PROTECT YOURSELF FROM RANSOMWARE
Stay safe online
ONCE UPON A TIME, the act of protecting your PC against viruses was simply to install an antivirus program, and watch what floppy disks and CD-ROMs you introduced to it. Then we all got Internet access, and you needed to make sure you didn’t download anything dodgy, while introducing a firewall to dissuade drive-by hackers. And for a while, that seemed sufficient.
How times have changed—and with ever-increasing rapidity, too. Nowadays, the threats keep coming, finding ever more inventive ways of getting through defenses, using trickery as much as anything else. But however hard the hackers fight, the security folk fight back, helping develop new forms of protection, removal, and repair to thwart the cybercriminals.
As it was in the beginning, prevention is always better than cure. Far better to tighten the security on your PC than have to go through the trauma of removing unwanted software, or battling a demand for thousands of dollars from a ransomware attack. But where do you begin? What software do you need? And how can you change your behavior to minimize your exposure in the first place? In this feature, we’ll help you on all these counts.
We’ll reveal the core protection you need, plus run through the various ways in which your online activities put you at risk, and how to protect yourself accordingly. You’ll discover how to encrypt your email, properly screen downloads for viruses and potentially unwanted programs, keep malvertising at arm’s length, and ensure none of your online accounts are easily—if at all—hacked. We’ll help secure your home network, too, so people can’t piggyback on to your Wi-Fi, or gain access to your home devices through your router.
And what happens if you do get infected? Don’t worry—we’ll run through some ways in which you can wrest control of your PC back from the malware, plus point you in the direction of some useful tools that can help you recover from a ransomware attack, even to the point of potentially decrypting your precious data. Without further ado, let’s get this (anti-malware) party started!
IT GOES WITHOUT SAYING that you need anti-malware software. Windows 10 comes with Windows Defender for basic protection, but it’s outclassed by most other antimalware tools. The best free antivirus tools include Bit-Defender AV Free ( www.bitdefender.com/ solutions/ free.html) and Panda Free AntiVirus ( www.pandasecurity.com). However, if you’re looking for more comprehensive security (including a thirdparty firewall), ESET Smart Security ( www.eset.com/ us) is renowned, along with Kaspersky ( www.kaspersky.com), while we’ve personally relied on Norton Security ( www.norton.com) for the past nine years.
In the past, you could only run one antivirus app on your PC at once. These days, there exist anti-malware apps designed to work in tandem with other security software. The most visible is Malwarebytes Anti-Malware ( www.malwarebytes.org). The free version provides scan and remove tools, but for continuous real-time protection, and the ability to block malicious websites—vital when it comes to keeping out malvertising and potentially unwanted programs (PUPs)—the Professional Edition costs $24.95 per year. Speaking of PUPs, it’s worth installing a tiny, free program called Unchecky ( www.unchecky.com) to keep unwanted add-ons off your PC.
TIGHTEN UP YOUR ROUTER
One of the most effective ways of making your PC as hacker-proof as possible is to review the way you use your PC. Let’s begin by securing your PC’s connection to your network and the Internet. First, your network: If you connect through Wi-Fi, make sure you have WPA2 encryption enabled in your router’s settings, and choose a strong, randomly generated password that can’t easily be remembered, if at all (write it down, and store it somewhere secure).
Worried about drive-by hackings, where people get within range of your wireless network, then attempt to gain access to it? Reduce your network’s visibility by disabling SSID Broadcast, then changing the SSID of your network to a name that’s not easy to guess. If you’re truly paranoid, enable wireless MAC filtering (use the “ipconfig /all” command in a Command Prompt window to find out your PC’s MAC address, in order to whitelist it first), change your network’s IP address from the usual 192.168.0.x to 192.168.y.x (where “y” is between 1 and 255), and disable DHCP.
With these settings in place, a hacker would need four things to gain access: first, your network SSID and its password. They’d also need to know a MAC address to spoof, and know what IP address to assign to their device (as well as the IP address of your router), just to get on your network. In
reality, this will make network setup longwinded, so you may want to strike a balance (perhaps leave DHCP enabled, for example).
Next, tighten your router’s other settings. Verify its firewall is switched on, and review any ports you’re forwarding— these are channels from the Internet to your networked devices, so make a note of what they are, remove any not in use, and disable those you don’t need permanent access to. Also, review your UPnP settings— these ports are dynamically allocated to applications running on your network. Disable any suspicious ones, and search for the originating apps to remove them.
It’s also important to protect access to the router’s settings: Change the default password to a stronger one (change the username if allowed, too), and look for a Remote Management or Remote Access option. This latter setting enables you (and anyone else) to access your router from outside your home network, using your public IP address (or dynamic hostname, if you have one). Disable this setting.
LOCK DOWN YOUR NET CONNECTION Virtual private networks ( VPNs) offer a number of security and privacy features— not only can you anonymize yourself and your location when connected through one, but they also encrypt all your Internet traffic, which makes them an essential addon for your laptop or tablet when surfing a public, unencrypted Wi-Fi hotspot.
There are many free services, such as Cyber-Ghost ( www.cyberghostvpn.com), but these come with limits—Cyber-Ghost’s only limitation is the speed of your connection, which is noticeably slower. Paid-for plans, starting from around $6/month, lift this limit, and there’s no wait before you connect.
If you’d like to run your entire home network through a VPN, you need to use a second router that supports the DD-WRT firmware—check out www.techradar.com/ 1300740 for a complete guide.
BEHAVIORAL CHANGES
Unfortunately, gone are the days when the only way malware got on to your system was through opening files or programs; these days, many threats are triggered by your own behavior, through misdirection.
So, how can you protect yourself from— er—yourself? Let’s start with email, where most of the initial phishing originated. First, treat all email with suspicion. If it’s peddling an offer too good to refuse, or making dire threats while exhorting you to click a link to verify your account or respond to some kind of dispute or offer, just take a deep breath. Re-read the message, spot the spelling mistakes, or the fact the address you’ve been emailed isn’t the one you’ve linked to your bank account. Who’s the sender? In the vast majority of cases, these basic checks will reveal that the email is a fraud.
Get into the habit of never clicking links in emails. Instead, open your browser, and visit the site specified by typing its address. But that’s not all you need to do against emails. Some contain malicious code hidden in the mail’s HTML, so configure your email client to read mail in plain text by default. Also, consider installing a mail-checking tool, such as POP Peeper ( www. esumsoft.com) or Mailwasher ( www.mailwasher.net), which can screen mail for junk and scams, and let you preview email without downloading it. Connect using SSL or TLS (see the “Encrypt Your Email” box).
SAFER WEB SURFING
In the past, surfing the web was a blind process—you typed in a web address and it loaded, no matter what was lurking at the other end. These days, most browsers
can detect known malicious websites, and block them by default, but there are still many dodgy sites that aren’t considered direct security risks. This is where web filtering solutions, such as Web of Trust ( www.mywot.com), come in. WOT operates a traffic-light safety system, providing an icon next to web addresses (and search results) that’s green (safe), amber (use with caution), red (dangerous), or gray (untested, so be cautious). The ratings are community-based, so aren’t always 100 percent accurate, but they do help flag up potentially dangerous sites, and block access to red-rated sites by default. Addons are available for all major browsers. Norton offers a similar feature with Safe Web, which is included as part of its Identity Safe password-management tool.
Even with this extra line of defense, protecting yourself on the web requires extra effort. First, adopt the same level of scepticism to everything you see on the web as you do with email. Phishing occurs across all platforms, from pop-up pages masquerading as Windows dialog boxes, claiming you’ve been infected or need to update now, to scams in Facebook Messenger, trying on the same type of scam as found in email. You should even be suspicious of text messages exhorting you to share your two-factor authentication code “for security purposes.”
First, don’t react immediately. Neither should you try to close the window, unless you’re confident that what you’re clicking is the close window dialog box, and not a spoofed one. Instead, use Task Manager to close the process. Under no circumstances give out any personal data, regardless of who is apparently asking for it.
Another way to tighten web surfing is to use a secure web connection (https://) whenever you can. Some sites automatically use secure connections, but others don’t— even though they support them. Force all compliant sites to encrypt your connection by installing the HTTPS Everywhere add-on
for Chrome, Firefox, and Opera ( www.eff. org/HTTPS-everywhere).
MALICIOUS ADD-ONS
Browser add-ons such as WOT and HTTPS Everywhere help tighten browser security, but it isn’t surprising that not all add-ons are what they seem, with many able to track your movements and steal personal data. Malicious add-ons have been injected into the Chrome Web Store in the past, while some cybercriminals buy up legitimate add-ons, only to introduce nasties through updates, which are automatically installed. Even those add-ons that appear to be reputable can sometimes be poorly coded in such a way as to make them vulnerable to exploits.
First, exercise extreme caution before installing any add-on—do all the usual checks, such as checking who the publisher is, and reading reviews (and paying particular attention to any that allege the add-on is spyware or spam). Google the name and words such as “malware” or “exploit,” to see if they’re linked in any way. Check the permissions (particularly during an update, where an add-on may ask for additional permissions it didn’t previously need), and ask yourself why it wants them. Also, regularly check your browser extensions, removing any you no longer need or don’t recognize.
Consider using bookmarklets, too, instead of add-ons—bookmarklets contain tiny bits of code that do simple things, such as tweeting the current page, but they can’t automatically update, and only run when you click the bookmarklet. Again, be sure to obtain these from reputable sources, and be as sceptical as you would with an add-on.
DOWNLOAD PROTECTION
Downloads are a common source of malware, so make sure the installer is scanned by your anti-malware tools before you launch it—right-click the file to find the relevant option, such as “Scan with Malwarebytes Anti-Malware,” if it’s not done automatically (Norton pops up a message in the Taskbar Notification area to tell you it’s scanning the file, for example).
An increasing number of developers provide checksums for the software you’ve just downloaded. These checksums, also known as signatures or hashes, are typically used to verify a download isn’t corrupt, but can also be used to calculate its authenticity, too. You need a third-party tool to generate the “hash” of the file you’ve downloaded, then you compare this with the checksum given online—it’s not definitive proof, but it’s a useful extra step.
There’s a number of different hashes used: MD5 and SHA are the most common, and the MD5 & SHA Checksum Utility ( https://raylin.word-press.com/) makes it easy to verify either type. Just select your downloaded file, then paste in the hash from the webpage, and click “Verify”—the program quickly confirms the two match.
There’s one major development to look out for when downloading software. An increasing amount is shipped as “bundleware,” which means it includes other program installers, offered to you during installation. Reputable installers make these offers crystal clear, and make it obvious how to opt out of them, but an increasing number don’t, making it all too easy to accidentally install unwanted extras, not all of which are desirable.
It’s not just individual programs, either— major download sites (we’re looking at you, Download.com) have also started bundling extra unwanted software with downloads, and some of this is little more than “crapware,” or even borderline malware. In the case of Download.com, examine the green “Download now” button carefully for a grayed-out “Installer Enabled” sign; if it’s there, it means the application is installed using Download.com’s own installer, which contains bundleware. You’ll find that MD5 & SHA Checksum Utility is downloaded through Download.com, but thankfully there’s no bundleware included.
Programs such as Unchecky and the Premium version of Malwarebytes screen most of these out—you still get the original program, but they either change the bundleware’s default settings to prevent the extra programs being installed by default, or may block the bundleware portion of the app. Either way, you get a notification that they’ve worked on your behalf.
Even if you have these programs installed, they’re not foolproof (particularly Unchecky). Therefore, you need to take extra care during the installation process— look out for license agreements referring to other programs, and examine any checkboxes carefully to ensure you’re not
about to inadvertently install an unwanted extra. Some offers come with “Accept” and “Decline” options—choose the latter, and you move on to the next part of the process, or close the installer and source a different program that doesn’t take such risks with your security (often, authors have no control over what bundleware is installed with their program).
Fan of torrenting? You need to be doubly cautious—torrents from official sources (such as Linux installer ISOs) are usually safe, but if you’re venturing into dodgy territory, looking for the latest TV episodes, be very wary. Check comments and reviews of individual torrents to see if anyone else has spotted anything dodgy, and run the usual scans before opening any files.
SOCIAL NETWORKING
One way in which we inadvertently hand out personal data is through our social networking profiles. Ask yourself if you really want to share your birthday publicly with everyone on Facebook, or why a particular social networking addon needs to know so much personal information about you. Take the time to check your profile’s privacy settings on all your networks, to review what data you’ve handed over to the network, and how much of it is public. Avoid making public posts that unintentionally give out information you use as security questions elsewhere (your mother’s maiden name, for example, or the city of your birth). And, as always, ensure your accounts are protected by strong passwords, with two-factor authentication where possible.
Many web links shared over social media—particularly on Twitter—are often shortened to save on characters, but how do you know the link published is genuine? Visit http://checkshorturl.com, where you can input the shortened link to examine the original webpage it points to, plus check the link’s safety ratings on WOT, Norton, and various other reputable sites.
RANSOMWARE
One of the biggest threats in recent times comes from ransomware, specially formed malware that locks you out of your PC or your data (typically by encrypting it), before demanding a ransom in return for receiving the code required to unlock it. One clever trick on the thieves’ part is to ramp up the pressure by hiking up the ransom cost the longer you delay. Most anti-malware tools
should offer some form of protection, but check with your vendor to see what it can and can’t do. Bit-Defender has released a “vaccine” that can block some ransomware, by tricking it into thinking the computer is already infected—see the March 28 entry under https://labs.bit-defender.com/ blog/ for details and a download link.
The most effective way to protect against ransomware is to keep your PC backed up—a drive image of an entire drive, or file-based backups of your data (including cloud services, such as One-Drive) ensure you’re protected. In the case of file-based backups, these offer multiple versions of your files, enabling you to roll back to a pre-hijacked version; drive images enable you to wipe the drive and restore Windows, your apps, settings, and data from scratch, with all but those changes made since the image was taken. Use a tool such as Macrium Reflect Free ( www.macrium.com/ reflectfree. aspx), with daily incremental images to keep the file size down.
Try to keep at least one copy off-site—in other words, not directly connected to your computer. Otherwise, it’s possible that the ransomware could locate the backups and encrypt those, too. Future attacks may target your cloud storage, for example.
REPAIRING THE DAMAGE
It’s not always possible to keep infections off your system, so what can you do if they get through your defenses? If your system is working, try running scans with your existing tools—reboot into “Safe mode with networking” if necessary, via “Start > Settings > Update & Security > Recovery > Restart now,” to access the Advanced start-up menu. From here, choose “Troubleshoot > Advanced options > Startup Settings,” then restart, and pick option 5. If this fails, you need some additional tools. First, download RKill and ADW-Cleaner from https://toolslib.net (use another PC if necessary, transferring them across on CD or DVD). Run the former to terminate known malicious processes, but don’t reboot if prompted. Next, launch Malwarebytes, update it, then select “Settings > Detection and Protection > Scan for Rootkits,” before running a Threat Scan, letting it clear everything it finds.
If you need additional cleaning of adware, browser toolbars and hijackers, and other PUPs, run ADW-Cleaner, plus Malwarebytes Junkware Removal Tool ( www.malwarebytes.com/ junkware removaltool/), which may find things missed by Malwarebytes itself. See the box on the right for tips on removing ransomware.
Another tool to consider is the Emsisoft Emergency Kit—this is a portable dualengine scan and remove tool, which can be downloaded direct to a portable USB drive on another PC (be warned: it’s rather large, at 228MB). Run the tool once on the second PC, and update it when prompted, then plug it into your sick PC, and let it attempt to find and remove the nasties.
Once your PC is clean, you may need to perform certain repair tasks. NetAdapter Repair All In One ( https://sourceforge.net/ projects/netadapter/) can help with broken Internet connections, for example, while the Windows Repair Tool ( www.tweaking.com) can give your system the once-over, as well as restore functionality, such as resetting Registry and file permissions, removing policies set by infections (such as blocking access to Task Manager or Regedit), and repairing Safe mode.
With your PC running smoothly, follow our tips to tighten security, then restore any backups if necessary. With a fair wind, you’ll put your security scare behind you, and sail into calmer, safer waters going forward.