By David Christie
Hello folks and welcome to a long overdue update from your local Working Mouse! Our focus over the last few months has been countering and recovering from malicious malware and internet scams. Over the years scammers and malicious hackers have discovered its easier to get money by ransoming people directly rather then fill your computer with viruses and pop-ups, and here we will explain how they do it, and what to do in order to avoid such misfortune.
You’ve no doubt seen the new’s regarding poor network security in regards to Russia’s involvement in our political system, and the recent data breach at Equifax, exposing the private information of roughly half the countries populace. Unfortunately alongside these (and the many, many, other scams out there) we have another global spread ransomware attack taking root on the web.
The most recent bad bit of data trying to worm their way into our computer devices goes by the name Bad Rabbit. It’s known place of origin is through a false Adobe Flash Player update. The program is an executable, meaning typically you will be prompted if you wish to allow the computer to run the program before it actually does anything. Most PC’s and PC devices have a basic antivirus or default settings that require the computer to ask a user before allowing outside programs to run. So if your computer has a decent antivirus or if your running a Mac, you’ll only get this infection if you mistake the message prompt for a normal Flash update, or hurriedly click the prompt away in a rush to get back to work (or Netflix, Facebook, solitaire…we don’t judge)
The malicious software follows a popular troupe that’s been around since the internet was born. They mask the program under a popular name or company brand. All they have to do afterwards is wait until people run the program out of haste, ignorance, or simply because a lot of folks still have a computer running Windows XP/Vista and its security definitions are older then any of us reading this post.
Your woe’s, should you succumb to one of these encryption scams, will typically involve all of the data stored inside the computer being turned into coded gibberish. You will see a message on your desktop explaining that your data has basically been locked, with the only method of retrieving the key is to send a certain amount of untraceable virtual currency to a specified web account. This is most often the result of opening malicious emails and programs, usually under the guise of legitimacy. Like I mentioned before, they simply label the program/message to resemble large and popular companies so casual PC user’s will skip over the details and simply accept or open what is sent to them…kinda like the terms of service page for every product known to man.
Speaking of popular company brands, if you or someone you know claims to have been called or contacted by a Microsoft employee, plead with them to discontinue contact with them ASAP before any damage is done and either check their computer or have a professional look at it for remote access tools. Unless you have made efforts to contact Microsoft yourself prior, Microsoft will NEVER CALL YOU. We get at least one person a week in our town who calls us because they let a “Microsoft technician” inside their computer.
I want you to imagine letting a faceless entity, who you have no knowledge of other then what he/she CLAIMS to be over the phone into your computer. Your computer, that is full of private information, banking information, the usernames and passwords for all the sites you use, your email, as well what websites you typically visit. This includes others who either use the machine or who’s account you manage from the PC.
Now I want you to imagine your about to let a bear into your house. You want to let the bear into your house because, after scratching at your door for a time, it told you that if you didn’t hurry up and open the door, an elf in your closet would start eating all your hats. You love your hats with a passion and would hate to lose them. Your son also keeps his favorite coat in there. You mention this to the bear and he says the elf’s desire might not stop at hats and might lead him to consume EVERYTHING in the closet, but the bear claims he is very good at getting rid of elf’s….
If you think the bear scenario is more ridiculous, that’s because you’ve never let a stranger into your computer. This stranger after sometime of browsing and doing pointless tasks that he claims are fixing your computer, charges you 200-750$ (they will start high and lower it if you claim you can’t afford it) dollars. The ones who do pay the charge are then subject to the following:
A- You luck out and the scammers simply move on to their next “customer” and hope you don’t refute the charge before your bank or credit card company can deduct the charge. (usually you have a month)
B- As soon as you submit payment with a card, they will go on a mad spending spree, attempting to run your card to the limit before someone freezes the card. Luckily, many banks and credit companies (in my many experiences dealing with this) will contact you once they notice large or bulk purchases on you’re account. More likely so if they are online purchases or outside the country.
C-Purchases will be made in small, barely noticeable amounts to escape notice from both the bank and yourself. This is commonly done with gas purchases, or groceries in amounts under twenty dollars. Anyone who doesn’t check their balance daily might not notice an intrusion like this for YEAR’S, and lose a lot more as time goes on.
D-The scammer will orchestrate your computer to display fake virus and error messages, along with their “business” number. They will “fix” your computer as many times as they can before you become fed up with them or someone notices what they really are.
Should you refuse them (and you don’t unplug your router/modem in time) you can expect the following…
A-They move on to the next person, as they don’t see any worth investing their time and “resources” in holding your computer/information hostage.
B-They change your computers password, or add a SYSKEY (Windows). Locking you out of the computer. Usually they will demand money to reset it. You shouldn’t pay them as there is no guarantee they will give it to you. If your computer remains un-encrypted, your data can still be retrieved through the hardrive.
C-If given ample time they can encrypt your entire computer. This will leave you with access to your computer, but with your pictures, documents, everything essentially opening up as gibberish and code. There are only two ways to recover from this, other then paying a stranger across the world and hoping he doesn’t just cut off all contact. You have steady backups of your data to recover from, or recovering your files from the computers “Shadow Copy”. This is essentially a hidden copy of all the files on your computer. You should however, keep in mind these can be (and often are) overwritten along with everything else.
Regardless of the case, if someone gains remote access to your computer you need to make sure to remove the program they used to access your computer. Most RATS, or Remote Access Tool’s, have an option to enable access to remote clients without prior permission. Meaning if you leave the program alone, even if you remove all other changes made to the computer, they could potentially gain access to the computer again. You can remove RAT tools via the add or remove programs section of Windows 10. You can also access the uninstall programs options via the control panel with the categories option selected. If you aren’t sure where to go on a windows 10 system, simply click the search bar to the right of the start button at the bottom left hand of the screen, then type “remove”. The top option that appears on screen should read “add or remove programs” and clicking on this will take you to an entire list of all the programs installed on your computer.
The two most common remote access tools I run into are Citrix and Team-viewer. Both of which are not malicious programs in themselves, but are simply tools that can, unfortunately be used for the opposite purpose they are intended for. These are just two possibilities you can check for and remove. Also take note that sometimes the remote access tools will uninstall themselves after you have disconnected, with the scammers scurrying off into the darkness of the inter-web’s.
Now, the only true way to 100% guarantee your computer is free of all the problems that come as a result of outside intrusion, is to backup all your data, make sure you have the resources needed to reinstall critical software (Quicken, Microsoft office, etc) and do a complete wipe and reinstall of the computer. Along with this, you should change all your passwords for critical websites that involve any sort of online transactions. Many folk have their passwords for online sites saved inside their web browser of choice. Meaning if you go to your banks website to check your balance, or buy anything on amazon and the computer fill out your password sections automatically, that information can be viewed without much difficulty if the scammer is left alone with the computer for any decent amount of time.
We at the Working Mouse are dedicated to assisting in the recovery and prevention of malicious online scam’s and deception. Please keep in mind to never call or otherwise pay any mind to anyone who claims to be from Microsoft or Apple. Do not respond to phone numbers on internet pages that flash violently and say you have a virus, simply turn the computer off and it will go away 99% of the time. Unfortunately the elderly and retired are a frequent target of these scam’s. People who fall into this categorize you will likely receive many phone calls, with people aggressively pressing you to let them into your computer. Worse, if they were able to get any money out of you they WILL call again. Which can be incredibly disheartening when someone’s 90+ grandmother becomes a repeat victim to these kind of cyber attacks.
That’s all I have for this months update. Hopefully we will have more timely articles posted from now on, keeping you updated on the latest safety tips and general computer knowledge for the baffled, befuddled, and bewildered!
I hope that you found our article helpful, and thank you for keeping the Working Mouse working!
