Ransomware, Social Engineered Exploits

Ransomware and related socially engineered exploits of computer systems are on the rise, especially amongst our aging population.

Does this sound familiar?

The heavily accented man says “Hello, this is Raj from the technical support centre calling about your computer. We have noticed that there are some serious problems that you need to fix. Please go to the following website and I can assist you.” You enter the site and then Raj takes control of your computer. He finds several problems that he can solve for a price. How about this?

The warning in the right hand corner, or sometimes in middle of your screen, states that there is a virus that needs to be removed and requests that you “click here” to solve the problem. Of course you click the button, and, as in the first example, someone is demanding payment so that your computer can be used again.

These are two examples of socially engineered exploits. In both cases, some sort of “ransomware” is installed. What is ransomware? It is malicious code that either locks your files or renders your computer virtually unusable unless you pay a fee.

How do you avoid becoming a victim of ransomware? The best defense is recognizing when someone is trying to trick you. This may be difficult since these attacks are socially engineered by people who know how most people react automatically.

What do you do? Don’t respond like most people!

When Raj from the technical support centre calls, just tell him you are Amish and you don’t own a computer. Then hang up! Let him wonder why you have a telephone. Microsoft, Apple, Adobe, and most other major computer hardware and software vendors are not going to call you. If they leave you on hold when you call them, do you really think they are going to proactively call you. No, they are not going to call you. Hang up on these imposters!

You should know what antivirus / Internet security software you have. Avast!, AVG, Bitdefender, Kaspersky, and Symantec are common antivirus / Internet security programs. If you have AVG but you get a warning from something that looks like Kaspersky, chances are you have a fake alert that is trying to trick you.

When you see that fake virus warning in your Internet browser, don’t click it! Simply disconnect from the Internet (carefully unplug the power cord or press the power button on your modem or properly pull out your network cable) and shut down your computer. Start it up again and run a full anti-malware scan using your anitvirus / Internet security software. If your security software gives you the A-OK your computer is probably clear of any ransomware, but open up some documents, pictures and videos just to be sure.

To summarize: hang up and don’t click. And if you really need help recovering from a ransomware / malware attack, contact your local trusted computer retailer.

Next week: Part 2 – Website Hacks & Browser Attacks.