Friday, January 6, 2023

When Ransomeware Attacks!

 --

Thank you Microsoft.

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

'"Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets," Microsoft said.'

Q: What is the single best defense against ransomeware?

A: It's the #1 Rule of Computing: Make a backup.

The ideal backup of course is continual, hour by hour, encrypted and saved both locally for quick access, and off-site at a location that is not allowed to be overwritten. This serves two purposes:

1) Encryption means the bad guys can't steal it then blackmail you to pay up or they'll release the data to the public. All they can share is the gobbledegook mess of encryption noise. This kills their incentive to steal the data in the first place.

2) You have off-site all the data you need to restore your system in a hurry, ASAP, that day. You don't have to pay any ransom. They may have found your encrypted data, stolen it and ruined everything on your computer systems. And you don't care because you have a fully intact, made an hour ago encrypted backup they could not destroy. You RESTORE and you're back up and running. Just be sure your restore does not include the ransomware that got you nailed.

Q: Should you also use an anti-malware system?

A: If you can afford it, I vote YES. Some detection systems from anti-malware vendors are free! Just be certain you're using anti-malware that is rated as well run and frequently updated. 

As is evident, I'm no longer deep in the anti-malware world. But I can point out what works for me and what's known to be garbage.

What I Use:

Malwarebytes: This is a simple and useful anti-malware system created and maintained by a former colleague and collaborator from years past. It's useful on a per machine basis. The free version is a good start.

Intego VirusBarrier: I've been using their software for 17 years, testing both Mac and Windows systems on my computers. They remain excellent IMHO. Keep an eye out for discounted license deals.

RansomWhere? : Patrick Wardle is a saint of macOS security. Among other things, he provides useful anti-malware tools free of charge. He also provides a free book for Mac security professionals entitled "The Art of Mac Malware".

Don't Use (IMHO of course)

Avast, aka AVG, aka Gen Digital, aka HMA, aka Piriform Software, aka Inmite, aka NortonLifeLock, aka Jumpshot (now defunct). Why?

"In January 2020, a joint investigation by Motherboard and PCMag found that the Avast Antivirus and AVG AntiVirus Free version were collecting user data, which was being resold to personalize advertising through a subsidiary, Jumpshot...."

There have been and likely will be other such invasions of privacy from a variety of sources, sadly including anti-malware. Therefore, be wary and investigate any security system, security dependent software or device, before buying and installing. Searching out the reputation of any company is considerably easy over the Internet. Check a variety of sources for comparison.

On an enterprise level system, I am only familiar with Sophos. But there are other options to investigate as well!

IF you do your proper backups AND do your best to keep the malware off your systems (remember that wetware error is here to stay), you can keep out and/or frustrate ransomeware attacks. Be prepared! Investing in computer security is worth the expense in EVERY situation. Expect to be attacked. Be able to rely on your preparations to save you.

Remember: Almost every victim of ransomware that ends up paying up has FAILed at the First Rule of Computing. They didn't store a safe, encrypted backup. Don't follow their foolish example.

More reading:

How to Protect Your Mac From Ransomware

--