Ransomware. Are You At Risk?

Ransomware is a cyber attack term that all of us have been reading about almost daily in the press. Yes, it is real. Yes, it is destructive. And yes, it is very, very expensive to repair. There is one thing, however, that the main stream press gets wrong in just about every story. They always manage to sneak into the paragraph that “The Spacely’s Sprockets Company network was hacked by ransomware…” but that isn’t really the case. Ransomware is opportunistic in that it looks for exploitable connections open to the Internet by scanning lists of IP addresses instead of directly targeting a specific company or institution in order to break in. Ransomware also targets individuals inside company’s through social engineering. Emails with links to ‘more information’ or similar links in dodgy websites. And no, dodgy does not mean only porn sites!

ransomwareRansomware scans through all the disk drives on your computer, encrypting your data files and demanding a payout in return for the key to reverse the encryption. Unless you have uninfected backups, you will have no choice but to pay the ransom to get back the files that have been locked. This is because any attempt to break the encryption without the using the properly generated de-encryption key sent to you by the bad guys after they receive your payment will trigger the ransomware to delete the encryption key the bad guys need to generate the key that will reverse the encryption.

Ransomware wouldn’t exist if it weren’t a lucrative pastime. Most of the ransom demands are on the order of 1 Bitcoin per encrypted machine, which is approximately $1500.00USD. This adds up quickly if a large company has 1000 encrypted workstations or servers to $1.5Million.

Ransomware ChartOn a properly configured and secured network, there is almost no risk of a targeted, hacking style, attack. The risk comes from insiders who are too quick to trust links. Your first line of defense are frequent backups. Of course, I’m not so out of touch to think that most people actually backup their workstations. So, your second line of defense is to be aware that people you don’t know are not going to send you emails with links to invoices or refunds or anything. If you don’t recognize the sender, contact your IT Security department. They will (or should!) have the tools to evaluate the threat level. Better to be safe than sorry!

The second level of threat comes from the way ransomware propagates itself once it is on a machine inside the network. After granting itself administrator privileges and disabling any programs you have installed that might be used to defeat it, it casually looks around the network and invades any workstations that responds to its queries. Alternatively, they target a servers where once they are in, they can create and modify accounts and have access to everything on the network.

A new ransomware attack was found in Europe that uses a Dropbox link. It only takes one click on that link to infect a workstation and a victim has just 24 hours to pay the ransom in Bitcoin before the encryption becomes permanent. It’s called the “Pacman” ransomware, suggesting something eating up all files. Besides the ransomware, the code includes a keylogger and has “kill process” capabilities that disablesWindows O/S functions like taskmgr, cmd, regedit and more.

Europe is often struck first before attacks in the US, so it’s just a matter of time. The attack is focused on a small vertical and is fully automated. This particular variation is targeting chiropractors in Denmark, but next time, it can be targeted for your company. This attack arrived as an email in perfect Danish from a potential new patient who explains they are moving into the area, have bad neck and back problems, and are looking for a new therapist. The new patient has conveniently provided links to his MRI and CT scans on Dropbox, hoping that the reader will click on the link to see the scans. One click is all it takes and you’re affected.

If you work for a company, your IT Security people are (hopefully) doing what they can, but you must remain vigilant and don’t click on anything that is even the least bit suspicious.

PacMan-RansomwareIf you are a consumer with a single computer, a small home network, or part of a small business that may not have an IT Department, then you should take more precautions. First, most individual attacks will attempt to invade your computer through a phishing attack, so think before you click. Do you know the sender of the email? If not, delete it. If you do recognize the sender but weren’t expecting an email from them or the email is out of character for that sender, contact them and determine whether or not it’s from them. Trust your email SPAM filter. If an email landed there, there is probably a good reason why. You may wish to check the email header which discloses much information that is otherwise hidden. For example, the email may say it’s from your bank, but the header record may show it was sent from ‘johan@tittylover.mail.ro’. So unless you want to send a lot of money to a guy named Johan in Romania, delete it.

Technical outfits such as Malwarebytes and Spybot Search & Destroy, have developed security software that is proving effective to prevent ransomware from installing itself on your computer but it is a preventative approach. If you have been hit by ransomware, there is little they or anyone else can do to fix things, other than the ransomware crooks themselves.

Why Aren’t All NASA Photographs in Color?

Spring weather is here (finally!), I’ve been healing up after some rather nasty ailments, I’m in the midst of having a tooth implant done, Vicodin is my friend, and I’ve made a promise to myself to get this blog going and to post REGULARLY! Hope you find it interesting enough to stick around! A friend of my mine told me to stop spouting off like an idiot about comments of technical and scientific sites and write a blog about it. She’s convinced it will make me more popular at parties….

Space Probe Photographs

Cassini-Huygens

I subscribe to RSS feeds from many astronomy and astronautic websites. You know, the ones that report on ongoing space missions, new developments, future projects; that sort of thing. I was reading through an article about the Cassini-Huygens mission to the moons of Saturn which began sending back photos and data soon after its arrival to the Saturnian system in 2004. Simply amazing stuff. As is my habit, I scanned through some of the comments and one caught my attention, mostly because I’ve seen similar comments in numerous other articles. As I intend to refute everything in the comment, I’m not going to give out the gentleman’s name, nor the article to which his comment was submitted. Here is his comment:

“How is it possible that in 2015 when even the cheapest phone has a color camera, all the public gets is a black and white photo from a mission funded by tax payers!”

 

It appears that many people assume that since a spacecraft is performing a mission in 2013 that it is equipped with 2013 technology. But let’s look at a few facts. Cassini is not on a pleasure drive through the park. Since the Earth and Saturn are moving through space and orbiting the sun at different velocities (Saturn takes 29.1 earth years to complete 1 orbit of the sun), you cannot get from the Earth to Saturn by traveling in a straight line. I’m not going to give a lesson in Celestial Mechanics, but all you really need to know is that as in the American sport of Football, the Quarterback does not throw the ball to where the wide receiver is, but to where the receiver will be when the ball gets there. So while Saturn is, on the average, 868 Million miles from the Earth, Cassini has racked up 3.6 Billion miles in it’s journey.

Cassini_interplanet_trajectory.svg

Huygens_Image

That journey took Cassini almost 8 years. It has been orbiting Saturn and visiting its moons for the last 9 years. During that time, it has sent back to mission control at JPL, 880 Gigabytes of scientific data and 600,000 hi-resolution photographs, all the while traveling in different orbits around Saturn, visiting dozens of its 60 moons. The Cassini spacecraft also launched the Huygens probe which landed on Titan in January of 2005. Huygens survived its plunge through the huge moon’s thick atmosphere and sent data back to Earth for about 90 minutes after landing. But let’s get back to the issue at hand. Why are all the photographs in black and white?

Cassini-Huygens_Assembly

Cassini was launched 18 years ago, in 1997. So your iPhone today can take great color photographs, right? How well did your cell phone do that in 1997? Oh, wait. Cell phones didn’t HAVE cameras in 1997. Back then, cell phones had enough trouble making phone calls. But Cassini doesn’t even have 1997 technology. That was when it was launched, NOT when it was engineered and built.

The engineering design began in 1979 and wasn’t finalized until 1986, due to budget cuts along the way. By canceling another planned deep space probe, NASA was able to build the 3.8 Billion dollar, 22 foot long spacecraft by 1995, although the launch window wasn’t until October of 1997. (Remember all that nasty little Celestial Mechanics stuff and the Quarterback?).

saturnmethane

So basically, due to a combination of Cassini being designed using 40 year old technology and color photographs needing many times the bandwidth to transmit than does black and white, we get black and white photographs. I am not even going to get into the issue of radar images that are in black & white as they are not actually images; they are radar scans that record the relative densities of what they see and then ‘build’ an ‘image’ of what the changes in density might ‘look’ like. Hope I didn’t lose all of you at this point…

The system that controls the taking of the photographs, the collection and analysis of dust particles and the flight trajectories, is a 1970s era 16-bit MIL-STD-1750A computer designed by the USAF for flight and weapons control systems of aircraft during the Vietnam war. A 16-bit computer address bus can address a maximum of 64-Megabytes of memory. That’s it. My laptop computer has 8-Gigabytes of memory. A typical smartphone has at least 1-Gigabyte of memory. (Keep in mind that 1-Gigabyte = 1,000-Megabytes.) Also, the 1750A has a single CPU running at a speed of 1Mhz. My desktop system has 2 quad core CPUs, which is 8 CPUs, each running at 2.4Ghz, or 2,400 times faster than the 1750A CPU. The USAF discontinued use of the MIL-STD-1750A computer in 1996.
cassini-orbits-15-years

True_Colour_Saturn

I can hear the faint echoes of readers saying “What the Fuck? I’ve SEEN color photographs of Saturn!” Ummm. you have and you haven’t. When NASA and JPL want to release a color photo, a black and white image is taken 4 times. First, a full B&W image, then an image through a red filter, an image through a blue filter and lastly, an image through a green filter. The computers at JPL then examine the B&W image, followed by each filtered image. The data missing from each filtered image that is in the B&W image represents the color data blocked by that filter. Using this data, the computer then creates a RGB composite color photograph. To further complicate things, they sometimes arbitrarily select colors to make the images easier to see, or to intentionally highlight a particular aspect, such as a storm.

False_Colour_Saturn

If you look at the color images on the NASA or JPL website, they are religiously marked as ‘True Color” or “False Color”. The problem arises when the media publishes these photographs leaving this little detail out so that people believe they are seeing something real when what it does depict is a technician’s idea of a pretty color purple. I’ve even seen ‘latest photographs’ shown on news shows that are clearly marked on the JPL website as an ‘artist rendition’. Do yourself a favor; go to the source and be sure.

Saturn_Tilt_NASA

So before making wisecracks about why the pictures aren’t in color, give a little thought about how much you could get done at work if your system were to be replaced with a 40 year old computer that has 1/125th the memory capacity and runs 2400 times slower. Sort of puts things into perspective, doesn’t it?

 

And The Scammers Crawl Out Of Their Holes

Search Engine Optimization1 Over the last few days I gave more thought to starting a blog and finally decided to jump in head first with both feet. Yeah, mixed metaphors. Guilty. Now, for those of you who haven’t been involved in the production side of web content, there are a few technical/legal things that need to be done, the first of which is deciding on a name which a) somewhat relates to what you’re planning on doing and b) is unique among the BILLIONS of website names already in existence. Luckily, a simple web search yields dozens of sites that will check your ideas of names against registered domain names and let you know if it is already in use or if it is available. For my new site, I went through approximately 30 names before I found one both available and I liked. Once found, you have to register the name with ICANN through a domain name registry service which costs in the neighborhood of $12.00-$15.00 for the fist year. This I did around 3am Saturday (Jan 3rd). I installed the blogging software, customized the format and static content, installed an SEO application (Search Engine Optimization) and began compiling topics for my blog.

When a new web site is created, the first thing that happens is the name and associated IP address are propagated throughout all the DNS (Domain Name Server) servers across the planet. Basically, when you type in a web site name, your browser goes your local DNS server which receives updates from the regional DNS servers. The DNS server matches the site name with its associated IP address (think of looking up a phone number) and sends your request off to a router which connects you to the network segment where the website server lives. When a new website is published, it takes anywhere from 12 to 48 hours for all the local and regional DNS servers to learn about it. This process is called ‘propagation’.

Search Engine Market ShareI knew TechGuyTalk had finished propagation when I received officious looking emails this morning informing me that it was important that I click on a link to their website to complete my SEO efforts. I had registered with the company who wrote the SEO application I installed but I was not expecting an email like this from them. I checked the fine print on the footer of the emails and found the company names, none of which I had ever dealt with at any time. After some fast cutting & pasting into Google, the most complementary remarks returned were ‘SCAM’ and ‘UNETHICAL’.  Seems that these super helpful companies charge a yearly fee (I’ve seen pricing ranging from $99 to $399) to submit your website name to search engines like Google, Yahoo!, Bing, and so on. Here’s the interesting thing about this. Do you know how much the search engines charge for website submittals? Absolutely NOTHING! Nada, zilch, zero! Not to mention that a lot of the smaller search engines don’t even do their own site crawling; they get their information from Google, Yahoo or Bing.

In summary, all blogging software which I’ve used have free apps that provide SEO promotion of varying degrees and if you want to use a professional app, they are not that expensive. So do not feel in any way obligated to engage these companies who try to mislead you into thinking you’re finishing a process when you never started it in the first place!

Hello world!

Hi! My name is Mike and I’m taking my show on the road, so to speak. I’ve come to the realization that I should expand my distribution of wisdom to more than just my circle of friends. Actually, it may have been their suggestion. Anyway, welcome to my blog where I’ll be opining on new technology, computer issues, astronomy, science, society and politics. Granted, that’s a lot of territory, but we’ll see how things go. Also, feel free to ask questions by leaving a comment or dropping me an email at Mike@TechGuyTalk.com and I’ll address your topic in a future blog.

I hope to be entertaining and informative, so check back when you have the time. Feel free to click on my RSS feed so you can be notified as blogs are published.

Thanks and Welcome!

Mike