In a July 2016 article, I talked about ransomware as a rapidly growing form of cyber crime. It was noted that cyber criminals went after businesses, literally hijacking their data and holding it hostage until a demand for money was met. Businesses were ripe targets because their deep pockets allowed the criminals to demand higher-dollar ransoms.
Ransomware against businesses is still growing, but those same deep pockets that are attractive to criminals also allow businesses to better protect themselves as opposed to private individuals. Individuals are now being targeted more. They often have little or no protection on their home computers or mobile devices. The rewards of cyber crime, and in particular ransomware, against private individuals are lesser, but the opportunity and number of vulnerable targets are far greater.
Cyber Crime Hits Close to Home
Recently an acquaintance was checking emails on his home computer and noticed a message that he thought contained a return label for an article he had recently purchased online. When he opened the attachment, it was blank. He had no idea that the blank attachment immediately rendered him a victim of cyber crime. He moved on, thinking nothing of it, but suddenly his computer started to slow down.
A while later his screensaver, a family photo, disappeared. He panicked, thinking his computer was failing. In a way, it was. When he went to check his stored photos, they had all been renamed with a string of gibberish. He then clicked on a document he didn’t recognize. It said, “All your files are encrypted” and went on to demand a ransom payment of $2500 to get his files released.
Without paying the money, he would lose all his photos, 20 years’ worth of financial data and all his personal files. So he paid. The cyber crime of ransomware is a lose-lose dilemma. Pay–or lose everything on your computer.
Protecting Against Ransomware
According to information security company PhishMe, ransomware attacks grew from 1,000 per day in 2015 to 4,000 per day in 2016. In the same period, the average demand jumped from $294 to $679. Over half of all ransomware attacks come in the form of a phishing email, just like the one the victim in the anecdote received. It looks legitimate, but once you open it, you become a victim of cyber crime.
With ransomware growing in the private sector, what should we be doing to protect our personal computers and mobile devices? Here are a few simple tips:
1. Ransomware attacks have primarily targeted Windows computers and Android mobile devices. If you have one of these, be extra vigilant.
2. You must have a strong backup system for your data so you can restore your hijacked files without paying ransom.
- Online backup and storage services are readily available.
- Use your own USB drive or external hard drive to regularly back up your data. Disconnect the drive immediately after each backup.
- Set a regular backup schedule – monthly or even weekly.
3. Keep your operating system current. Older systems are easier prey for cyber attacks.
4. Research data security scanning software options and install one. There are many effective programs available.
5. Always have current anti-virus software. Again, many are available, but some are better than others.
6. Be suspicious of all emails and attachments. If something doesn’t seem right or you are not familiar with the sender, don’t open it. Just delete it. If you think it might be legitimate, or aren’t sure, reach out to the sender via phone, not email.
7. Always delete old, unused apps and “favorites.” Only install apps from known businesses.
8. Never respond to unsolicited emails wanting your username or password.
9. Become familiar with entities that never email asking for personal information. The US government is a prime example. The Social Security Administration and the Internal Revenue Service use snail mail as an initial form of contact – never email.
All the knowledge and all the sophisticated programs in the world will not guarantee 100 percent safety. Cyber crime is evolving and adapting just as fast as legitimate enterprises are. If you fall victim to ransomware, you have a decision to make. Pay the price if your data is worth it, or stand firm if it’s not. It’s a lose-lose proposition. But a healthy dose of suspicion and employing the right tools are the minimum components of protecting yourself against cyber crime.