Malware is getting nastier, but that shouldn’t matter

Sure, cybercriminals are always improving their wares, but nothing has changed about how our machines actually get infected.

Oh, my God! Some BBC reporters got a phishing email with their home addresses within them! Stoke the fearfest. Then watch as other Chicken Littles join in and proclaim that this “new” way of delivering ransomware is endangering us all.

Please. Get a grip.

The payload, Maktub Lockeris new, but the ways it can infect you date to the days of AOL email addresses.

You have to do some fundamentally stupid things to get infected by Maktub Locker. Let’s go over the basics, shall we?

First, just because you get an email that contains your real address, or some other personal data, doesn’t mean the contents are real. Phishing attacks have been using personal details, including home addresses, for at least a decade.

It doesn’t take a rocket scientist, or much of a security hacker, to find your home address. Every other week, there’s a new data breach — the Office of Personnel Management and Scottrade are memorable ones from the past, but next week it will be some other large agency or company. Any of those breaches could release sensitive information about you to the world. That means your address is out there. But it’s not worth much. Phishers can easily and cheaply buy your personal information off the Darknet.

Another thing to keep in mind is that there are overwhelming odds that you would have to be running Windows for the malware to pose any sort of threat to you. Sure, it’s possible to hack Linux and Mac OS X, but the vast majority of attacks are almost always on Windows PCs. That’s not because Windows users are dumber than Linux and Mac users (well, I’m not going to say that, anyway); it’s just that there are a whole lot more of them.

But let’s say that you are running Windows. That hardly means you’re doomed. For the malware to get a toehold, you need to open a Windows format file — from a stranger. And why would you do that? Opening a Windows format file sent by someone you don’t know has been a mug’s move since the late ’90s, when Word macro Trojans, such as Melissa, were the last word in malware attacks.

Let me remind you of some security commandments that many of you seem to have forgotten:

1)    Thou shall not trust messages from strangers.

2)    Thou shall not fool around with anything remotely dangerous on a Windows PC.

3)    Thou shalt never open an attachment from a stranger.

4)    Thou shalt never, ever open a Windows-specific file from a stranger. Or from your mother, for that matter.

Seriously, ma and pa may be fine people, but they’re probably not security experts. If someone has a good reason to be sending you, say, a docx file, go ahead and open it. If they don’t, then leave it untouched.

I’ll make this even simpler: If you don’t know what something is, don’t click on it!

Next, let’s look at Maktub Locker and other ransomware programs for half a minute.

Ransomware works only if you’re fool enough to break all the rules I listed above. Once you have a dose, it encrypts your files and tells you to fork over $300 to $500 in Bitcoins, or your files have had it. After you pay up, and if you’re dealing with honest crooks, they’ll give you a key to decrypt your documents, pictures and all the rest. But — shocker! — not all crooks are honest.

Now, what simple thing should you have been doing every day to prevent any need of ever paying such ransoms?

I’ll wait.

How many of you said, “Back up my files”?

Congratulations. You need never fear ransomware. Making current backups is all it takes to mitigate ransomware’s effects.

Yes, you’d still need to clean your PC of the malware, but the vast majority of your files will be safe and sound. It’s a different story when a major business gets hit, such as the Hollywood Presbyterian Medical Center. But, even there, if the hospital had simply practiced regular backups — and it seems it didn’t — it could gotten back 99% of its data at no cost, and it would have been much safer to boot. I mean, after all, just how trustworthy do you think someone is who just locked down a hospital’s data, anyway?

So here’s one more commandment you should have already known:

5)    Thou shalt always back up thy data.

What ticks me off the most about this entire mess is that there’s really no news story here. The attacks never should have gotten through. Even if they did, they should have been useless.

The real story is that, in 2016, we are still making the same dumb mistakes we made in the ’90s. So remember: Don’t click on unknown files or links, and do make nightly backups. It’s not that hard!

Join the CSO newsletter!

Error: Please check your email address.

More about AOLLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steven J. Vaughan-Nichols

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts