12 May 2024

Recently trending

Five months on from cancer diagnosis Uncomfortable truths: The real cost of living in retirement Is Australia ready for its population growth over the next decade?Are term deposits attractive right now?The public servants demanding $3m super tax exemption

Reader: "Congratulations on a great focussed news source. Australia has a dearth of good quality unbiased financial and wealth management news."

John Egan, Egan Associates: "My heartiest congratulations. Your panel of contributors is very impressive and keep your readers fully informed."

Reader: "I subscribe to two newsletters. This is my first read of the week. Thank you. Excellent and please keep up the good work!"

Reader: "The BEST in the game because of diversity and not aligned to financial products. Stands above all the noise."

Jonathan Hoyle, CEO, Stanford Brown: "A fabulous publication. The only must-read weekly publication for the Australian wealth management industry."

Reader: "Carry on as you are - well done. The average investor/SMSF trustee needs all the help they can get."

Eleanor Dartnall, AFA Adviser of the Year, 2014: "Our clients love your newsletter. Your articles are avidly read by advisers and they learn a great deal."

Rob Henshaw: "When I open my computer each day it's the first link I click - a really great read."

Reader: "It's excellent so please don't pollute the content with boring mainstream financial 'waffle' and adverts for stuff we don't want!"

John Pearce, Chief Investment Officer, Unisuper: "Out of the (many many) investmentrelated emails I get, Cuffelinks is one that I always open."

Steve: "The best that comes into our world each week. This is the only one that is never, ever canned before fully being reviewed by yours truly."

Reader: "Love it, just keep doing what you are doing. It is the right length too, any longer and it might become a bit overwhelming."

Australian Investors Association: "Australia's foremost independent financial newsletter for professionals and self-directed investors."

Ian Kelly, CFP, BTACS Financial Services: "Probably the best source of commentary and information I have seen over the past 20 years."

Reader: "An island of professionalism in an ocean of shallow self-interest. Well done!"

Reader: "I can quickly sort the items that I am interested in, then research them more fully. It is also a regular reminder that I need to do this."

Don Stammer, leading Australian economist: "Congratulations to all associated. It deserves the good following it has."

Scott Pape, author of The Barefoot Investor: "I'm an avid reader of Cuffelinks. Thanks for the wonderful resource you have here, it really is first class."

Andrew Buchan, Partner, HLB Mann Judd: "I have told you a thousand times it's the best newsletter."

Reader: "Is one of very few places an investor can go and not have product rammed down their throat. Love your work!"

Ian Silk, CEO, AustralianSuper: "It has become part of my required reading: quality thinking, and (mercifully) to the point."

Noel Whittaker, author and financial adviser: "A fabulous weekly newsletter that is packed full of independent financial advice."

Reader: "Keep it up - the independence is refreshing and is demonstrated by the variety of well credentialed commentators."

Reader: " Finding a truly independent and interesting read has been magical for me. Please keep it up and don't change!"

David Goldschmidt, Chartered Accountant: "I find this a really excellent newsletter. The best I get. Keep up the good work!"

Reader: "Best innovation I have seen whilst an investor for 25 years. The writers are brilliant. A great publication which I look forward to."

Reader: "Great resource. Cuffelinks is STILL the one and only weekly newsletter I regularly read."

Professor Robert Deutsch: "This has got to be the best set of articles on economic and financial matters. Always something worthwhile reading in Firstlinks. Thankyou"

Home / 202

How I lost my files to ransomware

Graham Hand
17 May 2017
3

[This article from 2015 is republished as background to the largest global ransomware attack ever in the last week. Circumstances are different this time but many of the issues around backing up data are the same].

This is a cautionary tale, at the risk of embarrassing myself. I did not even know what 'ransomware' was until it infected my computer. This article is not a definitive piece on how to protect yourself from a virus. The main message is don’t do as I did.

Ransomware is a type of malware that prevents access to computer files until the victim pays a ransom to regain access or retrieve the data.

How was I tricked?

Let’s start at the beginning to at least give me some excuses. I had been exchanging emails and phone calls with Telstra, as part of a significant upgrade to faster broadband speed, higher data allowance and upgraded mobile phone plan. In my defence, my head was in a ‘Telstra numbers’ mode, full of megabytes and download speeds.

Then a few days after my upgrade, I received an email, supposedly from Telstra Customer Care, telling me I was over 50% of my monthly data allocation, with a link to my usage level. How could that be? I had only just changed to the new package. Immediately preparing myself to call Telstra and tell them to get their act together, that they had me on the wrong plan, I clicked on the link to check the numbers. Bad mistake, a strike at my soft underbelly.

The email was not from Telstra. This message jumped up on my screen.

It was a ransomware virus called CryptoLocker. Google it if you want to know more. It works by encrypting all the files on your computer, and to unlock or decrypt them, you pay a ‘ransom’ to receive a decryption key. I immediately removed the virus but it was too late. All my files – Word, Excel, PowerPoint presentations, photographs, videos – were encrypted and could not be opened. The ransom requested was GBP700, payable in Bitcoins. They said if I tried to remove the virus, it would not decrypt the files and the cost of the key would increase to GBP1,400.

Searching online for a solution, some people suggested there is a publicly available key to decrypt the files, but this is a public key used by other malware scams. My understanding is CryptoLocker uses two keys: one to encrypt and another to decrypt the data. The decryption key is a private key, which is not available other than by paying the ransom.

What about my backup?

I immediately contacted my technical support, who said this was a particularly nasty virus, and industry advice is not to pay the ransom as most people do not receive the decryption code after payment. An online search confirmed this, while others said they did not want to encourage criminals by paying the ransom. It was better to rebuild from backups.

Where were my backups? This is the embarrassing bit.

First, we tried ‘System Restore’, which if enabled on the computer, should hold shadow copies of files. But when we clicked on ‘Previous Versions’, nothing was there.

Second, what about back-ups to external hard drives? I had been told some months earlier that there are only two types of external hard drives: those that have stopped working, and those that are about to stop working. A company called Backblaze, which runs 25,000 external hard drives continuously in its backup business, reports a 5% fail in the first 18 months, and 22% in four years. No doubt this is unfair, but I used it as an excuse not to back up to external hard drives more regularly.

Third, my computer had been set up to copy files regularly to Dropbox. When I went into my Dropbox account, the files there were also encrypted. So I wrote to Dropbox asking if they had saved previous versions. There ensued an exchange of emails with Dropbox, such as:

“I’d be happy to help you roll back your entire account to a certain point in time. Could you go to https://www.dropbox.com/events and send me the link indicating the first event you would like to undo? Your account will be reverted to before this event took place.”

But over many exchanges of email, we could not open my old files. I don’t blame Dropbox for this, we just ran out of time and patience.

So where did I eventually find some of the lost files? I had older files on an external hard drive from my last (too long ago) back up. Otherwise, I retrieved wanted files that had been attached to emails: photographs, documents, spreadsheets. I recovered a decent amount stored by Google on gmail (and it would be the same with any reputable email service) and all Cuffelinks files are ‘in the cloud’.

But I did lose a lot of personal material. I had copied photographs to my computer from my iphone to free space on the phone. Other personal records, documents and spreadsheets, were lost.

What are the lessons?

All it takes is one email from a trusted friend or a familiar company, complete with logo and well-designed customer letter, plus a moment’s lack of the usual caution and this could happen to you. The lessons are:

Always pause before opening a link, regardless of who it is from, and make sure it is legitimate. Hackers have ways of accessing your contacts and companies you deal with.

Back up to an external hard drive regularly, but make frequent checks and hardware upgrades.

Store additional copies in the ‘cloud’.

Activate the programme which stores shadow copies.

Email important documents to yourself. From my experience, this is a robust solution, and if anyone thinks it is not, let me know.

Repeating, I am not a technical expert on this subject, and I welcome comments from people who know a lot more than I do. (See comments in original version of this article). Including the best ways to back up.

Comment by Tony Cuffe who works in technical support

This type of invasive software is, unfortunately, becoming more common. It opens up a lot of discussion as to how to avoid it in the future. Backing up properly is a form of risk management.

For Mac users, I suggest that an Apple Time Machine is installed as well as using a programme such as Carbon Copy to do remote backups of valuable files such as photos and documents on a regular basis to remote drives. These can be setup to run automatically in the background.

For Windows users, this is not so simple. There are a range of different solutions from different suppliers. One that seems pretty good is from Acronis. They do both automatic updates to local remote drives and also the cloud.

Speaking of cloud, we are now primarily using Google Drive along with the full suite of Google apps for work applications. This means that all files are being kept in the cloud and are not touchable with programmes like CryptoLocker. We are currently retiring our laptops and replacing with them with Chromebooks. The only thing needed is an internet connection via wi-fi and you have everything available.

Finally, as for email, using a hosted cloud service such as Apple iCloud or Google Gmail is the only way to go as you can easily re-download your email to any device whether it be Windows, Apple or Linux. I use both for different email addresses but my first choice is now Gmail and particularly Gmail for business so you can set up your own domain name for your email address.

Graham Hand is Managing Editor of Cuffelinks. This article is a general warning and does not consider the personal circumstances of any readers, nor is it intended as a definitive solution to protecting data and files. It is not specifically related to the global ransomware virus attack of May 2017 but the issues are similar.

cryptolocker, cyber attack, ransomware, security

3 Comments

Rob
May 18, 2017

I keep all my data on a desktop which is not connected to the internet. The data is backed up weekly on a number of detachable HDs that are stored in separate locations. I use a protected laptop for internet access and downloading records. I also use no third party storage. How paranoid is all that?

Mike
May 18, 2017

For private users,there are simple ways to greatly reduce or completely eliminate the risks with ransomware and other malware, without getting involved in complicated ,time consuming and unnecessary methods.
There is usually some very obvious sign if emails are not genuine-if in doubt just contact the company,before making that fatal click.

Anti malware security software should be installed-recommended against ransomware are CheckMal AppCheck(free for private use),Zemana AntiMalware and VoodoShield..
All have excellent records of stopping malware and ransomware,they run lightly and can substitute for antivirus software,which quite often have failed against ransomware.
AppCheck just tested and successfully stopped the current WannaCry ransomware.

Backup of the whole system and data, in other words the complete content of your main drive,at least on a daily basis.is essential
Strongly recommended is Macrium Reflect,which will do this and can even be scheduled to backup each hour.
Have been using for 15years -100% reliable!

The backup image will initially be saved on the main C disk,but should be transferred to external disks regularly.
I backup daily and transfer weekly,its up to you-its pain free and simple.
If you do it daily,then at worst you would lose very little data as the emails should repopulate automatically.
I use a small external portable, cost $75,also a USB stick as a failsafe-also 100% reliable so far.
The externals should be disconnected between usage,otherwise an unlikely successful attack could spread to them.
Its surely pointless to become paranoid about using the internet ,which defeats the whole point of having it.
You may as well just stop using your computer if it becomes such a nightmare.

Ashley
May 18, 2017

Fortunately I have not had any data problems for about a decade. My plan is simple:
o I never keep any data on PC/laptops (they regularly crash or get viruses),
o never use PC backup/restore software (they have never worked in the past when I needed them),
o only ever use PC/lap-tops for back-ups (but they crash/die regularly so are not much good even as backups),
o never use compressed/zipped file backup services (because you can never decompress/unzip them when you need them),
o never use the ‘cloud’,
o never use Dropbox.
o Never use auto backup tools (they miss files and/or put them in places I can never find again)
o All my working files are on USB drives + backed up every day to other USB drives (hard disc and memory types – only takes a couple of minutes per day to manually back up what I have done each day).
o I also have no social media accounts – no Facebook, Snapchat, Instagram, Twitter, Pinterest, Flickr, Tumblr, Google+, Reddit, or anything else. I Don’t even know what they are. (I do have a LinkedIn page I visit about once a year to delete ‘skills’ people accredit me with – but I’ve lost the password).

Latest Updates

Are term deposits attractive right now?

If you’re like me, you may have put money into term deposits over the past year and it’s time to decide whether to roll them over or look elsewhere. Here are the pros and cons of cash versus other assets right now.

James Gruber
8 May 2024
55

Retirement

How retiree spending plummets as we age

There's been little debate on how spending changes as people progress through retirement. Yet, it's a critical issue as it can have a significant impact on the level of savings required at the point of retirement.

Ruvinda Nanayakkara
8 May 2024
13

Estate planning made simple, Part I

Every year, millions of dollars are spent on legal fees, and thousands of hours are wasted on family disputes - all because of poor estate planning. Here's a guide to a key part of estate planning - making an effective will.

Noel Whittaker
8 May 2024
3

Investment strategies

Markets are about to get a whole lot harder

As the world shifts away from one of artificially suppressed interest rates and cheap manufacturing, investors will need to carefully consider how companies are positioned to navigate the new higher-cost paradigm.

Robert M. Almeida
8 May 2024
1

Investment strategies

Why commodities deserve a place in portfolios

2024 looks set to be another year of reflation and geopolitical uncertainty — with the latter significantly raising the tail risk of a return to problematic inflation. That’s a supportive backdrop for commodities.

Erik L. Knutzen, Hakan Kaya
8 May 2024

Property

What’s next for Australian commercial real estate?

It's no secret that Australian commercial property has endured its most challenging period since the GFC. Yet, there are encouraging signs that the worst may be over and industry returns should improve in the medium term.

Board games: two hidden risks for stock pickers?

Allan Gray's Simon Mawhinney thinks two groups with huge influence over our public companies often fall short of helping shareholders. In this interview, Mawhinney also talks boards, takeovers, and active investing.

James Gruber, Joseph Taylor
8 May 2024

Alliances

Site Map

About Firstlinks

Disclaimer
The data, research and opinions provided here are for information purposes; are not an offer to buy or sell a security; and are not warranted to be correct, complete or accurate. Morningstar, its affiliates, and third-party content providers are not responsible for any investment decisions, damages or losses resulting from, or related to, the data and analyses or their use. To the extent any content is general advice, it has been prepared for clients of Morningstar Australasia Pty Ltd (ABN: 95 090 665 544, AFSL: 240892), without reference to your financial objectives, situation or needs. For more information refer to our Financial Services Guide. You should consider the advice in light of these matters and if applicable, the relevant Product Disclosure Statement before making any decision to invest. Past performance does not necessarily indicate a financial product’s future performance. To obtain advice tailored to your situation, contact a professional financial adviser. Articles are current as at date of publication.
This website contains information and opinions provided by third parties. Inclusion of this information does not necessarily represent Morningstar’s positions, strategies or opinions and should not be considered an endorsement by Morningstar.