cloud will intercept about 5 to 10 attacks PER SECOND. That is about 850,000 attacks PER DAY!

As computer users, be it at home or at work, it is important to have a general awareness of the different types of attacks, and how to defend against them. In this article I will discuss some of the different types, and how to protect against these.

Malware

Malware is a general term used to refer to executable code that can damage a device, corrupt data, or gather personal data (such as credit card information, passwords, etc.). Two of the most common type of Malware are Viruses and Ransomware, but there are many others such as Spyware, Bots, Worms, Trojans, and Adware. The later refers to software that causes those annoying pop up we experience when installing free games or unlicensed software.

Viruses

A virus is malicious program which is spread through infected files, or through infected websites. Viruses usually try to spread from one computer to another, either through physical media, a popular infected file, or even across the local network connections. Viruses run without the users knowledge and often corrupt data, slow down the computer, format the hard drive, and in some instances even damage the hardware of the computer. Most viruses are spread through infected email attachments or external storage, such as USB Memory sticks. They are also often found in free software downloads, or even on websites that are infected. Any time data is exchanged between two computers (via e-mail, downloads, storage devices, social media posts, text messages, or other means) there is a possibility of a virus carrying a ride to another system and infecting that system also. The concept is similar to that of a virus found in nature, where viruses can spread through touch, aerosol (sneezing), or other means.

Even knowledgeable system administrators and users have probably been exposed to a computer virus at some time, despite taking precautions and anti-virus software. Most viruses hide themselves in order to achieve their goal uninterrupted and are usually not detected until some damage has been done. There are some things you can do. Avoid installing software you don’t absolutely need. Make sure the software comes from the manufacturer and is licensed. Don’t download items from software exchanges or torrent sites. When receiving e-mails, be sure to inspect any attachments before opening them. Many attachments are using file names that are meant to confuse you into thinking they are genuine, when in fact they are cleverly named files that contain codes to install viruses. Another common practice are emails which look surprisingly genuine, such as notifications from your bank, internet provider, or popular shopping sites. These emails will usually contain links that when clicked on take you to an infected website or a site that pretends to be the real site. Always double check the URLs in the links by hovering over the links. Better yet, open your browser and navigate to your site directly, instead of clicking on the link in the e-mail.

Ransomware

A particularly nasty Malware is Ransomware. It will block access to your computer or files stored on the computer. Many Ransomwares use encryption to encrypt the files on your storage devices (including network attached storage, and servers). The only way to recover the data is to pay the hacker a ransom fee to provide a decryption key. Without the decryption key the encrypted files will no longer be readable. A common believe is that Ransomware is targeting only large organizations, but that is just a myth. Anyone can become the victim of a Ransomware attack. The distribution method for Ransomware is similar to that of viruses. E-mail attachments, links to malicious sites, infected portable media (such as USB storage devices), links in social media posts, links in text messages, and so on. To defend yourself against Ransomware, use the same precautions as you do against viruses. Never click on links you are not certain about, be extra careful with e-mail attachments, be suspicious of text messages and social media posts containing links inviting you to click on.

Phishing

A category of Malware that is not targeting the computer, but the human operator are Phishing attacks. Phishing attacks are mostly initiated through e-mail messages that look as if they are coming from a reputable and well recognized company or organization. Usually, they contain text urging for prompt action, such as unlocking your bank account, confirming your social media account, increasing the quota of your e-mail box, urging you to clean up your email box, and so on. Most of these phishing emails will prompt you to click on a link to login to your account with the company and to resolve whatever problem is presented. Well, when you click on the link you will be forwarded to a site which looks just like the real thing. Once you type in your login username and password, your responses are logged for the scammer to use later. Sometimes they will just present you with a ‘invalid login’ message and forward you to the real site, so you simply think that you mistyped your password. Again, avoid clicking on links in e-mails, no matter how real they look. Always navigate directly to the site you are to login into by using the official URL for the site in your browser.

Protecting yourself

Following the tips in the previous sections is helpful in avoiding becoming a victim of a scammer or getting infected with a virus. If you are an employer, be sure to train your personnel on safe computing practices. Don’t visit web sites that are not absolutely essential to your daily operations. Aside from being a suspicious computer user, it is vital to have the computer configured correctly with anti-malware software that includes virus scanning, and real time protection from email and website attacks. Precautions to avoid infections, however, are not enough.

Keep moving forward by backing up

It is impossible to be totally protected from hackers and scammers. Following the above tips, and maintaining good protection software helps prevent the majority of attacks, however, the only way to protect your data is to maintain a good backup strategy. Not only do backups help you restore your data in case of an attack on your system or network, they also protect against physical hardware failures such as faulty hard drives. Backups should be an essential part of your daily computer usage. A good backup software that runs automatically at the end of the day is an essential part of any computer usage. Backups should be stored to onsite media (such as an external hard drive attached to the system) and offsite media (Media that is NOT connected to any part of the computer, either directly or through the network) stored at a different location than your live backups. On a regular basis also backup the backup media. There are a number of schemes, beyond the scope of this article, to backup your data and to store these backups onsite and offsite.

Summary

To summarize, computing is a risky task when computers are exchanging data with other computers, via e-mail, the internet, or by other means. It is essential to learn the tell tale signs of an attack, and to avoid enabling attacks through careless use of a system (such as clicking on email links, or opening attachments). Protection software should be employed on any computer system, and of course, a disciplined backup procedure should be in place at all times.