Steve's data center got attacked by ransomware. Fortunately, they had two locations and was able to shut one down, clean it, and then reinstall with only 3 hours of downtime. Leo says that's fantastic. But a hot backup can let the ransomware spread to your backup. So the key is to keep the second network only connected every three hours. That will give time to take down the infected network before the next sync connection time.
Norsk-Hydro, a huge international conglomerate was hit with ransomware, costing the company $60 million. The malware came from an innocent email that had been intercepted and altered to include malware that infected the network when opened. Encrypting all data. The malware infected the company in December but wasn't triggered until March. Norsk-Hydro had a cyber insurance policy that consistently tests the network, but they were infected anyway. The company decided not to pay and relied on backups to restore their network. But the damage had been done as the network was down for weeks.
Richard put Facebook Messenger onto his wife's Kindle tablet. Since then, he's had nothing but trouble with his network. He didn't get it from the Kindle store, so he's worried he's been hacked. Leo says that Richard probably was since he googled and clicked on the first link he found. Leo says that's why its important to go to the official source like the Kindle app store. If bad guys can steer you to a website, they can infect you. But it may not be the Kindle that's been infected. It could be the router or modem. But Leo says it's not likely.
Most of the malware and ransomware that comes through the internet and onto our systems is thanks to email attachments. If you see an "invoice" with an artificially rushed, demanding tone from a powerful figure (such as your work boss) and they've attached a "PDF", be very skeptical and do not open it. The same goes for links, since they can take you to a very shady site. Make sure to update your computer with security patches to prevent infection from background exploit kits across the web.
Sue is on AOL and is having issues with "Guce." What is that? Leo says it's adware by AOL that seeks to bypass adblockers in her browser. Guce is owned by Verizon, which also owns AOL and they don't like users using ad blockers or reading emails without ads. So it will redirect her to Guce.advertising.com. But many consider it a browser hijack, which would turn it into malware. Go into the browser settings under extensions and see if there's an adblocker installed. She can either turn off the ad blocker, white list Guce or better yet, GET OUT OF AOL! Leo recommends Gmail.
Greg's parents were using EDGE on Windows 10, and it shut off and went into a reboot loop. They took it in and got it reset. But how can they avoid it in the future? Rich says that it sounds like his parents got bit by some malware after clicking on something. It's very easy to fall victim to. So encourage them to not click on any links or open attachments. Also, make sure their software is up to date. Of course, you could replace their Windows machine with a Chromebook. That would be very secure, and if something happens, you can powerwash it back to normal.
If you become the victim of a phishing scam, here are a number of things you should do if you can:
John just upgraded to Windows 10, does he still need an antivirus? His tech people say he should. Leo says it's not bad to have an antivirus, but Windows 10 already comes with one called Defender. So he won't really need anything else. But Leo also says that the best defense is good behavior. No antivirus is 100% effective...at best they are 50% accurate. Also, they don't guard against so-called Zero-Day attacks. So avoid clicking on links or opening attachments, and keep the OS updated.
Martin has a backup running on his computer all the time, and he's worried that malware can get onto it. Leo says that current malware is "wormable" and can actually take advantage of Microsoft's networking, spreading through the network. It's called "eternal blue." So if you have hot storage that's online and current, you have to treat it as vulnerable. The only real good backup is a disconnectable backup.
Joe is a high school computer teacher, and he had scanned a bunch of photographs that he scanned on his computer. He took that folder and moved it to another folder, but it disappeared and was replaced with a file cabinet folder. Leo says that a CAB file is a compressed folder. He searched the entire computer for the folder, and it was gone. Fortunately, he had a backup. But what happened? A virus?