Print Page | Sign In | Register
Law Practice Management Tips
Blog Home All Blogs

Keeping Your Eyes on the Road: Hovering Over a Link BEFORE You Click

Posted By Jacob E. Peterson, Tuesday, October 15, 2019
Updated: Tuesday, October 15, 2019

As you can see from clicking on the link below, whenever you encounter a link in an email, Google search, or anywhere else, the link does not necessarily have to lead where it says it’s taking you: 

            winningestcollegefootballprogram2009-2019.com

Click image for full size

Because links can be disguised, there is always a potential they could lead to virus or malware infections. Thankfully, the risks posed by links can be significantly reduced by hovering over a link before you click. Most programs that allow for the use of links have the capability to show where the link is going.

As an example, when moving a cursor over a link without clicking (i.e., hovering) in Firefox—a web browser—the link location shows up in the bottom left-hand corner: 

Or, when hovering over a link in Microsoft Outlook, it shows up as shown below:

Click image for full size

If the address shown when you hover seems odd or is overly long and complicated, rethink whether you really want to click. You can also consider other ways to get the information you want, like doing a Google search for the content on your own or calling the purported sender to verify that the link is taking you where you are supposed to go.

The next time you click on a link, keep your eyes on the road and be sure to hover over the link so that you can see where you’re going.

 Attached Thumbnails:

Tags:  Author: Jacob E. Peterson  before you click  computer links  Firefox  malware  Outlook  virus 

Share |
PermalinkComments (0)
 

Malware: Not the Same as a Virus

Posted By Jacob E. Peterson, Tuesday, January 22, 2019

Installing “anti-virus” software is obviously a must these days. Most people are familiar with the big names out there: McAffee, Kaspersky, AVG, Symantec, etc. And those tools are great for detecting and preventing your computer from traditional forms of malicious programs that use a computer to replicate and spread.

However, “malware,” is not synonymous with “viruses.” Malware can include all kinds of programs that aren’t necessarily meant to spread beyond your system, and can include “spyware” (i.e.: a program that tracks what you’re doing), “ransomware” (i.e. a program that renders your files unreadable and literally holds them ransom), “adware” (i.e., a program that forces you to view unwanted ads), and “cryptomining” malware that hijack your computer to “mine” cryptocurrency like bitcoin (i.e.: run the verification calculations to make money with bitcoin).

The first defense against malware is to avoid clicking on strange links, visiting strange sites or downloading strange files. However, anti-malware software is necessary, as well. There are free versions available that provide decent additional protection, such as “Malware Bytes.” Many of those types of software offer paid, premium versions that run scans automatically on a daily basis for a reasonable fee, and even have additional products that can provide some mitigation against firm-halting events such as a ransomware attack.

Tags:  Author: Jacob E. Peterson  Malware  Virus 

Share |
PermalinkComments (1)
 

Navigating a Ransomware Attack

Posted By Sara E. Rust-Martin, Monday, May 22, 2017

 

NAVIGATING A RANSOMWARE ATTACK

 

Last week, the ransomware infection “WannaCry” invaded hospitals, universities, and many other institutions and organizations here in the United States and abroad. Ransomware is a unique form of malware. Once it invades a network, it can prevent users from opening their files because the files have been encrypted. The files are held hostage, and the users must pay a fee to be provided the decryption key. 

There is a good chance that ransomware could affect you at some point during your career. So, if you find yourself in the middle of this difficult situation, take a deep breath and know that there are steps you can take to minimize the damage. Here are some questions to ask to help you through this process:

1. Where did the ransomware start?

Which user opened the infected email or file? The person who brought the problem to your attention may not be the person who opened the infection. You may need to examine the properties of one of the infected files to determine the file owner. Ask questions of your staff and partners. 

Ask users to retrace their steps. Did they:

Open any new documents?
Click on any attachments or links in an email?
Visit any websites they don’t normally visit?

2. How far has the ransomware spread?
Once a user has opened the infection, usually through an email or attached file, then that person’s computer is infected. But, the ransomware can spread beyond that machine throughout the network and the first step is to determine how many machines are affected and then isolate those machines and disconnect them from the network to prevent the further spread. Most ransomware strains will make changes to encrypted file names:  ex. .Dharma or .CrySis. Looking for these extensions can help you determine how far the infection has spread.

3. How can I determine the type of ransomware with which I’ve been infected?
Determining the type of ransomware with which you’ve been infected is a key step because it may help you decide whether to pay for the decryption key. Not all ransomware attacks are effective and they all do not encrypt the data. Other ransomware types are able to be decrypted without paying for a key and still others are notorious for not delivering effective decryption keys. These examples offer illustrations of why you would not want to pay the ransom. But, there are other more sophisticated ransomware tools that will make your decision more difficult. 

It is always important to fully understand what you are working with before deciding what to do. As of Wednesday, May 15, only $55,000 in bitcoins were paid for the massive ransomware attack, “WannaCry.” While this is a lot of amount of money, it is not as significant given the number of “Wannacry” ransomware infections across the globe. But, this amount is expected to grow, although no one knows by how much.

WannaCry is different from other ransomware attacks, like the ransomware attack “Locky” which required user interaction in the form of opening a link, “WannaCry” spread automatically if the user had not installed the latest Microsoft update. And, once it was inside a network it spread like wildfire. 

For those of you who have not updated your computers, Microsoft offers guidance for protecting your computer here:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/


The information provided by the ransomware, in the URL and in the ransom screen, can     give us some insight as to the type that has infected your computer. If you can’t gather the type of ransomware from the URL or ransom screen, then try the .exe file name. Remember, ransomware comes in the form of an .exe file. Try typing that .exe file name into your browser to see what types come up for you. If nothing comes up, try google. Search for the ransom screen message, the .exe file name that has been applied to all of your files, and even for some of the random things that are happening to your office computers. There are probably others out there who have similar experiences and might be able to offer you some advice.

4. Can I get my files back? 
Your files are encrypted and unless you have the decryption key you are not going to be able to access them. As discussed earlier, there are flawed ransomware infections used that computer experts have been able to decrypt without a key. However, most of the time it will take a decryption key. The best options available to you is to have a back-up file system either on disc, off-site, the cloud, wherever you choose to keep your files. But, best practice suggests that you have 2 back-up locations for your files and data so you are able to keep working should your on-site data be attacked. Another question to consider here if you do not have a back-up for your files is:  do I pay the ransom? It really depends on your particular situation. The authorities will discourage you from paying the ransom because you will be making yourself a target for future attacks. But, if your data is irreplaceable then you may have no choice. You will need to consider all of the options and consequences.

5. How do I make sure my computers are safe again?
I suggest wiping the hard drive and restoring it to the factory settings. You would then add your data from your back-up. If you don’t have a back-up then you will need to use the process below so that you can keep the data on the computer.  

Step 1: Enter Safe Mode. Before you do anything, you need to disconnect your PC from the internet, and don't use it until you're ready to clean your PC. 
Step 2: Delete temporary files. 
Step 3: Download malware scanners. 
Step 4: Run a scan with Malwarebytes.

6. How to keep your data safe in the future:

Run all system updates on your Windows machine immediately.
Update your virus protection software. 
Run a backup to ensure you have a protected copy of your files.
Avoid web pages that aren’t regularly updated, or that you don’t already trust. 
Don’t click links to documents or web pages from someone if you are not expecting them.
Don’t open files in Facebook Messenger, or other apps where videos automatically play unless you were expecting them. 
If you have questions about a file, call the sender before you open it.

The chances are that we will all have to deal with ransomware at some point. I hope this information helps you think through the situation and come to a helpful resolution. 

If you would like more information about malware, ransomware, or computer security, please contact Sara Rust-Martin, KBA Law Practice Management Attorney, at 785-234-5696, or by email at srustmartin@ksbar.org.

The contents of this blog are informational only and should not be construed as providing legal advice. 

Tags:  computer security  cybersecurity  Malware  Ransomware 

Share |
PermalinkComments (0)