Skip to main content

Crypto Ransomware – Your data used against you

Ransomware is a simple concept. They want to use your data against you causing you to have to pay them to get your own data or computer back. This can be as simple as preventing you from having access to your computer by having a virus alert show up saying you have a virus and that you need to pay to have it removed. They also will try and scare you by saying you have been viewing child porn and that if you don’t pay you are going to jail. These things have been around for quite a while and use to be easy to remove. They normally didn’t damage your files and when the computer owner understood what they were and how to remove them they didn’t cost that much.

What changed?

Back in 2013 things changed. Are ransomware called CryptoLocker was released that did something that up till that point really wasn’t widely done it encrypted the user’s files and it did a very good job at it. It rendered the file unrecoverable without the encryption key. This required the user to have to pay for the decryption key to get their files back. This means that the writers of CryptoLocker made an estimated $30 million in one hundred days of operation. This proved to everyone that ransomware could be extremely profitable if written correctly.

Malware writers started to write more and more encryption ransomware because there was money in it. This trend has just continued to this day.

How it works

Crypto Ransomware works by encrypting all of your files and charging you a fee to unlock them. Also depending on the variant of crypto ransomware it will encrypt the files on shares and external drives. It’s goal is to encrypt everything you have access to without disabling your computer. If it disabled your computer you can’t pay the ransom. Crypto Ransomware will also try and do other things to prevent recovery like delete windows restore points.

It uses public key cryptography to encrypt your files  with out ever having the decryption key stored on your computer. So even if it is caught in the act of encrypting your files there is no key to decrypt them on your computer. 

Stopping Crypto Ransomware

So how do you stop crypto ransomware? The point of crypto ransomware is that you can’t do anything to recover your files after you have gotten it. So what you have to do is backup your files but in a way that will not be affected by crypto ransomware. Look at your backup. Can software running on your computer delete or modify your backup? There has to be some kind of separation between your backup and the computer that can be infected.

If your current backup is a external drive attached to your computer then it will just be encrypted just like the rest of your files. In this case i would recommend at least getting a second hard drive and rotating them weekly. That way if you are hit by crypto ransomware you can at least restore from a week ago. Yes you will lose files but not as much as you would if you get everything encrypted. This doesn’t follow the backup 3 2 1 role but it is much better than not having anything at all.

If you’re using an online backup solution that supports versioning then even if encrypted versions of your files are uploaded you will still be able to restore a version back. The crypto ransomware can’t delete your files in the cloud or encrypt them because it does not have access to your account. This provides a layer of protection between your desktop computer and your backup.

Just look to create a layer of protection between your backup and your computer this can be simple like we have seen above as disconnecting your backup drive to something more complex like having a backup server that manages the backups for you. This is basicly what cloud backups do. Start looking at it and asking yourself can one computer delete all of my backups? If you answer is yes then there isn’t any separation.

Don’t forget about the 3-2-1 backup rule. 3 copies of your data. 2 different media types. 1 off site. The off site copy can’t be encrypted because you don’t have immediate access to it. This provides your separation.

What is the Cost of sharing?

Have you ever wondered what it cost you to share something on social media? It’s not a very easy question to answer but it is one that we should think about given that social media sites seem to want to share everything about there users when ever they possibly can.

At what point do we start to lose profit for sharing something? If you share that your having a wonderful time traveling on vacation and your house gets robbed then was it worth it? How about if you are like one girl in the news and your post you social security number online was that worth it? A life of identity theft.

The hard part about this question is it is not easily answered. Sometime there is a time factor. If you share your address online that may mean nothing but if you also share that your away from your house a few months later then your address becomes much more valuable to the would be burglar. If your profile is open to the public someone could quite easily find your address. Then just watch your profile until you post that you are on vacation.

Remember what you share is valuable to different people for different reasons. Think about what it costs you to share before you post it. You want to provide value on social media just don’t inadvertently destroy your self while you do it. It is always easy to stop something before it is started then after.

On social media there is nothing stopping people from re-sharing something you say. So even if you have your posts restricted to only your friends they still could re-share the post to there friends and so on.

Make your social media post valuable but it the ways you want it to be.

What Is Encryption

What is Encryption? If you read wikipedia the definitions is

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor”

In other words Encryption is the process of taking a message and changing it in such a way that with out the key (some pre shared information) it is very difficult to determine what original  message was. Most of the time encryption uses an algorithms to create the encrypted data.

algorithm is a self-contained step-by-step set of operations to be performed. – wikipedia

If you simplify down a encryption algorithm it basically takes two inputs the plain text and a key. The plain text is your message and they key is value that you what to encrypt the message with. Anyone that wants to read the message will need the key to easily decrypt the message. Depending on the algorithm used sometime they key can be the algorithm but that is considered to be extremely unsafe and isn’t done today. A algorithm will out put what they call ciphertext with is just encrypted data. The ciphertext is then reentered into the encryption algorithm and with the correct key will output the plain text again.

Encryption is used all over the place in computer security and will become crucial to understand as time goes on.

There is a lot more that could be said here but I want to keep it short we will continue to build on this as time progresses.

The Sad Truth about Passwords

Something that you never think about but should be at the forefront of are minds is this.

Weak passwords trump good security.

No matter how good the system is programmed or secured. No matter how many walls we put up. If we let people give away the keys then security means nothing. This goes back to the idea of security as a chain. Security is a chain of things. If you have one weak spot your whole chain will break. It only takes one problem to get into a website or company.

How does this relate to you do you ask? Well look at it this way you know that test account or that default account your using. Well that is how the hacker is going to get in. He isn’t going to create some 0 day attack to break into your website or company. He is just going to google the default account for what ever tool your using or try and guess that its admin admin.  Most hackers are lazy and are going to look for the easiest way in and for the most part today there is some user out there with a easily guessable account password. It may not even be you! But if we don’t think about it it will effect us!

Web Site Security Principles

I am going to keep adding to this list and I will be write a blog post about each item to explain it more. If you feel like I missed something please comment and I will add it to the list.

  1. Use strong passwords and never repeat your password on another account.
  2. Don’t share your usernames and passwords with anyone.
  3. Set up accounts with the least privileges needed for that account to do what it is intended to do.
  4. Install security patches and updates. Know what is installed on your website and where to find updates for it.
  5. Use SSL and other encryption.
  6. Hash all passwords that your website stores and never store passwords in plain text.
  7. Connect only from a secure computer and network.
  8. Set Up logging.
  9. Back up your website on a schedule. Automate it you wont remember it.
  10. Set up file permissions (Folders 755 Files 644)
  11.  Stay up emails alerts on you chosen CMS and other important software.
  12. Use sftp or ftps not ftp.
  13. Log errors don’t display them.

Basic security steps to secure WordPress

Use a random generated password for your administrator account

Protecting your WordPress administrator account with a secure randomly generated password is a easy step to start making your site more secure. With so many data breaches and dictionary attacks passwords like “eaglessmokey32” are getting easy to crack. Hackers are looking at the way people create passwords so they can become better at guessing them. They create algorithms to guess things like dictionary work + dictionary word + number. This dramatically reduces the amount of time it takes to guess the password above. The only fool proof password is to use a randomly generated password with letters (upper and lowercase ) symbols and numbers.

If you are having trouble with remembering it look into a password manager like KeePass or LastPass. They both give you a secure encrypted place to store your passwords and you can even use them to create your randomly generated password.

Keep all plugins and themes up to date

Lots of security updates are released every day for third party plugins and themes. When ever you don’t update a plugin or theme your running the risk of a hacker braking into your site using that security vulnerability that the developer was so nice to fix for you. If a plugin is freely downloadable this means that hackers can look at that update. Then compare it with the older plugins source code and see what has changed.  This will then show hackers where the vulnerability is located. Once they have found the vulnerability they just have to find a way to exploit it for there gain.

Uninstall all disabled or unused plugins and themes

If you aren’t using it uninstall it. This is easy and one of the most painless things you can do. This protects you from any vulnerabilities being found in those plugins. You aren’t even using them so don’t take the risk. Security is about reducing risk.

Know what your installing

If you find a plugin that you want to use stop! First check is this site ether wordpress.org or the plugins developers site? If it’s not why are they hosting this plugin? How do you know that they are hosting the code unchanged? Always go to a trusted source when downloading a plugin because it only takes one line of code to add a back door. This is especially true when you find a premium plugin on another site. There are lot’s of hackers that buy plugins and then add backdoors to them and put them on third party download sites.

Next look to see if you can find any reviews on the plugin. Most of the time you can just go to http://wordpress.org/plugins/ and find the plugin and click reviews.  Also look at the change log this tells you if the plugin is being updated when problems are found. If the plugin doesn’t have a change log and doesn’t have reviews it might be worth looking to see if there is a better more well know plugin you can use for salving your problem.

Don’t forget to Google the plugin and see if anyone is saying there is any security problems with the plugin your about to install.

Remember every plugin you install increases risk make sure that it’s worth the risk.

Do backups

Not really security but it does pay off to have a backup plan. All websites can be hacked. Yes ALL Websites. Because it is impossible to write 100% secure code there is always a way to brake in. For this reason you have to have a backup of your site. Even if your web hosting provider does backups you have to do your own. Most of the time (i can’t say all the time) backups are stored with your website. This works if you mess up your site but if your website gets hacked one of the first things hackers do is delete your backups. So you have to have backups off line where hackers can’t delete them.

How to tell if your MineCraft server is online using PHP and socket connection.

You can open a socket connection inside of php. Using @fsockopen function. This is simple code so i will show you a example.

<?php
//ip address of you server
$ip = "127.0.0.1";
//port of your minecraft server
$port = 25565;

// create a connection using the fsockopen function

$coonectionStream = @fsockopen( $ip, $port, $errno, $errstr, 2);

//check if the connection worked and the server is online

if($coonectionStream >= 1) {
    echo 'MineCraft server is online';
    //echo out information if server is online
} else {
    echo 'MineCraft server is offline';
    //echo out information if server is offline
}
?>

Just one note the last parameter to be passed to the fsockopen function is the connection time out this is the length of time that the fsockopen function will try and connect to the socket over the given ip. Why this is important is because this holds up the server from returning any information to the page. So if you have 2 seconds there it will try and connect for 2 seconds before returning any information. Not a big deal but if you increase the time then people may not wait for you page to load because it is just taking to long for it to fail and say there server is offline.

I hope this helps!

For more information on the fsockopen function go here.

If anyone has any questions or would like information about any other subject involving  PHP, JavaScript, Jquery, or CSS please leave a comment and I’ll write a post about it.

Array? How do we save them?

php serialize codeSo the other day I was working on how to build a chess application with PHP. I started to think about building the board by creating a array with eight sub arrays. This allows me to make the whole board and single variable. This was easy to set up. Then I realized how will i save this to a data base? The answer to this is a two functions serialize() and unserialize(). What they do is take an array and tern it into a savable text string. For example if you take the code.

<?php
//Creates an array
$array = array('one'=>1,'two'=>2);
//Serializes the array (makes is savable)
$array_unserialized = serialize($array);
//Echos out the array.
echo $array_unserialized;
?>

This code out puts a:2:{s:3:”one”;i:1;s:3:”two”;i:2;} The nice thing about the serialize functions is that you can also send it multidimensional arrays. To tern it back into a usable array you would do.

<?php
//Terns the array back to the array.
$array_new = unserialize($array_unserialized);
//Does something with the array.
var_dump($array_new);
?>

This code outputs you guessed it array(2) { [“one”]=> int(1) [“two”]=> int(2) }

Just a little handy tool.

Warning: Don’t pass user data to unserialize() a malicious user can use it to exploit your site. To find out more look at http://php.net/manual/en/function.unserialize.php and look under Notes.