ITS

Information Technology Services
Information Technology Services

Ransomware, Botnets, Drive-by Downloads

Ransomware

Notice: Ransomware attacks are becoming an increasing problem.

  • Ensure you have virus protection and that it is kept updated.
  • Don't open unexpected attachments or download unknown software.
  • Keep a back up of your files for recovery.

Ransomware: when your computer is held hostage

Cyber-thieves are a whole new breed of criminal. They are smart and cunning, and what they are stealing is your data and your identity.

With the internet and the widespread use of electronic devices – computers, tablets, cellphones – the everyday user is an easy target for thieves to target.  Forty years ago, computers were operated by programmers and you needed extensive training to know how to use one.  Not so today.  Now the user doesn’t need to know anything about the inner workings of the device in order to use it; they just need to be able to press a button – it’s so easy, a child can do it.

From smartphone compatibility in our cars to wearing smart watches on our wrists, not only do we expect this ease of use, we demand it! But the easier they make it for us to use, the easier they make it for the thieves to prey too.  For people who have an honest nature, it is hard to believe that there are others out there setting traps trying to steal our banking information, our passwords and our identities, both online and in the real world.

So what have these thieves been up to while we have been figuring out how to use the latest app on our computers and cell phone? 

ransom letters spelling out

Beware of ransomware!

Ransomware is a program designed to entice you to pay a ransom in order gain back access to your computer or your files. Ransomware comes in a number of variants with some being nothing more than a nuisance that requires lengthy removal steps with specialized software and knowledge. These type of variants will often warn the user of existing infections and if you pay a fee, the software promises to remove the identified problems. To the unsuspecting user, the warning will appear to be generated by the computer system, however it is simply a ploy for you to purchase a fake removal product that will do nothing. 

The most destructive type of ransomware will encrypt your computer files so you cannot use them. When you attempt to open your files you will receive a ransom message telling you to pay a sum of money in exchange for the decryption key to unlock your files. The sum of money is usually several hundred dollars and when people are faced with the alternative of losing all their data, they often pay the ransom. This has been very lucrative for cyber criminals since the only solution is to either pay the ransom or restore your files from an existing backup. If you do not have your files backed up, this could result in the loss of important files and data.

How does it work?

Ransomware will likely arrive on your computer as a seemingly legitimate file that includes a description leading you to believe that the file is beneficial to you; is a file that you were expecting; or it could simply start a download and infect your computer when you visit a malicious webpage (called a drive-by download).  What you don’t know is that the file has a secret payload; it is a snippet of a larger program, designed to download the entire program onto your computer without your knowledge. You won’t even know it is there until it is too late!  The next time you restart your computer, all your files may be encrypted and you will receive a ransom note demanding payment in exchange for the decryption key.

Enigmasoftware has a great video Ransomware - The Age of digital Extortion that explains what ransomware is, how you get infected and what you can do to avoid it.

Can I protect myself?

If you are one of the smart ones who updates your operating system and applications and have up-to-date anti-virus software on your computer, ransomware may be identified and quarantined before it harms your computer.  To ensure you do not fall victim to ransomware or any other malware, store your data remotely on one of our file storage services.  Additionally, be proactive and review and adopt the Cyber Tips & Tricks best practices.

What should you do if you've become a victim: 

Expert advice is that you don’t pay the ransom. There is no guarantee that even if you pay the ransom the key will be supplied. If your computer is infected with ransomware, seek help.  There is also anti-virus software available that may remove some variants of the ransomware. If you know the name of the ransomware, steps to remove it can be found online. In the worst case scenario, you will need to re-image your computer and restore your files from backup (you do have a backup – right?).

If you need help, contact the IT Support Centre by calling 613.533.6666 or by filling in the Online Help Form.


Additional Resources:

Botnets

 

Botnets

What is a botnet?

A botnet is a group of internet-connected computers that contain software designed to forward transmissions to other computers on the internet. These transmissions could include, but are not limited to, spam and/or viruses. In many cases, the owners of these computers are unaware that their computer is part of a botnet. Their computers have been compromised by a small program that has been hidden within an innocent-looking email attachment or a free program, like a game or an app. Once on the device, the program can execute whatever task it was designed to carry out. The botnet could contain hundreds of thousands of computers.   

Each computer within the botnet is called a bot or zombie. The bot is controlled by a "bot-herder" or operator that could be located anywhere in the world. At their command the bot-herder can send a command to a single bot or to the entire botnet and all the commanded computers in the botnet will perform the specified task. An example of a task could be a cyberattack where a particular website gets flooded with so much traffic that the site cannot function as normal and will be effectively shut down. This is called a denial of service attack. Other common tasks performed by botnets are to send spam email or steal information.

An important way to protect yourself against bots and other types of malware, is to use anti-malware software designed to prevent, detect and remove malicious programming on your computer. 

Is Queen's at risk?

Yes. All organizations are at risk of botnets.

Universities are at greater risk of botnets because networks are designed to promote collaboration and innovation, but this approach also allows for the dysfunctional aspects of the internet to collaborate. 

According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet.

How do botnets get inside?

  • Surfing a harmful website that exploits a vulnerability in a user's computer
  • Opening a malicious attachment in an email
  • Clicking on a harmful link in an email
  • As a payload from another malware infection
  • A can also botnet exploit a vulnerability in another computer on the same network

What will Queen's ITS do?

Prevent

  • Disable unnecessary services and ports on hosts
  • Patch vulnerabilities
  • Secure the "border" and host including access control
  • Enforce complex passwords and multi-factor authentication
  • Raise awareness, provide training

Detect

  • Active malware scanning
  • Log security events on hosts as well as analyze and correlate events
  • Continuous network and intruder monitoring
  • External threat analysis
  • Observe and report suspicious activity

Respond

  • Shut down command and control communications
  • Isolate infected host or subnet
  • Automate intrusion response
  • Re-image and patch the host; clean malware patch vulnerabilities
  • Change passwords

What should users do?

Prevent

  • Apply operating system, browser and software updates as they become available
  • Never save your password in a browser or application
  • Don't use the Administrator account for your everyday activities
  • Check your browser's security levels
  • Protect your personal information
  • Back up important files regularly to remote services like OneDrive for Business, QShare or Windows File Service
  • Take the Information Security Awareness Training course

Detect

  • Use antivirus software and scan your computer regularly
  • Be aware of phishing attempts to gain access to your personal and/or financial information
  • Don't allow software to download to your computer without your permission

Respond

  • Contact ITS with any concerns - even if you are unsure if they are phishing attempts
  • Choose strong passwords and don't share them with anyone
  • Report any problems with your computer to ITS - these problems could be indicative of a compromised system
  • Report phishing attempts or suspicious email to abuse@queensu.ca
  • Use the "send as attachment" feature of your email client to send a copy of suspicious email to abuse@queensu.ca

 

 

 

 

Drive-by Downloads

Drive-by Downloads

Remember when the only way to accept a download was to click on the link? Not anymore!

Did you know that just visiting a webpage can start a download? And since it is happening in the background, you will not not even aware anything is downloading. Drive-by downloads can be hidden on otherwise valid pages that you have been directed to by email, text message or social media. Beware of those “Check it out!” links. While you are reading the article or watching the video, the malicious content is being downloaded to your computer.

Drive-by downloads can even be a small program that takes only seconds to download but its task is to contact another computer to download the entire program. It may even wait until your device is idle before the full program download begins. 

Drive-by downloads are especially dangerous because they are stealthy. They are used by cyber-criminals to install viruses, ransomware and spyware on your devices by exploiting vulnerabilities, plug-ins and other components in web browsers. Drive-bys can be on websites set up to drive users to that site or it could be housed within a legitimate site that has been compromised.

How do you prevent drive-by downloads?

Be careful of the websites you are visiting. If it seems like you are being redirected to an illegitimate site, don't click the link!

Pay attention to what is being downloaded to your computer. Don't always accept "updates" at face value. Change your browser settings so that you are always prompted before a download begins and ensure that you can choose the location of where files are being saved.

Make sure you have anti-virus software and keep it updated.

 

Last Updated: December 07, 2017