24 April 2024

Recently trending

2024/25 super thresholds – key changes and implications The greatest investor you’ve never heard of Five months on from cancer diagnosis Is Australia ready for its population growth over the next decade?Welcome to Firstlinks Edition 552 with weekend update

Reader: " Finding a truly independent and interesting read has been magical for me. Please keep it up and don't change!"

John Pearce, Chief Investment Officer, Unisuper: "Out of the (many many) investmentrelated emails I get, Cuffelinks is one that I always open."

Reader: "Keep it up - the independence is refreshing and is demonstrated by the variety of well credentialed commentators."

Reader: "The BEST in the game because of diversity and not aligned to financial products. Stands above all the noise."

Noel Whittaker, author and financial adviser: "A fabulous weekly newsletter that is packed full of independent financial advice."

David Goldschmidt, Chartered Accountant: "I find this a really excellent newsletter. The best I get. Keep up the good work!"

Ian Silk, CEO, AustralianSuper: "It has become part of my required reading: quality thinking, and (mercifully) to the point."

Jonathan Hoyle, CEO, Stanford Brown: "A fabulous publication. The only must-read weekly publication for the Australian wealth management industry."

Reader: "Love it, just keep doing what you are doing. It is the right length too, any longer and it might become a bit overwhelming."

John Egan, Egan Associates: "My heartiest congratulations. Your panel of contributors is very impressive and keep your readers fully informed."

Reader: "Congratulations on a great focussed news source. Australia has a dearth of good quality unbiased financial and wealth management news."

Andrew Buchan, Partner, HLB Mann Judd: "I have told you a thousand times it's the best newsletter."

Reader: "Carry on as you are - well done. The average investor/SMSF trustee needs all the help they can get."

Professor Robert Deutsch: "This has got to be the best set of articles on economic and financial matters. Always something worthwhile reading in Firstlinks. Thankyou"

Scott Pape, author of The Barefoot Investor: "I'm an avid reader of Cuffelinks. Thanks for the wonderful resource you have here, it really is first class."

Reader: "I can quickly sort the items that I am interested in, then research them more fully. It is also a regular reminder that I need to do this."

Reader: "It's excellent so please don't pollute the content with boring mainstream financial 'waffle' and adverts for stuff we don't want!"

Don Stammer, leading Australian economist: "Congratulations to all associated. It deserves the good following it has."

Reader: "Great resource. Cuffelinks is STILL the one and only weekly newsletter I regularly read."

Reader: "I subscribe to two newsletters. This is my first read of the week. Thank you. Excellent and please keep up the good work!"

Australian Investors Association: "Australia's foremost independent financial newsletter for professionals and self-directed investors."

Eleanor Dartnall, AFA Adviser of the Year, 2014: "Our clients love your newsletter. Your articles are avidly read by advisers and they learn a great deal."

Rob Henshaw: "When I open my computer each day it's the first link I click - a really great read."

Steve: "The best that comes into our world each week. This is the only one that is never, ever canned before fully being reviewed by yours truly."

Reader: "Best innovation I have seen whilst an investor for 25 years. The writers are brilliant. A great publication which I look forward to."

Reader: "An island of professionalism in an ocean of shallow self-interest. Well done!"

Ian Kelly, CFP, BTACS Financial Services: "Probably the best source of commentary and information I have seen over the past 20 years."

Reader: "Is one of very few places an investor can go and not have product rammed down their throat. Love your work!"

Home / 119

How I lost my files to ransomware

Graham Hand
23 July 2015
15

This is a cautionary tale, at the risk of embarrassing myself. I did not even know what ‘ransomware’ was until it infected my computer. This article is not a definitive piece on how to protect yourself from a virus. The main message is don’t do as I did.

Ransomware is a type of malware that prevents access to computer files until the victim pays a ransom to regain access or retrieve the data.

How was I tricked?

Let’s start at the beginning to at least give me some excuses. I had been exchanging emails and phone calls with Telstra, as part of a significant upgrade to faster broadband speed, higher data allowance and upgraded mobile phone plan. In my defence, my head was in a ‘Telstra numbers' mode, full of megabytes and download speeds.

Then a few days after my upgrade, I received an email, supposedly from Telstra Customer Care, telling me I was over 50% of my monthly data allocation, with a link to my usage level. How could that be? I had only just changed to the new package. Immediately preparing myself to call Telstra and tell them to get their act together, that they had me on the wrong plan, I clicked on the link to check the numbers. Bad mistake, a strike at my soft underbelly.

The email was not from Telstra. This message jumped up on my screen.

It was a ransomware virus called CryptoLocker. Google it if you want to know more. It works by encrypting all the files on your computer, and to unlock or decrypt them, you pay a 'ransom' to receive a decryption key. I immediately removed the virus but it was too late. All my files – Word, Excel, PowerPoint presentations, photographs, videos – were encrypted and could not be opened. The ransom requested was GBP700, payable in Bitcoins. They said if I tried to remove the virus, it would not decrypt the files and the cost of the key would increase to GBP1,400.

Searching online for a solution, some people suggested there is a publicly available key to decrypt the files, but this is a public key used by other malware scams. My understanding is CryptoLocker uses two keys: one to encrypt and another to decrypt the data. The decryption key is a private key, which is not available other than by paying the ransom.

What about my backup?

I immediately contacted my technical support, who said this was a particularly nasty virus, and industry advice is not to pay the ransom as most people do not receive the decryption code after payment. An online search confirmed this, while others said they did not want to encourage criminals by paying the ransom. It was better to rebuild from backups.

Where were my backups? This is the embarrassing bit.

First, we tried ‘System Restore’, which if enabled on the computer, should hold shadow copies of files. But when we clicked on ‘Previous Versions’, nothing was there.

Second, what about back-ups to external hard drives? I had been told some months earlier that there are only two types of external hard drives: those that have stopped working, and those that are about to stop working. A company called Backblaze, which runs 25,000 external hard drives continuously in its backup business, reports a 5% fail in the first 18 months, and 22% in four years. No doubt this is unfair, but I used it as an excuse not to back up to external hard drives more regularly.

Third, my computer had been set up to copy files regularly to Dropbox. When I went into my Dropbox account, the files there were also encrypted. So I wrote to Dropbox asking if they had saved previous versions. There ensued an exchange of emails with Dropbox, such as:

“I'd be happy to help you roll back your entire account to a certain point in time. Could you go to https://www.dropbox.com/events and send me the link indicating the first event you would like to undo? Your account will be reverted to before this event took place.”

But over many exchanges of email, we could not open my old files. I don’t blame Dropbox for this, we just ran out of time and patience.

So where did I eventually find some of the lost files? I had older files on an external hard drive from my last (too long ago) back up. Otherwise, I retrieved wanted files that had been attached to emails: photographs, documents, spreadsheets. I recovered a decent amount stored by Google on Gmail (and it would be the same with any reputable email service) and all Cuffelinks files are ‘in the cloud’.

But I did lose a lot of personal material. I had copied photographs to my computer from my iPhone to free space on the phone. Other personal records, documents and spreadsheets, were lost.

What are the lessons?

All it takes is one email from a trusted friend or a familiar company, complete with logo and well-designed customer letter, plus a moment’s lack of the usual caution and this could happen to you. The lessons are:

Always pause before opening a link, regardless of who it is from, and make sure it is legitimate. Hackers have ways of accessing your contacts and companies you deal with.
Back up to an external hard drive regularly, but make frequent checks and hardware upgrades.
Store additional copies in the ‘cloud’.
Activate the programme which stores shadow copies.
Email important documents to yourself. From my experience, this is a robust solution, and if anyone thinks it is not, let me know.

Repeating, I am not a technical expert on this subject, and I welcome comments from people who know a lot more than I do. Including the best ways to back up (no product flogs, please).

Comment by Tony Cuffe who works in technical support

This type of invasive software is, unfortunately, becoming more and more common. It opens up a lot of discussion as to how to avoid it in the future. Backing up properly is a form of risk management.

For Mac users I suggest that an Apple Time Machine is installed as well as using a programme such as Carbon Copy to do remote backups of valuable files such as photos and documents on a regular basis to remote drives. These can be setup to run automatically in the background.

For Windows users this is not so simple. There are a range of different solutions from different suppliers. One that seems pretty good is from Acronis. They do both automatic updates to local remote drives and also the cloud.

Speaking of cloud, we are now primarily using Google Drive along with the full suite of Google apps for work applications. This means that all files are being kept in the cloud and are not touchable with programmes like CryptoLocker. We are currently retiring our laptops and replacing with them with Chromebooks. The only thing needed is an internet connection via wi-fi and you have everything available.

Finally, as for email, using a hosted cloud service such as Apple iCloud or Google Gmail is the only way to go as you can easily re-download your email to any device whether it be Windows, Apple or Linux. I use both for different email addresses but my first choice is now Gmail and particularly Gmail for business so you can set up your own domain name for your email address.

Graham Hand is Editor of Cuffelinks. This article is a general warning and does not consider the personal circumstances of any readers, nor is it intended as a definitive solution to protecting data and files.

back-up, cloud storage, computer files, computer virus, email scams, fraud, hackers, ransomware

15 Comments

David
July 31, 2015

Graham, I am curious to understand why it was so difficult for you to restore from Dropbox?

All the expert advice seeems to suggest using cloud based backups (which Dropbox is), yet in your case it was so difficult to recover from Dropbox it was easier to restore in a very manual and piecemeal manner from multiple other sources?

Graham Hand
August 01, 2015

Hi David, there are a few parts to my answer. I was surprised the Dropbox files were also encrypted, not only those on my own computer. When I exchanged emails with Dropbox, they asked me to nominate the date of the virus attack, and they could provide a restored copy up to that point. Which I did, but the restored version did not appear in my Dropbox. I tried a couple of times more, and not being the most patient or tech-savvy person in the world, I simply gave up and restored from other places. As I say in the article, I don't blame Dropbox and I also expect anyone who knows more about it would have found a back up. I decided what I really needed and moved on. In fact, I first 'nuked' my entire machine, removing everything before restoring the programmes and files. It was a surprisingly cleansing experience to start again with a fresh computer. Cheers, Graham

Sam
July 29, 2015

One of our staff opened up an email purporting to be from the Road Authority regarding a fine. The same email was blocked on my machine by BitDefender, though it was not running on the infected machine - it was running Windows defender.

I removed the machine from the network and found that only the local desktop files were encrypted. Everything else was on Dropbox, unscathed. As a (probably overkill) solution I removed the hard drive from the machine and have had it shredded, and installed a new machine with BitDefender.

I have since added a NAS (Network attached storage) device to the network, and all files are copied to that. For backup I have added another NAS to the network, that no one can map a drive to, and it is solely used to backup the first NAS. It backs up every night, every file, a little like time machine for those that are familiar with Apple.

This overcomes the problem with a usually competent and astute user of a PC getting infected by a well timed scam in that moment when for whatever the reason the user opens the email or link.

It took a little bit of setup time, though the NAS systems are available off the shelf, and all your data does not have to end up in Google or Dropbox. Your own private cloud if you like.

Ian Burgess
July 27, 2015

Everyone should consider subscribing to the free service provided by the Australian Government Dept of Communications.

www.communications.gov.au/what-we-do/internet/stay-smart-online

Select just the topics that seem relevant to get timely warnings.
Yes, Cryptolocker was a recent one.

Hard Drives?
Yes they may fail, but having two and only connect them alternately at backup time (so they are not attacked) and you should be safe.

john
July 27, 2015

Yes, I have received emails purported to be from such as AMEX the day after face to face confidential discussions with ANZ. The emails were not from ANZ or AMEX acc to these companies and all they said was to ignore them. As I never receive these sorts of emails otherwise; it cannot put it down to coincidence; also this situation has occurred before. Something is happening between some of the banks and whoever creates these spurious emails that are trying to persuade actions by such as myself. ANZ basically ignored my requests to investigate!!

Graham Hand
July 26, 2015

Fake Telstra bills sent to thousands of their customers:

http://www.dailymail.co.uk/news/article-3174036/How-spot-fake-Telstra-bills-fool-Customers-country-hit-online-scam-cost-hundreds-dollars.html

Geoff Walker
July 24, 2015

In the instant before I click my mouse on any link, whether it be in an email or a webpage, the hovering of the cursor over the link brings up the "real" link in the status bar at the bottom of the email or webpage browser window. It's then very obvious whether or not the link is from whom it purports to be.

Make certain you have your status bar displayed! In Safari, the "show/hide status bar" toggle is in the View menu.

Paul Salmon
July 24, 2015

Acronis was my choice several years ago, until Acronis failed to restore backups. I've since changed to Cobian which does not need the program to be present to read the backup material.

Mark
July 23, 2015

great article-my friend runs his own biz and had it happen to him. So I have an external backup and use it - not as frequently as I should and have restore thing going.

Chris
July 23, 2015

Just read your article on the ransomware. Definitely got me thinking about my backup strategy. My photos would be the most important things!!

Peter Richards
July 23, 2015

I also had the joy of being infected with Cryptoblocker. I use Dropbox to back up all files and thankfully had all files reinstated by them without any problem. I have a business version so maybe that is why all files were there?. Still lost half a day as Dropbox is based in the US and also for the IT consultant to clean all traces of cryptoblocker from hard-drive.

Graeme
July 23, 2015

You've been robbed, blackmailed and told to use non-legal tender (surely no authority in their right mind would have approved Bitcoins). And because it's the internet no-one will be able to do a thing about it. And Telstra wonder why so many people still want their phone bill sent through the post!

Graeme
July 23, 2015

Breaking news.

Talk about timely information. Just now I have received a scam email supposedly from Austalia Post about them holding a package that could not be delivered to me, with a link to obtain more information. The grammar is so bad that I wouldn't have clicked anyway.

What is also interesting is that I am waiting arrival of an ebay ordered item from oversees. This is a rare event for me, so I'm sure it is related. Seems information is not that secure.

One thing I've found useful if I suspect a scam is to Google part of the message. Invariably something will come up, in this case a Courier Mail article.

Leslie Goldmann
July 23, 2015

It's fairly extraordinary, it does makes you wonder if they knew that you were sending lots of emails to Telstra or just lucky timing on their part. And now that it's happened again even more of a worry. I suspect pretty much nothing connected to the internet is actually safe to anyone really in the know - no matter what the supposed level of encryption.

Could be a good investment trend - internet security companies?!

Thanks again for the timely warning, sounds like paying a small monthly subscription to Dropbox may be very cheap insurance.

Leslie Goldmann
July 23, 2015

Thanks Graham for a cautionary tale I thought my files were safe with dropbox but sounds like I am not covered for this sort of thing. It really would be nightmare to lose all my data like that.

Most viewed in recent weeks

2024/25 super thresholds – key changes and implications

The ATO has released all the superannuation rates and thresholds that will apply from 1 July 2024. Here's what’s changing and what’s not, and some key considerations and opportunities in the lead up to 30 June and beyond.

Julie Steed
27 March 2024

The greatest investor you’ve never heard of

Jim Simons has achieved breathtaking returns of 62% p.a. over 33 years, a track record like no other, yet he remains little known to the public. Here’s how he’s done it, and the lessons that can be applied to our own investing.

James Gruber
13 March 2024

Five months on from cancer diagnosis

Life has radically shifted with my brain cancer, and I don’t know if it will ever be the same again. After decades of writing and a dozen years with Firstlinks, I still want to contribute, but exactly how and when I do that is unclear.

Graham Hand
3 April 2024

Is Australia ready for its population growth over the next decade?

Australia will have 3.7 million more people in a decade's time, though the growth won't be evenly distributed. Over 85s will see the fastest growth, while the number of younger people will barely rise.

Simon Kuestenmacher
10 April 2024

Welcome to Firstlinks Edition 552 with weekend update

Being rich is having a high-paying job and accumulating fancy houses and cars, while being wealthy is owning assets that provide passive income, as well as freedom and flexibility. Knowing the difference can reframe your life.

21 March 2024

Why LICs may be close to bottoming

Investor disgust, consolidation, de-listings, price discounts, activist investors entering - it’s what typically happens at business cycle troughs, and it’s happening to LICs now. That may present a potential opportunity.

James Gruber
27 March 2024

Latest Updates

20 US stocks to buy and hold forever

Recently, I compiled a list of ASX stocks that you could buy and hold forever. Here’s a follow-up list of US stocks that you could own indefinitely, including well-known names like Microsoft, as well as lesser-known gems.

James Gruber
17 April 2024
12

The public servants demanding $3m super tax exemption

The $3 million super tax will capture retired, and soon to retire, public servants and politicians who are members of defined benefit superannuation schemes. Lobbying efforts for exemptions to the tax are intensifying.

Dimitri Burshtein
17 April 2024
70

Property

Baby Boomer housing needs

Baby boomers will account for a third of population growth between 2024 and 2029, making this generation the biggest age-related growth sector over this period. They will shape the housing market with their unique preferences.

Michael Matusik
17 April 2024
21

SMSF strategies

Meg on SMSFs: When the first member of a couple dies

The surviving spouse has a lot to think about when a member of an SMSF dies. While it pays to understand the options quickly, often they’re best served by moving a little more slowly before making final decisions.

Meg Heffron
17 April 2024
18

Small caps are compelling but not for the reasons you might think...

Your author prematurely advocated investing in small caps almost 12 months ago. Since then, the investment landscape has changed, and there are even more reasons to believe small caps are likely to outperform going forward.

Roger Montgomery
17 April 2024
2

Taxation

The mixed fortunes of tax reform in Australia, part 2

Since Federation, reforms to our tax system have proven difficult. Yet they're too important to leave in the too-hard basket, and here's a look at the key ingredients that make a tax reform exercise work, or not.

Paul Tilley
17 April 2024
2

Investment strategies

8 ways that AI will impact how we invest

AI is affecting ever expanding fields of human activity, and the way we invest is no exception. Here's how investors, advisors and investment managers can better prepare to manage the opportunities and risks that come with AI.

Dr. David Walsh
17 April 2024
1

Alliances

Site Map

About Firstlinks

Disclaimer
The data, research and opinions provided here are for information purposes; are not an offer to buy or sell a security; and are not warranted to be correct, complete or accurate. Morningstar, its affiliates, and third-party content providers are not responsible for any investment decisions, damages or losses resulting from, or related to, the data and analyses or their use. To the extent any content is general advice, it has been prepared for clients of Morningstar Australasia Pty Ltd (ABN: 95 090 665 544, AFSL: 240892), without reference to your financial objectives, situation or needs. For more information refer to our Financial Services Guide. You should consider the advice in light of these matters and if applicable, the relevant Product Disclosure Statement before making any decision to invest. Past performance does not necessarily indicate a financial product’s future performance. To obtain advice tailored to your situation, contact a professional financial adviser. Articles are current as at date of publication.
This website contains information and opinions provided by third parties. Inclusion of this information does not necessarily represent Morningstar’s positions, strategies or opinions and should not be considered an endorsement by Morningstar.