Episode 4
Ransomware
In this episode we discover another “enemy of security”: the obsolescence of systems and software.
It often happens, both in private companies and in public offices, to deal with long-standing computers, with obsolete software and with poor internet connections, with little bandwidth (browsing speed). In this episode we discover how this situation exposes us to threats, sometimes even trivial, on the security of the information we manage. Trivial on the surface, in fact, but extremely dangerous!
The characters of the story
The story
Glossary
Band
Unlike the one that plays in the country when it is a party, the "Internet Band" is the amplitude available for your connection to the WEB : the greater the "Bandwidth" the greater the amount of data exchanged ... Like a computer highway, our connection. Ever heard of megabits per second?
Cloud
What is the cloud? Someone would say : "Someone else's computer!". In reality we have to imagine the cloud as a set of many computers that are connected together so tightly, to appear a single large processing center, of which each user uses only a small part. It has different variations, private, hybrid and public, but its nature does not change : shared resources logically divided between different users.
Antivirus
Antivirus is not the panacea for all evils, but it certainly represents a countermeasure without which a PC hardly remains immune from "malicious" software. To guarantee that old threats cannot do new damage, the antivirus has a series of functions that ensure that what is known as harmful does not harm the system it is running on. It is an "endpoint" protection system.
Endpoint
The final point in the computer network we work in is ... our own computer. Every system that has an input / output from outside the IT network is called an "endpoint". The term can have different meanings (mobile endpoint = cellular), but always represents the device in use by the user.
Online document sharing
The systems of "Online Document Sharing" or better of "Document Management", are systems that allow multiple users to access the same data through the cloud. Often they also allow you to work directly online, but generally they are used for the exchange of large documents, when you want to give access to multiple or very large documents.
Download
Downloading content from the Internet, or from email or any other service accessible from your PC. is an important time for preventing serious cyber threats, in fact : every time you "download" something, by clicking on it with the mouse, you are actually putting on your computer data that if they contained executable code, could cause damage. You could object : "But if I don't run it, it can't happen" ... It is not always true that to let a threat "start", once downloaded, you have to wait for your click, sometimes the threats are hidden but they start automatically because they exploit an invisible vulnerability.
Zip File
Each compressed file is called "ZIP", even if today there are different standards (RAR, 7ZIP, TAR, etc etc etc. A compressed file, in addition to being deceptive, can contain contents that once extracted are automatically executed, you should always analyze the compressed files before decompressing them. Especially when password protected, protection often used to deceive the computer tools used to protect systems, such as firewalls and antivirus.
Terminal
The so-called "terminal window" has always been the black window in which, in the films in which Pirates are presented at work, the hacker writes a very long and very fast sequence of meaningless characters ... :) But putting aside the hilarity : it is the window where commands are launched that "speak" directly to your computer's operating system, in fact allowing you to perform operations, usually important. If you see it appearing in an "unusual" way, it could be that some service that you don't see on screen is doing something without your knowledge.
Ransomware
The word comes from "Ransom", as for Mel Gibson's film. The ending "-WARE" in English means "about" or "around", from which we understand that soft-ware or hard-ware, or ransom-ware means, in the order : about easily editable elements (software), about solid and tangible elements (hardware) and about redemption (ransomware). It is therefore a particular type of virus, in this document you see its appearance in the images in red, which is responsible for encrypting all your files with an encryption key that you do not know, making their recovery impossible if not paying whoever encrypted them and has the key. Strictly speaking : as if someone changed all the locks in your home and asked for a lot of money to give you the new keys.
Wannacry
A symbolic name for a really bad threat. This Ransomware, has blackmailed, by encrypting them, a staggering amount of computers in the world, especially those without security countermeasures. Wanna Cry means, not surprisingly : "I want to cry". A warning, to remind you that not having the correct safety tools, first, can induce crying afterwards. In particular, after a ransomware has encrypted all your files at work or at home!
Backup
The notorious "back-up" is the operation of "saving up", the data present on computer systems, in archives, obviously placed in places other than the original place from which they are saved. Saving to devices other than the original one preserves the data if the original PC has been compromised, for example, by malware. If the backup was "LOCAL", then on the PC itself, or if this was not done, what happened in this local administration would happen ...
Privacy
Respect for the private nature of information relating to oneself or to sensitive, private, confidential, top secret topics. When we talk about Privacy, we talk about the "concept" according to which the information sent should only be received by the "intentional" recipient (the one to whom the information is actually addressed). It has particular value when it comes to personal, personal or sensitive data (for example, health). In the context of public administration or health, it is easy to imagine how specific and personal data, put in the wrong hands, could favor corruption, or improper use for the purpose of extortion / enrichment. For this reason it is necessary to avoid considering "Privacy" a burden, but to value it as a right, for each individual.
Today's lesson
Does what you read seem incredible to you? Yet once started, a malware doesn’t stop! Once it has infected the computer, it has the ability to self-replicate and propagate itself for the entire network to which it is connected; in addition to spreading on the web using the contact list of the compromised computer.
What would have happened if our heroine SiDi hadn’t intervened in time? Almost certainly Carla would have lost, irreversibly, all her data, and not having a recent backup of her computer, she could not have restored it to the state before the attack.
If the malware is actually a ransom-ware (ransom = ransom), it will try to “lock” all the files on the computer with an “unlock key” entered by the attacker who sent it. In this way, the criminal asks for money to provide the key and recover the user’s locked files. In many cases this happens with a TIMER which at the expiry cancels and destroys everything!
What should I do?
Know more with external links
-
Case 1The Municipality of Martis advises to pay attention to a phishing email containing a ransomware.
-
Case 2A warning page of the Municipality of Bracciano - Virus Alerts that warns users of infections (including WannaCry) via email.
-
NewsMessenger report on ransomware. it also refers to the infection that the municipality of Alessandria contracted.