I’ve intended for a while to break out some of the scattered information in the ransomware resource page and sub-pages into its own Ransomware Recovery and Prevention page.
And finally got around to it.
Much of the same information (and more) remains in the Ransomware Resources page and/or sub-pages. (Sorry, but I’m happy to duplicate information where appropriate. If I had more time to spend on this page, there’d probably be less duplication, but I haven’t…)
However, the new(-ish) page is better organized and more immediately useful (I hope) for people who are interested in barebones recovery and prevention information.
The latest SANS ‘Ouch!’ newsletter is dedicated to a description of ransomware and tips on how to counter it. And no, I have no idea why they chose the name Ouch!
Like other editions, this particular newsletter issue is presumably aimed primarily at home users rather than corporates. (Though it does include a link to the SANS Advanced Cybersecurity Learning Platform.) At any rate, it’s fairly simplistic. However, it’s accurate enough (though I’d take issue with the fact that it seems to suggest that cloud-based backups are safe from ransomware, which isn’t always true).
Anyway, anything that might help raise awareness and understanding of the issue among the general population is worth publicizing.
A technically not-very-sound article from the BBC on The computer virus that blackmails you. It would be nice if a ‘technology reporter’ knew better than to describe all malware as ‘a virus’. Still, I suppose anything that raises awareness of the problem is at least partially helpful. And while it’s not always the case that files can only be recovered from a backup version, it’s good to reinforce the idea that backups are a Good Thing.
My first engagement with and introduction to the malware problem was back in 1989. Surprisingly, that first encounter was not a virus, even though through the 80s viruses were the aspect of security that most people were aware of, and Trojans – or trojans, as some of my colleagues in the industry nowadays insist on spelling it – comprised at that time a very small proportion of the virus-dominated malware scene. However, the ‘AIDS Trojan’ was pretty big news at the time in the fledgling anti-virus industry, even though it targeted a fairly specialized sector of the medical research community.
In fact, I still have one of the disks sent out carrying the ‘AIDS Trojan’, sometimes cited as the first ransomware, at the end of the 1980s, retained for purely sentimental reasons.
However, the impact and scale of the ransomware problem seems to have increased dramatically in recent months, so I though perhaps it was time to set up a page somewhat along the lines of our tech support scams page. Unfortunately, it’s not as polished as I’d like, due to pressure to meet other commitments. But I figured this might be one of those ‘something is better than nothing’ moments. Not that there isn’t already good information out there, but I wanted to have some links and commentary in one place.
[Further links added March 13th 2011 (and a couple more on the same day). Extra links and commentary appended March 14th. More commentary re the Bing chaintweet subsequently added. And yet more on related scams added March 15th. More miscellaneous resources and commentary on 16th and 17th March. Additional links on 23rd March]
This is an attempt to bring together a number of disparate blogs highlighting resources I’ve been collecting over the past couple of days, relating to the Japanese earthquakes and tsunami. Apologies if there’s nothing here that’s new to you, but I think it’s important to spread this information as far as possible. This will now be my primary resource for putting up any further information I come across. I don’t, of course, claim that it will cover a fraction of the coverage that’s out there.
While Lewis Page describes in The Register how the Fukushima plant is actually performing “magnificently”, given the unexpected scale of the stress to which Japanese nuclear facilities have been subjected in the past few days: http://www.theregister.co.uk/2011/03/14/fukushiima_analysis/ Even if you’re not totally convinced that this is an argument for more nuclear powerplants, it’s certainly a welcome corrective to the FUD-exploiting scareware SEO that I suspect we’ll see over the next few days.
Lots more links suggesting that radiation risk is way overblown, but I think we have enough of those to get the gist. Just be sceptical about alarmist reports that you can’t verify from reputable sites.
I’m also seeing a number of posts and articles suggesting that the situation regarding affected nuclear facilities is getting worse: I’m not qualified to separate fact and fiction in many of these cases, so I won’t try to track them here.
I probably won’t continue to add too many resources to this page that don’t have a direct and compelling security dimension, but if you are interested in the sort of footage of exploding reactors, tsunami hits and so on that blackhats use as bait for fake AV and clickjacking, the BBC has quite a few relevant videos: I know that because I watch the news. 🙂 I haven’t looked up individual links, but a quick Google search brings up several at http://www.bbc.co.uk/: no doubt searches of CNN etc. would bring up similar results. There’s lots of this stuff out there: no need to click on dubious links from unknown sources!
David Harley CITP FBCS CISSP AVIEN COO ESET Senior Research Fellow