Posted on

11 of the most famous ransomware examples

Ransomware hacker

Ransomware attacks are at an all-time high – and show no sign of letting up. According to the 2023 Ransomware Market Report, this type of cyberattack is expected to cost victims around $265 billion annually by 2031 – a sobering statistic that illustrates just how much of a problem this kind of malicious software is for the global economy.

It’s not just the financial impact of ransomware that can leave companies reeling. Suffering a security breach of any size can severely impact the reputation of the organisation in question, not to mention create unexpected downtime that can put a profit-damaging pause on their daily operations. And if details of the case get leaked into the public domain, it could take years, if not decades, for the affected business to gain back the trust of its customers and peers.

It’s difficult to quantify the effects of large-scale ransomware attacks. Further on in this article, we’ve ranked the top 11 biggest ransomware attacks of all time based on the financial hit these firms suffered and the devastating consequences they had to face during the clean-up phase. These examples are listed in no particular order – in many ways, they’re equally as shocking and as fascinating as each other!

First, though, let’s put ransomware into context by discussing how it can be rolled out into your devices or networks to begin with, and what you should do if you suspect your system is under attack.   

What is ransomware, and how does it work?

Ransomware is a type of malicious software (aka malware) that encrypts a victim’s data or locks them out of their system, rendering their files – or in some cases their entire network – totally inaccessible.

Once it has made its way inside a system, ransomware often spreads across the network, encrypting data on multiple devices. This encryption is typically very strong, making it nearly impossible to decrypt the files without the attacker’s private key.

Once the system has been fully encrypted, the ransomware displays a message demanding payment to decrypt the files. This message often includes a deadline for payment and threatens to permanently delete the data or increase the ransom if payment isn’t made within the specified time.

If the victim pays the ransom (though this is not recommended, for reasons we’ll discuss later), they might receive a decryption key. However, there’s no guarantee that the attacker will provide the key, or that it will work as promised.

Typically, the ransom is requested in cryptocurrency, which makes the transaction harder to trace and the perpetrator more difficult to track down. And in some cases, there’s no resolution. The attacker doesn’t always follow through on their promise to restore the system once they have been compensated, leaving the business or individual out of pocket and still unable to access their personal or sensitive data.

How can ransomware be used to infect a system?

Though there are many routes that cybercriminals can take to executing a successful attack, ransomware is generally deployed through:

Phishing emails

Many people are accustomed to opening emails and attachments without verifying their authenticity first, which means attackers can easily deliver ransomware by sending a message with malicious files included or a link to an app that will download the malware onto the recipient’s device.

The emails will appear to be from a legitimate source, but if you look a little closer, there will usually be some subtle errors that will give the game away. Unfortunately, many of us haven’t got time to scrutinize every last letter, leaving cybercriminals to routinely take advantage of just how busy we are.

Malicious downloads

Ransomware can be embedded in software, applications, or files that are available on the internet. When users download and install these programs or files, the ransomware is also installed on their systems.

It’s an effective means of getting people to unknowingly infect their devices, because it’s easy to accidentally download software from unofficial sources or click on advertisements that lead to malicious sites.

Vulnerabilities in outdated software

Many individuals and organizations delay or neglect updating software, leaving known vulnerabilities open for exploitation. Not having the latest patches and updates installed could cost them access to their entire network.

Remote Desktop Protocol (RDP)

Sadly, RDP has become a well-known ransomware gateway. Attackers can impersonate colleagues or IT support workers before being given the opportunity to implant the ransomware directly onto company computers.

What happens next?

Once they’ve realized they have been targeted with a ransomware attack, victims usually have the following options:

Disconnect the computer from the network

Isolating the device will stop the ransomware from scanning the network for vulnerabilities and infiltrating the wider system. Don’t reboot your computer, as this could delete any copies of the malware’s encryption keys that have been stored in the memory. If a machine only ends up being partially encrypted – because, for example, the process has been blocked by something like a permission issue – the last thing you want to do is restart it and get it to finish the job!

Pay the ransom

Though it might be tempting to fix the situation quickly with a lump sum payment, cybersecurity experts and law enforcement agencies agree that you should avoid paying the ransom request at all costs.

First of all, as we’ve already mentioned, there’s no guarantee that your attackers will provide the decryption key; they could simply take your money and move on. By paying up, you’re giving these cybercriminals the funds they need to continue and expand upon their operations, so from a moral standpoint, you’re feeding the problem. You’re also establishing yourself as a ‘good’ payer, so you’re more likely to be targeted again in the future.

Remove the malware

A great idea in principle – but something that can be difficult to execute. Some websites do offer decryption tools for certain strains of ransomware, and sometimes it’s possible to use a reputable anti-malware or antivirus software to scan and remove the offending file or code. In other cases, you will need to manually delete malicious files or entries from the registry, but this can be complex and risky.

What are the top 11 ransomware attacks of all time?

In no particular order, the team here at SUPERAntiSpyware rates the below ransomware attacks as the most devastating of all time:

  • NotPetya (2017 – Financial Loss: approx. $10 billion)
  • WannaCry (2017 – Financial Loss: approx. $4 billion)
  • GandCrab (2018 – Financial Loss: approx. $2 billion)
  • Locky (2016 – Financial Loss: approx. $1 billion)
  • Costa Rican Government (2022 – Financial Loss: approx. $30 million/day)
  • Ryuk (2018 – Financial Loss: approx. $150 million)
  • REvil/Sodinokibi (2019 – Financial Loss: approx. $70 million)
  • SamSam (2016 – Financial Loss: approx. $6 million)
  • Colonial Pipeline (2021 – Financial Loss: approx. $4.4 million)
  • CryptoLocker (2013 – Financial Loss: approx. $3 million)
  • AIDS Trojan (1989 – Financial Loss: approx. $189-$378 per victim)

Let’s dive into each of them in more detail.

AIDS Trojan

Year: 1989

Type: Encryption ransomware (floppy disk delivery)

Attacker: Dr Joseph Popp

Target: Attendees of the World Health Organization’s AIDS conference

Losses: $189-$378 ransom per victim; limited economic impact

Current Status: Historic, not active

Otherwise known as the PC Cyborg, the AIDS Trojan was the first recorded ransomware attack.

Back in the late 80s, it wouldn’t have been possible to spread malware codes via the internet – so the perpetrators used floppy disks to target the subscriber list of a World Health Organization AIDS conference instead. By accessing the floppy disk, victims were unknowingly releasing malware onto their computers.

The ransom itself wasn’t a significant sum; the attacker only asked for between $189 and $378 to release the encrypted files. But the case proved what was possible and likely inspired many would-be cybercriminals to try their luck.

CryptoLocker

Year: 2013-2014

Type: Encryption ransomware

Attacker: Evgeniy Mikhailovich Bogachev

Target: Various Windows users

Losses: Approximately $3 million in ransom payments

Current Status: Neutralized in May 2014 (Operation Tovar)

An excellent example of ransomware that works Trojan-style via malicious email attachments, CryptoLocker code affected hundreds of thousands of Windows customers when it was first released in September 2013.

Once the infected document or ZIP file had been opened, CryptoLocker installed itself on the user’s computer – and quickly searched for any connected network drives for a wide range of file types (documents, images, etc.). It then encrypted these files using strong RSA and AES encryption algorithms.

CryptoLocker displayed a ransom note on the victim’s screen demanding payment in Bitcoin or other forms of cryptocurrency in exchange for the private decryption key, which was stored on a remote server controlled by the attackers. The ransom amount was typically between $100 and $300 (though it varied), and victims were given a limited amount of time – usually 72 hours – to pay.

In June 2014, an international law enforcement operation known as “Operation Tovar” targeted the Gameover ZeuS botnet, which was responsible for spreading CryptoLocker. The operation successfully took down the infrastructure behind both the botnet and CryptoLocker. As a result of the takedown, CryptoLocker’s servers were seized, making it impossible for the ransomware to communicate with its control servers and neutralizing the threat.

Colonial Pipeline

Year: 2021

Type: DarkSide RaaS (Ransomware as a Service)

Attacker: DarkSide

Target: Colonial Pipeline (US fuel pipeline)

Losses: $4.4 million paid, $2.3 million recovered

Current Status: DarkSide infrastructure reportedly shut down

Large ransomware attacks don’t just affect companies – they can impact the lives of everyday Americans.

The Colonial Pipeline ransomware attack was a high-profile cybersecurity incident that took place in May 2021. It targeted Colonial Pipeline, one of the largest fuel pipeline operators in the United States, which supplies nearly half of the East Coast’s fuel, including gasoline, diesel, jet fuel, and heating oil. The attack had wide-reaching consequences, impacting fuel supply and prices across several states.

How was this allowed to happen? Well, investigators eventually determined that attackers gained access to Colonial Pipeline’s IT systems through a compromised password. It was later revealed that this password was linked to an inactive VPN account that did not use multi-factor authentication (MFA), making it easier for the attackers to infiltrate the system.

Once inside the network, the DarkSide group deployed ransomware that encrypted Colonial Pipeline’s data, rendering it inaccessible to the company. The ransomware affected the company’s business networks, not the operational technology (OT) systems directly responsible for pipeline operations – but the firm decided to shut down its entire pipeline system, putting a stop to fuel distribution along the East Coast and causing chaos at gas stations in the region.

Against standard advice, Colonial Pipeline decided to pay the ransom of $4.4 million to the malware’s creators, DarkSide, to regain access to their systems and restore operations.

SamSam

Year: 2016-2018

Type: Manual deployment

Attacker: BOSS SPIDER Group

Target: Over 200 victims, including municipalities and hospitals

Losses: Over $6 million in ransom payments

Current Status: Historic, not active

Unlike typical ransomware that spreads through phishing emails or malicious downloads, SamSam attacks were carefully planned. The attackers typically gained initial access to their targeted networks by exploiting vulnerabilities in remote desktop protocol (RDP) services or Java-based web servers, or by stealing credentials. Once inside the network, the attackers manually moved laterally across the systems, identifying key servers and systems to target.

The ransomware encrypted important files and databases. The attackers often timed the deployment during off-hours to avoid immediate detection and ensure widespread encryption before the organization could respond.

The ransom amount varied, but it was typically in the range of tens of thousands of dollars, with some demands reaching hundreds of thousands (payable in Bitcoin). Cheekily, the attackers often offered a discount for quick payment or additional fees if the payment was delayed.

SamSam was responsible for the notorious 2018 ransomware attack on the City of Atlanta, which crippled several city services, including the court system, law enforcement, and public records. The attackers demanded a ransom of approximately $51,000 in Bitcoin. The city refused to pay, resulting in significant recovery costs that have been estimated to exceed $2.6 million.

REvil/Sodinokibi

Year: 2019 – 2021

Type: RaaS (Ransomware as a Service)

Attacker: REvil Group

Target: Various, including Kaseya, JBS

Losses: Demanded $70 million for universal decryption

Current Status: Group’s infrastructure disrupted in 2021

This ransomware caused big problems for organizations in the finance, healthcare, legal, IT, and critical infrastructure sectors, among others.

Interestingly, REvil operated as a RaaS, meaning that the creators of the ransomware provided the software to “affiliates” who would carry out the attacks. The affiliates would receive a share of the ransom payments, typically around 60-70%, while the remaining percentage would go to the REvil developers. This model enabled REvil to scale rapidly.

And, as well as deploying encryption, REvil became known for exfiltrating data before encryption. This gave them additional leverage, as they could threaten to publicly leak the stolen data if the ransom was not paid. In fact, REvil helped to set the trend for combining data encryption with data theft.

REvil caused widespread destruction across many industries and was responsible for shutdowns and significant loss of revenue for companies such as Travelex, JBS Foods, Kaseya VSA, and the New York based law firm Grubman Shire Meiselas & Sacks. Bitcoin/Monero payment demands were huge, reaching as high as $70 million.

Ryuk

Year: 2018-present

Type: Encryption ransomware

Attacker: WIZARD SPIDER Group

Target: Various, mostly large organizations

Losses: Estimated over $150 million

Current Status: Still active

Like REvil and SamSam, Ryuk affected – and continues to affect – larger organizations and government departments.

Ruk attacks often start with a phishing email or an infection through other malware, such as TrickBot or Emotet, which establish a foothold in the network. Once inside the system, attackers move across the network to gain access to more data, often compromising administrative accounts to maximize the damage. Ryuk then encrypts files on the compromised systems with their famous “.ryk” extension .

Ryuk targets a wide range of file types, including databases, backups, and documents critical to business operations. Then, as is standard practice, a ransom note is left on the affected systems, demanding payment in Bitcoin.

Several US cities, including Baltimore and New Orleans, have been targeted by Ryuk, causing significant disruptions to city services. This ransomware – which is thought to be operated by a group called Wizard Spider – has been particularly damaging to healthcare institutions, where the encryption of patient records and other vital systems can have life-threatening consequences.

Costa Rican Government

Year: 2022

Type: Encryption ransomware

Attacker: Conti gang

Target: Costa Rican government institutions

Losses: Estimated $30 million/day

Current Status: Group’s infrastructure disrupted

Several years ago, the Russia-based Conti ransomware group launched a coordinated attack on the Costa Rican government, bringing its operations across its Ministry of Finance and its Ministry of Labor and Social Security to a halt.

Critical tax collection, customs processing and payment services were inaccessible, so officials were desperate to resolve the situation. Conti initially demanded a $10 million ransom, which was later increased to $20 million as the group intensified its threats. They also began leaking sensitive data from the compromised systems when the ransom was not paid.

In response to the scale and impact of the attack, Costa Rican President Carlos Alvarado declared a national emergency on May 8, 2022. Other countries took note, aware for perhaps the first time of the scale of destruction ransomware can leave in its wake.

Locky

Year: 2016-2018

Type: Encryption ransomware (phishing emails)

Attacker: Possibly Dridex hackers (Evil Corp or TA505)

Target: Various, predominantly healthcare providers

Losses: Estimated $1 billion

Current Status: Historic, not active

Locky ransomware first came onto the scene in February 2016. It was initially distributed through large-scale phishing email campaigns, with these emails containing malicious attachments that were disguised as invoices or other seemingly ‘official’ documents. When opened, the attachment would execute a macro that downloaded and installed the Locky ransomware on the victim’s system, and from there, the malware would begin encrypting all kinds of file types with its trademark ‘.locky’ extension.

Locky quickly became one of the most widespread ransomware threats, affecting individuals, businesses, and organizations around the world. It caused significant disruptions to businesses but also notably the healthcare sector.

Over time, several variants of Locky were released, each with different encryption methods or file extensions, making detecting and defending against the ransomware more challenging. However, it has since faded from use, having been replaced by more sophisticated strains.

GandCrab

Year: 2018-2019

Type: RaaS (Ransomware as a Service)

Attacker: PINCHY SPIDER Group

Target: Various, including businesses and individuals

Losses: Estimated $2 billion extorted

Current Status: Group claimed to have retired in 2019

Emerging in 2018, GandCrab ransomware was one of the most prolific types of ransomware before it eventually entered retirement just over a year later in 2019.

Like REvil, GandCrab was offered as a Ransomware-as-a-Service (RaaS) on darknet forums, meaning that the developers of GandCrab allowed other cybercriminals to distribute the ransomware in exchange for a share of the ransom payments.

As well as being distributed via – you guessed it! – phishing emails, GandCrab was distributed via exploit kits such as RIG and GrandSoft, which would infect vulnerable systems when users visited compromised or malicious websites. GandCrab operators also exploited weak or exposed RDP connections to gain access to networks and deploy the ransomware. From smaller outfits to larger enterprises, GandCrab didn’t discriminate when it came to the kinds of businesses it targeted.

Experts estimate that GandCrab operators earned over $2 billion in ransom payments over its operational period, making it one of the most profitable ransomware families in history.

WannaCry

Year: 2017

Type: Encryption ransomware (cryptoworm)

Attacker: Believed to be the Lazarus Group (linked to North Korea)

Target: Global (various organizations including the UK’s NHS)

Losses: Estimated $4 billion

Current Status: Attack mitigated with patches, but remnants may still exist

Previous ransomware is good at infecting devices one by one. WannaCry, on the other hand, is what’s known as a cryptoworm: it spreads primarily through networks.

WannaCry was a global campaign that targeted computers running the Microsoft Windows operating system, specifically those that hadn’t yet been updated with Microsoft’s latest security patches and were still vulnerable to a flaw in the Server Message Block (SMB) protocol known as EternalBlue. It’s thought to originate from a state-sponsored hacking group in North Korea.

WannaCry’s ransom note, which was handily displayed in multiple languages, gave victims a deadline of a few days to pay, after which the ransom would double. If the ransom was not paid within a week, the files would be permanently lost.

After infecting more than 230,000 computers in 150 countries and impacting huge organizations such as FedEx, Telefonica, Renault and the UK’s National Health Service, WannaCry’s rapid takeover was eventually slowed by a cybersecurity researcher who discovered a kill switch within the code. This wasn’t before WannaCry had caused billions of dollars’ worth of losses for its victims, along with, of course, mass loss of productivity and service.

NotPetya

Year: 2017

Type: Wiper disguised as ransomware

Attacker: Believed to be Russian-sponsored threat attackers

Target: Global, significant impact on Maersk and Merck

Losses: Estimated $10 billion

Current Status: Historic, not active

NotPetya has made the list because was one of the most far-reaching attacks of its nature in recent history. But what makes it different from the rest is that it was essentially a wiper, ie a type of malware that’s not only designed to encrypt data, but delete it.  

NotPetya also exploited the EternalBlue vulnerability and worked to encrypt the master boot record (MBR) to cause critical damage to its affected systems and render data completely unrecoverable. It also used tools like Mimikatz to harvest credentials.

Although Ukraine was the primary target, because WannaCry originally spread due to a compromised update to the Ukrainian accounting platform MeDoc, the attack quickly spread to other countries and affected multinational corporations. Major companies hit included Maersk, Merck, FedEx’s TNT Express, and WPP, among others. There’s evidence to suggest that WannaCry was a politically motivated campaign run by hackers that were linked to Russia’s military intelligence agency.

WannaCry proved just how vulnerable critical infrastructure and global supply chains can be to complex and widespread cyber threats. It led many organizations to reassess and strengthen their cybersecurity measures.

As you can see from these ransomware examples, ransomware can strike at any time, and impact any business. New strains and types are emerging all the time, which is why it’s so crucial to make sure your computers and networks are protected against past and current threats.

SUPERAntiSpyware works around the clock to block ransomware attacks and keep your PCs free from malicious software. See how our Professional X Edition can mitigate risk in this area and form the foundations of your cybersecurity strategy. 

Posted on

What is a digital footprint?

Digital footprints

Did you know that every interaction you have online can shape the way you’re perceived on the web?

You’ve likely spent years creating your online identity, without even knowing it.

While it’s important for most of us to have a digital presence, our digital footprint can reveal a lot about our lives – and in some cases, perhaps a little too much.

Here, we discuss the different types of digital footprints, why they are important, and how to check and protect your online reputation to make sure you’re giving off the best impression and keeping your private information out of the public domain.

Defining a digital footprint           

What do we mean when we use the term ‘digital footprint’?

Essentially, your digital footprint refers to the trail of data that you create while using the internet.

It includes all the information you leave behind – either intentionally or unintentionally, actively or passively – every time you engage with websites and apps. Much of this data is gleaned from public social media profiles; if you’re active on sites like Facebook, Instagram, TikTok and LinkedIn, and your account isn’t set to private, all your activity will be easily discoverable by anyone who is interested in finding it.

As you can imagine, your digital footprint can reveal a lot about your habits, preferences, location, and relationships. Leaving this information out to public scrutiny isn’t always a bad thing in itself – but unfortunately it can be used by companies for targeted advertising and even used to facilitate privacy breaches. So, it’s a good idea to be conscious of what you’re putting out there, how your digital footprint can affect how you’re being perceived and the experience you’re receiving online, and how it might be used against you.

What are the different types of digital footprints?         

There are four types of digital footprints that the average web user needs to be aware of:

Active digital footprints

Your active digital footprint consists of all the data you intentionally share online. This information is both visible and traceable, but you can control how you engage with online communities and decide to only share what you’re comfortable with.

A typical active digital footprint might include:

  • Posts, likes, comments and shares on social media
  • Comments on forums, blog posts, news articles and YouTube videos
  • Emails, including attachments and signatures, specifically if you’re using web-based email services like Gmail, Yahoo or Outlook
  • Information submitted via online forms
  • Information you’ve shared on your own website or within your own digital portfolio, which likely includes your direct contact details
  • Reviews you’ve left on platforms like Amazon, TripAdvisor, and Google Reviews
  • Information you’ve provided when signing up for online accounts with, for example, Netflix or Spotify
  • Information you’ve submitted in online surveys and quizzes
  • Contributions you’ve made to collaborative websites like Wikipedia, GitHub, or Udemy
  • Content you’ve sent through instant messaging apps, including WhatsApp and Telegram
  • Questions and responses you’ve posted on boards in communities like Reddit or Quora
  • Files you’ve uploaded to cloud services like Dropbox, iCloud or Google Drive
  • Petitions you’ve signed
  • Cookies that you’ve agreed to install on your devices

Passive digital footprints           

The data generated by your passive digital footprint is often a byproduct of the things you’ve been doing online. This information is not created mindfully, but nonetheless, it’s used by service providers and marketers to analyse your behavior and serve you targeted ads. It often consists of things like:

  • Your browsing history, including the websites you’ve visited, the pages you’ve viewed, how you’ve interacted with them, and how long you’ve stayed on each page (usually collected through cookies, tracking scripts, and tracking pixels)
  • Your IP address, which is logged by websites, servers and online services every time you connect to the web
  • Your search engine queries
  • Your app usage data
  • Your location data
  • Your shopping cart data
  • Information about your device, including its model, operating system, browser type, screen resolution, and MAC address or IMEI number
  • Information about the Bluetooth and Wi-Fi networks you have connected to
  • Logs of your online activity, including login/logout times and errors
  • Timestamps and geotags from social media websites
  • Email tracking data
  • Streaming data

Anonymous digital footprints

These footprints consist of actions that aren’t directly tied to your personal identity, but still contribute to your online profile. Even when you’re visiting a website in incognito mode or using a pseudonym, your activity is never truly private – metadata can still be collected and linked to your activity pattern.

Examples of the data points often found in anonymous online footprints are:

  • Your IP address (without any personal information, if you’ve requested that the data remains anonymous in your settings)
  • Data on your browser type, operating system etc that’s been collected by the websites you’ve visited
  • Cookie data
  • User experience data, such as your page engagement and navigation behaviors
  • Ad tracking and targeting data
  • Incognito browsing histories
  • So-called ‘anonymous’ search queries
  • Anonymous feedback and surveys
  • Anonymous social media interactions
  • Activity carried out on the Tor network, which is typically anonymized by being routed through multiple servers
  • Interactions with blockchain networks
  • VPN usage

Pseudonymous digital footprints     

These are digital traces linked to an alias rather than a real identity. For instance, if you’re a blogger, you might decide to write under a pen name. By doing so, you’ll be creating a pseudonymous footprint.

While this approach can offer some privacy, sophisticated tracking techniques can sometimes link pseudonyms to real people, particularly when combined with other data points. The bottom line is, you might think you’re beating the system, but you’ll never be truly anonymous!

Some examples of pseudonymous data points include:

  • Aliases and usernames
  • Email addresses without your real name
  • Anonymous posts on forums
  • Pseudonymous names or handles on social media
  • Pseudonymous ecommerce accounts (with the likes of eBay and Etsy)
  • Online gaming profile tags
  • Cryptocurrency wallets
  • Contributions to open-source projects
  • Contributions to crowdfunding projects

Why is your digital footprint important?

As we mentioned earlier, your digital footprint reveals a lot about you. It’s a reflection of your entire journey online – and it’s out there for anyone to see, meaning that, unfortunately, it can be exploited.

It’s permanent

The information your digital footprint holds will help other people shape a view on who you are, how you behave, and what you value. Old media from decades ago can be found, analysed, potentially misinterpreted, and used to create a profile of you that might not be entirely accurate. Even content that you thought was long deleted can often resurface, which is why it’s so essential to be careful about what you share on the web.

It can help determine your reputation – both online and offline

If you once expressed a controversial opinion on Facebook, made an inappropriate joke to a friend on Twitter, or berated somebody in a forum, these seemingly off-the-cuff comments can still be unearthed, affecting your credibility. You might have evolved since then, but your character can still be tarnished by what went on before.

It helps employers and officials with their vetting processes

Statistics show that more than three quarters of employers google their prospective hires during recruitment drives, so whatever you are associated with online could have a bearing on the opportunities you’re offered. Plus, colleges, universities, security companies, police departments and even government representatives may be inclined to examine your digital footprint to better understand your public profile.

You might be wondering how employers and officials can access and analyze your digital footprint without spending days trawling through your data. Well, the truth is, there are lots of background checking tools available, including:

Maigret, an open-source intelligence (OSINT) platformwhich helps companies find accounts and websites that are associated with a particular username.

MOSINT, another OSINT tool that gathers information associated with a specific email address.

Nexfil, which enables employers to find profiles allocated to particular usernames.

It might threaten your personal safety

Companies and cybercriminals can use the data in your digital footprint to learn more about you and use this information for their own gain.

Perhaps they’ll simply use this data to serve up more relevant advertisements to you while you’re browsing – or maybe they’ll use your data to develop a convincing spear-phishing attack or release sensitive information about you without your consent (something which is known as doxing). Be aware that, if there’s lots of information about you in the digital ether, there’s a chance that somebody, somewhere will try to use it to their advantage. 

Digital footprint examples        

We’ve touched on a few examples – but let’s take a closer look at what actually makes up your digital footprint and delve into the kinds of data points that are going to leave a lasting impression online.

Social media

  • Logins from any device, including your mobile phone
  • Connecting with friends – for example, accepting a friend request on Facebook
  • The content you share with your friends and followers
  • Logging into third party websites using your social media account details
  • Joining a dating site or app

Online shopping data

  • Making online purchases
  • Creating an account with an online retailer
  • Signing up for coupons
  • Registering for newsletters from retailers
  • Browsing and making purchases via shopping apps

Online banking

  • Using a mobile or browser-based banking app
  • Submitting an application for a new credit card
  • Buying or selling stocks
  • Subscribing to financial content (blogs and online magazines)

Reading the news

  • Browsing articles on a news app
  • Subscribing to an online news outlet
  • Signing up for a newsletter
  • Reposting news articles on forums or social profiles

Health and fitness

  • Using fitness trackers
  • Using calorie counting or recipe apps
  • Using healthcare apps
  • Registering your contact information with a gym or sports center

There are a whole host of other elements that will be recorded when you’re actively using the internet. Your IP address will be noted, the browsers you’re using (and some of their settings) will be tracked, and there will be information available on every online form you complete.

How to check your digital footprint

Interested to see what your digital footprint looks like? There are several ways you can check in on your activity and get a better feel for your online reputation:

Search for your name on search engines

Open a search engine like Google, Bing, or DuckDuckGo, then enter your full name in quotation marks (e.g., “John Doe”) to search for exact matches. You should also try variations of your name – including nicknames, middle names, or any professional aliases you use – to see if these data points have been indexed, too.

Keep an eye out for personal information about yourself, any publicly accessible social media profiles that you’ve made, any mentions in news articles or publications, and links to online content you’ve created. You can also use reverse image search tools to see where your profile picture appears online.

Check aggregated websites

Visit websites that aggregate personal information, such as Whitepages, Spokeo, MyLife, or Pipl. Search for your name, email address, or phone number on these sites, and review the information that’s returned, which will likely include your contact details, addresses, social profiles, and any other public records.

These aggregator websites often have their own processes for removing or opting out of listings. Look for an opt-out link, which is usually found in the site’s privacy policy or help section. From there, follow the instructions to remove or hide your information from public view. This might involve submitting a request or verifying your identity.

Set up Google Alerts for your name

Go to Google Alerts. In the search box, enter your name in quotation marks (e.g., “John Doe”) to track exact matches. You can customize the alert by choosing how often you want to receive notifications, the sources you’re interested in (news, blogs, web), and the language and region. Finally, enter your email address to receive alerts and click “Create Alert.” You should start receiving round-up emails straightaway.

This will keep you across any new mentions that might have a damaging impact on your reputation. Reviewing your Google Alerts may also help you spot opportunities to correct any misinformation or thank authors for positive coverage of you.

Review your old social media activity

There’s no fast way to do this. You’ll need to log into each of your social media accounts individually and review your profile information, photos, posts and interactions to make sure there’s nothing housed on these sites that could be held against you (or give away too much information about you). Most of these platforms have search and/or activity log features that enable you to review all your past actions.

How to protect your digital footprint         

If all this talk of your online footprint is making you uncomfortable, don’t worry – there are plenty of things you can do to safeguard your digital reputation and protect your sensitive information.

Be mindful sharing of personal data online

The less you share, the harder it is for cybercriminals to analyse your digital footprint, and the better reputation you’ll have overall. Remove references to your personal phone number and email address and take a breath before posting anything that could be perceived in a negative light in the future; it might come back to haunt you.

Use strong, unique passwords and utilise a password manager

This should be common practice, but it’s easy to resort back to familiar passwords, most of which are easily compromised through hacking. To keep attackers at bay, use complex pass phrases that combine letters, numbers and symbols, and don’t be tempted to use easily guessed information like birthdays or names. Using a reputable password manager will help you generate and store passwords for each account.

Use two-factor authentication (2FA) where possible

Activate 2FA on your accounts to add an extra layer of security. This usually involves a secondary verification step, such as a code sent to your phone, in addition to your password.

Delete old accounts

Regularly audit your online accounts and close any that you no longer use. This will reduce the number of places where your data is stored, and in turn lower the risk of breaches.

Regularly review social media privacy settings

Take back as much control over your social visibility as you can! Check to make sure your profiles and their contents are not visible to the public and learn how to maximise the privacy settings on each site. 

Avoid logging in with Facebook

Sidestep potential security risks by finding another way to access third-party sites that request you login using your Facebook credentials. You don’t need to be sharing your social media sign-in data unnecessarily.

Frequently update your software

Outdated software typically contains a ton of data points that could be more easily accessed by cybercriminals. Make sure everything you use is updated regularly so it’s running the latest security patches.

Use security software

Cybersecurity threats come in all shapes and forms, so you need to install a high-grade anti-virus solution across all your devices that can stop any intruders in their tracks. SUPERAntiSpyware’s Professional X Edition package protects every PC against malware, spyware, trojan attempts, keyloggers, and much more. It also quarantines any potential files and deletes them securely, if required.

Review your mobile apps

The last thing you want to do is review all those lengthy terms and conditions – but take a moment to read each app’s user agreement so you know precisely what you’re signing up for and how your data might be used by the app’s creators. If it turns out they’re mining personal information, you may want to find an alternative that doesn’t store data on, for example, your location or your online activities.

Use a VPN

A virtual private network (VPN) masks your IP address and encrypts your internet connection, making it more difficult for third parties to track your online activities. Choose a reputable VPN service and activate it whenever you’re browsing the internet, especially on public or unsecured networks.

Who can see my digital footprint?  

Remember, it’s not just you who can see your online footprint. Your web profile is visible to:

  • Employers
  • Schools
  • Colleges
  • Hackers
  • Peers
  • Internet providers
  • Phone companies
  • Advertisers
  • Law enforcement
  • Data brokers

This is why you need to:

  • Understand how data about you is collected online, whether actively or passively
  • Take steps to minimize the personal information you share online
  • Protect your data as far as you can, using the methods listed earlier
  • Regularly review your digital footprint and remove any references or content that could affect your reputation
Posted on

How to wipe a hard drive

Using a drill to destroy a hard disk drive

If you’re selling your computer on and want to get rid of your files for privacy reasons – or simply want to erase everything on the system and start afresh – you’ll need to wipe your hard drive completely clean.

When you delete a file in the usual way, the operating system removes the reference to the file from the file system’s index, so it’s not easily discoverable. However, the data itself remains on the hard drive until it’s overwritten by new data. Deleted files can often be recovered using specialized software because the actual data still exists on the disk. Wiping a hard drive goes a step further by overwriting the entire drive’s data with zeros, ones, or random data multiple times. This process ensures that the original data is irretrievable, even with advanced recovery tools, making it a much more effective way to get rid of anything you don’t want others to see.

Wiping can be done on individual files, partitions, or the entire drive, depending on the method used. The process is slightly different on Windows and Mac devices, too.

Read on to discover when it’s appropriate to wipe a hard drive, the steps you need to follow to get rid of your files forever, and some of the third-party tools that can support you along the way. 

When should I wipe a hard drive? 

There are several instances where it makes sense to wipe your hard drive:

When replacing an old computer

Ready to swap your device for a new one? When you’re selling or donating your computer, you don’t want the new owner to access your personal data, including your files, emails, photos, or saved passwords. Wiping the hard drive ensures that all your personal information is completely removed, preventing potential identity theft or data breaches.

When replacing a damaged hard drive

Broken hard drives aren’t much use, but they can still be harbouring some of your personal data. Make sure none of it is recoverable by wiping the drive regardless of its condition.

When upgrading to an SSD

Keen to invest in a better performing hard drive? It’s best to perform a hard disk wipe after you’ve migrated all your data to your new solid-state drive (SSD).

Refreshing an old hard drive

Sometimes, a computer can become sluggish or cluttered with unnecessary files, software, and configurations. If you’re experiencing significant performance issues or want to start fresh without any old data, wiping the drive before you reinstall the operating system can help.

Preparing to wipe your hard drive

Before you commit to the wipe process, we would recommend backing up any critical files. You can copy important files, documents, photos, and other data to an external hard drive or USB flash drive – or alternatively, you can use services like Google Drive, Dropbox, or OneDrive for secure file storage in the cloud.

You could consider creating a full system image or clone of your hard drive if you decide you want to restore your system to its current state later.

You might also want to:

  • Deauthorize accounts and software, so these licenses are no longer tied to a specific computer
  • Note down product keys and serial numbers, particularly if you’re planning to reinstall software
  • Sign out of accounts you were using on that specific device, and clear any saved passwords
  • Disconnect any external hardware
  • Make sure you’ve got the correct drivers on hand for reinstalling the OS
  • Tell other users of the same computer that the data will soon be wiped, and encourage them to back up their own data

How to wipe a hard drive on Mac      

The method you use for wiping your MacOS will depend on the type of Mac you have. You can find out what you’re working with by clicking the Apple menu in the top left of the screen and heading over to About This Mac.

Devices with a silicon chip       

If you use a Mac that was manufactured after 2020, it will likely contain Apple silicon chips, aka M1, M2 or M3 processors. You can wipe the hard drive by:

  • Going to System Settings
  • Clicking on General, then Transfer or Reset
  • Clicking Erase All Content and Settings

From there, follow the on-screen instructions to complete the wipe. The Mac will restart and reactivate, and you’ll be ready to go.

Devices with Intel processors

For Macs that were produced prior to 2020, you’ll need to follow the process to suit its Intel processor. You can use the Disk Utility function to delete the hard drive by:

  • Shutting down the computer and rebooting it
  • Holding the Command + R keys during the reboot until the Apple logo appears
  • Entering your password if required
  • Selecting Disk Utility in the Utilities window, then clicking Continue
  • Selecting Macintosh HD (or the name you gave to your hard drive, if you’ve customized it)
  • Clicking Erase in the toolbar
  • Confirming the hard drive name
  • Selecting APFS under the Format menu, and clicking Erase

Devices with an SSD        

SSD drives aren’t as simple to wipe. For the best results, you’ll need to encrypt your files before you get rid of them, otherwise they might still be accessible.

  1. Go to System Preferences
  2. Click Security & Privacy and select FileVault
  3. Enable FileVault; this will encrypt your hard drive. It might take a few hours. Make a note of the password that’s given to you, as you’ll need it later
  4. When the encryption is complete, reboot your Mac and hold down the Command + R keys during startup
  5. Go to Desk Utility in the Utilities Window
  6. Choose the correct SSD drive from the sidebar, select Unlock from the File menu, and enter the password you received earlier
  7. Click Erase in the toolbar
  8. Confirm the hard drive name
  9. Select APFS under the Format menu, and click Erase
  10. Enter your AppleID in the popup window, if you need to

How to wipe an external drive with a Mac

Wiping an external MacOS hard drive is a breeze.

  1. Go to Applications
  2. Double click Disk Utility in the Utilities folder
  3. Click View, then Show All Devices
  4. Select your external hard drive from the External menu
  5. Click Erase in the toolbar
  6. Confirm the hard drive name
  7. Select APFS under the Format menu, and click Erase
  8. Enter your AppleID in the popup window, if you need to

How to wipe a hard drive on Windows      

Once you’ve backed up all your data, the best practice is to create a recovery drive so you can reinstall Windows on your new machine. To do this, you’ll need to:

  1. Go to Recovery Drive
  2. Click Yes to allow the Recovery Media Creator function to make changes to your device
  3. Check the box Back up system to the recovery drive, and click Next
  4. Connect your external drive to your device via USB
  5. Click Next, then click Create

Next, you’ll need to restart your PC in Recovery Mode. To do this:

  1. Insert the Windows installation USB drive into your computer
  2. Restart your computer and boot from the USB drive. You may need to press a specific key (like F2, F12, ESC, or DEL) to access the boot menu, depending on your computer’s manufacturer
  3. Select the USB drive from the boot menu and press Enter

Then, it’s time to wipe the hard drive:

  1. After booting from the USB drive, the Windows Setup screen will appear
  2. Select your language, time, and keyboard preferences, then click Next
  3. Click Install now
  4. Enter your product key (if required) or select I don’t have a product key
  5. Accept the license terms and click Next
  6. Choose Custom: Install Windows only (advanced)
  7. Select the drive or partition you want to wipe
  8. Click on each partition on the drive and select Delete
  9. Select the unallocated space and click Next. This will automatically create new partitions and begin the Windows installation

Windows will now install itself onto the clean drive. The process may take some time, and your computer will restart several times during the installation. From here, you’ll need to follow the on-screen prompts to set up Windows, configure user accounts and preferences, and connect to the internet.

How to wipe an external drive on Windows            

You can use several third-party tools to wipe the hard drive on a Windows device, but it’s often easiest to use the Disk Management feature by following these instructions:

  1. Connect your external hard drive to the computer
  2. Press the Windows key + X
  3. Select Disk Management from the popup window
  4. Go to the Volume column and right-click the external drive
  5. Select Format, and click Yes in the next window
  6. Uncheck the box called Perform a quick format in the Format D: window and click OK, then OK again to start the disk wipe

How to wipe an SSD

Solid-state drives are generally much faster and more efficient than their hard disk equivalents, but they are harder to wipe. To make sure every last piece of your data has been deleted, we recommend wiping an SSD with either:

The Basic Input-Output System (BIOS)

You can use the in-built utilities of your SSD’s firmware to erase all data from the drive and make sure it’s unrecoverable. The feature to look for is Secure Erase; you’ll need to access this via the system’s BIOS settings (or UEFI settings if you’re working with the more modern equivalent).

If your BIOS/UEFI does not have a Secure Erase option, you’ll need to use the SSD manufacturer’s software, which often includes a bootable tool for this.

Manufacturer software

You’ll need to download the correct utility from your SSD brand. You can usually find the manufacturer information by checking the SSD model in your system settings or by physically inspecting the drive. Some common tools include Intel SSD Toolbox, SanDisk SSD Dashboard, and Samsung Magician.

Download and install the software to get started – and, as always, make sure you’ve backed your data up before you start the wipe process.

Third-party software

Some third-party options are more user-friendly than the utilities available straight from the manufacturers – and they’re just as secure. Some are free, whereas some require payment. Try CCleaner, Parted Magic, Eraser, or GParted.

How to physically wipe a hard drive on a dead computer that won’t turn on     

These may seem like drastic measures, but they’re some of the only foolproof ways to destroy the drive platter on a device that won’t start up.

To start: Disassemble the hard drive

Take apart your hard disk’s components with a screwdriver before destroying it using any of the methods listed below.

Drill holes in the hard drive

Drill a series of holes across the entire piece of hardware to make sure hackers can’t access the data in any undamaged components. You’ll need to be thorough, otherwise your data could still be at risk.

Use a powerful magnet to degauss the hard drive

Magnetic force will damage the hard disk beyond repair (although the same can’t be said for SSDs, which use electronic circuits instead of magnetic disks). Remove the magnetic field around the hard drive by waving a degaussing wand or other powerful magnet around it for around a minute. 

Send to an electronic disposal company for shredding

Contact a reputableprovider that will provide you with a quote for breaking your device into small pieces using industrial grade equipment. This will destroy the drive platters, mechanisms and electronic components beyond recognition. You’ll to make sure your shredding company disposes of or recycles the product responsibly.

Third-party tools that help to wipe a hard drive      

Designed to make the wiping process even easier, third-party software can make getting rid of your sensitive data quick and painless. Discover some of the most popular third-party hard drive wiping tools below and click on their names to download them. 

CCleaner: Though its primary purpose is freeing up space, CCleaner can also be used to wipe your hard drive totally clean. It’s compatible with all major operating systems, including Windows, MacOS and Android, and it’s one of the most intuitive tools of its kind.

DBAN: Otherwise known as Darin’s Boot and Nuke, DBAN is a recognised program that can be initiated from a USB or a CD. It uses an algorithm to overwrite the information on your hard disk drive many times. Please note, DBAN isn’t ideal for wiping SSDs. It’s also best suited to home use. And just a heads up – development for DBAN also stopped in 2015, so it hasn’t received any new bug fixes or support for a few years now.

Disk Wipe: Simple by name and simple in nature, this works in a similar way to DBAN. It’s a Windows-only tool and works on memory devices that are accessible and formatted with either NTFS, Fat, or Fat32.

Active KillDisk Freeware: This sanitization tool’s One Pass Zero method replaces all the data on your drive with zeros, so you can wave a permanent goodbye to everything that was stored on your device.It can be installed across Windows, MacOS and Linux, and it’s great for erasing multiple disks at the same time.

CBL Data Shredder: This overwrites your hard drive witha more complicated bit pattern, so the data cannot be recovered. It’s designed for Windows XP/Vista/7/8/10.

AOMEI Partition Assistant Standard: This tool’s Wipe Hard Drive feature will get rid of your data permanently. There’s also a lot more to this software than meets the eye; it offers a safe hard drive manager, a data migrator, a disk converter and a partition recovery feature, plus more.

ShredOS/Nwipe: This is a USB bootable distribution that works with all Intel 32 and 64 bit processors and erases the contents of a hard drive using the nwipe program.

Eraser: This is an advanced security tool for Windowsthat, at the time of writing, is supported under Windows XP (with Service Pack 3), Windows Server 2003 (with Service Pack 2), Windows Vista, Windows Server 2008, Windows 7, 8, 10 and Windows Server 2012-2022.An added benefit of Eraser is, it also works with a customisable scheduler, so disk sweep tasks can be planned ahead of time and executed whenever suits you best.

A final piece of advice…

If a virus has corrupted your system and its data, you may need to perform a hard drive wipe to start from scratch. You’re much less likely to fall victim to a malicious attack (and have to deal with the fallout!) if you have robust anti-virus and anti-malware protection in place.

SUPERAntiSpyware’s Professional X Edition will stop threats in their tracks long before they have a chance to get to your sensitive information. With an AI-powered detection engine, real-time threat blocker automatic database updates and scheduled scanning, it’s a user-friendly and super convenient software that’s more affordable than you might expect.

Posted on

Walt Disney Internal Slack Channels Compromised by Hacker Group NullBulge

Walt Disney internal Slack hacked by NullBulge group

In a stunning cyberattack, reminiscent of the 2014 Sony Pictures breach, Disney has been hit by a major hack. This attack, carried out by the well-known hacker group NullBulge, has exposed huge amounts of Disney’s internal communications and sensitive data. The breach specifically targeted Disney’s Slack channels, resulting in the unauthorized release of roughly 1.2 terabytes of data.

The infiltrated data encompasses nearly 10,000 channels, encompassing every message, file, and conversation possible. NullBulge declared on X, formerly Twitter, “1.2 TB of data, almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there. We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special {name}! Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future.”

NullBulge Group Disney Slack Hack

This attack highlights the vulnerability of corporate communication platforms such as Slack. The leaked data was comprised of many elements, ranging from unreleased projects to raw images and internal codes – all of which could be disruptive in relation to Disney’s future operations. It could be argued that the more costly element of the leak was the exposure of sensitive login details and internal APIs, further exposing Disney’s cybersecurity infrastructure.

Disney were quick to respond to the hack, announcing that they had quickly launched a thorough investigation to uncover the true cost of the breach. Disney themselves have admitted to the breach and announced that they are taking steps to prevent a repeat of this in the future.

It is worthwhile stepping back and assessing the wider picture when it comes to data breaches. It is often only when newsworthy corporations such as Disney are compromised that discussions around cybersecurity are truly brought to the fore. However, these attacks happen on a daily basis and businesses of all sizes are targeted. In 2023, the average cost of a data breach in the U.S. was an astonishing $9.48 million, while globally it was $4.45 million. It is not just the financial consequences of such breaches that are harmful to a business, but also the reputational damage that they cause. Numbers such as these serve to highlight the importance of a robust, all-encompassing cybersecurity strategy. At the forefront of this should be a comprehensive, business-wide antivirus software that is easily manageable through a single site license, such as SUPERAntiSpyware’s business antivirus software offering.

If you would like to learn more about hacking and how acts such as those by NullBulge are carried out, then why not read our comprehensive article titled “What is hacking?

Posted on

Layerin’ Ain’t Just for Winter! Bolster Your Security With Layers of Protection

Virus infection

I thought Spyware and Viruses are the same thing?

A virus is malicious code that copies itself over and over in order to do damage to your computers data while Spyware is an umbrella term used to describe a variety of threats such as Trojans, Ransomware, Keyloggers, Cookies, Worms, etc that may do damage to your PC and/or privacy but do not have the intention of totally destroying your computers data and system unlike a virus.

So your telling me I need an Anti-Virus AND an Anti-Spyware?

Strictly speaking, SUPERAntiSpyware© is not designed to be Anti-Virus software. We target Spyware, a focus that allows us to respond quickly to the ever-growing groups of hostile software we address, with new definitions released multiple times a day, and concentrate on the technology that targets the most common threats in the wild. There are a lot of things that are often called viruses (many trojans, worms, and so on) that SUPERAntiSpyware© will remove, but it won’t remove true viruses such as boot-sector viruses.

Security With Layers of Protection

No one security tool can catch everything out there and protect you, which is why we recommend a layered approach. We recommend if you use an Anti-Virus, you supplement it with SUPERAntiSpyware© and if you only use SUPERAntiSpyware© alone, consider getting an Anti-Virus. SUPERAntiSpyware© has been designed to be compatible with popular Anti-Virus applications such as McAfee, Symantec(Norton), Kaspersky, Bitdefender, ESET NOD32, AVG, Avast, Panda, Avira, and so on.

 

Posted on

Watch out for fake PayPal “unable to complete your recent transactions” phishing emails!

Phishing Emails Watch out for fake PayPal

We here at SUPERAntiSpyware have noticed a fairly recent clever email phishing campaign that claims to be PayPal. In the email the fake PayPal scam artists attempt to scare users into thinking that not only have their recent PayPal payments been declined, there is also unusual selling activities and they “will need some more information” about your recent sales in attempt to steal your information.

Example of the phishing email

Phishing Emails

We here at SUPERAntiSpyware recommend you simply delete this email, and do not click any links within the email, especially the fake blue “Check Your Accounts” button. If you have been scammed by this email, immediately change your PayPal account password and consider looking into changing your spam settings to avoid future spam emails such as these. Remember, if you do not recognize the sender address, do not open the email, and if you do open an email such as this always hover your mouse pointer over the emails links to see where they’re trying to take you, usually phishing emails links will point you to a website that has nothing to do with the company they’re posing as.

Posted on

Update your firmware to avoid the KRACK WPA2 vulnerability!

KRACK

Security researchers have discovered a vulnerability in the WPA2 wireless protocol. The exploit is called KRACK, short for Key Reinstallation Attacks that can allow hackers to snoop on WiFi connections and inject data into WiFi streams to do things such as install malware and other rogue actions such as steal passwords, emails, and other data.

Microsoft issued an update during last week’s October patch release that fixes the problem on Windows OS, if you have not updated your Windows installation it is recommended you do so immediately. Microsoft has stated that even when the vulnerability is patched within Windows, router firmware and Wifi drivers installed or connected to Windows machines that have not been updated can still be affected. To fully protect yourself, Windows users should also install patched WiFi drivers and router firmware if available, in addition to the patch Microsoft released for Windows.

Posted on

Watch out for fake Office 365 phishing emails!

that claims to be Microsoft attempting to inform users their Office account email storage space is almost full and to prevent incoming/Outgoing mail from getting bounced back, to click the supplied link to add an additional 10 gigs of free and mandatory storage. This of course is an obvious scam to phish your password as the link takes you to a fake Office 365 login screen.

Example of the spam. Beyond the obvious sketchy character of the email, hovering over the links within the email with your mouse pointer clearly shows it takes you to a different website and not a Microsoft website.

We here at SUPERAntiSpyware recommend you simply delete this email, and do not click any links within the email. If you have been scammed by this email, immediately change your Office 365 account password and consider looking into changing your spam settings to avoid future spam emails such as these. Remember, if you do not recognize the sender address, do not open the email, and also if you do open an email always hover your mouse pointer over the emails links to see where they’re trying to take you.

Posted on

How to protect your PC from Petya/GoldenEye ransomware

Protect your PC from Petya/GoldenEye Ransomware

There are two ways this strain of ransomware is infecting large businesses, governments, and other entities around the world:

  • An attack via a vulnerable Windows Server Message Block (SMB) service which windows uses to share Files/Printers across networks.
  • The Microsoft PxExec tool with admin credentials from target computer.

These problems have been patched by Microsoft, but there are still users out there who have not downloaded the patches for their Windows Operating Systems so the ransomware keeps spreading.

Fight Back

To fight back and protect yourself from this global ransomware attack make sure you do the following:

1) You have Windows Automatic Updates turned on and you are up to date. If you don’t have auto update on, you can download the security update for your version of Windows HERE

2) Make sure your copy of SUPERAntiSpyware is the latest edition and is current with the latest definitions. If you own the Professional Edition, make sure Real-Time Protection is enabled.

3)Backing up your computer regularly and keeping a recent backup copy not connected to any PC. We recommend using Support.com Online Backup which we offer on our online shopping cart as an optional offer when purchasing SUPERAntiSpyware Professional.

Posted on

What Are Cookies?

What Are Cookies and How do they work?

Cookies are files, typically text files which are stored on a user’s device. They are made to contain data specific to the user or website, and can be accessed either by a web server or the users device. Cookies cannot themselves harm your computer in any way. Cookie allow the web server to deliver a web page “suited” to the user, or the web page itself can contain a script which is reading the data in the cookie and so is able to carry information from one visit to the website to the next website.

Typically what this means is that cookies are used to remember logins and keep track of user settings on websites, this information might include the name of the site, particular products being viewed, pages visited, etc. Cookie can be used to track your movement on the Internet ONLY if a site is aware of the cookie and is designed to use the specific cookies. Because of their use in tracking online activity, many feel that this constitutes spyware. Most antispyware applications, including SUPERAntiSpyware, detect tracking cookie in one form or another.

Cookie are not blocked by SUPERAntiSpyware because they are required for most web functionality.  Cookie will come back every time you surf the web, and can be cleaned by running a Quick or Complete Scan.