Copyright © 2016
So the big news for May of 2017 in the computer world so far has to be the Wannacry worm/ransomware. I will be surprised if we see something more dramatic than this, at least in the security realm. To start with what is Wannacry? Well Wannacry and it's variants are code that is called ransomware. This is a program that gets into your computer, encrypts all your files, and then flashes a message on the screen for you to give money through something like Bitcoin to get the unlock code to decrypt the files. Surprisingly the people that do these hacks almost always will send you the decrypt code once you pay. It is in their best interest to have good customer service for this. Then you put the code in and you get your files back. Often the cost is small, between $100 and $500 are very typical costs. They want it easy enough and cheap enough that you are very willing to pay. In the case of Wannacry it looks like it was also attached to a worm, which is code that can jump between computers too (at least in some variants).
The thing with ransomware is it is not discovered by antivirus or anti-malware programs. This is why it can so often get into people's systems. And once it encrypts your files you are pretty well done for if you had not taken precautions ahead of time. The thing is that if you are impacted by ransomware that means you are not doing what you should to protect yourself from a number of other potential issues either. I have worked in computers now for over 30 years. Yeah I started in the dark ages. I remember playing text based computer games. And I also played the very first FPS game when it first came out. But I digress. So over the years I have seen people repeatedly lose precious data simply because they did not back it up. I have seen companies lose thousands of dollars when systems went down because of a lack of simple protections. And every time they wish after the fact they would have had the backups and such. So what do you do to protect your system?
Back up all your data!!!
The first and most important thing is to back up all your data. The easiest way to do this is to get a couple of external hard drives (yes I said a couple) that are at least 1.5 times the size of your computer hard drive. Then you backup to a drive. Then you take the first drive to trusted friends or family members house. Or you can put it in a safe deposit box. Next you back up to the second drive. Then you swap the drives on a weekly basis. That way you have one drive that is not even at the house in case something like a fire happens. This also protects you from ransomware because it might encrypt the drive connected to your computer. But it cannot get to the other computer. Any drive on your computer that is showing up with a drive letter is susceptible to encryption by ransomware. You also want a drive that is not plugged into electricity in case of a lightning strike on your house. I know a person that had their external drives and computer all toasted from a strike. Sure they used a surge protector. And yes the surge protector company paid for all new equipment. But the company could not get their data back.
Another option is to back up to the cloud. There are a number of good services. They include companies like BackBlaze, Acronis True Image, and Carbonite. My favorite is Crashplan. There are a number of reasons I like them. They are one of the more cost effective ones. They also work across multiple operating systems. And other good one is that you can get a login and install the software then you can connect a hard drive to the computer of a family or friend and then load Crashplan on there also. Then you can backup across the Internet to that hard drive and not have to shuttle hard drives. And it is totally free to do that. And yes it is completely encrypted. There are some other nice features to paying for the online cloud system from Crashplan, like being able to get to your files from anywhere by logging into your account on Crashplan. Go to their site for more information. If you decide you want to use one of the others then they are also rock solid options. You can google "cloud backup service" to get a listing of all the current offerings. Since the drive is not a mapped drive the ransomware cannot encrypt it. You could even use a cheap computer in your house as your backup server with Crashplan and back up all your computers to that. You don't have offsite backup. But it is way better than what most people have.
Oh, if you are running a Mac then you have a wonderful tool called Timemachine! Use that with the external drives and you have an amazing backup solution. No there is nothing like it on Windows or Linux that I have ever found. Restoring a Mac from Timemachine is so easy. And you can restore older versions of files too. But incremental file backups is outside the scope of this article.
Make a disk image
So with Windows if you lose your primary hard drive it is a pain to get back to a usable system, even with data backups. You need to install Windows, then all your security patches, then all your drivers, then all your applications, and then configure things like your Wifi and printers. Then you restore your data and you are back to golden. But this can take days. BTW it is way easier on a Mac. And Linux is somewhere in-between. There is a good solution for this though. It is called disk imaging. So here is what you do. You get another external hard drive. You plug it into your system after you get your applications and such on it. Then you use software like Acronis True Image, Ghost, Clonezilla, etc. I have used several, and most of them are very easy. And this is not a software review. Sorry, your on your own to pick one. Anyway, if your hard drive crashes, or is totally encrypted, all you need to do is to (be a little careful here if it is ransomware so you don't muck up the other drive) boot to the drive imaging software, attach the hard drive with the hard drive disk image, and start the process. After a short time (this varies depending on the size of the drive) you will be able to reboot the computer and it will look exactly how it did when you made the disk image.
Once you get the computer back up and running you simply restore your data from the backups (data is that stuff you make separate from applications and such - like photos and documents). Now you are back up and running and happy. The key here is that each time you install new drivers, or new applications you want to make a new image. And periodically you will redo your image also since security patches and updates come down once or twice a month. Oh, and keep the hard drive with the disk image off site when you are not using it. The safe deposit box is a good one for this too. That $35 a year to the bank is starting to sound better now eh?
patch, patch, patch
The final word of advice is to make sure your computer is getting regular patches. Usually the computer will automatically download patches in the middle of the night. If you usually turn the computer off you might want to pick one night a week to leave it on overnight. Make sure that it is also set up to automatically bring down patches. The other thing you can do is simply manually request updates. But we will almost always start to forget. Then bam you are infected. Oh, and patching also includes regularly upgrading to the newest versions of the OS. Wannacry is primarily affecting those still running Windows XP which has been out of support for over 2 years now. And it is 4 major versions of Windows back. Seriously, it is time to upgrade, and has been for several years now. Yeah you will need to learn the quirks of Windows 10. But it is better than running insecure software. So many issues are caused by running old operating systems and computers that have not been patched.
Often servers are in a server room that is not convenient to get to. If you use PowerShell to administer your network and want to use PowerShell from your workstation to administer Active Directory (AD) then you need to install the Remote Administration tools on your workstation. The procedure is fairly straight forward.
With Windows 7 or Windows 8 you need to download the Remote Server Administration Toolkit. Then for Windows 7 and Windows 10 you go to Control Panel to turn on that Windows feature. With Windows 8 installing the RSAT kit you also turn on the services automatically. Then you simply have to import the AD module in your PowerShell session and you have access to all the AD cmdlets, and the PSProvider for AD.
I am truly a geeks geek. I have worked in computers for over three decades. I have worked on mainframes, Unix systems, Linux before almost anyone knew what it was, and many other systems. I love computers, and love making them do things people think is impossible.