Hacked!
R.W. Johnson · Ransomware
I had just finished writing an article for the LRB and was attaching it to an email when suddenly all the files saved as icons on my screen vanished. I thought at first I had pressed some wrong and incomprehensible button – something that happens to me – when a message flashed up on my screen telling me that all my files were gone. If I wanted them back I would have to pay the equivalent of $500 in Bitcoins (at the current rate of exchange, that was 2.3 Bitcoins) within 130 hours, after which the sum would rise to $1000. Absurdly, I thought of Tarquinius bidding for the Sibylline books of prophecy, and every time he said the price was too high, the Sibyl burns three books and offers the remainder at the same price. Clearly, I was in that sort of auction. To help concentrate the mind the time remaining was set out in hours, minutes and seconds, with each second ticking off: looking at this merely increases one’s manic state as the loss of all one’s files kicks in. I was always promising myself to back everything up but hadn’t.
I started investigating how to pay up: my computer guy told me it was the only way, that such ransomware was now big business and apparently randomly targeted. The virus is imported by email. The files may actually be still on your machine but they are encrypted and invisible – so what you get for your money is a decrypt key. But the whole business is immensely dodgy. Generally, if you pay you will get the files: if word spreads that the hackers will double-cross you, then no one would pay and the business model would be ruined. But various law enforcement agencies are attempting to disrupt these criminal gangs, so the decrypt key may get sabotaged in transit. There is no way of knowing where the hackers are.
I set about trying to find out how to buy Bitcoins. There were a variety of possible sellers but I wanted to buy with a credit card so I settled on CoinMama. Meanwhile I had to set up my own Bitcoin account or ‘wallet’ and this I did at an outfit called Blockchain. So I would have to buy them from CoinMama for deposit into my Blockchain account from which I could make the transfer to the anonymous twenty-digit coded account number given me by the hackers.
I started trying to pay for my $500 worth of Bitcoins (which would actually cost me $671.50, such is the commission charged). This was immensely arduous. I filled in endless details but then CoinMama wanted a selfie with me holding my passport next to my face so they could check my ID, and all four corners of the passport had to be visible. They took ages to process my request and then they really rattled me by replying not to the email address I had used to contact them but to my second address, which I had never mentioned to them. How could they possibly have known about it? I began to worry about ID theft and sent messages to people with whom I have financial relationships warning them of this.
In the end CoinMama asked my why I wanted the Bitcoins; when I told them, they immediately said they could have nothing to do with anything criminal. At the same time my computer guy rang to say that when he’d serviced my computer last October he’d backed up all the files. At which point I decided not to pay or do anything further. So I will lose the last 11 months of files but some I can recover from third parties. I’ll have to rewrite the LRB article from scratch, though. I can live with that.
Comments
If you are intimidated by the idea of setting up continuous backups, or even syncing your files with a cloud service such as Google Drive, a simple solution is to always email any important files - i.e work in progress - to yourself. Unless you've built a postoffice on your C drive, these will be copied to a third-party mail server, which means that you can independently access them via your email account if your PC is locked, blown to smithereens or otherwise inaccesible.
PS: You might want to have a word with your PC guy. Most ransomware is fake - e.g. they just bugger-up your desktop shortcuts and icons but the files remain undamaged - so it could possibly be removed by a tool such as Malwarebytes or Bitdefender booting off an external drive. Even if it's the real deal, and your files have been encrypted, you might have been able to roll back to a more recent point than 10 months ago if you'd turned System Restore on (I'm assuming you're using Windows).
As with offline confidence tricks, the main techniques centre on gullibility and cognitive errors: a lack of skepticism in the face of authority, a belief in omniscience (someone knows my secret), and overweening pride. The idea that because you use a Mac you are next-to-invulnerable is an example of the last of these. This is on a par with the idiots who gave Ashley Madison their real email address because they were suckered by the site's "class" and assurances of security.
Antivirus works by downloading at-last-daily updates of virus signatures (i.e. identifiable patterns in the code). Assuming you have this turned on, you will be protected from the vast majority of attacks (ca 95%), however it is also a good idea to install a separate on-demand scanner for a periodic double-check. Organisations, such as large firms or universities, should have a firewall system that scans all traffic at the interface of the local area network and the Internet.
While antivirus on institutional PCs is a good second line of defence, this is primarily to catch eejits uploading viruses via USB drives (clued-up organisations disable this altogether and force everything through the firewall). Again, the weakness is the human factor. Universities are a prey to viruses because they have lots of users who think they are too clever to get mugged.
You can increase your protection level from 95% to 99% by taking a few simple precautions, such as outlined by Joe above, which boil down to the old adage: look before you leap. Your battle with the malware crims is not an intellectual game of cat and mouse. They are not interested in people who are careful, because there is no economic return. They are relying on the mug principle: there's one born every minute.
PS: Keith Smith is referring to starting your machine in 'safe mode', which you can do on a PC as well (press F8). This doesn't remove the malware, it simply starts the OS in a functionally minimal mode (e.g. no network connection) that should allow you to run an antivirus scanner or manually remove the malware.
PPS: The idea that malware on a Mac only affects the browser is hilariously wrong-headed, but understandable if you can't cope with the idea that a Mac is just another computer, rather than a portal to a superior form of existence. Crazy individualists, my arse.
Unix/Linux-based operating systems (MacOS and Ubuntu were mentioned) have a "permissions" structure for reading and writing files (and executing them if they are code), as well as "users" and "groups". If "user" is to modify a file (for example, encrypt it), "user" must have "write" permission for that file. User "MrMailClient" does not generally have permission to "write" (write over) JoeRealUser's files. Even if JoeRealUser "opens" an "attachment" to an e-mail, and it runs some code, it's "MrMailClient" who is running that code, so JoeRealUser's files are protected from modifications. So people here saying that Mac and Linux users can't be hit with this kind of thing are generally right (there are, of course, other things to which they might be vulnerable).
This does assume the system works according to design ("designs" are, after all, just stories told by computer programmers, who are known to be excessively hopeful about their achievements). An exception arises when the mail client has a flaw in it which allows "MrMailClient" to assume God-like privileges (known in forty-year-old jargon as "superuser permissions"). This was known as the "setuid" vulnerability. You couldn't always get around it.
Sigh. Those were the days. Though twenty years after Larkin's Annus Mirabilis.
Suetonius's tale about hisher wife's assistant is a meritful cautionary. Running Windows on MacOS and allowing it to sync all its files sounds like the worst of both security worlds, convenient though it undoubtedly is. The fastest way to get to that meeting across town may well be to drive through the town centre at 150kph. There are nevertheless very good reasons not to do so. Computers aren't much different, although there is somewhat less chance of someone dying.
PBL
@louBurnard: 'Macs get hacked increasingly often’. No they don’t, there are just more Macs around as more people come to their senses and ditch the car crashes, cludges and downright copies that constitute successive stains of Windows. I’ve used Macs since 1985 and never had a virus.
As for being ‘evil’.. well if you think Microsoft are the good guys in the Manichaean struggle of operating systems, then you’re beyond the help of heaven, its angels and even Apple.
@FromArseToElbow: 'The idea that malware on a Mac only affects the browser is hilariously wrong-headed'
Give me one real world example.
'but understandable if you can’t cope with the idea that a Mac is just another computer, rather than a portal to a superior form of existence.’
No, just a vastly superior, more elegant, faster and safer way of computing.
In thirty years of using both OSes, I’ve never met anyone who switched from Windows to a Mac who went back.
The perception of the Mac's superiority arises from two, related characteristics. First, Apple's control-freakery means the MacOS is a very unwelcoming environment for 3rd-party applications. This limits vulnerabilities due to poorly-written code (a popular vector with malware), but it also means many applications simply aren't ported to the Mac because of the hassle. The consequence, and second characteristic, is that relatively few people use Mac OS. As a result, malware writers, whether motivated by lulz or money, concentrate on the vastly more popular Windows. It's not because it's easier; it's because it's a bigger target.
The bottom line is that Windows faces far more threats, but is consequently more "hardened" in the real world (hence the importance of automatic updates). MacOS viruses are rarer (though increasingly common), but the OS actually has more vulnerabilities - i.e. design flaws that could be exploited - because it isn't hardened to the same degree. According to analysis of US government data, Mac OS X was the most vulnerable OS in 2014, and even Linux had a worse record than Windows.
PS: @Adam-Morris, examples of malware for MacOS (and all independent of the browser) include: MacDefender (extortion), Rootpipe (gains root access, i.e. superuser), CoinThief (steals Bitcoin credentials), Flashback (hit over 0.5m users in 2011/2 and wtill in the wild), Lamadai (takes remote control - thought to be Chinese state-sponsored). I could go on. Malware is just malicious code. If your computer can run code, it can run malware.
*MacDefender may be extortion but it’s not malware. Caveat Emptor.
*CoinThief - if you’re going to start dealing in things as dodgy as BitCoins...
*FlashBack and Lamadai were brief privilege escalation vulnerabilities (one apparently via Java) which were patched quickly. I had to look this up because no-one I know has experienced or even heard of these (including our IT guy).
Compare that to the dozen PC viruses which have spawned while I’ve been writing this and I believe that in the real world, Macs offer bulletproof security compared to PCs. The analysis you quote makes the point that though Windows had fewer vulnerabilities, they had a much higher percentage of high level vulnerabilities than Mac OS: 'none of the security holes in Windows versions were rated as low severity'
You make two points I disagree with completely.
-- 'Apple’s control-freakery means the MacOS is a very unwelcoming environment for 3rd-party applications.’ Have you looked at the range of software that Macs run ? And if this environment is ‘unwelcoming’ for software, isn’t it also true for the malware ? I love Apple’s ‘control-freakery’ – it’s called security.
-- ‘Macs don’t have the same range of applications’ This argument stopped being used about eight years ago, even by hardcore PC pundits. Yes, there are more applications for Windows, but if you omit those for specialist scientific/lab use, 90% of them are crap. Put simply, OS X/iOS is too big and too lucrative a market for developers to ignore. Windows is a target not because it’s bigger, but because it’s much easier to hit. I first heard the argument that Apple would quickly become the target of malware once its market share began to grow about ten years ago. Since then Macs have taken a larger and growing share of the market (and completely dominate the high-end/affluent user segment) but viruses and malware are close to non-existent. PC Magazine voted Macs as the best business laptop and best desktop workstation for 2015.
Your contention that Windows is more ‘hardened’ to threats is risible: it’s like saying an alcoholic with a failing liver is hardened to the next shot of vodka. Because it’s shot to pieces that somehow makes it stronger ? Please...
Bottom line is you work with the OS that’s best suited to your needs and likes, and we could both quote arguments supporting our positions. My firm has bought hundred of Macs over the years because they last forever, rarely have hardware problems and are a delight to use. A $1200 iMac works out a lot cheaper than a $600 PC, in the long run.
Enough already, over and out.
Over the years, I have bought literally thousands of PCs and scores of Macs (I employed graphic designers), plus hundreds of Unix and Linux machines. I have also bought a lot of antivirus software, firewalls and been involved in tackling large-scale malware and hacking attacks (my original IT specialism was security). I do not "argue from authority" that A is better than B or vice versa, but rather argue that the chief vulnerability is the human factor (a point you perhaps unintentionally concede in your dismissal of Mac viruses). The technology is incidental.
For the record, malware is a catch-all term that covers not only malicious code (i.e. the traditional virus or trojan) but also scams, spyware and so-called scareware, such as MacDefender.
I had access to an outside computer, so I searched on various malware-help sites and came across a number of suggested routines for eradicating the virus, but I couldn’t get any of them to work. So I took the tower and its hard-drive to a local computer repair store and paid them something like $125 to save all my files and get rid of the virus, which they did, claiming that they needed to run some highly specialized malware programs which took a lot of time (“overnight”). I have no idea how much of their sales-talk was real and how difficult it was for them to solve the problem, but I did get a clean drive with restored files back at less than half the ransom price. Of course the real FBI was infuriated by this and made a big attempt to track down the perpetrators (alleged to be operating out of Ukraine or Russia at the time), but I don’t know if they ever succeeded in doing this. Since then I‘ve met several people whose PCs were attacked in the same way, and they all took my route rather than paying the ransom. All I do now is to try to back-up any new writing or information of consequence to me on a zip-drive, which is cheap and at least saves your work, though you have to remember to do it routinely.
As to Macs vs Windows, what serious adult could possibly care? The former might be cute little things, but their business originator, Saint Steve, was motivated by a relentless appetite for success validated by money and power, nothing more, nothing less. He was more or less killed by his own arrogance, masquerading as omniscience and “cutting-edge” thinking (in this case in the fantasy realm of “alternative medicine”). Good riddance, and it would be a delightful occasion if the whole big company collapsed due to a bad market calculation. Not that someone else won’t step in as a holy figure of entrepeneurship to provide our consumption-crazy society with a replacement toy