Spotlight on DASNR IT

“What programs will keep my data safe?”

“What programs do I need on my computer to keep me safe?” It is a question I am often asked. The unfortunate truth is there is no one specific program that will keep you 100 percent safe from all threats. However there are several programs that, when used correctly and in unison, can minimize the likelihood of your computer becoming infected.

A good place to start is an antivirus program. OSU currently uses Microsoft Security Essentials (MSE) or Windows Defender depending on which version of Windows is on your computer. These programs scan your computer for known malicious software. MSE can be downloaded from here if you would like to install it on your Windows 7 machine. Windows Defender is included with Windows 8, 8.1, and 10.

If you are concerned your computer is infected with malware, Malwarebytes is a very good program to install. Unless you have a paid subscription Malwarebytes does not scan your computer in real time. Still, the free version does a very good job at detecting viruses and malware but you have to remember to manually run it from time to time. Malwarebytes can be downloaded from here.

An online backup program is, arguably, the most important program you can have on your computer. An example is CrashPlan. Recently, I diagnosed a computer that was infected with Cerber ransomware. As a result of the infection, all of the files on the computer were encrypted with Advanced Encryption Standard which is virtually impossible to crack without the key to decrypt the data. The virus left a message on the computer screen stating the encryption key would be provided if a fee was paid. Even if the ransom was paid, there is no guarantee that the key would be provided. In this particular case, I could have removed the virus and malware on the computer. However, the files would still be encrypted. Without an online data backup, the data was lost. Cerber is just one of the several programs that have been found in the last year to bypass antivirus programs and, in some cases, even corrupt local backups. This makes online backups even more critical. CrashPlan can be purchased and downloaded from here.

While there is no need to panic over computer security, it is very good to plan ahead and be prepared. Installing an antivirus program and using on online backup program can help save your data from being lost and minimize the security risks ranging from theft to ransomware.

~Levi Arnold

Cybersecurity Awareness Month 2016: Ransomware and You

Ransomware is a term for malware that infects computers and attempts to extort money from the user by holding the files and data for ransom. In most cases, the data is encrypted in such a way as to make it no longer readable without the encryption key. The user is presented with instructions on how to pay the ransom, after which it should be possible to decrypt the files. Ransomware has existed for several years, but has exploded in popularity in the latter half of 2015 and the first half of 2016[1]. The primary reason for this explosion is that it has become the single most profitable form of malware in use; as an example, McAfee’s Q2 2016 security report told the story of a Russian gang of malware developers who made more than $120 million in the first six months of 2016. Even allowing for costs of distributing the malware, their profit was probably over $90 million[2].

With profits like that possible, it should be obvious both why cybercriminals are turning to ransomware and why the problem is likely to persist. There is great incentive for these criminals to continue developing new forms of ransomware and new ways of distributing the malware. Currently, variants of ransomware exist for Windows, Linux and MacOS systems; Windows variants are the most common, but the others are growing.

How can we protect our systems against ransomware? For ransomware, traditional antimalware tools don’t help us; they can remove the ransomware, but the files are still encrypted, and in most cases, cannot be decrypted without the key. We need to do two things to be secure:

Don’t get infected; most of these attacks come through email or malicious advertising. For email, be extremely careful of attachments, especially zip files and Word documents, as Word macro installers for ransomware have started to show up in the wild. For malicious ads, update your system, especially Flash and Java, and run a good real-time protection antimalware.
Have a good protected backup of your data. Online cloud backup is really the only protection against this type of ransomware. The various cloud backup services keep several versions of your data, so even if your files have been encrypted, it should be possible to restore unencrypted versions. They also are able to defend against most types of ransomware, so your backups should remain uncorrupted. If you don’t have this type of backup, then infection with ransomware will most likely result in complete data loss.

Some new variants of ransomware have the ability to copy themselves across network file shares, meaning that if one computer in an office became infected, soon all of them would also be infected. This also means that backups made to external hard drives, thumb drives, and so on would be vulnerable to infection – or could spread the infection themselves.

For more information on ransomware, including help with prevention, please go to https://www.nomoreransom.org. This site, a joint project of Kaspersky and Intel Security, has a great deal of information and help for those affected by ransomware. Some other helps:

Cloud backups
A cloud backup which maintains multiple versions of backed-up files allows for protection against ransomware by making it easy to revert to an earlier version. Here are some options for cloud backup.
OneDrive – allows restoration of earlier versions of Microsoft Office files. It is unclear whether or not OneDrive will maintain multiple versions of non-Office files. https://support.office.com/en-us/article/Restore-a-previous-version-of-a-document-in-OneDrive-for-Business-159cad6d-d76e-4981-88ef-de6e96c93893 has instructions.

CrashPlan – allows user configuration of multiple versions and retention settings. Different backup sets are possible (allows user to prioritize data for backup). https://www.crashplan.com/en-us/

Carbonite – keeps multiple versions of files going back up to 90 days. https://www.carbonite.com/

Security Software

Bitdefender Antivirus Plus 2017: http://www.bitdefender.com/

Kaspersky Anti-Virus (2017): http://usa.kaspersky.com/store/kaspersky-store

[1] Cisco 2016 Mid-Year Security report

[2] McAfee Labs Threat Report – September 2016

Cybersecurity Awareness Month, October, 2016 – Protecting your Computer

Perhaps you notice your computer acting sluggish. You visit websites and are inundated with popups saying “your computer is infected, please click here.” Then, one day you start your computer and all your data seems to be gone! On your computer screen you read a message informing you that your computer has been taken over and your data has been encrypted; to retrieve your data you must call a telephone number and pay a ransom.

Unfortunately, this scenario is becoming all-to-common but the risks can be minimized with a few simple steps. While you should always practice good security habits, October is Cyber Security Awareness Month and is an excellent time to review what you are doing to keep you, your computer and your information safe.

One of the first things you can do is to make sure your computer has an antivirus program. Windows Defender and Microsoft Security Essentials (MSE) are programs the university supports. MSE needs to be installed on all Windows 7 computers and Defender is the updated version of MSE that comes already installed on Windows 8, 8.1 and 10 machines. It should be noted, however, that too many scanners can cause problems. For example, running MSE, McAfee and Norton simultaneously is not recommended because they can conflict and slow your computer down.

Keeping your computer’s software updated is another great way to protect your computer from a malicious attack. Vulnerabilities arise on a regular basis. When they are discovered the affected software companies release a ‘patch’ to fix the vulnerability. Your computer should automatically check for Windows and Microsoft updates (which includes Office software). Another great software update tool we recommend and use in DASNR IT is called Ninite which regularly updates programs such as Java, Google Chrome, Mozilla Firefox and Adobe Reader, just to name a few. You should also consider removing software programs you no longer use.

Awareness of the sites you visit and links you click on is another way to stay safe online. Be wary of any sites that offer anything for free or that just sound too good to be true. Even Google ads on websites can install malware on your computer.

Emails are also a common place for ‘click-bait’ especially from senders you think you know. Before you click on a link, always make sure that you know the sender of the email and where the link is going to take you. If you aren’t sure, don’t click on the link. If in doubt, hover over the link in the email message and look at the address. Don’t click on links that have addresses inconsistent with the message or sender’s purpose.

Maintaining a secured computer is a great way to protect yourself, your computer, and your important data. If you suspect your computer is infected, contact your departmental Computer Support Specialist or Extension Technology Specialist. The longer you ignore an infection, the harder it is to remove.

Over the next month, DASNR IT will be releasing additional articles regarding cybersecurity so keep an eye out in your email or on our blog site: spotlight.okstate.edu/dasnrit/. If you have any concerns, feel free to contact us. We are more than happy to ensure your computer is protected and updated.

~Cynthia Hobbs