False Windows updates are now a thing you have to watch out for. Your computer is going to need regular updates for continued operation. Unfortunately, ransomware designers have taken a new tack in the transmission of encryption software. They shroud their “Trojan” in “friendly” software updates. Recently, Phantom, a ransomware package, has been presenting itself as a Windows update.
While it looks as though your computer is being upgraded, in reality, your files are being encrypted. When the “update” has finished, you’ll get a ransomware message that tells you if you want to keep your files, you’re going to have to pay the person who made the false-flag Phantom download a fee. If you pay the fee, you probably won’t have full access to your files, because Phantom sends a “master” key, or a “private” key, to the controller of the viral program.
Meanwhile, the only “key” you get is a “public” one. So even if you’re able to get your files back, the man with the master key still has the ability to shut you down any time he likes and demands more money.
The only real way to fight ransomware is to have continuously updated continuity backup contingencies, maintain their safety, and initialize computers infected with ransomware. Once your data has been encrypted, the encryptions used are so powerful you will likely be unable to break through them. Oftentimes they’re the same kind of encryptions used in military applications.
A good rule of thumb is to begin a backup habit which puts all your files in a safe, secure location before you start working a shift, or after you’ve finished. This must be done away from the network, the Internet, or any web-related applications on-site. Malware is always downloaded from an exterior source. To keep it from compromising your systems, you’re going to have to backup when the web isn’t available.
This can be especially difficult given the proliferation of “the Internet of things”. From lighting to garage door openers to printers, cars, cell phones, and even thermostats, today there are quite a few non-computational Internet-enabled devices that a clever hacker could use as a backdoor into your system. You need to be sure your computer — or smartphone — has no access to such tertiary web-utilizing devices before you do any system backups.
Additionally, you want to avoid downloading any updates that haven’t been approved by your system administrator. It helps to have antivirus software on your computer, and an IT department whose purpose is to deliberately prevent infiltration.
What to Do If Your System’s Been Compromised
In the event your computer becomes infected with some variety of ransomware, take the following steps:
• Disconnect from any network.
• Look for a healthy reboot point without any infection — a recent backup is ideal.
• Do a restore, reboot your computer in “safe mode”, and run anti-virus software.
• If ransomware can be identified and dealt with using existing tools, do so.
• If it can’t, you’ll have to do a complete initialization/reset — or pay the ransom.
• Be sure to notify local authorities in order that further attacks may be curtailed.
Additional Hidden Viruses
Not all Easter eggs have money or candy inside. Some just have a rotten egg yolk that’ll smell up the place. One of the biggest difficulties in programs that use false Windows updates is that we get so used to sourcing our upgrades online, that if something appears official — if it has the same kind of font, the same color scheme, the same sort of graphics — we’re apt to subconsciously trust it. Mac Defender has done a lot of the same kind of damage to Macintosh computers, and for the same reason. It appears to be a legitimate application that later reveals itself as a Trojan horse ushering in viral destruction.
One of the best ways to avoid being victim to a false Windows update, or some other masquerading app, is to find a tech company whose job it is to remain abreast of trending ransomware facades. Such a group will proactively protect your system, and in a direct way which separates them from malware-pushing hackers. Computer security is definitely complicated enough to recommend professional support.
About the Author
Jennifer Holmes is President of MIS Solutions and a Georgia native who, after graduating from Georgia Tech, became an accomplished research virologist at the Centers for Disease Control and Prevention in Atlanta. In 2000, Jennifer hung up her lab coat to join husband Lliam at MIS Solutions as President.
In the past 16 years, she has led the MIS Solutions team to become the Leaders in Metro Atlanta IT Support. MIS Solutions, Inc. is on a mission to empower small businesses with IT solutions, services and teams to grow and support their businesses. Jennifer’s passion is sharing effective business strategies with her clients to deliver the best business solutions for each client’s unique environment and needs.
In 2013, Jennifer’s leadership and marketing skills won her the title of Spokesperson for the nationally acclaimed Technology Marketing Toolkit, an industry group of over 550 top U.S. She is a graduate of the Leadership Gwinnett program and has acted on the boards of the National Association of Women Business Owners’ Atlanta chapter, Gwinnett Great Days of Service, the Buford/North Gwinnett Rotary Club and the Gwinnett Chamber’s Technology Board