September 26, 2016 Ransomware: An Ounce of Prevention Is Worth a Pound of Cure
Guard yourself against ransomware — a costly digital threat in this brave new 21st century of the Internet of Things — by acting on the sage advice of Benjamin Franklin, who lived 300 years ago. For with ransomware, not only is prevention better than a cure — prevention may be the only cure.
Ransomware is increasingly headlining in newspapers as the digital disaster it is.
So what is ransomware? And why should you care?
Ransomware is digital bad guys kidnapping your information and blocking access to your own documents and databases. Anything is fair prey: corporate and client information, family photos, tax returns, and health records. Your computer, notebook, and smartphone can all fall victim.
“An ounce of prevention is worth a pound of cure.”
— Benjamin Franklin, 1706–1790
Unlike the motive of cyber espionage, which is pure theft of the actual information, the point of ransomware is to turn you into an ATM — to get you to pay for access to what you own but can no longer get to: your own information. Hackers abduct your devices and lock access typically by downloading malware on your device via an email you unwittingly click, or after you’ve visited a website or used an app infected with it. The malware encrypts your files and those on any connected drive or folder accessible from your device.
Once encrypted, you can’t access your information without an encryption key. And to get that, you must pay up — typically in bitcoin, another digital escapade in itself. Ransom varies from a few hundred dollars for individuals and small offices to thousands of dollars for corporations. A South Carolina School District paid $10,000 to unfreeze its computers. Health care systems and police stations have paid up as well.
Don’t think it can’t happen to you because you’re not a Fortune 500 corporation.
Hackers are equal opportunity criminals. They go after individuals, small and medium as well as large businesses, government agencies, hospitals and healthcare systems, police departments, as well as huge corporations. You can also be victimized repeatedly: In England, Bournemouth University was hit by ransomware 21 times in one year.
Being a victim of ransomware is frustrating and financially painful, whether you pay the ransom or not, and paying up does not guarantee that you’ll get back what was stolen. As this is a flourishing business for cyber crooks, however, there is some honor among thieves: Often a key is supplied after payment, if only to build reputations that payment will trigger hostage release to keep business booming.
And lucrative, it is: The FBI estimates that U.S. victims paid more than $200 million in the first quarter of 2016. A report from Herjevec Group (yes, reality show Shark Tank’s Robert Herjevec’s company) and Cybersecurity Ventures released in September predicts ransomware damages and related costs will reach $1 billion annually.
A sorry sign that ransomware is here to stay is the FBI’s recent request asking victims to help the Bureau by reporting ransomware incidents. The FBI seeks a greater understanding of ransomware incidents and to know more about victims and their experiences to help the FBI determine who is behind the attacks and to assist with investigations. The FBI also offers specific preventative steps to take.
And in keeping with the “ounce of prevention” advice, there are a few things you can do to prevent falling prey to ransomware which include but are not limited to:
- Copy your important files onto a separate thumb or hard drive. Set a schedule — say, twice a week or every night — for backing them up.
- Scrutinize links and attachments in emails. Do not open attachments from unsolicited emails. Do not hesitate to call the sender to see if it really came from the person.
- Buy anti-malware and anti-virus protection. Make sure regular scans survey your system.
- Patch your system to keep it and your programs up-to-date.
If you are one of the unlucky ones hit with ransomware, immediately disconnect your computer to keep the malware from spreading to other machines. Using a different device, search the Web for “ransomware help.” Two resources, among many others, to help you are Microsoft’s ransomware site and the Federal Trade Commission, which recently held a public workshop on ransomware. In fact, search for that information now — right after you update your anti-malware protection and patch.