TBD on Ning

in case anyone comes wandering thru....ransomware

KnowBe4 Security Awareness Training Blog

FBI: “Beta Bot” malware kills your anti-virus and steals data

Posted by Stu Sjouwerman on Fri, Sep 20, 2013 @ 01:13 PM

This week, the FBI sent out a warning that a strain of malware known as "Beta Bot" can turn off your antivirus, stops access to the websites of antivirus vendors so that your antivirus program cannot call home for fresh definitions, and steals your user name and password when you log into your financial institutions, e-commerce sites, online payment platforms, and social networks.

user account control resized 600

The Beta Box malware masks itself as the "User Account Control" message box, but when you click on this box, it will infect your computer. If the above pop-up message or a similar prompt appears on your computer and you did not ask for it, or are not making changes to your system's configuration, do not authorize this fake "Windows Command Processor" to make any changes.

Beta Bot is commercial malware, meaning it was made by cyber criminals to be sold to other cyber criminals who can then use it to steal your personal information. It also means the quality is very high, and it's hard to get rid of when your PC gets infected. So have another look at the screenshot above, as it is much easier to prevent this infection than cure it which will likely require a trip to the helpdesk or your computer retailer.

The best way to get rid of this popup is to press ALT-F4 to make it go away. You can also click on the red X at the top right, but do not click on the Yes or No at the right bottom.

Replies to This Discussion

Permalink Reply by ProblemAgain on October 7, 2013 at 3:55pm

How To Protect Yourself From Ransomware

Posted on September 21, 2013 by Dave • 5 Comments

Ransomware is malware that prevents you from accessing your computer or the Internet. It is often the direct result of a computer virus or social engineering that allowed a human to gain access to your PC. Ransomware relies on scare tactics to trick users into thinking they have done something wrong, or extortion by encrypting the contents of a hard drive to prevent access to valuable files. Did you know you can get infected by ransomware simply from visiting a malicious website? That’s all it takes.

So how can you protect yourself from this scam?

Recognizing And Defeating Ransomware

The first step to protect yourself from ransomware is recognizing it when it happens. Typically, a user affected by ransomware will receive a law enforcement pop-up that looks somewhat legitimate. These pop-ups will attempt to scare a user into thinking they have done something illegal on their computer and will provide instructions on how they can buy their way out of trouble.

The image above shows how a user can purchase a Moneypak and provides instructions on where to send the codes.

How To Remove Ransomware

1. Clearly The FBI would never send anything to your computer. They would knock on your front door.

2. Never provide anyone with your credit card information or send them MoneyPak coupons. There’s no guarantee they’ll unlock your computer, anyway.

3. Use Windows Update and a current antivirus to keep your system secure. Scammers often use known exploits to infect your PC with ransomware.

4. If you get a ransomware pop-up, immediately disconnect it from the Internet.

5. Be prepared for disaster. If you use a computer, expect it to fail and always have a reliable backup of your data. Erasing and reinstalling is the only true way to be sure you are no longer infected. Having a backup and recovery plan will make the choice to reinstall an easy one. Learn how to backup to a NAS.

6. Always run the latest version of Internet Explorer (even if you use another browser by default) and remove Java Add-ons. You can always add it back later if you find you need it. In IE, go to Tools>Internet Options>Programs tab>Manage Add-ons.

7. Be suspicious of links in emails and never open email attachments unless you are expecting an attachment from a friend or co-worker. Attachments can contain executable files that instantly infect your PC.

8. Create a Standard User account and run as that. If you run as Administrator, viruses also have admin rights.

9. If you suspect you are infected, run Windows Defender Offline. This is a Microsoft program that allows you to boot to a USB or DVD to run a scan prior to booting into Windows. Note, if you’re infected you may need to download this from a different PC.

10. Be wary of Microsoft phone calls. Just as with the FBI, Microsoft will never call you. If you get one of these phone calls, they try to convince you to allow them to remotely access your computer. Never allow a stranger to remotely access your PC. Just hang up. Here is an example of the Microsoft phone scam if you’re already not aware of them.

Now that you know what ransomware is, be sure to take steps to prevent being scammed.