It’s been an “interesting” week in a number of regards, several of them revolving around our little silicon-based friends and how they interact with some of the bad guys out there in the wild, wild world of the Internet. I thought I might remind everyone about things that you almost certainly know and almost as certainly probably aren’t actually doing.
- Keep your anti-virus software current.
- Don’t download or open emails or messages that are suspect.
- Don’t go surfing on sites that are likely to install malware onto your computer.
- DO REGULAR BACKUPS!
The “good” news is that I wasn’t the one directly hit by this, but one of our systems at the hangar got infected with “ransom-ware.” Actually the first time I had seen it in person, although I’ve heard a lot about it. Computer is locked up with a big, bright screen that essentially says, “We’ve encrypted your files, you have X hours to pay us Y amount in BitCoin. If you pay, we’ll release the encryption. If you don’t, kiss your data and files goodbye forever.”
Needless to say, we’re not going to pay. Firstly, because of general principles. Secondly, because I do #4 above.
This most likely cause of the infection is #2 or #3 above, but I have no control over that. I do have #1 in effect, but if someone opens a file despite the warnings (because it’s supposedly got a picture of naked Kim Kardashian riding a dinosaur with Ted Cruz?) then there’s not that much that AV software can do.
It was an old XP system, slow and a pain in the ass to use – now it’s a boat anchor.
But if it’s your primary system and you don’t have recent backups (or any backups – what are you thinking??!!) you may have to think real hard about actually paying. People do. Government agencies do. Police departments do. Some of these malware packages are really, really nasty. If you’re not prepared to prevent them getting to you, or to recover if they do get to you, you might be screwed.
- Use strong passwords!
- Never use the same password for different sites!
- Use two-step authentication!
- Get notifications of unusual or new login attempts!
This problem hit closer to home. While heading to the Dodger game yesterday, I got several emails from Twitter indicating that someone was trying unsuccessfully to get into my account. To the best of my knowledge, they were unable to succeed, in large part because I have all of these safeguards in effect. (If anyone did see any spam or other illicit postings on Twitter under my name, please let me know ASAP.)
Just to be sure I’m safe, I went in today and changed those passwords again. But it’s a reminder of how easy it is to lose control of your social media accounts (or bank accounts, or other online assets) if you get lazy. It might be a pain to get a scary message like that when you’re not expecting it. It’s a lot worse to find out that you’ve been hacked and hijacked with all of your friends getting spammed, or your bank accounts cleaned out, or any number of other serious problems.
Be careful out there, folks!
(Am I having deja vu or have I had this rant before?)
(More to the point, did I have this rant before and then ask if I was having deja vu because I had this rant before that?)
(I’ll be just over here in the corner, being recursive.)