Local experts seek to educate public after recent global cyber attack
After the recent cyber attack that took computers hostage globally, local computer experts are making the public aware of the effects of ransomware and how to protect themselves from becoming the victim of computer viruses.
Jeff Shafer, an associate professor of electrical and computer engineering and the founding director of the cybersecurity program at University of the Pacific, said he has no knowledge of any ransomware infections locally, but warned residents to have a backup to their computers and run updates frequently.
“It’s a ransomware epidemic, which means that it’s malicious software that will take all the documents on your personal computer or your company’s computer and encrypt them, which just basically locks them with a secret password that’s only known to the ransomware author,” Shafer said. “Then the authors try to extort money from you in order to get your files unlocked.”
According to Shafer, in most cases the victims won’t know for sure whether they will get their files back if they pay the ransom. He said the ransomware is spreading on an automated basis across the internet and that’s what allowed it to spread so quickly last Friday night into Saturday morning.
“It was scanning on an automatic basis for vulnerable computers that are directly connected to the public Internet and basically exploiting file-sharing services on the public internet in the same way that you might have a shared folder on your corporate drive,” Shafer said.
No human interaction is needed for a computer to be infected with the ransomware. The computer just has to be vulnerable and scanned by the ransomware, Shafer said.
“It was scanning the entire public internet so there was not a safe geographic region to be in,” he said.
In terms of vulnerability, Shafer said this was a known defect in the Microsoft Windows operating system.
According to Shafer, Microsoft was notified of the defect and the company released updates to its operating systems two months ago. The people infected over the past weekend were people who do not operate their computer systems regularly, he said.
“Either they chose not to install the updates from Microsoft or they were running such an old operating system where Microsoft did not at that time have an update available because the operating system was no longer supported by the company,” Shafer said.
He said there is some fingerpointing going on because people had two months to install these important security updates and they didn’t.
“There’s some amount of personal responsibility that goes into play here,” Shafer said. “What you find is that many large corporations that manage fleets of computers by a centralized office can be quite slow with installing updates ... if your company takes too long to evaluate and update and install it, you’re essentially leaving your computers vulnerable the whole time.”
For those who are unfortunate enough to become victims of ransomware, Shafer said that the signs of infection are obvious.
“The point of ransomware is to extort money out of you so this will not be hidden on your computer and it will pop up a big red screen that says in plain English ‘your files have been locked you don’t have access to them.’”
Usually there is some countdown timer that gives the victim seven days in order to pay the ransom or their files will be lost, Shafer said. There will also be instructions on how to transfer money to the attacker and usually the money is paid with an online cryptocurrency such as Bitcoin so once the victim pays it they can’t get it back and it cannot be reclaimed easily by law enforcement.
With this particular virus, Shafer said the victims’ files are not recoverable unless they pay the ransom and the authors give them the key to unlock it. However, not every piece of ransomware is written well and sometimes it’s easy to unlock. With some attacks, everyone has the same unlock key so once someone pays the ransom they can share the key on the Internet and anybody can use it to unlock their computer, Shafer said. Shafer has not heard if the most recent ransomware virus is permanently locked or whether it will be easy to reverse in the future.
“You have to assume that the ransomware authors did a good job and that your files are encrypted,” he said. “The way you recover from this if you are infected is you have to restore your computer from backup, and I hope you have good backup and a recent backup.”
In an effort to protect yourself from this type of virus, Shafer said people can install anti-virus software and turn on automatic updates on their computer.
In Lodi, there hasn’t been a known case of a ransomware infection, according to local computer repair shops.
Anthony Partida, a tech expert at Computer Impressions on Lodi Avenue, said that while the shop did see a large number of customers come in over the weekend, he has not come across a computer with the ransomware virus.
Partida warned residents to be cautious about what they’re clicking on the Internet and to make sure their anti-virus software is up to date to protect themselves from getting infected with a virus.
Enrique Basulto, owner of TechSabe on Oak Street, said that he had not experienced an increase in customers over the weekend. He did have a customer come in with a virus but it was not the ransomware virus.
Like Shafer, Basulto recommended that residents install anti-virus software and update the latest software for their computers. He encourages residents to visit his store website
to read his blog “Enrique Radar” for more information and tips for preventing viruses on their computers.