Ransomware! – How A Layered Security Approach Can Defeat It

My Australian mate, Mal Cowan, steps into the breech when his good friend gets infected with one of the most difficult to remove pieces of malware currently ripping up the Internet – ransomware. Follow Mal, in this guest writer article, as he spins up his skill set and puts the hammer to a ransomware payload cybercrime.

Recently, I received a frantic call from a good friend.  He informed me that when he booted his computer, there was a message supposedly from Australian Law Enforcement, stating that his PC had been involved in illegal activity and, distributing pornographic material.

Freak-out time – The malware had taken a photo of him via his webcam and placed it in the top  middle of the Law Enforcement notice.

Note: This scam is not restricted to Australia. The graphic below provides ample evidence that this type of ransomware is a global issue.

Graphic courtesy of F-Secure.

Immediately, I knew what this program was – Ransomware.  Tech and blog sites have been full of news of this scourge in the past few months.

At first look, there was a full screen message – complete with an official looking logo from the Australian Federal Police.  The computer’s IP address had been logged, and there was indeed a photo of my friend, along with the messages outlined above.

The clincher? The message stated that he had to pay a fine to unlock his computer.

First, I tried to start Task Manager to stop the malware process.  That did not work – it simply would not load.  The computer was well and truly locked.

Next, I tried to restart the computer in Safe Mode.  No luck.  The message appeared again.  Still frozen.

Then, I inserted Kaspersky Rescue Disk (a fantastic Linux based recovery disk made for just this type of situation), and restarted the computer.

Selecting boot options before Windows started, I loaded Kaspersky and updated the malware database via the Internet.  The wonderful thing about Kaspersky is, it scans the infected machine without Windows running, so anything nasty cannot hide.

After a three hour scan, Kaspersky came up with 50 Trojan detections (one of the biggest I have ever seen).  It was able to eliminate all but one of them.

I crossed my fingers and restarted Windows.  Instead of the message, there was just a big white screen – still locked.  Kaspersky had obviously made a dent, but I needed something more.

Before leaving for my friends house, I had loaded up a USB stick with Hitman Pro Kickstart.  Hitman Pro is a wonderful true cloud antivirus scanner using multiple AV engines, with an excellent detection rate.

Recently, it also added a feature in which one can create a bootable USB stick that can bypasses the infected boot process.  The catch is – this must be done on an uninfected machine (which is why I used my personal computer to create it).

I inserted the USB stick into the slot, restarted the machine, and went to boot options (the F12 key on the infected machine) and selected “Boot from USB”.

Hitman Pro Kickstart came through.  It booted straight into the Windows environment without a hitch, and then proceeded to run a scan (an Internet connection is required).  I was a bit dismayed when the scan came back clean, as I knew Kaspersky had not been able to eliminate one threat.

But now, I was past the ransomware Trojan and able to start other antimalware applications.  Malwarebytes was next.  I updated it and proceeded to run a full scan.  Bingo.  It nailed a few more Trojans that had got past Kaspersky and Hitman Pro, and after deleting these nasties and rebooting the computer normally again, a further scan with Hitman Pro, Malwarebytes and AVG, the computer came up clean.

The point of my story really is quite simple.  NOBODY can rely on one antivirus/antimalware application to catch all malware.  The ransomware obviously got past the onboard, realtime antivirus (which was not AVG, I installed that afterwards).  Kaspersky detected most of the infections, Hitman Pro helped me boot into the Windows environment, and Malwarebytes cleaned up the rest.  AVG came up with a clean scan after I uninstalled the old antivirus.

How did my friend get infected?  Who knows.  There are so many exploits that this Trojan could have used that I don’t have a clue.  The computer is a family machine, used mostly by children for online games and such.

Just visiting a family friendly site can get your computer infected these days. It could have been worse.  It might have been an infection that actually encrypted the contents of the whole computer.  That’s a nightmare I am glad I didn’t have to deal with.

Thanks Mal.  

Panda SafeCD – Plus Six More Free Recovery Tools

Sitting down and pushing the start button on your PC only to have it refuse to boot, will fit right in with anyone’s definition of frustration. It’s almost a personal thing – “why are you doing this to me?” But all is not lost.

Before you consign your dead PC to the garbage dump, or start considering just what kind of boat anchor you might craft, you should know that there are some terrific free tools that can help you recover (provided it’s a software issue).

These free applications are at the “Top of the Class”, in my view. Since I first wrote on this issue, back in June 2010, I’ve added Panda Security’s (the highly regarded developer of Panda Cloud free antivirus), Panda SafeCD, to the list below.

I’m not suggesting that you download them all but, if you have some spare CDs – why not? Or, do a little info gathering on the author’s site – then choose those that best meet your specific needs.

Hiren’s Boot CD

Hiren’s Boot CD is a boot disk containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems.

Downloading this application is a bit of a hassle, since ownership of some of the utilities on the CD is open to interpretation.

Ultimate Boot CD for Windows

A terrific recovery CD for repairing, restoring, or diagnosing computer problems, but since it involves hands on “building skills” to compile the necessary tools, it’s not for everyone. Nevertheless, for those who have the skills, this utility is a “must have”.

Trinity Rescue Kit

Trinity Rescue Kit, or TRK, is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Ubuntu Live CD

Can’t boot into Windows? Can’t figure out how you’re going to rescue all that data that you can’t reach? Ubuntu Live CD can come to the rescue. Need to connect to the Internet as part of your recovery process? No problem – Ubuntu Live CD makes it easy.

Specialty Recovery Tools:

Panda SafeCD

This useful utility comes in handy when you need to clean a friend’s PC (or your own), from a malware infected state. It is specially useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

Features include: Automatic detection and removal of all types of malware. Boot from CD or USB stick. Supports using updated signature files. Supports 13 languages. Supports both FAT and NTFS drives.

The download consists of an ISO. You can either burn this into a CD/DVD or alternatively create a more convenient Boot USB stick by using something like the Universal Netboot Installer (UNetbootin).

Kaspersky Rescue Disk

This rescue CD can scan your boot sector, and your Hard Drives from the outside looking in. Malware doesn’t have a chance to hide if it’s not running. It’s become the first step I now use, when I’m dealing with an infected machine.

Avira AntiVir Rescue System

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to, repair a damaged system, rescue data, scan the system for virus infections.

Just a personal note: I scan all my machines with this application on a weekly basis.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Save Your Dead PC with These Outstanding Free Recovery Tools

Sitting down, pushing the start button on your PC only to have it refuse to boot, will fit right in with anyone’s definition of frustration. It’s almost a personal thing – “why are you doing this to me?” But all is not lost.

Before you consign your dead PC to the garbage dump, or start considering just what kind of boat anchor you might craft, you should know that there are some terrific free tools that can help you recover. These free applications are at the “Top of the Class”, in my view.

I’m not suggesting that you download them all but, if you have some spare CDs – why not? Or, do a little info gathering on the author’s site – then choose those that best meet your specific needs.

If I’ve missed one of your favorites that you feel should be on this list, then let me know with your comments.

Hiren’s Boot CD

Hiren’s Boot CD is a boot CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems. Downloading this application is a bit of a hassle since ownership of some of the utilities on the CD is open to interpretation.

Ultimate Boot CD for Windows

A terrific recovery CD for repairing, restoring, or diagnosing computer problems, but since it involves hands on “building skills” to compile the necessary tools, it’s not for everyone. Nevertheless, for those who have the skills, this utility is a “must have”.

Trinity Rescue Kit

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Ubuntu Live CD

Can’t boot into Windows? Can’t figure out how you’re going to rescue all that data that you can’t reach? Ubuntu Live CD can come to the rescue. Need to connect to the Internet as part of your recovery process? No problem – Ubuntu Live CD makes it easy.

Specialty Recovery Tools:

Comodo Time Machine

This innovative utility takes snapshots of your PC and archives those snapshots so that if you experience a computer problem (like a malware or virus attack), you simply revert back in time to one of the snapshots you had previously taken. In other words, if you mess up your PC and you have the Comodo Time Machine software installed, you can go back in time to restore your PC to a previous good state.

Kaspersky Rescue Disk

This rescue CD can scan your boot sector, and your Hard Drives from the outside looking in. Malware doesn’t have a chance to hide if it’s not running. It’s become the first step I now use when I’m dealing with an infected machine.

Avira AntiVir Rescue System

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to, repair a damaged system, rescue data, scan the system for virus infections.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download a Cornucopia of Freeware Applications

If I sum totaled all the applications I’ve tested since the early 1990’s, I suspect, the number is now in the thousands. Over those years, some applications have managed to stand out, while others just vanished beneath the wave of new and more creative applications.

The applications listed below have riding out the storm of new competitors, and have developed a strong, loyal following, based on their reliability and functionality.

Take a look at the following recommended free downloads that will help you communicate, improve your photos, have some fun, and manage and protect your system.

Note: Please read the EULA of each application that you have chosen to install – it’s just common sense. To download a free tool that will help you in highlighting critical areas in a EULA, checkout “Download EULAlyzer – Let it Read the EULA for You“, on this site.

Process those words:

OpenOffice

OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It is available in many languages, and works on all common computers.

It stores all your data in an international open standard format, and can also read and write files from other common office software packages, including Microsoft Word.

AbiWord

AbiWord is a free, multilingual, light weight word processing program, similar to Microsoft Word. It is suitable for a wide variety of word processing tasks.

WordWeb

WordWeb is a one-click English thesaurus and dictionary, for Windows, that can look up words in almost any program. It works off-line, but can also look up words in web references such as the Wikipedia encyclopedia.

Manipulate and correct your pics – put them online:

FastStone Image Viewer

This is one of my favorite photo applications, with good reason. It’s not just a viewer, but an image browser, converter, and an editor as well. You’ll find the interface intuitive and very easy to use.

This program is loaded with features including, renaming, cropping, color adjustments, lossless JPEG transformation, drop shadow effects, image frames, scanner support, histogram and much more.

IrfanView

With IrfanView you can fix and enhance digital photos including resizing, cropping, correcting red eye, flipping, and rotating. As well, you can perform a wide variety of image adjustments, including brightness, contrast, and applying special effects such as sharpen and blur.

I have been using this neat little program (every day), for years and with each new release it just keeps getting better.

Google Picasa

Free software that helps you locate and organize all the photos on your computer, edit and add effects to your photos with a few simple clicks and share your photos with others through email, prints and on the web.

Play those tunes:

Audacity

Audacity is free, open source software for recording and editing sounds. It is available for Mac OS X, Microsoft Windows, GNU/Linux, and other operating systems. Definitely the best of breed.

iTunes

According to Apple this is the world’s best digital music jukebox. Download music, TV shows, movies, and more. Frankly, I’m not a big fan, but…..

Winamp

A multimedia player that supports numerous audio and video formats. It also plays streamed video and audio content, live and recorded, authored worldwide.

Watch your fav videos:

Miro

Miro is a free application for channels of internet video (also known as ‘video podcasts and video rss). Miro is designed to be easy to use and to give you an elegant full screen viewing experience.

VLC

A highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg …) as well as DVDs, VCDs, and various streaming protocols.

Free FLV Converter

This free software let you search YouTube and dailyMotion videos without opening your browser and you can even watch the videos using the built-in video player.

Free Video to iPhone Converter

Convert video files to Apple iPhone MP4 video format. Convert the whole movie, or select a partition from the movie to convert (trim video).

iPod Video Converter

Free iPod Video Converter provides an easy and complete way to convert all popular video formats to iPod video.

Better browsing:

FireFox

FireFox includes tons of useful features such as tabbed browsing, built-in and customizable search bars, a built-in RSS reader and a huge library of extensions developed by thousand of developers.

Opera

Opera 10.50 has you flying through Web pages with never-before-seen speed, and surfing with advanced features that make it easy to get the most from the Web.

Web of Trust (WOT)

WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive 4.5/5.0 star user rating on CNET. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

Protect your system:

Malwarebytes’ Anti-Malware

The free version of this speed demon (it’s faster at scanning than any anti-malware program I’ve tested in the last 2 years), is used by millions of people worldwide to protect their computers. I run Malwarebytes’ Anti-Malware every day, as a secondary malware scanner.

SUPERAntiSpyware Free Edition

The free version of this award winning program, is used by millions of people worldwide to protect their computers. And why not? SUPERAntiSpyware is well known for its high malware detection rate.

A simple, intuitive, and easy to use interface makes SUPERAntiSpyware straightforward to setup, customize, and run, for both less experienced and expert users alike.

Spyware Terminator

Spyware Terminator excels in strong active protection against know and unknown threats. If anything, I find it perhaps a little overly aggressive. On the other hand, better this than the alternative. This application is the single most downloaded security application through my site, with better than 40,000 downloads.

PC Tools Firewall

If you are a casual computer user, PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting your expectations.

HiJackFree

If you are an experienced/advanced computer user, and you’re looking for a program to strengthen your anti-malware resources, then HiJackFree is one that’s worth taking a look at. This free application, from EMSI Software, offers a potent layer of additional protection to add to your major anti-malware programs.

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to eradicate the malware.

Trinity Rescue Kit

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Kaspersky Rescue Disk

This rescue CD can scan your boot sector, and your Hard Drives from the outside looking in. Malware doesn’t have a chance to hide if it’s not running. It’s become the first step I now use when I’m dealing with an infected machine.

ThreatFire

ThreatFire blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Web of Trust (WOT)

WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive 4.5/5.0 star user rating on CNET. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

SnoopFree Privacy Shield

SnoopFree Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen. In particular, programs that I am in the process of installing.

If you’re serious about privacy, this is a must have addition to your security toolbox.

Staying in touch:

Skype

Skype has become my preferred method of contact. I use the free Skype video calling feature, dozens of times a day to speak with contacts worldwide.

In its basic form, Skype is a free communication package, using proprietary code, which allows users to make free computer to computer calls, including video calls, across the globe. As well, there are a bundle of additional features, that can be purchased at a low cost, which will expand the application’s functionality.

Windows Live messenger

The next generation MSN Messenger. It comes with everything that were already available in Messenger, and a new Initiative that makes helping your favorite charity as easy as sending an instant message.

Pidgin

A multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once. Pidgin can work with: AIM, Bonjour, Gadu-Gadu, Google Talk, ICQ, IRC, MSN, Yahoo!, MySpaceIM and many more.

Trillian

A fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.

System Tools:

CCleaner

CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it’s fast; normally taking less than a second to run.

Glary Utilities

Glary Utilities, a free all-in-one utility, is a terrific collection of system tools and utilities to fix, speed up, maintain and protect your PC. Personal experience with this application for years, has convinced me that a typical user can really benefit by having this application on their system.

With this free program you can tweak, repair, optimize and improve your system’s performance; and its ease of operation makes it ideal for less experienced users.

WinPatrol

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs.

You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Revo Uninstaller

Revo Uninstaller is a superior program to uninstall programs from your computer. This free program with its advanced and fast algorithm scans before, and after you uninstall an application.

After the program’s regular uninstaller runs, you can remove additional unnecessary files, folders and registry keys that are usually left over (those “orphaned” registry entries we talked about earlier), on your computer. This feature is a definite plus.

Autoruns

This free utility has the most comprehensive knowledge of auto-starting locations of any startup monitor, in my view, and shows you what programs are configured to run during system boot up or login, and the order Windows processes them. These programs will include ones in your startup folder, Run, RunOnce, and other Registry keys.

You can configure Autoruns to show additional locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and more. Autoruns goes considerably beyond the MSConfig utility bundled with Windows.

Regseeker

The longer you use Windows, the more cluttered your registry can become, especially if you regularly install and uninstall software. Many applications, on being uninstalled, leave behind “orphan” registry entries. They don’t remove all traces of themselves; causing problems such as sluggish performance, system lockups, or a bloated registry that takes longer to load on startup.

With the click of a button, Regseeker will scan your registry for these fragmented files, and safely remove them.

Recommended for advanced users only.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.