Ransomware

I would like to discuss a little bit about ransomware.  For those who don’t already know ransomware is a type of malware that when it infects a system it will encrypt all the data on the system, in some cases even reaching out to network drives that are shared from a server.  Once the data is encrypted the only way to decrypt it is with the decryption key, which the attacker will gladly supply to you for a fee, normally paid for with BitCoin.  Anti-Malware software has struggled with preventing these types of attacks because by the time they are leaving a trace that they exist files have already been impacted, so with prevention being very difficult what do you do to combat this threat?

In this case the best defense is a strong offense, first and foremost safe computer use is a must.  Most ransomware is spread through people opening infected email attachments, if you don’t know the sender you shouldn’t open the attachment.  The next line of offense towards these attacks is to make sure the data is safely backed up and the easier it is to recover from that backup the better position you will be in.  At my work we use as well as sell a product called Datto to backup all of our critical machines, this product has proven to be worth it’s weight in gold when we were struck with a ransomware attack.  We have also experienced similar issues at some of our customers sites and the the Datto easily recovered the impacted files.  These backups allowed us to take the infected machine, clean it, and then simply delete the encrypted files and replace them with the backup copies.  An inconvenience, but hardly the devastation of paying thousands of dollars in ransom or permanently losing the files.

For the home user a solution like Datto would be pricey and overkill, but there are are solutions out there that are priced right and aimed at the home user.  While I have no personal experience with it I have heard good things about companies like Mozy Pro or Carbonite for the home user, while these solutions are no where near as robust as the Datto, and absolutely not the right fit for a business, they come in at a price point and simplicity that the home user can benefit from.

When it comes to defending from ransomware you need to keep one thing in mind, you need a backup that will allow you to go and recover what the files looked like a day or two ago so you can recover them from before the infection occurred (this is called versioning).  Many people will use services like Google Drive, Drop Box, or Microsoft One Drive, and assume they are protected.  The fact is that those programs are designed to make it simple to share files, but not protect files.  Yes if you had a hard drive failure you can recover the data you saved in the cloud, but if that data is changed, such as being encrypted, that change is replicated out to the cloud as well.  So if you are hit with ransomware those thousands of pictures you have on your Google Drive account of your kid will be encrypted and useless unless you have a versioned backup of those files that you can go back to from before the infection happened.

If you don’t have your files backed up and they are important to you you can always pay the ransom, but remember there is no honor among thieves, you are dealing with criminals, and while statistics have shown most of the time if the ransom is paid they make good on providing the decryption key, there is no assurance they won’t just take the money and run.

LG Urbane

I few days ago I broke down and decided to join the smart watch crowd and bough an LG Urbane.  Now I am not the biggest fan of wearable tech, but I do feel there are certain use cases where a smart watch is useful, particularly someone like myself who finds them selves in and out of several meetings during the day, but still needs to keep an eye on incoming emails and text messages.  I hate taking my phone out in a meeting to see if a notification was something that needs my attention, but as a manager of a small growing department with few employees I need to make sure one of my engineers doesn’t need me for an emergency,  This is what drove my to research smartwatches, and as a happy owner of an LG G4, the LG Urbane made the most sense.

First lets talk about the watches style, it is a true round screen, unlike that of the Moto 360, I opted for the silver bezel, but they also produce one with a gold bezel if that is your style.  The watch looks more like a traditional wrist watch than most other smart watches on the market, but it is a very large watch.  For a big guy like me this isn’t an issue and the watch looks at home on my wrist, but if you have smaller wrists the watch may look awkwardly large on you.  The band is made from leather, and even though I have a difficult time finding watches that fit my wrists the band fits me well, although at the last hole, it is a nice looking band and fits well with the overall style of the watch.  Overall I would give LG an A on the style, the only thing I would like to see them do is make the watch a bit thinner.

The screen is quite clear and has a surprising good depth to it when looking at the watch face, it adds to the illusion that you are wearing a mechanical watch and not a smart watch.  Android Wear is responsive and works well, I get all my notifications to the watch, and the vibration that accompanies those notifications gets your attention, but does not make the loud buzzing sound we are used to with a lot of cell phones today.  You can even choose to not have certain applications send notifications to the watch.  I also love how a quick push of the button on the watch when silence the ringer on the phone when it is ringing.  The music player control is a dream to have when listening to music with your phone in your pocket.  Battery life has also proven to be much better than I expected, from a full charge in the morning I am down to 40 – 50% when I go to bed.

Now for some of the disappointing parts, if you are looking for a fitness watch this is not a good choice.  It does have a heart rate monitor, that I have yet to get to give me a heart rate and can’t seem to figure out why it won’t work.  The pedometer seems to me to be inaccurate, either that or I take more steps during the day than I thought I did, the numbers the pedometer comes up with aren’t insane, but more than I thought I did.  Clearly the fitness aspects of this watch need some work.  Also the ability to voice dial from the watch seems flawed, and maybe there is a setting I need to tweak for this, but earlier today I used OK Google on the watch to attempt to call a friend of mine, and instead of finding him in my contacts it found on google the phone number of a cpa with the same name in Florida and began dialing that phone number, I label that an epic fail.

Overall I am very happy with my purchase, the watch performs well, and despite the few issues I have located, it fills all the needs that I had for a smart watch, and looks good while doing it.  I would highly recommend it.  I plan on doing another review of this watch in a few months to see if after using for an extended period of time I feel the same way.

Smart Devices

Industry wide we have seen a huge increase in malicious activity, a large part of this is how prevalent and easy it is to get information from internet connected devices.   There was a term coined a few years back (I think by Cisco) called the “internet of things” and while it can be convient to have a light switch connected to your wifi so you can turn on or off a light from anywhere in the world there is little thought being given by the consumer as to the potential threats that could arise.

 

A smart device that is connected to the internet is essential a tiny computer, and like all computers it has an operating system and the capablitiy of being hacked, now it may not sound importiant to worry about the security of a light switch, but if that switch is connected to your Wi-Fi any vulnerability in it could potentially be used to gain access to other systems on the same network.  Systems such as your celluar phone or you PC, where much more personal and importiant information is kept.  Or just think, there are internet connected refrigerators now with webcam’s that let you see what is inside that fridge, but if the door is opened at the right moment then in a blink of an eye an unflattering picture of yourself could have been captured and sent around the world.

 

There are ways to allow for the use of these devices and limit the exposure to hacking, most wireless routers on the market today allow you to setup a guest network.  The advantage to using something like that for devices that don’t need to interact directly with your PC or other network attached devices is that on a guest network the device maintains access to the internet but is unable to access other parts of your network.  Keeping your lightswitch away from your online banking passwords.