Your day starts normally enough. You log onto your work computer, check e-mail, laugh at the cute kitten or puppy video on Facebook, and open your Sage 100 accounting software to begin your day’s tasks. That’s when you notice that the Sage 100 menu is blank – no modules, tasks, favorites are listed. Zippo! Nada!
So what happened?
We’ve seen at least four instances since December 2015 where one of our clients has been infected with malware known as a Cryptolocker bug, or Ransomware. This is a type of infection that targets documents such as Microsoft Office extensions (.doc, .docx, .xls, .xlsx), Adobe PDF (.pdf) documents, and photos (.jpg, .jpeg), and scrambles the contents via an encryption key. It is known as Ransomware because the user will receive a message that the contents of the computer have been encrypted, and can be saved by paying a specified amount. Unfortunately, we’ve discovered that the malware also affects Sage data files, resulting in the blank menu and the inability to open tasks.
How do you know you’re infected? Well, the blank Sage 100 menu is a clue. The real evidence appears when you actually try to open an infected document, when you’ll receive a warning that looks something like this:
This type of malware is extremely hard to contain, and almost impossible to recover from unless you have a good daily backup procedure in place. The best possible solution is to prevent the malware from infecting you in the first place. While no single method is ever 100% fool-proof, there are some cybersecurity techniques that, if put into practice, will shield you from most malware infections that are shared via the internet.
Most malware today is delivered via what is termed an ‘exploit kit’ – a sneaky little applet that rummages around your computer seeking out weaknesses in the system: an unprotected OS, software that hasn’t been updated, or a browser with insufficient security protocols (can you spell ‘IE’?). Here are some ways (courtesy of our friends at Malwarebytes Labs) to protect against exploits:
- Update your Operating System, Browsers, and Plugins. In the past, we used to wait before installing Windows updates – just to see if other applications were affected by the update. These days, with security vulnerabilities being discovered on what seems like a weekly basis, it makes sense to install operating system and software updates as soon as possible. Updates to operating systems, browsers, and plugins are often released to patch recently discovered vulnerabilities; failure to patch those ‘holes’ allows hackers and other cyberbullies to find their way in through those vulnerabilities.
- Enable click-to-play plugins. Exploit kits may also be delivered via malicious ads. You don’t even need to click on the ad to become infected, and these malicious ads may be found on well-known web sites. Along with keeping your computer and browsers up to date, you can help to block these exploit kits by enabling click-to-plan plugins.Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). The bulk of malvertising relies on exploiting these plugins, so enabling this feature in your browser settings will help keep the bad guys at bay. This article explains how to enable click-to-play in most browsers.
- Remove any software you are not using (especially legacy programs). Any program you are not using is probably not being updated regularly, if at all. This includes old versions of Adobe Reader and even your operating (Windows XP, anyone?). If you are not using it, uninstall it. If you paid for it, update it!
Another method for malware infection is known as social engineering, which may take the shape of an e-mail from a trusted source (your bank, your credit card company, the IRS), a tech support scam, or a fishy social media campaign. For instance, I recently accepted a friend request on Facebook from an old neighbor, only to be inundated with messages regarding some political organization with links to “more information”. Make yourself aware of the following tactics to help you avoid uninvited malware:
- Don’t trust every e-mail you receive – even if from a known name. The e-mail you just received from your college roommate or your co-worker may not be all it seems. Check the sender’s e-mail address: is it from the actual company or domain listed? Hover over the links provided in the body of the e-mail: is the URL legit? Read the e-mail carefully – are there weird line breaks or poor grammar? In short, don’t ever click on a link unless you are 100% positive that it is from a safe source.
- Do not call fake tech support numbers. Has this happened to you? You’re happily browsing along, enjoying the latest puppy video on FB, when a popup window appears claiming that your computer has been infected, and offering to scan your computer and fix the infection. DO NOT CLICK A LINK OR CALL THE NUMBER!!! A legitimate security company does not market via a pop-up message, and would not scan your computer unless you asked them to.
One of two things might happen here:
- You click on the link to have your computer scanned. The result is that you have allowed a cybercriminal to scan your computer for vulnerabilities that will allow them to actually infect your computer.
- You call the 1-800 number listed, and you pay a small charge for the company to scan and clean your computer. See above (A.) for the results.
- Do not believe cold calls regarding your computer. This is happening right now in my house. My wife informs me that we have received no less than two dozen phone calls over a four-week period from someone regarding our Microsoft Windows system. They want her to connect with them to allow them to check her computer. We are also receiving calls from the IRS, who tell us (in broken English, by the way) that the IRS is suing us and we must call an 1-800 number to avoid jail time.Don’t confirm or update any info provided by these callers. Chances are that they have purchased information hacked from a database that contained some of your information, or it is just what it seems – a cold call. Ask questions: Where is the person calling from – and can you call them back? If you are worried about whether the call might be legit, hang up and contact your bank, credit card company, etc. directly to be sure there isn’t a problem.
Finally, always protect yourself when browsing online. By following some basic tips and maintaining good habits while online, you can evade infection from most methods of malware attack. Here are some of the basics:
- Use strong passwords and/or password managers. A strong password is long, is not written down anywhere, and isn’t easily tied to personal information (birthdate, pet’s name). It should contain letters, numbers, and special characters. You should also not repeat the same password for different logins. How can you be expected to remember thousands of different passwords? I use a password manager called Roboform. Not only does Roboform Everywhere allow me to have access to all of my logins and passwords on multiple computers, but all are encrypted and visible only to me. The program will even assign strong passwords if requested, so that you don’t have to tax your brain trying to think up a clever password. The passwords are strong and random. Try it – I think you’ll like it.
- Make sure you are using a secure connection. If you are at the airport and using free wifi, chances are that you are not secure. Free wifi, available in airports, stores, restaurants, etc., is great for customers who may want to comparison shop or just review their social media. However, you do not want to make any purchases or fill out any forms when on an unsecure connection; you are basically allowing anyone else on the network to view your personal information. If you see a padlock icon to the left of the URL, then you are on a secure site; otherwise, keep your information safe by not revealing it to the world.
- Log out of websites when you are finished. Don’t just close the browser after logging into your bank, healthcare provider, etc. You may be leaving yourself vulnerable if you don’t log out, especially if using a public wifi provider.
There are many other ways to protect yourself from malware infection. I use a program called Malwarebytes on my personal computers as well as a strong anti-virus program (Eset). I allow each of these programs to auto-update whenever a new signature is released. Even then, there is still the possibility of an attack from a new strain not yet known to the protection providers. By following the steps outlined above, I am less likely to allow malware to infect my computers.