Last Week Tonight with John Oliver: Ransomware
August 17, 2021 10:16 PM - Season 8, Episode 21 - Subscribe
Two weeks left in the white void! The spread of the Delta variant of the Coronavirus continues to grow, helped by hordes of ideologically-driven parents threatening school boards over mask mandates. And Now: Pete Nelson From Treehouse Masters Really, Really Likes Trees. Main story: Ransomware (YouTube, 22 minutes), which is an epidemic of its own right now. How it started, what's happening now, and a couple of ways you can help protect yourself.
Selected comments from Pete Nelson, re: trees--
"I'd rather be in a tree that's in its adolescent years, if you will. Having said that, if there's a big, beautiful, mature oak, you know that's clearly been around a long time, you get so attracted to those too that you can't help yourself."
"There was a little communication right there between me and the big guy, that was like, let's do this! It's asking for it! It wants us to be here!"
"I saw them earlier but I didn't want to jump their bones right away, I mean these are regal!"
"We've had this thing going for like seven years."
"I think it senses that now is the time."
"My tree juices are pumping!"
F.37: "Data Nada," MIKE LINDELL
Selected comments from Pete Nelson, re: trees--
"I'd rather be in a tree that's in its adolescent years, if you will. Having said that, if there's a big, beautiful, mature oak, you know that's clearly been around a long time, you get so attracted to those too that you can't help yourself."
"There was a little communication right there between me and the big guy, that was like, let's do this! It's asking for it! It wants us to be here!"
"I saw them earlier but I didn't want to jump their bones right away, I mean these are regal!"
"We've had this thing going for like seven years."
"I think it senses that now is the time."
"My tree juices are pumping!"
F.37: "Data Nada," MIKE LINDELL
JHarris, I appreciate seeing this every week, so I wish I had something to say, but I don't. This season is so unrelentingly grim.
posted by acrasis at 6:42 PM on August 18, 2021 [5 favorites]
posted by acrasis at 6:42 PM on August 18, 2021 [5 favorites]
I watched this episode last night. JHarris, I would also like to say how much I appreciate the work and care you put into these posts.
The Pete Nelson bit had me laughing a bit at first, because my father is a very talented and accomplished woodworker who is obsessed with trees and wood. He can go on about them and their various properties for hours on end and it can get tiresome. Some of the first few things Nelson said sounded just like things my dad would say. But then it escalated VERY QUICKLY and to a HOLY SHIT PETE NELSON DEFINITELY WANTS TO FUCK AN UNDERAGE TREE level. Yikes. At least my dad isn't like... that.
Last night I had nightmares all night that my laptop got attacked by ransomware, so I think it's time for me to take the preventative measures Oliver recommends. I'm not someone who really understands computers, but I'd like to run a theory by you people. It seems to me that if I back up my data at least once a week, if I should get ransomwared, I'll have nearly everything on a thumb drive. Could I then tell the hackers to go fuck themselves, take my computer to my computer guy and get him to wipe the computer and reinstall it all, or would that work?
posted by orange swan at 9:43 AM on August 19, 2021 [2 favorites]
The Pete Nelson bit had me laughing a bit at first, because my father is a very talented and accomplished woodworker who is obsessed with trees and wood. He can go on about them and their various properties for hours on end and it can get tiresome. Some of the first few things Nelson said sounded just like things my dad would say. But then it escalated VERY QUICKLY and to a HOLY SHIT PETE NELSON DEFINITELY WANTS TO FUCK AN UNDERAGE TREE level. Yikes. At least my dad isn't like... that.
Last night I had nightmares all night that my laptop got attacked by ransomware, so I think it's time for me to take the preventative measures Oliver recommends. I'm not someone who really understands computers, but I'd like to run a theory by you people. It seems to me that if I back up my data at least once a week, if I should get ransomwared, I'll have nearly everything on a thumb drive. Could I then tell the hackers to go fuck themselves, take my computer to my computer guy and get him to wipe the computer and reinstall it all, or would that work?
posted by orange swan at 9:43 AM on August 19, 2021 [2 favorites]
I love Pete Nelson's weird tree enthusiasm, and would happily take a palate cleanser of Treehouse Masters clips in every LWT.
Not to diminish the severity of the ransomeware problem, but it is less of a trigger for existential depression for me than, say, climate change or the situation in Afghanistan or Haiti, so I was able to enjoy this episode more than most of the season.
Adding my voice to the JHarris appreciation chorus - it's really impressive how consistently great your episode summaries are.
posted by the primroses were over at 5:06 PM on August 19, 2021
Not to diminish the severity of the ransomeware problem, but it is less of a trigger for existential depression for me than, say, climate change or the situation in Afghanistan or Haiti, so I was able to enjoy this episode more than most of the season.
Adding my voice to the JHarris appreciation chorus - it's really impressive how consistently great your episode summaries are.
posted by the primroses were over at 5:06 PM on August 19, 2021
All this is off the top of my head, I will gladly accept correction from someone actually working in security:
If you get ransomware attacked, there are two dangers: losing access to your data, and malign actors potentially getting access to it.
The first part, if you have current backups, is easy to overcome. There is no ransomware that can survive a good old fashioned hard drive wipe. Even if your data is encrypted, you could just erase the HD, reinstall your OS (for Windows this is much easier than previously due to Microsoft's "digital entitlements" system, you don't even need a key), and load your files from the backup. This assumes the files are intact in the backup of course. But really, it's not a bad idea to have backups anyway.
Malign actors getting your information is a different thing. Good password managers will keep your passwords encrypted, although if there's running malware on your computer there is no absolute guarantee, there could be a keylogger, it might be able to get them out of memory when a program deencrypts them, or might could get your manager's encryption key. This is where two-factor authentication helps.
posted by JHarris at 10:47 PM on August 19, 2021
If you get ransomware attacked, there are two dangers: losing access to your data, and malign actors potentially getting access to it.
The first part, if you have current backups, is easy to overcome. There is no ransomware that can survive a good old fashioned hard drive wipe. Even if your data is encrypted, you could just erase the HD, reinstall your OS (for Windows this is much easier than previously due to Microsoft's "digital entitlements" system, you don't even need a key), and load your files from the backup. This assumes the files are intact in the backup of course. But really, it's not a bad idea to have backups anyway.
Malign actors getting your information is a different thing. Good password managers will keep your passwords encrypted, although if there's running malware on your computer there is no absolute guarantee, there could be a keylogger, it might be able to get them out of memory when a program deencrypts them, or might could get your manager's encryption key. This is where two-factor authentication helps.
posted by JHarris at 10:47 PM on August 19, 2021
but I'd like to run a theory by you people
This is a complicated question. I am not claiming to know which attack vector and denial mechanism modern "ransomware" uses, but there are several routes this can take. I've successfully recovered my mom's and someone else's computer after they were locked out by one such attack.
Attacks on personal computers versus corporate enterprise servers (either directly or via access priviledged desktops) are very very different.
Short answer is; if you backup your data - that's great and should be SOP for everyone. A USB drive isn't an ideal method. Traditional backup methodologies are to have HDD (magnetic based hard drive) backupS (multiple). If your data footprint (size) isn't all that big, doing a backup every week alternating between 2 "USB sticks" is fine. If your latest backup fails, you still have the other stick from the previous week.
USB drives (typically lower quality flash memory) are reliable - until they aren't. Magnetic media is a little more reliable, and more/ actually recoverable if the data is high worth.
If your data storage requirements aren't large (less than a few gigabytes - it's kind of hard to find hard drives smaller than a TB [terabyte - "a thousand gigabytes"]; a photo from your phone might be 10 megabytes; 100 of them is about a gigabyte. 1 million of those is about a terabyte) then storing them "on the cloud" (google drive, etc.) is very reasonable.
If your data requirements will fit on a USB drive < $100 CAD and you have reliable internet, storing it all on a reputable cloud is a reasonable thing to do and you can find "free" solutions. Even paying for some online storage can make a lot of sense.
The problem is - that only covers your data; even if you natively (you save it directly to a cloud) you may lose access to your computer until you get a white hat to wipe it and restore it to use. You'll also lose any OS (operating system) configurations that you have made and will have to do those all over again.
Also, passwords and website settings (via cookies).
You can do full local backups, but that takes time unless you automate that and leave your computer powered through scheduled automated backup times. But, doing this as a full OS partition+data local backup means that if you get hammered, you have the option to wipe your affected computer and do a full restore from the last backup. Depending (on lots of things, including hardware and i/o interface), it might be a couple/ few hours+ before restoring things.
The nuance here is that you want to make sure that you didn't back up a timed-release attack. If it's already in your backup, it might "wake up" again. Hence, switching between two different backups for every other week. As a risk mitigation with high value data, you want to do a combination of data-only backup as well as a system backup.
Bottom line; air-gapped (saved on USB drive/ external HD or remotely) data is good and should be done anyway. But an attack on your computer can prevent you from using a critical tool (your computer) until you can do a wipe and reinstall, and if you don't have a good way of retaining your metadata, can be very inconveniencing. Firefox offers a cloud thing to save your settings, passwords, bookmarks, etc. I don't use it.
--
There are different ways that ransomware can fuck your computer.
If something is claiming to "encrypt all of your data" - that's likely bullshit. Encrypting data is computationally expensive (if it isn't expensive, it'd be trivial to decrypt) so it takes time. Also, if it's on your machine, there's going to be a LOT of read/write/overwrite in order to get that done.
If your data is "encyrpted," likely, it isn't really. Likely the metadata required by the OS to parse, read, and present you the data is messed up. The data is still there, but your OS either can't see it or interpret it in order to present it to you.
The other way - one instance of which I have encountered and bypassed - is after the "deadline" has passed, the resident (and it can be quite sophisticated) code goes into another phase where it locks down the computer via fucking with the BIOS (low level code stored on the motherboard) that prevents the OS from even loading. Keep in mind, there is OS-level chicanery already in play.
There are ways to re-flash the BIOS. Once I fixed that attack, I booted using a (random linux distro) via USB to access the HD to look at the data. It was all still there, but the way/ index Windows uses to get to/ interpret that data was fucked. I can't remember how, but I managed to restore the OS and all of the data was still there. OS settings, no.
This was a few years ago; a couple of years before that, my sister's bf's dad had a similar attack - and I had to dremel out a corroded screw to temporarily remove a sub PCB in order to access the physical BIOS reset, and put it all back together again.
I had an attack myself, still don't know exactly how it happened; I keep all of my data outside of my OS drive (C: drive), none of it was affected. The other 3 hard drives were completely ignored by whatever it was. No guarantee that modern malware will still have that blind spot (if I was writing malware, I'd make sure to look for other drives locally (and networked) to go drop a trojan/ time-bomb into.
--
So, yes. Data Backups. Cloud storage makes sense.
If having a computer is critical, you want a backup computer as well to avoid downtime.
posted by porpoise at 1:53 AM on August 21, 2021 [2 favorites]
This is a complicated question. I am not claiming to know which attack vector and denial mechanism modern "ransomware" uses, but there are several routes this can take. I've successfully recovered my mom's and someone else's computer after they were locked out by one such attack.
Attacks on personal computers versus corporate enterprise servers (either directly or via access priviledged desktops) are very very different.
Short answer is; if you backup your data - that's great and should be SOP for everyone. A USB drive isn't an ideal method. Traditional backup methodologies are to have HDD (magnetic based hard drive) backupS (multiple). If your data footprint (size) isn't all that big, doing a backup every week alternating between 2 "USB sticks" is fine. If your latest backup fails, you still have the other stick from the previous week.
USB drives (typically lower quality flash memory) are reliable - until they aren't. Magnetic media is a little more reliable, and more/ actually recoverable if the data is high worth.
If your data storage requirements aren't large (less than a few gigabytes - it's kind of hard to find hard drives smaller than a TB [terabyte - "a thousand gigabytes"]; a photo from your phone might be 10 megabytes; 100 of them is about a gigabyte. 1 million of those is about a terabyte) then storing them "on the cloud" (google drive, etc.) is very reasonable.
If your data requirements will fit on a USB drive < $100 CAD and you have reliable internet, storing it all on a reputable cloud is a reasonable thing to do and you can find "free" solutions. Even paying for some online storage can make a lot of sense.
The problem is - that only covers your data; even if you natively (you save it directly to a cloud) you may lose access to your computer until you get a white hat to wipe it and restore it to use. You'll also lose any OS (operating system) configurations that you have made and will have to do those all over again.
Also, passwords and website settings (via cookies).
You can do full local backups, but that takes time unless you automate that and leave your computer powered through scheduled automated backup times. But, doing this as a full OS partition+data local backup means that if you get hammered, you have the option to wipe your affected computer and do a full restore from the last backup. Depending (on lots of things, including hardware and i/o interface), it might be a couple/ few hours+ before restoring things.
The nuance here is that you want to make sure that you didn't back up a timed-release attack. If it's already in your backup, it might "wake up" again. Hence, switching between two different backups for every other week. As a risk mitigation with high value data, you want to do a combination of data-only backup as well as a system backup.
Bottom line; air-gapped (saved on USB drive/ external HD or remotely) data is good and should be done anyway. But an attack on your computer can prevent you from using a critical tool (your computer) until you can do a wipe and reinstall, and if you don't have a good way of retaining your metadata, can be very inconveniencing. Firefox offers a cloud thing to save your settings, passwords, bookmarks, etc. I don't use it.
--
There are different ways that ransomware can fuck your computer.
If something is claiming to "encrypt all of your data" - that's likely bullshit. Encrypting data is computationally expensive (if it isn't expensive, it'd be trivial to decrypt) so it takes time. Also, if it's on your machine, there's going to be a LOT of read/write/overwrite in order to get that done.
If your data is "encyrpted," likely, it isn't really. Likely the metadata required by the OS to parse, read, and present you the data is messed up. The data is still there, but your OS either can't see it or interpret it in order to present it to you.
The other way - one instance of which I have encountered and bypassed - is after the "deadline" has passed, the resident (and it can be quite sophisticated) code goes into another phase where it locks down the computer via fucking with the BIOS (low level code stored on the motherboard) that prevents the OS from even loading. Keep in mind, there is OS-level chicanery already in play.
There are ways to re-flash the BIOS. Once I fixed that attack, I booted using a (random linux distro) via USB to access the HD to look at the data. It was all still there, but the way/ index Windows uses to get to/ interpret that data was fucked. I can't remember how, but I managed to restore the OS and all of the data was still there. OS settings, no.
This was a few years ago; a couple of years before that, my sister's bf's dad had a similar attack - and I had to dremel out a corroded screw to temporarily remove a sub PCB in order to access the physical BIOS reset, and put it all back together again.
I had an attack myself, still don't know exactly how it happened; I keep all of my data outside of my OS drive (C: drive), none of it was affected. The other 3 hard drives were completely ignored by whatever it was. No guarantee that modern malware will still have that blind spot (if I was writing malware, I'd make sure to look for other drives locally (and networked) to go drop a trojan/ time-bomb into.
--
So, yes. Data Backups. Cloud storage makes sense.
If having a computer is critical, you want a backup computer as well to avoid downtime.
posted by porpoise at 1:53 AM on August 21, 2021 [2 favorites]
Yes about "encryption," but I figured I should hedge my bets a bit since presumably ransomware could have been running on your machine for who knows how long. Messing with the BIOS is a very high level of fuckery though, certainly.
If I got a randomware attack, the first thing I would do is hard power the machine and never boot it again until I've had a live Linux CD in it. Ransomware is not magical, if the machine doesn't boot from the drive with the malware it doesn't have a chance to run, and it's just dead data. In these cases Windows wants you to boot from the recovery partition, but the malware could have hit that too. There used to be a number of good live CD virus scanners that were capable of updating themselves in RAM, although the last time I looked for one those seemed to have dried up a bit? Still, I would definitely want something like that handy if I were recovering someone's machine.
posted by JHarris at 5:06 PM on August 21, 2021 [2 favorites]
If I got a randomware attack, the first thing I would do is hard power the machine and never boot it again until I've had a live Linux CD in it. Ransomware is not magical, if the machine doesn't boot from the drive with the malware it doesn't have a chance to run, and it's just dead data. In these cases Windows wants you to boot from the recovery partition, but the malware could have hit that too. There used to be a number of good live CD virus scanners that were capable of updating themselves in RAM, although the last time I looked for one those seemed to have dried up a bit? Still, I would definitely want something like that handy if I were recovering someone's machine.
posted by JHarris at 5:06 PM on August 21, 2021 [2 favorites]
You are not logged in, either login or create an account to post comments
posted by Marticus at 4:12 PM on August 18, 2021 [2 favorites]