Top 10 Tips to Avoid Malware

In light of the latest bit of ransomware – Petya – here are tips to prevent getting hacked

The latest bit of ransomware – dubbed Petya – is currently running through banks, financial institutions and healthcare facilities in both Asia and Europe. The bug, like most ransomware, encrypts corporate data by encrypting hard drives, preventing access to needed data and computer systems. It also seems to have crossed the pond and entered the US.

Pharmaceutical manufacturer Merck reported that it had become infected with the malware as did multinational law firm DLA Piper, which counts over 20 different offices in the United States. Heritage Valley Health Systems, a health care network that runs two hospitals in Western Pennsylvania, also confirmed in a statement to Recode on Tuesday to be the victim of the same ransomware attack that has spread around the globe.

Petya in and of itself is a bit problematic in that this particular bug has the ability to adapt and mutate quickly, often working around patches that have been released by operating system and anti-malware vendors alike. With Petya, it’s difficult to insure your computing systems stay malware free. Anti-malware and OS vendors are having a great deal of trouble staying ahead of the game.

So, what’s the best way to stay Petya (as well as other phishing and ransomware infections) free? The best advice I can give ANYONE is to follow these top 10 computer security tips.

1. What’s in a Name?
Just because you see an email in your inbox from a name you recognize doesn’t mean they sent it to you. Be wary of all email in your inbox. Inspect the email address. If it looks suspicious or if you don’t recognize the domain (the wording after the “at sign” – for example @microsoft.com), don’t open it. Delete it immediately.
2. Look but don’t Click
Hover your mouse over any embedded links in any of the emails you receive. Don’t click before you do. A tool tip should appear showing the actual email address, or in the case of browser based clients, the address should display in the status bar at the bottom of your browser window. If the address isn’t one you recognize or if it looks strange, again, don’t click it.
3. Check for Spelling or Grammar Mistakes
Legitimate messages don’t have major spelling errors or clumsily structured sentences. If the message reads strangely and strikes you as unprofessional, its likely a fake. Delete it.
4. Analyze the Salutation
Messages from financial institutions will always address you by your name. They’re never going to call you, “Valued Customer.” If you get something like this from one of your financial institutions, I’d delete it and ignore it.
5. Don’t Give out Your Personal Information
Legitimate companies will never ask you to provide identity information or credentials via email. EVER.
6. Beware of Urgent or Threatening Language in the Subject Line of any eMail
Invoking fear via threatening or urgent language is a common phishing tactic. Be wary of any email indicating that your “account has been suspended,” or your account has had an “unauthorized login attempt.” There’s an excellent chance the emails are bogus.
7. Review the Signature Line
Lack of details about the signer or the absence of their contact information at the end of the message strongly suggests a phishing attempt
8. Don’t Click on Attachments
Malware payloads are often embedded in email attachments. Don’t open any you weren’t expecting, even from someone you know. Contact them offline, if possible, and confirm they sent you the attachment.
9. Don’t Trust the Information in an eMail Header
Hackers are smart enough now a days to spoof not only the display name, but the mail header as well. Even if you know how to check this information, you may not be able to validate it as genuine, so don’t bother. Assume this information is fraudulent in any suspect email.
10. Don’t Believe Anything you see
This is NOT your father’s internet any more. The world is hell bent on stealing everything you own and could own in the future (your identity, your credit, etc.), so the best defense is a strong offense – don’t trust anyone or anything you suspect is illegitimate. It may look valid, but it’s better to err on the side of caution that to spend the next 8 to 14 months straightening out your credit because you were the victim of a phishing attack. If you have even the slightest doubt or it even remotely looks suspicious, don’t open the message.

The point of all of this is that THIS particular piece of malware REQUIRES diligence.

Petya is rapidly changing. Its mutating and adapting to patches and detection engines in popular and well known, professional grade malware prevention products. You HAVE to be careful here, or you may end up losing everything on your PC.

Aside from the above, you should also do the following proactive steps on a regular basis. (start NOW if you haven’t done these yet, and insure that you do it malware free):

1. Install and Run an Anti-Malware Package
I have used a number of different packages over the years. Right now, one of my favorites is IOBIT Advanced SystemCare 10 Pro. Regardless of what you use, get one, install it, and use it… often.
2. Get your data on a cloud service
Whether we’re talking productivity files (Word, Excel, etc.) or pictures and home movies, it doesn’t matter. Get your data synchronizing with a cloud service so that you have an easy way to get your data back if it gets taken hostage.
3. Start a Local Backup Regimen
Macs have Time Machine. Windows users have Windows Backup; or you can use AOMEI Backuper and AOMEI Image Deploy. However, any way you cut it, you need to start and execute a local backup plan.
4. Start an Off-Site Backup Regimen
In order to do this, you need an off-site back up service like Carbonite or Backblaze. These low cost, subscription based services allow you to back up your computer over the internet and allow you to do a simple restore as well via the internet or via a hard drive that you can order and have delivered to you.

So, in summary:

1. Trust your Gut. Don’t open goofy looking email. Just delete them
2. Backup your data
3. Install and run an antimalware app

Have you gotten hit by ransomware? Have you paid the ransom, or have you just blown or replaced the drive and started over? I’d love to hear from you if you have gotten bitten. If you have, hit me up in the Discussion area, below, and tell me all about it.

Related Posts:

Resetting your Windows PC – Part 1

In many respects, it’s a lot like resetting your phone…

Introduction
A couple of years ago, I wrote an article for Soft32 called iDevice Restore Gotchas. It’s a good read.

In that article, I covered a few basic points about resetting your device. Without rehashing the entire article – again, you can read it called here – I did cover 3 important points

  1. Don’t Fear the Hard Reset – sometimes it’s the best way to get rid of all the crap, especially if you have a deep rooted virus or piece of malware/ spyware that just will NOT go away.
  2. Make Sure you have a Solid Internet Connection – iDevices always, ALWAYS call home to ask permission before allowing you to completely blow them away, and if you don’t have one or are using your iDevice to provide internet connectivity, the process will fail; and then you’re really gonna be up a creek without a paddle…
  3. Don’t Connect your Smartphone to your PC through a USB Hub – the restore process is going to work better (read: won’t work at all through a hub…) with a direct connection, and you won’t have any technology headaches to trouble shoot.

All of these points are still relevant with the latest set of iDevices, and quite honestly, most every other mobile device out there. They’re also relevant with your Windows based PC, if its running Windows 10, and if you’re having troubles with it, the reasons for looking into this process are actually quite compelling.

At the end of the day, they can save your tens of hours of analysis time and a ton of money on ulcer and headache remedies with just a bit of planning and the new refresh and restore procedures in Windows 10. Let’s take a quick look…

Why Reset
There are a number of reasons why you might want to reset your Windows PC. You may have a virus or other piece of malware or spyware that, despite your best efforts, just can’t or won’t be removed. You may want to pass on your PC on to a friend or family member; or you may want to sell it or donate it to a charitable organization. Regardless of WHY you need or want to reset the machine, resetting it is often easier to do than actually taking the time to trouble shoot or perform some other deep cleaning or maintenance.

In many cases, the best thing to do is to nuke your machine from orbit and start over. Sometimes, fighting the good fight means retreating and not engaging.

When to Reset
So… ok. You’ve solved the “why” portion of this equation; but you’ve got all these apps and all this data. When do you actually do this? When do you tell yourself to stop, drop back and punt? That’s both simple, and complicated.

However, figuring out WHEN to do a reset really involves the severity of the problems you’ve been bumping into and how much time you have to burn. More often than not, its easier, less time consuming and less stressful to simply burn everything to the ground than to try to fix a specific problem, especially in the case of malware. More often than not, Windows based malware will bury itself so deeply within the OS, that it doesn’t want to come out without a fight, if it does at all.

I’ve had partially disabled malware repair itself and come back to life. Yeah… that was really an eye opener.

So, when do you actually declare “defeat” and actually DO the reset? That’s an excellent question. The best way to answer it though would be for you to do a bit of thinking

  1. What’s my Time Worth?
    Try to put a monetary value on your time. When you hit your gag reflex on the “cost,” consider pulling the reset trigger
  2. How “Bad” is the Problem?
    There are resources on the internet that can tell you a great deal about different kinds of malware and how difficult they are to remove. Solvusoft has a decent Malware Encyclopedia. Trend Micro has a good database, with some decent information that explains what each type of worm, virus, etc. does; and rates how difficult it is to remove. When you have more than one rating category with a red or critical rating, and you know your infected, the problem is probably a little more than, “bad.”
  3. Has your Virus Scanner Failed to Remove the Threat?
    If you can’t get rid of the bug with the anti-malware product you have, try an “off line” product like Fix Me Stick. Its fully compatible with Windows and should be able to remove most bugs without damaging your data.

I’ve yet to find a virus that it couldn’t remove (though in all honesty, it may take more than one scan to take care of everything…). Its well worth the $60 bucks a year (for up to 3 computers) that the service costs. However, not all virus scanners are created equally; and in many cases, some viruses just refuse to be removed.

You’re likely going to find yourself in a situation here that requires you to subjectively weigh the answers to these three questions and then make a decision. My experience, especially with malware, is that its always better to be safe than sorry.

Come back next time. I’ll have complete instructions on how to get this job done the easiest way possible.

Related Posts:

Keep your PC free of malware and other kinds of hidden threats

Keeping your PC free of malware and other kinds of hidden threats is perhaps one of the biggest tasks it has outside of completing the actual computing work you have set aside for it. Finding the right tool to complete that job isn’t always easy. There are great many choices. ChicaPC Shield may help you in this regard.ChicaPC-Shield finds and removes harmful, hidden threats from your PC. It protects your computer from hostile, threatening and damaging malware. The quick scan option identifies PC infections within a matter of minutes. ChicaPC-Shield’s auto update feature insures that its threat definitions are updated regularly to ensure that even the latest threats are detected and blocked; and performs unlimited scans to find and remove identified threats.

Read the full review | Download ChicaPC Shield

Related Posts:

The best Rescue CDs to fix an infected computer that can’t be cleaned by your AV

Most of the time, when a virus is detected by your antivirus, you’ll be prompted to clean, quarantine or delete the infected files.

However, sometimes, a virus infection may be too “deep” to just remove, or your computer can no longer boot into the OS after acquiring a virus.

This is the moment when you will most likely use a rescue disc to fix an infected computer that your antivirus can’t clean.

BitDefender Rescue CDdownload

AVG Rescue CDdownload

Avira Antivir Rescue CDdownload

Kaspersky Rescue Diskdownload

 

Note: All Rescue CDs are downloadable .ISO files which you’ll have to burn to a CD/DVD using a clean computer.

Related Posts:

Protect your PC and your files from unwanted malware with this award winning AV tool

Malware. Worms. Trojans.

They are everywhere on the Internet, and despite how careful you might be, at some point, you’re going to get one.  It’s not a matter of if; it’s a matter of when. You need protection, and Kaspersky Anti-Virus is one of the best programs you can use to keep you and your PC safe.


Kaspersky Anti-Virus is the backbone of your PC’s security system, offering essential, real-time protection from viruses, spyware, Trojans, bots, rootkits, identity theft, and more.

Read the full review | Download Kaspersky Anti-Virus

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook