Is that really a Windows update you are about to click on? Or ransomware in disguise? As first documented by Fortinet FortiGuard Labs and followed up by Trend Micro, a new ransomware is currently on the rise and disguising itself as fake Windows updates and Word installers as part of a malvertising campaign. Also, multiple variants of this ransomware have been discovered. Here’s what we know so far and what you can do to protect yourself.
What does this new ransomware do?
The ransomware, which is called Big Head, infects devices and encrypts the device’s files by displaying a fake Windows update alert on the victim’s computer. Three encrypted executable files are deployed in the attack – one for propagating the malware, one for facilitating communications via Telegram, and one for encrypting the files and displaying the fake Windows update. If a person clicks on this fake Windows update alert, Big Head will begin its attack by deleting backups, checking the virtualized environment, disabling the computer’s Task Manager to prevent the user from deleting it, and more.
There have also been variants discovered of the Big Head ransomware that are capable of stealing web browser history, directory lists, running processes, product keys, and network information. Most of the samples of this ransomware have been submitted from the U.S., France, Turkey, and Spain.
MORE: RUSSIAN RANSOMWARE ATTACK SOFTWARE TARGETS APPLE MAC AND MACBOOK
What can I do to protect myself from this ransomware?
Ransomware criminals will try to get you to pay money to them to get your files back. However, paying the ransom does not guarantee that you will regain access to anything a criminal takes from you and will only permit them to do it more.
Your best bet is to prevent an attacker from gaining access to your files altogether so that you don’t have to try to fight to get them back. Here are some of my tips for avoiding having your files stolen in a ransomware attack.
If you receive an email from an address you do not recognize, don’t open it. If you open it by mistake, avoid clicking any links or opening any attachments within the email. This is a classic method that cybercriminals use to try to trick you into thinking that the message is from someone important.
Have good antivirus software
Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware or ransomware on your devices, allowing hackers to gain access to your personal information. Plus, it’s designed to tell you when there is already malware on your device so that you can immediately work towards getting rid of it.
Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
MORE: HOW TO BACKUP YOUR WINDOWS COMPUTER
MORE: HOW TO BACK UP YOUR MAC COMPUTER
Back up your files on an external hard drive
I highly advise you to create backups of your information on an external hard drive and store it securely in a safe location. This process involves regularly making backup copies and then disconnecting the external drive from your computer for added safety. You should store the disconnected drive in a secure place like a fireproof safe or a safety deposit box. By keeping the drive unplugged when not in use, you significantly minimize the risk of unauthorized access to your data by hackers.
Top recommendations for external hard drives
Here are some of my top recommendations for external hard drives.
My Passport SSD Portable Drive
The My Passport SSD drive easily plugs into a USB port to backup at blazing speeds, then eject and unplug it so that hackers cannot get access to your backup. You can set password-enabled hardware encryption to protect valuable content. It also comes with a 5-year limited warranty. It is also drop-resistant up to 6.5 feet 500GB, 1TB, and 2TB sizes. At the time of publishing, this product had over 4100 global ratings with 78% giving the product 5 stars.
Get My Passport SSD Portable Drive
SanDisk Extreme Pro SSD
My external drive is hooked up to my PC 24/7, but if your data travels with you and you need a more rugged solution, the SanDisk Extreme Pro SSD would be an excellent choice. Its rugged IP55 water and dust-resistant exterior can survive a drop of 2 meters which is about 6 feet 7 inches. At the time of publishing, this product had over 8800 global ratings with 77% giving the product 5 stars.
Use a cloud service
The great thing about cloud storage is how flexible it is. If you ever need extra storage room, you can get it right away (though it does come with a price tag). However, there’s a major downside to consider: you can’t be sure who has access to your stored data. Just so you know, the term “cloud” is more of a metaphorical concept. In reality, your data resides on servers owned by someone else, leaving it potentially vulnerable to hackers, snoopers, and other unscrupulous individuals. Get my picks here:
Keep software up to date
Regularly update your operating system, antivirus software, web browsers, and other applications to ensure you have the latest security patches and protections.
Kurt’s key takeaways
Attacks like these are scary, especially when the attacker is disguising themselves as a legitimate company like Microsoft. This is why you have to be extremely careful before you click on any links or open any attachments that are sent to you out of the blue. Make sure you follow my tips, and don’t be so quick to judge everything that you see right away.
Why do you think the U.S. has been a major target of this ransomware? What more should authorities be doing to stop it? Let us know by commenting below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Related:
- How to backup your Windows computer
- How to backup your Mac computer
- Russian ransomware attack software targets Apple Mac and Macbook
17 comments
The best way to protect yourself is not have your account as an administrator. Have your account as a local user.