Placeholder Image

字幕列表 影片播放

  • Hello again.

  • As you know, I'm Eli, the computer guy, and today we're going to be talking about how to prevent ransomware.

  • So, as you know, fill in the blank is in the news yet again today.

  • So we're hearing about yet another ransomware attack.

  • And why I say fill in the blank is because, really, it seems like every 2 to 3 months we have another massive ransomware attack.

  • So we're talking about ransomware attacks, but we're talking about is essentially viruses or worms or malware that get into a person's computer.

  • They encrypt all the important files, all the important data on that person's computer.

  • And then, in order to be able to get the decryption key to be able to get those files back, you have to send off Bitcoin somewhere normally between $502,000 in Bitcoin, in order to theoretically get back the encryption key.

  • So this is the latest type of malware virus worm, and that is out there.

  • We've had viruses forever.

  • We've had worms forever.

  • We've had malware forever.

  • But this is some of the first malware that intentionally tries to get something out of the end user.

  • Many times with viruses and malware.

  • They'll cause problems on your computer.

  • They'll crash your computer.

  • Maybe they'll try toe steal some specific information from your computer.

  • But realistically, with Ransomware, this is the first stuff that actually tries to extort money out of you.

  • And that's why it's so dangerous.

  • Now, before we get into today's class, we do have to talk about the sponsors because the sponsors are what helps pay the bills and helps pay for silicon discourse dot com.

  • So we have Geist, Geist Build a Delivers rack P to use ultra quick as few as five days for standard units made in America.

  • Hashtag sexy Petey, use geist global dot com, The free backup for PC Zvi EMS and Lennox, all latvian dot com Dev Mountain Dev.

  • Amount is a 12 week Web development IOS and your ex designed boot camp intended to it full time job.

  • The industry learned a code at dev mountain dot com i n E i N E.

  • Specializing network training with hands on labs on site boot camps and focus on over in the best IT online networking courses at i n e dot com plex or was scrutinized and flow data users can determine what traffic is on the work.

  • Who was the original traffic?

  • Who was receiving at elixir dot com and finally get where data recovered.

  • Gilmore Partners with I T professionals to offer their and user's data recovery service is and a digital forensics to find out more at gil wear dot com.

  • As I always say, Don't really care of your thumb up thumb down.

  • Leave a comment.

  • But if you click on those sponsor links below, that really does help everything that I try to do for you.

  • So when you're thinking about how to try to prevent ransomware, it's important.

  • Understand that basically all ransom.

  • Where is it is a new variant of malware viruses or worms?

  • Essentially, the only difference is, is that the attack, the action that it does on your computer is to encrypt your files, and then it tries to get you to send Bitcoin and order get to get that decryption key back.

  • So if you think of it as a piece of malware, a virus or a worm, it is much easier to understand how to prevent ransomware infections so that you don't have problems on your systems.

  • Essentially, all you have to do is if you have good security policies.

  • If you have good security practices, Ransomware essentially get self is a big thing you have to understand.

  • In the I T world, we always hear about the concepts of how do you prevent this, or how do you prevent that?

  • Or How do you prevent the other thing?

  • And what you find out is, if you have good security policies and practices, you put practices into use that that prevents a whole bunch of things all at the exact same time.

  • So when you're looking at trying to prevent ransomware now, one of the big things to think about is making sure you're using the latest version of the operating system for whatever operating system vendor you're using.

  • So if you're using a Mac, use the latest version of the Mac OS operating system.

  • If you're using windows, be using Windows 10 and whatever the latest version of Windows 10 is.

  • If you're using Lennox, use whatever the latest version of the specific distribution of Lennox that you're using Well, the important thing to understand is that when operating system vendors operates is the manufacturer's code.

  • They're operating systems.

  • They always code for the best security practices of the time.

  • So one of the reasons that Window's X P was so vulnerable to viruses and spyware and all that kind of stuff back in the day was that it simply was not designed for an era when everybody was going to have always on broadband connection.

  • So essentially about the exact same time when those x p came out and D.

  • S L became normal.

  • And therefore Windows X P just got eviscerated with viruses and spyware.

  • The same is true for all of these different operating systems.

  • As they come out, they are built around a security concept for the time when they're being created.

  • Of course, when they come to market, things change.

  • New security issues come up, and so many times they have not been designed to be able to try to prevent those those new security issues.

  • So especially if you're looking at Windows, here's the deal a lot.

  • Some people love window stunts and people love wins.

  • Oh, it said.

  • Some people hate Windows 10.

  • I am not going to get into the middle of that argument here, but if you are using Windows.

  • For whatever reason, you have decided to use Windows.

  • You have already decided to be within the Microsoft ecosystem.

  • So at this point, going to Windows 10 really is your best option.

  • I know a lot of people are still using Windows seven.

  • Some people using Windows eight Windows 10 has been built with the best security policies that Microsoft understood while they were creating it.

  • And so for a lot of issues that will come up if you're using the latest version of the Microsoft operating system or whatever operating system, it will prevent a lot of problems.

  • One of the issues with Windows XB is there's still a lot of Windows X P in the world, and the issue is is that it was not built for the modern world.

  • So there's a lot of infections.

  • There's a lot of problems that can get into Windows X p that will simply never be fixed.

  • So I know if you love Window seven, if you love Window seven, it's hard to give it up.

  • But you really have to be thinking about it.

  • If you've already decided to use Microsoft anyway, you've already you've already made that decision.

  • Is it really worth it?

  • Not going up the Windows 10 At this point, I would argue from a security standpoint, especially when we start looking these ransom, where these new attacks that are being presented you should be up on the latest Microsoft operating system because here's the thing.

  • If you don't trust Window is dead, What does that say about you know, a 67 year old Window seven operating system?

  • The next thing past, making sure that you're using the latest version of whatever operating system is that you make sure all of the software and the operating system itself is updated on your system.

  • So again, whenever, whenever a piece of software goes out into the the two to use in the world many times there are vulnerabilities with that software that will be fixed by patches or updates down the road.

  • So Microsoft will put out a new operating system, and then anybody knows if it's a year after that operate system came out, you're gonna have to you have to download three hours worth of updates.

  • And that's just the fact of the matter.

  • There's different viruses.

  • There's different worms, is different now where there's different issues, different exploits, Microsoft or any of the vendors find out about those exploits once their product is out in the wild, and then they come up with solutions for that.

  • So it's very important to make sure that your Windows operating system or any of your operating systems are fully updated.

  • But it's also important that all of the other software on your computer is updated.

  • Make sure Java is update.

  • If you have job a few still not using Adobe Reader God help you for still using Adobe Flash.

  • Make sure all of your products on your computer are fully updated because many times hackers, malware viruses will be able to get in through little known issues in that old software.

  • This is something I used to see back in the old days where Java became very popular in the beginning of the two thousands.

  • But then people stop using it well, since people stop using it of people had Java installed on their computers, and then they forgot about it.

  • All right, if you're not, if you're never using Java applications and you have job installed, you don't think about it anymore.

  • And so what hackers were able to dio is they were able to exploit vulnerabilities and five and six year old versions of Java that people still had running on their computers cause all kinds of problems because nobody even thought about updating job.

  • So this is something to be thinking about.

  • Make sure you do patch management, especially if you're in a large enterprise environment.

  • Make sure you have some kind of patch management infrastructure, maybe something like secure nya.

  • That'll go out and scan all of the different PCs, all the different computers on your infrastructure and make sure everything is up to date.

  • Patch management is a huge issue when it comes to trying to prevent things like Ransomware.

  • The next thing you need to dio if you're thinking about trying to prevent something like Ransomware is do software audits on all of your PCs or if you only have one PC, do it on your PC.

  • One issue that comes up is a lot of people when they think about cleaning up their computers, what they do is they go through and they delete Thea the Recycle bin all the stuff in the recycle bin.

  • They'll go and they'll delete files.

  • But what they will never do is uninstall applications that they don't use anymore as the example I talked about before.

  • If you have a Java, if you have Adobe Flash, if you have Adobe Acrobat, if you have some other kind of old software on your PC or your computer, that could be a vulnerability to your computer, and especially if you never use it.

  • You can't remember the last time you used it.

  • Many times that software doesn't get updated.

  • And basically that's just a gaping security hole where if you don't use the software anyway, why do you have it there?

  • Will you see this a lot in the enterprise environment, where the business environment where computers will be used for 345 and 10 years where the secretary we'll have a computer and it will still have quick books on it, even though they don't use QuickBooks and we'll still have the adobe creative suite because five years ago somebody downloaded the adobe creative suite they don't need.

  • The adobe creative suite not only does require resource is out of the computer, that could be best bet be used on doing things like Web browsing, watching YouTube, but it also creates security vulnerabilities for that PC.

  • So the simplest form of software audit is simply to open up the control panel on your application screen and see what's installed on your PC or your Mac or your Lennox machine and delete whatever it is that you don't need.

  • Or again.

  • If you're in the enterprise environment, there is software out there.

  • The software will go out.

  • It will scan all the P sees.

  • It will show you all the applications being used in your environment.

  • And then you can go to those individual systems to delete the old stuff that doesn't need to be there.

  • Ah, lot of the security problems and a lot of computers.

  • Is this simple?

  • The longer a PC or system has been in use, the more garbage there's on there.

  • The more garbage that's on there, the more vulnerabilities there are.

  • The next way to tryto prevent ransomware on your systems is just never use USB drives ever, ever, ever, ever again Repeat after me, say no to USB drives.

  • So in the modern world, don't get me wrong.

  • If you're a professional technician and you have 256 gigs on the little thumb drive.

  • That's its own deal.

  • But when you think about it, secretaries and accountants and even CEOs most of the time they don't need thumb drives in the modern world with cloud computing.

  • Whether it's Google Drive or Dropbox or whatever other cloud storage you have, you can easily share files and folders amongst computers using that cloud storage.

  • And generally, that is has far less vulnerability issues than using a USB flash drive.

  • So what you have to understand about USB flash drives is these.

  • They're just It's like leaving chicken on the counter on a 90 degree day.

  • Theoretically, you can eat it.

  • Theoretically, if you if you cook it long enough, it'll be okay to eat.

  • But I'd like to stay away from it.

  • So whenever you have a thumb drive whenever you plug it into any computer, any computer that you plug it into may infect it with viruses or malware.

  • As soon as you plug it into a new computer, there could be auto run configurations were literally as soon as it's plugged in.

  • It will auto execute certain commands is maybe to install things this maybe to grab information.

  • This may cause problems on your computer.

  • You never know what thumb drives what flash drives, what USB drives are actually safe.

  • There is an instance recently where IBM I think they sent out 15,000 USB drives that has in fact been infected.

  • So even when you're getting a USB drive from a known good vendor, the reality is is there are no known good vendors.

  • Any USB drive could cause a problem.

  • So I would argue, You've got Google drive, you've got Dropbox, you've got any of the cloud service is if you need to move files and folders around, it is much better to do it through those clouds.

  • Service is because, at least at that point, at least at that point, all you have to worry about is the individual file being infected, which may be an issue.

  • But you don't have to worry about taking the USB drive that might be filled with all kinds of executed bols that will cause all kinds of problems on your systems.

  • Basically, those USB thumb drives at this point, Maur or less, more or less, you should just think about stop no longer using them.

  • One of the best ways to be able to lock down your computer so that ransomware is not installed on your system is to make sure you use permissions appropriately on your computer, basically, being able to use a security.

  • So whenever you log into your computer, there's a security profile when you log in.

  • Whether you're using Windows, whether using Mac where they're using a different operating system, depending on what type of user you log in, as you will have the ability to do different things.

  • So, let's say, with a Windows computer.

  • If you're the administrator, you could do anything you want on the computer.

  • You can install applications.

  • You could install printers.

  • You conform at the hard drive if you want.

  • If you're a user, many times the user accounts are locked down so you can open up a Web browser.

  • You can interact with applications that are already installed on your computer, but you cannot necessarily install new applications on your computer.

  • The reason that worms and viruses and malware ransomware can run so rampant through enterprise environments is because normally those security permissions have not been set up appropriately, so remember When an execute a ble goes onto your PC, it will be able to do whatever you can do as a user only will be able to do it about 1000 times faster.

  • So essentially, when that execute a ble goes onto your PC and when it's auto run, it will then have the permissions that you have.

  • So if you're able to install new applications, it will be able to install new applications.

  • If you're able Thio edit the registry, it will be able to edit the registry.

  • If you're able to map network drives, it will be a better map Network drives.

  • So one way to keep viruses and ransomware from spreading is simply.

  • If you lock down the security on your PC so that you are not allowed to install applications on your computer, then even if the one of these ransomware bots or this malware bots auto executes, it will not have the permission to do anything, and therefore it will fail.

  • So this is a thing we've been talking about for years is administrators, even administrators, even administrators should have a normal locked down user account where their check their email and they do their word docks and do everything else.

  • And then they should have the administrator account for when you need to go in, you need to carry organizationally units or something.

  • Ah, lot of people don't do that.

  • And so that's what that's.

  • One of the big problems is if you are logged in as an administrator for your network, you open up Gmail.

  • You open up on attachment that has a has a virus or malware ransomware in there.

  • It now has access to the entire network because it is using the permissions that you have.

  • So this is an important thing to be thinking about.

  • Especially nowadays, locking down user permissions is a big deal.

  • The next thing that you should be thinking about is using the internal firewall or the software firewall on your PC or your Mac.

  • So software firewalls have been around for a long time now only since 2000 and basically what this does is this puts a firewall onto your PC.

  • So normally, when we talk about firewalls is there is the network firewall.

  • That's the white fire wall that separates the internal network from from the Internet.

  • But what the software firewalls do is it allows you to block ports on the individual computers.

  • So this is a big deal now, especially since we're using farm or cloud service is so if you go back 10 years, many time users had to share files and folders between individual computers on the network, and in order to do that, they didn't need to not have firewalls so that they could access those files and folders.

  • So if Bob needed to get a file off of Suze Computer then sues file sharing had to be open and they're correct.

  • Imports had to be open.

  • Now, when we're looking at using female for service is and Google drive and Drop box and all these things, it is now far, far less important and usually unwanted.

  • For individual systems within a network to be about communicate with each other, they need to communicate with the server, and they need to be able to communicate with the outside world.

  • But 1 to 1, they don't need to communicate with each other.

  • So with viruses with worms with malware Aah!

  • What they can do now is they can go out and they can try to scan the network and they can try to see what computers have ports open, what computers have sharing open so that they can then go and try to infect those other computers.

  • That's what's happening with the current ransomware that's out there.

  • It's a worm.

  • So it tries to infect other computers.

  • Well, if there is soft, but their software firewalls on all of your PC is all your computers in the network.

  • Even if one computer gets infected, it won't be able to jump to another computer because none of those other computers will accept that incoming connection.

  • So using software firewalls at this point is a very valuable resource.

  • The next thing that you need to look at doing along the idea with software auditing and Suck is turning off protocols that you do not need on individual PCs and turning off sharing.

  • So protocols that networking protocols are how computers communicate with each other.

  • Essentially, the network of language and the normal protocol that you hear about his T C P I.

  • P usually version four, and so that's how you communicate with different computers and how you communicate with the outside world, and you absolutely need that.

  • But on the other hand, there's there are other protocols that have been used over the years and may even have a use now, but not necessarily in your environment.

  • So things like S and M P Simple Network Management Protocol S and M P can give a tremendous amount of information about the different computers on your network, many times to any computer that knows to ask for that information.

  • Well, the Maur information a worm or a virus or piece of malware can obtain about the larger network.

  • The more likely it is will be able to infect other computers on the network by turning off things like S and M P by turning off things like ICMP echo requests by turning off things such as sharing on individual computers.

  • Basically, this is a way to secure the individual computers so that it can not be attacked from other computers on the network.

  • Now one of the good things in the modern world is we're using Cloud service is Maura and Maur, and the reality is that Cloud service is in many ways arm or more security than the local service is, especially when it comes to things like Ransomware So if you're using the old like, let's say, an old version of Outlook or an old version of Thunderbird or such and let's say you're using the pop three email protocol.

  • Basically, what that means is your computer will go out to the email server on the Internet.

  • It will pull all of the e mail down to the local service to your local computer deleted off the server on the Internet.

  • The problem with this is that means all of your email, all of your documents, all of your data are on your local computer so that if you were infected with Ransomware, they in fact can all be encrypted.

  • And there is no copy of that information anywhere else.