Tech Guy Talk
Am I brilliant, or simply arrogant? On a good day, I'm both!

Ransomware. Are YOU at Risk? December 26, 2016

Ransomware is a cyber-attack term that all of us have been reading about almost daily in the press. Yes, it is real. Yes, it is destructive. And yes, it is very, very expensive to repair. There is one thing, however, that the main stream press gets wrong in just about every story. They always manage to sneak into the paragraph that “The Spacely’s Sprockets Company network was hacked by ransomware…” but that isn’t really the case. Ransomware is opportunistic in that it looks for exploitable connections open to the Internet by scanning lists of IP addresses instead of directly targeting a specific company or institution in order to break in. Ransomware also targets individuals inside company’s through social engineering. Emails with links to ‘more information’ or similar links in dodgy websites. And no, dodgy does not mean only porn sites!

Ransomware scans through all the disk drives on your computer, encrypting your data files and demanding a payout in return for the key to reverse the encryption. Unless you have uninfected backups, you will have no choice but to pay the ransom to get back the files that have been locked. This is because any attempt to break the encryption without the using the properly generated de-encryption key sent to you by the bad guys after they receive your payment will trigger the ransomware to delete the encryption key the bad guys need to generate the key that will reverse the encryption.

Ransomware wouldn’t exist if it weren’t a lucrative pastime. Most of the ransom demands are on the order of 1 Bitcoin per encrypted machine, which is approximately $1500.00USD. This adds up quickly if a large company has 1000 encrypted workstations or servers to $1.5Million. On a properly configured and secured network, there is almost no risk of a targeted, hacking style, attack. The risk comes from insiders who are too quick to trust links. Your first line of defense are frequent backups. Of course, I’m not so out of touch to think that most people actually backup their workstations. So, your second line of defense is to be aware that people you don’t know are not going to send you emails with links to invoices or refunds or anything. If you don’t recognize the sender, contact your IT Security department. They will (or should!) have the tools to evaluate the threat level. Better to be safe than sorry!

The second level of threat comes from the way ransomware propagates itself once it is on a machine inside the network. After granting itself administrator privileges and disabling any programs you have installed that might be used to defeat it, it casually looks around the network and invades any workstations that responds to its queries. Alternatively, they target a servers where once they are in, they can create and modify accounts and have access to everything on the network.

A ransomware attack in Europe used a Dropbox link. It only takes one click on that link to infect a workstation and a victim has just 24 hours to pay the ransom in Bitcoin before the encryption becomes permanent. It’s called the “Pacman” ransomware, suggesting something eating up all files. Besides the ransomware, the code includes a keylogger and has “kill process” capabilities that disables Windows O/S functions like taskmgr, cmd, regedit and more. Europe is often struck first before attacks in the US, so it’s just a matter of time. The attack is focused on a small vertical and is fully automated. This particular variation is targeting chiropractors in Denmark, but next time, it can be targeted for your company. This attack arrived as an email in perfect Danish from a potential new patient who explains they are moving into the area, have bad neck and back problems, and are looking for a new therapist. The new patient has conveniently provided links to his MRI and CT scans on Dropbox, hoping that the reader will click on the link to see the scans. One click is all it takes and you’re affected.

If you work for a company, your IT Security people are (hopefully) doing what they can, but you must remain vigilant and don’t click on anything that is even the least bit suspicious. If you are a consumer with a single computer, a small home network, or part of a small business that may not have an IT Department, then you should take more precautions. First, most individual attacks will attempt to invade your computer through a phishing attack, so think before you click. Do you know the sender of the email? If not, delete it. If you do recognize the sender but weren’t expecting an email from them or the email is out of character for that sender, contact them and determine whether or not it’s from them. Trust your email SPAM filter. If an email landed there, there is probably a good reason why. You may wish to check the email header which discloses much information that is otherwise hidden. For example, the email may say it’s from your bank, but the header record may show it was sent from ‘’. So unless you want to send a lot of money to a guy named Johan in Romania, delete it.

Technical outfits have developed security software that is proving effective to prevent ransomware from installing itself on your computer but it is a preventative approach. If you have been hit by ransomware, there is little they or anyone else can do to fix things, other than the ransomware crooks themselves.

No Comments on Ransomware. Are YOU at Risk?

Why Aren’t All NASA Photographs in Color?

I’ve healed up after undergoing six months of dental work costing in the neighborhood of $10,000. One tooth implant, two extractions, three root canals, 4 crowns, and replacement of seven fillings. Vicodin was a friendly companion, and I’ve made a promise to myself to get this blog going again! Hope you find it interesting enough to stick around! A friend of my mine (Hi, Helen!) told me to stop spouting off like an idiot about posts on technical and scientific sites and write a blog about it myself since I obviously thought I could do it better. She’s convinced it will also make me more popular at parties…

I subscribe to several tech astronautic websites. You know, the ones that report on ongoing space missions, new developments, future projects; that sort of thing. I was reading through an article about the Cassini-Huygens mission to the moons of Saturn which has been sending back photos and data since its arrival in 2004. Simply amazing stuff. As is my habit, I scanned through some of the comments and one caught my attention, mostly because I’ve seen similar comments in numerous other articles. As I intend to refute everything in the comment, I’m not going to give out the gentleman’s name, nor the article to which his comment was submitted. Here is his comment:

“How is it possible that in 2013 when even the cheapest phone has a color camera, all the public gets is a black and white photo from a mission funded by taxpayers?”

It appears that many people assume that since a spacecraft is performing a mission in 2013 that it is equipped with 2013 technology. But let’s look at a few facts. Cassini is not on a pleasure drive through the park. Since the Earth and Saturn are moving through space and orbiting the sun at different velocities (Saturn takes 29.1 earth years to complete 1 orbit of the sun), you cannot get from the Earth to Saturn by traveling in a straight line. I’m not going to give a lesson in Celestial Mechanics, but all you really need to know is that as in the American sport of Football, the Quarterback does not throw the ball to where the wide receiver is, but to where the receiver will be when the ball gets there. So while Saturn is, on the average, 868 Million miles from the Earth, Cassini has racked up 3.6 Billion miles in its journey.

That journey took Cassini almost 8 years. It has been orbiting Saturn and visiting its moons for the last 12 years. During that time, it has sent back to mission control at JPL, 444 Gigabytes of scientific data and 300,000 hi-resolution photographs, all the while traveling in different orbits around Saturn, visiting dozens of its 60 moons. The Cassini spacecraft also launched the Huygens probe which landed on Titan in January of 2005. Huygens survived its plunge through the huge moon’s thick atmosphere and sent data back to Earth for about 90 minutes after landing. But let’s get back to the issue at hand. Why are all the photographs in black and white?

Cassini was launched 19 years ago, in 1997. So your iPhone today can take great color photographs, right? How well did your cell phone do that in 1997? Oh, wait. Cell phones didn’t HAVE cameras in 1997. Back then, cell phones had enough trouble making phone calls. But Cassini doesn’t even have 1997 technology. That was when it was launched, NOT when it was engineered and built.

The engineering design began in 1979 and wasn’t finalized until 1986, due to budget cuts along the way. By canceling another planned deep space probe, NASA was able to build the 3.8 Billion dollar, 22 foot long spacecraft by 1995, although the launch window wasn’t until October of 1997. (Remember all that nasty little Celestial Mechanics stuff and the Quarterback?)

So basically, due to a combination of Cassini being designed using 40 year old technology and color photographs needing many times the bandwidth to transmit than does black and white, we get black and white photographs.

The system that controls the taking of the photographs, the collection and analysis of dust particles, and the flight trajectories, is a 1970s era 16-bit MIL-STD-1750A computer designed by the USAF for flight and weapons control systems of aircraft during the Vietnam war. A 16-bit computer address bus can address a maximum of 64-Megabytes of memory. That’s it. My laptop computer has 8-Gigabytes of memory. A typical smartphone has at least 1-Gigabyte of memory. (Keep in mind that 1-Gigabyte = 1,000-Megabytes.) Also, the 1750A has a single CPU running at a speed of 1Mhz. My desktop system has 2 quad core CPUs, which is 8 CPUs, each running at 2.4Ghz, or 2,400 times faster than the 1750A CPU. The USAF discontinued use of the MIL-STD-1750A computer in 1996.

I can hear the faint echoes of readers saying “What the Fuck? I’ve SEEN color photographs of Saturn!” Ummm… You have, and you haven’t. When NASA and JPL want to release a color photo, a black and white image is taken 4 times. First, a full B&W image, then an image through a red filter, an image through a blue filter and lastly, an image through a green filter. The computers at JPL then examine the B&W image, followed by each filtered image. The data missing from each filtered image that is in the B&W image represents the color data blocked by that filter. Using this data, the computer then creates a RGB composite color photograph. To further complicate things, they sometimes arbitrarily select colors to make the images easier to see, or to intentionally highlight a particular aspect, such as a storm.

If you look at the color images on the NASA or JPL website, they are religiously marked as ‘True Color” or “False Color”. The problem arises when the media publishes these photographs leaving this little detail out so that people believe they are seeing something real when what it does depict is a technician’s idea of a pretty color. I’ve even seen ‘latest photographs’ shown on news shows that are clearly marked on the JPL website as an ‘artist rendition’. Do yourself a favor; go to the source and be sure.

So now that you know why the pictures aren’t in color, think about how much you could get done at work if your computer system were to be replaced with a 40 year old computer that has 1/125th the memory capacity and runs 2400 times slower. Sort of puts things into perspective, doesn’t it?

Feel free to leave a comment! See you next time!


No Comments on Why Aren’t All NASA Photographs in Color?