Hugo wants to know why companies pay ransomware when they should normally have a backup to their data and network. Leo says that's a good question. Oftentimes, though, the ransomware isn't triggered right away. It lies in wait. Meanwhile, hackers browse around, looking for valuable data to steal and other weaknesses. The hackers will also look for where the backups are stored and seek to disable the backups or lock them up as well. Then, once the recon is done, the malware is triggered, bringing the network down.
Vick is concerned with network security, especially with ransomware. Leo says it's important to adopt a layered approach to online security, especially with employees. Train your employees to be able to identify so-called Phishing attacks and malware. Be aware of spear-phishing attacks, especially when working from home via VPN. Password management is important, too, with rotating passwords. Have good offline backups, so if your network is compromised, you can get back up and running. It's a complicated full-time job, but it's worth hiring someone to do it.
Resa is having issues with his computer dragging. Something is running that is making the computer slow down to a crawl. Leo says it could be an update or some sort of malware. Maybe something recently installed. Check out the task manager. There's an app called Sysinternals Process Explorer that can help. Or, it could be a failing hard drive that's causing problems being read.
Mario picked up a new HP computer, and he's now constantly getting popups when he's online. How does he get rid of them? Leo says that there's malware that can cause popups. Leo thinks Mario may have some malware installed on his computer from visiting a site he shouldn't have. It's a very common issue for Windows machines. Leo recommends going to the Windows recovery menu (Windows Key plus R) and select "reset this PC." If that doesn't do the job, you may need to go for the more radical option and have Windows reinstall itself. That's in the same menu.
The Clop Ransomware Team has attempted to encrypt networks from Universities around the country and threatened to release sensitive data. Colorado University sent out notifications this week that their network had been breached with ransomware, taking personal information and clinical data with a demand of $10 million in bitcoin. Leo says if you were a student at any of those universities, look for a notice advising you of the breach. Companies that have also been hacked include Kroger and Shell Oil.
Heather calls in to talk about a client who got bit by a browser hijack. Leo says the first thing to do is get him off Windows, where he's most vulnerable. If that's not an option, get him to run as a standard or limited user and not an administrator. The browser hijack and malware can't install themselves as a standard user.
Why does her client keep getting hit over and over? Leo says it's because of his behavior. They keep repeating the same behavior that causes them to get hit. The key is to change the user behavior. That's the only way it will stop.
Leslie teaches the blind to use computers, and one of his students is getting a popup for a "system optimizer." Leo says that it's a scam. Those popups are designed to get user credit cards by showing false positives from the Windows Event Viewer. The popup isn't actively harmful, but it is annoying. He can go into Programs-Features-Find PC Accelerator Pro and remove it. If it isn't there, then he'll need to Google PC Accelerator Pro Removal Guide. But be careful, some of those can be malware themselves.
If you've been infected with malware, wipe your drive and start over. Reinstall Windows. If it's a rogue employee of a company you were calling, contact the company and let them know. Any general-purpose operating system is vulnerable to these kinds of malware attacks. If you positively need to use Windows at home, you sort of should become a guru of PC security to protect yourself. Windows shouldn't be your default OS pick anymore.
Bill thinks his network has been infected because his email won't let him send anymore. It's completely missing. Leo says to make sure the SEND port is correctly configured in the email client (in this case Thunderbird). It's the SMTP server and it usually runs port 587. The scam came from "Spectrum" and "Thunderbird Help" that said he was having a driver issue. Leo says that's a scam. Email doesn't use drivers. It just uses an internet connection.
After getting a phishing scam email, Karen ran a malware scan with Windows Defender and it found a "severe threat" called a Trojan-Downloader. Windows Defender blocked it, but is she still compromised? Leo says that everyone gets those, and it's not a side effect of a virus on your system. So if Defender found one and blocked it, you're safe from it.