You do not want to see this image flash across your screen.
If you do, you are very likely the victim of a ransomware exploit. You have two choices: Pay the hacker or start from scratch.
A recent article in Forbes warns these security breaches may be going largely unreported as companies simply pay to have the problem “go away.” This leads some to believe we may be paving the way for the emergence of online “protection rackets.”
Ransomware is a virus that encrypts your most important files and then quite literally holds them ransom until you pay for the code to unlock your files. If you think it can’t happen to you, think again. A Police Department in Durham, New Hampshire and another in Swansea, Massachusetts were both recently targeted.
The cybersecurity firm Bromium recently released an in-depth report where they state,
Ransomware lacks the subtlety of more traditional Trojan attacks that seek to evade detection and steal sensitive information, such as credit card numbers and bank account credentials. Instead, ransomware immediately makes its presence known by encrypting files and demanding payment for the keys to unlock them.
As recently as a few days ago, a new strain of the ransomware virus was detected making the rounds via e-mail.
This revelation once again sheds light onto the ever-increasing need to engage your everyday cyber security with the same vigilance as your personal safety. All too often, our own complacency leaves us vulnerable to the exploitation efforts of the less-than-noble. You don’t need to be a skilled practitioner of computer science or a tech guru to keep yourself safe. You just need to know and employ the basics as discussed below:
Backup Backup Backup > Backing up your files used to be a long, cumbersome task, but today backing up your files is easier than ever with these simple backup tricks.
When in doubt, throw it out > Email and email attachments remains one of the most common delivery methods for malware. If you have even the slightest doubt, throw it out. If it’s important, they’ll resend. Better yet, pick up the phone and call the sender just to be sure.
Install strong virus and malware protection for all computers that access the internet. Be sure to update the software whenever possible. Avoid the curse of the “remind me later” option. Cyber hacks and attacks work best in the timeframe between software updates, when hackers have figured out the old system, but have yet to figure out the new. Be proactive. Don’t tip the advantage in the favor of your adversary.
Passwords > The best passwords aren’t words, they are phrases, and no two should be a like. Password managers help keep everything up-to-date leaving you with only one “master password” to remember. Avoid using anything that can be found in the dictionary or any predicable key words. Some useful tips on creating tough-to-crack passwords can be found here.
Do not visit unknown websites sent to you via private message, text, or email from persons you don’t know know. This also goes for website invites which may seem out of character for those persons you do know. Your mom is very likely not recommending you buy pharmaceuticals from Korea. If it seems like a fraud…it’s a fraud.
Avoid pop-up updates > As Krebs on Security always recommends, “if you didn’t go looking for it, don’t download it.” If you see a random pop-up that says something needs to be downloaded, ignore the pop-up and go to the website in question to see if an update is truly available.
Social Media should never contain private information. Don’t put anything on your social media page you would not be comfortable sharing with the world. Privacy settings on websites like Facebook, LinkedIn, Twitter, Instagram and a variety of other social-sharing sites change often. Familiarize yourself with the particular privacy settings and be sure take full advantage of the options offering you the most privacy. Pictures of your home, car, and associated geotags are all useful pieces of information a potential hacker may use to exploit your cyber identity.
Create unique answers to password recovery questions > Inevitably, we will all at one time or another forget a password. When setting up your recovery options, it is perfectly acceptably to answer the generic questions with something completely random. These answers are not checked for truthfulness and are simply in place to protect your information from unauthorized attempts at gaining access. Cyber criminals are quite skilled at finding out the real answers to these password challenge questions from friends, colleagues, or from information you or your online acquaintances have previously posted online. For the purposes of password recovery, “Abracadabra” is a perfectly acceptable answer to “What is your mothers maiden name?” Your own imagination is often times your best security option.
Another trick is to use a code that is not easily discernible, but will be easy for you to remember.
If the security question asks, “What was your first car?” and your first car was a 1980 Volvo Sedan, then My First Car Was A 1980 Volvo Sedan could be “mfcwa1980Vs”
If the security question is “Where was your first vacation?” and your first vacation was in 1980 to New York City, then My First Vacation Was In 1980 to New York City could be “mfvwi1980toNYC”
Do not “jail break” your mobile device > Doing so requires the user to disable the intrinsic security features of the device which means malicious applications will have access to all facets of information on your phone – regardless of your permission. Applications downloaded from verified vendors like Apple’s App Store have requirements that help protect the user. These requirements are bypassed once the jailbreak has taken place, which means the applications will no longer need to ask your permission before granting access to your contacts, GPS location or information associated with other files on your phone, like your pictures, text messages and emails.
Do not engage in illegal downloads > Unlicensed internet services offering free downloads, zip files, or torrents of movies, music and other software packages often contain malicious spyware that is specifically designed to exploit your cyber security. These illegal downloads are often the main distribution method for delivering a virus or a trojan horse to your system.
Create specific email addresses for specific uses > Avoid using the same email account for all of your internet activity. Employing task-specific email addresses will reduce your vulnerability by having your activities compartmentalized into those specific email accounts, and will limit the amount of damage any one compromised account can do to your overall cyber security. There is no limit to email addresses you may create. You’ll still be able to find the friends you want to follow, it just won’t be as easy for them to find you…this is a good thing. Having one email account for facebook, one for twitter, another for correspondence, and yet another for e-commerce is perfectly acceptable and encouraged.
Do not label folders or sub-folders with titles that promote intrigue or interest > Labels such as “Passwords” “Bank Account” and “Important” are all specifically targeted items of interests. Instead, label things with specific meaning to you with names of seemingly unrelated associations. If you’re favorite dessert is chocolate cake this may be the name of your favorites folder, whereas the food that gives your heartburn may be the appropriately named folder associated with your annoying co-worker. This practice also works great for the “notes” application on your mobile device.
Utilize “Drafts” in an unassociated email account > Creating an additional email address known only to you, and then storing information in a “Draft Email” will afford you a secure online hiding place for information that only you know about, and which can be accessed globally.
Log out of accounts when done > You don’t have to shut down your computer, but the simple act of logging out of accounts especially on shared wifi, networks or computers (think Starbucks free wifi) will prevent the unfavorable access of your private information.
NPR “All Tech Considered” on the topic of Ransomware.
Anything by Brian Krebs who breaks more stories than anyone on the issue of CyberSecurity and CyberCrime. I highly recommend bookmarking his page.
Awareness + Preparation = Safety
Spencer Coursen is the President of Coursen Security Group. He is an expert security advisor, threat assessment consultant, and protective strategist who is dedicated to reducing risk and preventing violence. His systems and strategies help corporations, non-profit organizations, schools, and at-risk public figures ensure the certainty of safety for all involved.
@SpencerCoursen / @CoursenSecurity