It would be easy to waste electrons castigating Microsoft for leading the establishment of impossible-to-secure software as industry standards.
(The words "unsafe at any speed" make me wonder why Nader has been mostly silent about the current computer industry.)
It is true that software, including operating systems, is not exempt from the mathematical principle that absolute security is an internally inconsistent concept.
But the habit of the industry has been to rely on lack of education rather than actual prevention.
This combined with excessive competition for the market has led to unsafe practices built on unsafe features built on unsafe practices.
We all know that our information devices are unsafe -- impossible to secure. (Or, if you do not, you have been deliberately closing you eyes. Perhaps you think there is nothing to do about it.)
So, now someone you know is looking at a message on his or her screen:
Pay up or lose your precious data!You seriously can't be thinking
$300 is cheaper than losing my mail archives and address book!Let me put the real costs in front of you:
Every dollar you give in ransom is the price of one bomb or landmine, small enough to hide, large enough to kill and maim humans and animals, large enough to destroy or disable cars, trucks, roads, communication lines, etc.
Every bitcoin paid in ransom is 1,700 such bombs.
And if you pay it now, you will be faced with paying it again.
What should we do?
Step back, take a deep breath, let common sense flood back into your brain.
- Do you have backups?
If not, now is the time to start planning.
- Can you reconstruct the data?
Re-constructing the data may take time, but if you can't reconstruct your data, it was never yous in the first place.
("Big Data" is a comfortable illusion with some substantial features, but you really should be honest with yourself about that. Money doesn't really grow on data trees, whether binary, b-star or otherwise.)
- Okay, you have partial backups -- USBs, dropboxes, cloud services, etc.
- And you can reconstruct the most important data, if you are willing to take the time.
So, no, the data that has been locked away from you is not worth continuing to arm the enemy.
- First step, shut that computer off.
If you have reason to believe that the ransomware will try to delete data on shutdown or some such stupidity, pull the plug and the batteries.
Your local geek may be worried about data loss on shutdown, but the converse is also a problem. Hiding is easy, but encryption takes time.
Remove all hard disks, SDs, and USB storage devices that were attached when the malware showed up, and collect all external storage that has been attached to the infected device in the past week, at least.
Learn something about security. Do not depend on books with names like "Security for Dummies." Dummies are soon chumps, and that's how you got in this mess.
Yes, I should write a book. Somebody front me the money. Oh, well, that's not happening very soon.
Two of my blogs, free is not free, and defining computers have some useful information, but some of it is old, and both mix rants, daydreams, and parable with practical advice.
So use your own brain. Here's a start:
- Think about what secrets are.
- Think about what computer data is.
- Think about walls and locks
- Think about protocol.
I'll list a few really relevant rants:
Maybe this is a better introduction to the fundamental insecurity of networks.
This is where I suggest you start. It seems a little transcendental, but it's important. Computers really aren't the new thing the salescrew says they are.
Before you can be secure, you have to be free.
Security has five basic principles. The security industry ignores all but one.
A little white-paper rant on the subject of security.
This is the killer. If you're computer is infected, this is the most probable infection vector.
Since we are talking about the dangers of e-mail, let's look a little closer. (I didn't deal properly with https, however.)
So, let's think more carefully about https.
And let's think about how we know who's on the other end in a conversation.
This is one of the big traps.
This is another.
We need to understand value:
Value is perceived.
Value is personal.
Don't put a lock on the dogfood. (Usually.)
If you have nothing to steal, who can take it from you?
While talking about value, let's re-think property.
Why do we really believe TANSTAFL?
Technical security requires that you know who you are.
You are not secure if you don't understand that security is not safe.
Perspective is everything.
Remember that governments have their limits.
Weapons do not help.
What should we spend our money on?
We should help those who are trying to find solutions.
Intangibles are important.
The most essential things in security can't be forced.
Love is not just about who we make love to.
First draft of a long parable starts here.
Back to practical steps:
- Re-flash the BIOS of the infected device.
If you don't do that, you're likely to get re-infected. BIOS attacks are becoming commonplace, and the ransomware attacks are at that level.
(And, yes, there are indeed huge problems in the new BIOSses. Reflash or buy new, but buying new is a problem, too.)
- Install new boot and other internal media (new hard disk or SD for boot and data) and install a new, safer OS.
I'd recommend a Linux OS such as Debian, Ubuntu, or Red Hat Linux, but, really, the marketplace has been infecting those with unsafe applications, practices, and features for the last fifteen years.
Eventually, I want to recommend installing a Linux or BSD OS and installing MSWindows in a VM on top of that, but that is not yet ready for prime time, and Microsoft and Intel seem to think they have financial incentives in working behind the scenes to make that not happen.
If you have to use a Microsoft OS, just don't keep important data on it, especially not without backup.
- Make a plan about where to store your data.
As much as it galls me to say so, yes, I'm suggesting NAS and cloud if you have any really valuable data.
At bare minimum, keep copies on USB drives that you properly unmount before removing. (Click the "remove" button and wait until the OS says it's okay.) And do not keep the USB drive inserted in the computer while you work.
Do not keep any valuable data on your workstation. (I say, but I can't afford to do otherwise right now. I'll have to take my own advice and collect my data onto an external device, as soon as I get some résumés sent out. But I'm using an OS I'm fairly confident I can still trust.)
- Take a little time to review what you think you know about computers on a regular basis. Learn an alternative OS.
- Take time to understand your data, what you have, and what it's worth.
- First, mount the media device (hard disk, SD, USB) on a known-safe machine.
- Then look around and see what was actually encrypted and what was just moved somewhere.
- Then go look for tools for un-erasing data. The attackers may not have encrypted the partitions, and probably has not tried to find deleted files to encrypt. So you will likely be able to recover up until the last save, even if the encryption really is unbreakable.
- Finally, if you still have data that is highly valuable and not recovered, now you know how much you will be willing to pay a legitimate professional to try to get it back by brute-forcing the encryption keys.