Beware: Ransomware!

Hackers demanded US$3.6 million to unlock the hospital’s files

In February 2016, a staff member at the Hollywood Presbyterian Medical Centre (HPMC) in Los Angeles opened an invoice in an emailed Word document and accidentally activated Locky, a nasty piece of ransomware that spread rapidly across the hospital’s systems, encrypting files as it went. Within hours, doctor’s were unable to access patients’ records or share x-rays, scans or medical test results. Admin staff had to resort to pen and paper to do admissions. According to some reports, the hackers initially demanded US$3.6 million to unlock the hospital’s files. In the end, HPMC paid US$17,000 in untraceable bitcoins, and ten days after that fateful click their systems were back on line.

A decade ago, computer viruses were system-crashing, file-deleting monsters that threatened to trash your PC. They don’t get much press these days, but they’re still around, working quietly in the background, encrypting files, stealing signons, or linking to botnets to send out spam and further propagate themselves. Within a fortnight of the HPMC attack, Symantec had deleted more the five million emails containing Locky, and at its peak it was reckoned to be infecting five thousand machines an hour in Germany alone.

Once defence forces mustered, the attacks declined, then resurfaced briefly in August and November as new vectors were discovered: JavaScript attachments on bogus emails and code hidden in downloadable image files on Facebook and LinkedIn.

Viruses hidden in Word macros are one of the oldest tricks in the book, dating all the way back to the notorious “I Love You” virus that infected one-tenth of all internet-connected computers in the year 2000. But there are plenty of other ways you can be caught out.


A special note about Windows XP
I’ll say this as quietly as I can: Aaaarrgghh!

If you still have a machine running Windows XP, disconnect it from the internet immediately and make plans to replace it, today! Support for XP ran out in April 2014 (extended from its original planned phase-out in 2009) and the operating system is remotely exploitable via numerous security holes discovered in the last three years, none of which have been patched. Despite this, a mid-2016 survey found that around 7% of all desktops were still running XP.


Phishing, like its sporty-sounding equivalent, involves throwing out a baited line in the hope that an unwary victim will snap at it. The lure in this case is an email, typically from your bank, warning of a security problem and asking you to click a link to confirm your details. That link will take you to a perfect copy of your bank’s web site where you attempt to sign in – and fail. (It is a fake site, after all.) You’ll be prompted to try again, and this time be redirected to the bank’s genuine site where your second attempt will succeed. Most people will blame the initial failure on a typing error, not realising they’ve just given away their login details to hackers.

There are three main types of phishing. Spear phishing uses personal information to improve an email’s apparent legitimacy. (Social media’s a great source of information.) Clone phishing updates a previously sent legitimate message with new links, while whaling is targeted at businesses and senior executives, typically taking the form of a legal document or a customer complaint.

They’re all after one of two things…

All phishing is a numbers game. Send out a million emails, and even if only 0.01% of people click your link, you’ve got a hundred hits. It also takes a huge variety of forms. You may have won a lottery you never entered, inherited money from a relative you didn’t know you had, be offered an incredible investment opportunity or asked to help “liberate” funds from a third-world country in exchange for a percentage. It may be an invoice, a tax refund, or – in a local variant of Locky that surfaced here last September – a message from CourierPost about re-delivering a package. There are scams involving tech support, employment offers, visas to work in other countries, cheap holidays or tickets to major events. They’re all after one of two things: money up front and/or personal information such as bank account and credit card details or usernames and passwords.

Sometimes it’s hard to see where the catch is. Clever scammers may string you along for weeks or even months, establishing trust before asking for assistance in the form of a bank transfer. Online dating scams work this way. Suddenly your new friend is robbed, or stuck in a foreign country. Please help!

How to protect yourself

If the possibilities seem daunting, prevention is a matter of caution and common sense.

  • If the concept of computer security leaves you cold (or even just lukewarm) get professional advice! Threats change on a daily basis – sometimes hourly – and every site uses different hardware and has a different risk profile. You may need a firewall, better antivirus software, or that old router may require an update. Security isn’t something you set and forget. It’s more like a pet: it needs regular attention.

  • Treat any and every email with suspicion – especially if it contains attachments or convenient links to fix a problem you didn’t know you had. One quick way to check a link is to hold your cursor over it and look at the address that pops up. A second way is to look for the green padlock in your browser. All banks and financial institutions use certificates that verify they are who they claim to be. Hackers don’t. A trusted connection will look like this;

  • Keep your software up to date. Windows is way more secure than it used to be (even without antivirus software) and OS X remains streets ahead. And don’t forget third-party browsers. Firefox and Chrome blacklist hazardous add-ons and warn users of the latest suspect sites and potential phishing attacks, but can only can only do so if they’re up to date.

  • Do backups. Regularly. You don’t need to backup the whole machine, only the stuff you can’t buy, like personal documents and photos. And it needn’t be an onerous process. Once set up, even a huge backup will usually only take a few seconds because the software will only backup the files that have changed.

  • Keep an off-site backup. If your house burns down, that backup in the top drawer of your desk will probably go with it. Off-site could be a shed at the bottom of the garden, your desk at work or “in the cloud” via Dropbox, Google Drive or OneDrive.


What to do if you’re hit by ransomware
If you receive a message saying your files have been encrypted and that you can only recover them by paying a fee – typically US$200-400 – switch off immediately and call your IT support person. Encrypting files takes a while so you may have only lost a handful. And anyway, you’ve got backups, right?

A new, even more cunning variation is simply a message saying that your files have been encrypted when they haven’t even been touched. Some people panic and pay up anyway.


Business Considerations

For businesses – small or large – all of the above applies to each and every one of your users, and there are some extra considerations too. By far the biggest threat comes, not from without, but from within: disgruntled employees. In over a thousand incidents documented by the Computer Emergency Response Team in the States, employees were found to have deliberately deleted data, blocked access to it, or copied, modified or disclosed it to third-parties. In one case, a former employee continued to reek havoc four months after he was dismissed because his access to the company’s systems hadn’t been revoked.

Add to this accidents, careless or uninformed staff and the Bring Your Own Device hazard – where unpatched or vulnerable personal devices like laptops, phones, tablets and USB drives may be connected to your network – and you’re probably already starting to get a headache.

Identify and manage your “privileged data”

The only reasonable way to manage all this is to have a security policy. Think of it as health and safety for your data. What can and can’t be connected to your system? Who’s the go-to person for problems or questions? What’s allowed and not allowed? (Playing games? Probably not. What about social media …?) Above all, you need to identify and manage what’s known as “privileged data” – the stuff critical to your business – and control who has access to what parts of it. Individual signons are better than global ones. If Joe in Accounts quits tomorrow, you need to be able to shut off his access right away. What’s more, individual signons can be logged, providing details of who did what and when.

Some other considerations:

  • Do backups, do backup, do backups! And keep a set off site.

  • Test your backups regularly. Are you really saving everything you’d need in the event of a disaster?

  • Restrict access to critical hardware. Keep the server room locked or put routers, servers and backup drives in a lockable cabinet.

  • Don’t forget hardware updates. Though less frequent, routers, servers and disc stations also fall foul of security bugs so it’s important to keep them up to date too.

  • Consider taking out cyber-insurance. (See below.)

The HPMC ransomware attack highlighted two key failures: the hospital had a no real security policy and they had insufficient backups. The latter alone would have mitigated the attack. Instead of being down for days and having to pay a ransom to recover their data, they could have been back up within hours. Make sure you don’t get caught out!


The insurance option
Data is critical to modern businesses, perhaps even more so than your premises or equipment, so why not consider insuring it too?

Cyber-insurance can cover you for the obvious things like business interruption, third-party liabilities, theft and the cost of restoring data after an attack, and the better policies also cover less obvious things like legal expenses, data forensic costs and even provide assistance with public relations to manage the muddle.


This article first appeared in the Autumn 2017 issue of On MAS, the magazine
for members of the Medical Assurance Society.
© Geoff Palmer 2017

Microsoft and Privacy

hal9000_win10Satya Nadella, Microsoft’s CEO, says he cares about your privacy. He wants to make sure “you get meaningful choices about how and why data is collected and used”. Except those “meaningful choices” don’t really include the “how” because where data collection is concerned, you really have no choice.

Further on he says, “We will put you in control of your privacy with easy-to-use tools and clear choices”, but there aren’t any choices — at least about the basic information Microsoft collect.

Their Privacy Statement spells it out, but the details are carefully hidden away. Take the first item, Personal Data We Collect, for example. You’ll find an anodyne, 95-word description followed by the next heading, How We Use Personal Data, but only by clicking the Learn More link do you find the full 800-word horror.


Here’s a summary of what they collect:

Personal data

  • first and last name
  • email address
  • postal address
  • phone number

“and other similar contact data“


  • passwords
  • password hints
  • security information used for authentication and account access.

Demographic data

  • your age
  • gender
  • country
  • preferred language

Interests and favourites

Your interests and favourites, (sports teams, the stocks you follow, favourite cities, cars, etc.)

“In addition to those you explicitly provide, your interests and favorites may also be inferred or derived from other data we collect.”

(My italics)

Just think about that for a moment. It’s a biggie.  They’ll infer, with some degree of accuracy, your income, political sympathies, occupation, socio-economic standing, health status and health concerns, marital status, sexual preferences, personal problems, family life, number of offspring, their ages … the list goes on and on …

Payment data

  • credit card numbers and the security codes associated with them

So much for that CCV code on the back of your card!

Program usage data

  • the features you use
  • the items you purchase
  • the web pages you visit
  • the search terms you enter

This also includes data about your device, the network you use, IP address, device identifiers (such as the unique IMEI number in phones), regional and language settings, information about the operating systems and other software installed on your device (including product keys).

Contacts and relationships

  • Data about your contacts and relationships, with other people and organizations.

Location data

Your location, either precisely via GPS or Wi-Fi hotspots, or imprecisely via your IP address “or data that indicates where you are located … such as at a city or postal code level.”


“We collect content of your files and communications when necessary to provide you with the services you use … Examples of this data include: the content of your documents, photos, music or video you upload to a Microsoft service such as OneDrive, as well as the content of your communications sent or received using Microsoft services such or Skype, including the:

  • subject line and body of an email,
  • text or other content of an instant message,
  • audio and video recording of a video message, and
  • audio recording and transcript of a voice message you receive or a text message you dictate. “


But sometimes all that’s just not enough:

“… we supplement the data we collect by purchasing demographic data from other companies.”

And, no doubt, they sell it too.


Of course, Microsoft aren’t alone in capturing vast swathes of personal data about us. Google and Facebook are a couple of standout examples. But Microsoft – with its unique position as the world’s Number One operating system supplier – is perfectly placed to be become the first integrated 24/7 global surveillance system, whether it’s via your daily interactions with Windows 10, Office and, via your gaming activities on Xbox, your searches on Bing, the files you store on OneDrive, your personal chats on Skype, or your work history and CV on LinkedIn.

Windows 10 is a nice operating system, no question, but it’s horribly compromised. So much so that it blurs the line between operating systems, keyloggers and spyware.

If Satya Nadella really wanted to provide us with a choice about who’s looking over our shoulders, Microsoft would produce a neutral, open source operating system from which users could make their own informed choices.

Actually, there’s no need. We already have one. It’s call Linux.


Free file recovery

Deleted some vital files or trashed your hard drive? Have I got a couple of fantastic free tools for you!

photorecPhotoRec recovers lost files from hard disks, CDs and DVDs, USB stick and camera memory cards. Don’t be fooled by its name — it recovers way more than just photos. 440 different file types to be exact.

Photorec runs under the following operating systems:

  • DOS/Windows 9x
  • Windows NT 4/2000/XP/2003/Vista/2008/7
  • Linux
  • FreeBSD, NetBSD, OpenBSD
  • Sun Solaris
  • Mac OS X

and can recover data from the following file systems:

  • FAT
  • NTFS
  • exFAT
  • ext2/ext3/ext4 filesystem
  • HFS+


PhotoRec’s companion program, TestDisk, is designed to recover lost partitions and make non-booting disks bootable again. Whether caused by faulty software, viruses or human error, TestDisk makes partition table recovery easy.

In addition, TestDisk can:

  • Fix partition table, recover deleted partition
  • Recover FAT32 boot sector from its backup
  • Rebuild FAT12/FAT16/FAT32 boot sector
  • Fix FAT tables
  • Rebuild NTFS boot sector
  • Recover NTFS boot sector from its backup
  • Fix MFT using MFT mirror
  • Locate ext2/ext3/ext4 Backup SuperBlock
  • Undelete files from FAT, exFAT, NTFS and ext2 filesystem
  • Copy files from deleted FAT, exFAT, NTFS and ext2/ext3/ext4 partitions

TestDisk runs under the following operating systems:

  • DOS (either real or in a Windows 9x DOS-box),
  • Windows (NT4, 2000, XP, 2003, Vista, 2008, Windows 7 (x86 & x64),
  • Linux,
  • FreeBSD, NetBSD, OpenBSD,
  • SunOS and
  • MacOS X


Both programs have extensive documentation and walk-throughs, and both are open source software and licensed under the GNU General Public License, meaning they’re free to use and free to copy.



DocFetcher: Find it fast

docfetcher-logoIf you work with documents or archives, you need DocFetcher, an open source desktop search application for Windows, Mac and Linux. Think of it as Google for your documents.

Select the folders you want to search and DocFetcher will create an index of them so you can do keyword-based searches on their contents. That’s not as trivial as it sounds. (If you’ve ever tried looking at inside a PDF or DOC file in Notepad, you’ll know what I mean!) Text isn’t stored in plain text format, which can make searches difficult. But that’s okay because DocFetcher understands the following …

Document formats:

  • Microsoft Office (doc, xls, ppt)
  • Microsoft Office 2007 and newer (docx, xlsx, pptx, docm, xlsm, pptm)
  • Microsoft Outlook (pst)
  • (odt, ods, odg, odp, ott, ots, otg, otp)
  • Portable Document Format (pdf)
  • HTML (html, xhtml, …)
  • TXT and other plain text formats (customizable)
  • Rich Text Format (rtf)
  • AbiWord (abw, abw.gz, zabw)
  • Microsoft Compiled HTML Help (chm)
  • MP3 Metadata (mp3)
  • FLAC Metadata (flac)
  • JPEG Exif Metadata (jpg, jpeg)
  • Microsoft Visio (vsd)
  • Scalable Vector Graphics (svg)


Archive formats:

  • zip
  • 7z
  • rar
  • tar.*

One particularly neat feature is that DocFetcher can handle an unlimited nesting of archives (eg. a zip archive containing a 7z archive containing a rar archive… and so on).


Query syntax:

Doc Fetcher’s query syntax supports basic constructs such OR, AND and NOT, but it will also handle:

  • Wildcards
  • Phrase search
  • Fuzzy search (“find words that are similar to…”)
  • Proximity search (“these two words should be at most 10 words away
    from each other”)
  • Boosting (“increase the score of documents containing…”)


DocFetcher’s free and Open Source. That means the source code is there for anyone to take and use as they please. Why is that important? Anyone remember Google Desktop, one of DocFetcher’s major commercial competitors? It was discontinued in 2011.


A stylish breeze

Typhoon is a stylish, open source weather app for Linux and Windows.


It’s a derivative of Stormcloud, which was one of Ubuntu’s Top 10 Paid Apps for a month or two last year. The big difference is that Typhoon’s free.

Linux installation’s simple. On the command line …

add the repository …

sudo add-apt-repository ppa:apandada1/typhoon

update the repository index …

sudo apt-get update

and install Typhoon …

sudo apt-get install typhoon


Windows users can download the Typhoon from here.

To configure it, click the gear icon at the top and enter your location.


Once the icon at the side turns to a tick, click it and you’re done. If it can’t find your location, check out Typhoon’s Help page for more details.