A Strong Argument for Backing Up and Virus Protection

A recent article in the NY Times, “How My Mom Got Hacked,” tells the nightmare story of how a woman had 5,726 files locked by the CryptoWall attackers.

CryptoWall is the updated version of CryptoLocker Ransomware. The modus operandi of the CryptoWall attackers is to install malware on your machine that locks your files or hard drive using encryption which only they can unlock. To get your files back, they demand a ransom. To pay the ransom, you have to purchase Bitcoins.

If you find yourself in this situation, unless you have information in your files that is deeply personal and if exposed would be embarrassing, or cause harm to others, the recommendation by the FBI is to not pay the extortionists.

It’s easier to do this if you don’t need the files back and have made backups. So back up your files often using an external drive or a cloud backup service. MIT offers CrashPlan for students, faculty and staff.

Using anti-virus software and keeping your operating system and software up to date will protect you from getting infected with CryptoWall-type malware. Learn more about virus protection at MIT.

The CryptoWall Attack

A form of ransomware, CryptoWall is one of the viruses trying to hit unpatched machines. Should you fall victim, CryptoWall will encrypt your folders and attempt to extort money from you to decrypt/release them. They ask $750.

Your best defense against this type of virus is having virus detection software, such as Sophos, installed on your machine. Keep all your software, including browsers, up to date with the latest security patches.

CyptoWall Indicators

Hacked, Now What?

The topic of this month’s issue of OUCH!, the security awareness newsletter from SANS.org, is about what to look for to determine if your computer is hacked and if so, what you can do about it.

It can happen even when you’re being careful about browsing online and downloading software. Here are some things mentioned in the issue of OUCH! to keep in mind and to help you survive a computer virus:

  • To see if the computer has been compromised: check your anti-virus program for any indicators that it was not able to remove affected files to quarantine. Other indicators may be that programs are running that you did not install, windows or ads pop open without you requesting them, or the computer is crashing or very slow.
  • The sooner you respond to a compromise, the better. Contact the Help Desk and, if it involves a work computer, your supervisor.
  • DO NOT turn the computer off. You may destroy valuable evidence.
  • Disconnect the computer from the network and put it to sleep.
  • Ways to survive a compromise: make sure you have backups running.
  • Change your important passwords (all of them) from a computer you trust.
  • The computer may need to be rebuilt from scratch. A professional help desk will save your data, if possible, and wipe the computer clean of all software, then reinstall the operating system and files, after ensuring none of them are infected.

For information on how to respond to a compromise when at MIT, see the Knowledge Base.

Virus Protection at MIT

Virus protection, when used correctly, prevents viruses, adware, spyware and other malicious code from accessing your computer, where cyber criminals could collect sensitive information, turn your computer into a bot that sends out malware or spam, or modify the computer in other ways without your authorization.

At MIT, computers on the network may be more exposed to such risks than they would be on a home or company network, because of the nature of the work being done here at the Institute. Education, collaboration and research require the MIT network and other IT resources to be highly available at all times, thus restrictions are less likely to be applied.

IS&T provides tools and resources for the MIT community to ensure computer users have a layered defense against many of these threats. For example, free virus protection software. The virus protection application provided by MIT is the McAfee suite of products:

  • Mac: McAfee Security 1.2
  • Windows: VirusScan Enterprise 8.8
  • Linux: VirusScan 5.20

Key features of the application are, among other things, centralized and simplified security management, proactive threat protection, continuous and on-demand scanning and seamless security updating.

Learn more or download virus protection from the IS&T software grid.

What Is Application Whitelisting?

Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications that might contain viruses or other malware.

Whitelisted applications are granted by permission of the computer user or an administrator. Applications are automatically checked against the list and if found, allowed to run when they try to execute an action.

Some security experts believe that the technique of whitelisting is better than blacklisting, which is the technique that anti-virus (AV) applications use. They argue that blacklisting is too complex and difficult to manage.

Application whitelisting has been in the news more frequently recently because of the feature (called Gatekeeper) in Apple’s new operating system Mountain Lion (OS X 10.8) and because it has been brought up as the solution for addressing the security of large national infrastructure systems.

Apple Has An Updated Safety Message

In its marketing material, Apple no longer tells customers they have to “do nothing” to keep their Macs malware-free. Mac malware is a reality these days, and although the problem may not be as significant as Windows malware, it still exists.

As this article from Sophos points out, “let’s hope more Apple Mac owners are also learning to take important security steps, such as installing anti-virus protection.”

McAfee Security 1.1 Available for Mac Users

Last week Information Services and Technology (IS&T) announced support for McAfee Security Suite version 1.1.

McAfee Security 1.1 is the virus protection application recommended by IS&T for users of Macintosh OS X 10.6 (Snow Leopard) and OS X 10.5 (Leopard). It replaces McAfee’s VirusScan and older versions of McAfee Security Suite. It includes performance and security enhancements and provides the most up-to-date virus and malware detection engines.

If you use a Macintosh and do not have McAfee Security 1.1 on your computer, IS&T strongly recommends that you install this software.  You can download it from IS&T’s McAfee Security 1.1 for Macintosh page.

IMPORTANT NOTE: IS&T is recommending to hold off on upgrading to OS X 10.7 (Lion) until supported products by IS&T have been fully tested or have been upgraded to run on the new operating system.

For help with installing or using McAfee Security 1.1, contact the IS&T Help Desk at helpdesk@mit.edu or 617.253.1101. You can also submit a request online.