Beware of CryptoLocker!

I work in the field of IT security and even I can be surprised by the creativity and ingenuity of attackers looking to make a quick dollar.  Enter CrytoLocker, a particularly nasty piece of malware that encrypts Windows –based files on both network drives and localfile systems.  The strong encryption used makes it virtually impossible for people to recovery their data unless they follow the instructions provided by the attackers asking for money in order to be provided with the decryption key.  

Victims of this ransomware usually experience the infection when unknown attachments are opened through email or through the use of infections already on the machine.  Occasionally, it is installed via drive-by downloads.  Word, Excel, PDF, and other daily-use file types (including pictures and movie files) are susceptible to this attack.  Ransomware attackers then present a screen to their victims stating that they must pay $300 in order to receive the key or their files will all be deleted forever within 72 hours.  Unfortunately, aside from losing $300, many times the decryption does not work and the files are lost anyway.  This is a very good example of why people need to backup their critical files!  

Anti-virus software is unable to prevent this malware from infecting machines, too, meaning even people who are diligent with their A/V software are vulnerable.  The most common infections have come in through email attachments, but the malware has also piggybacked on existing malware, such as Zeus.  The best way to prevent an infection in this case is the actively ensure your anti-virus is up to date and that it scans daily to circumvent the infection of these other Trojans.  

Email attachments are something people have been warned against for years, yet this is still one of the most popular avenues for infecting machines.  Phishing scams are a great way for attackers to hit hundreds of people at once, through specially crafted emails that look like they came from legitimate organizations.  Always double check that any email you receive from a shipping organization, a bank, or any other common source is legitimate.  Check the email return address to ensure that the domain is correct, and call the company to find out if what they are ‘selling’ is in fact truth.  Be aware of which company is shipping your packages so that you only pay attention to emails from them (and even then, scrutinize its content for accuracy before you click any attachments or links).  Question your bank before you respond to an email to find out whether this is their normal process for conducting business.  

CrytoLocker is a dangerous piece of malware, so protect yourself from it as best as you can.  Imagine how it would feel to be locked out of your computer, potentially never accessing your important files again.  Back up your data regularly, and unplug that backup from the network or computer when you are finished.  This is, along with current antivirus software and due diligence, is your best defense. 

Is Canada Affected by the NSA Surveillance?

With recent notices of entire countries blocking the use of VPN and encryption technologies (China has been doing this for years), it makes me wonder where our Internet traffic originating within Canada actually goes in order to finalize a connection.  Our infrastructure is vast, covering the majority of our populated areas, but we still rely heavily on many of the US Internet providers' routes to gain access to sites.  This means that traffic entering and leaving the US is susceptible to, and going to be, NSA surveillance.  

Our traffic is routed through US exchange points.  As Byron Holland has stated, Canada should invest in the construction of its own exchange points, reducing the amount of traffic that relies upon the US infrastructure.  This could also set Canada up to regulate the types of traffic and protocols that are allowed in or out of the country, but its doubtful that will happen.  

Protesters have set up camp across the globe, most recently hitting Washington with their Stop Watching Us campaign.  However, protest marches do not really solve the problem, do they?  If Canadians want to prevent their information from being intercepted by the NSA, we need to keep that data safe within our own country.  This is practically impossible, though, with today's markets and infrastructure.   

Another problem is that Canada is guilty of spying on other countries (Brazil), too.  Our CSEC is likely involved more heavily in the spying activities that the NSA is reportedly undertaking anyway.  The "Five Eyes", five countries who have agreed to pass along intelligence information in the name of anti-terrorism, are probably all spying on each other and on foreign citizens, passing along this information because they believe it is for the sake of national security.  

So, yes, Canada IS affected by the NSA surveillance but keep in mind that this has likely been happening for years.  Also, Canada is monitoring their own information.  Provided the government bodies are protecting this data accurately, if this information helps leak intended targets before a bomb goes off or a plane flies into a building, I am okay with this surveillance.  If it weren't for these allies and their spies during World War II, the war could have been much longer and much, much for tragic.  I believe their intentions are good - but they do need to assure their citizens the spying is not as adverse as in those areas such as China or India.