Ransomware: The Modern Equivalent Of Being Tied To Train Tracks


When we think of ransom, we typically think of a black-and-white movie with a kidnapper leaving notes made from a variety of newspaper cuttings. Today, ransom is much less melodramatic, much more common and targets something you might not expect: your computer files. 

In late 2013, the ransomware threat was added to the list of things that can kill your computer alongside bugs and crashes. Hackers made a new bug that’s capable of taking over a computer, encrypting all its files and displaying a brief message demanding money to decrypt them. Sometimes, affected companies or individuals would pay up, the hacker would decrypt the computer as promised and everyone would be on their merry way. Victims would sometimes refuse to pay the fees in the given time and would then lose their valuable files forever. And sometimes, victims would fork over the cash, only to have the hackers disappear with the files still locked and therefore as lost as before the victims paid up.
One study estimates that in its first 100 days as a scheme, ransomware infected 250,000 computers. It earned the hackers a collected $6 million in bitcoins. If that trend continued, we can expect that they’ve hacked at least 24 million computers in the past two years. including one major hospital that reportedly forked over $17,000 to get its files back.
The original operator of ransomware, Cryptolocker, was shut down in May of 2014. Still, many ransomware copies arose shortly after and continues to wreak havoc. The program continues to evolve, now locking computers and displaying menacing countdowns to create a heightened sense of urgency to pay up.

The question now, of course, is what you should do to protect yourself. For starters, if the only computer you have to worry about is a private computer, ransomware is a less significant risk. Ransomware scammers tend to target computers of companies that have the capability to hand over large sums of money. If your computer handles the larger functions of a company, there are still some steps you can take to protect yourself.

1.) Don’t trust online solutions

For starters, there are many software programs that promise to completely rid your computer of ransomware, but those are best left on the virtual shelf. Ironically, some of those alleged file-saving downloads are actually ransomware in disguise. Your best bet is to backup your files however you can – onto an external hard drive, onto a separate computer or even on paper. Anything you do will ensure that, when the hackers come, you’ll already have those encrypted files elsewhere. It’s advisable to check at least once a month to ensure everything you need is safely backed up.

2.) Hold onto your money

While it might seem like the only option that gives you a chance to get your files back, the FBI has issued a statement asking people not to pay such ransoms. If hackers are paid, they have more incentive to continue, and payment really doesn’t influence whether they decrypt your files or not. “The FBI does not condone payment of ransom, as payment of extortion monies may encourage continued criminal activity, lead to other victimizations, or be used to facilitate serious crimes,” as FBI Special Agent Christopher Stangl elaborates in an interview. If you’re desperate for your files, paying may seem like the only option, but consider the difference that could be made if no one paid them anymore. Crime syndicates would be stopped without any work from the FBI.

3.) Call the cops, but don’t hold your breath

Many are currently asking whether anything significant has been done by the FBI to this point. This includes Sen. Ron Wyden, who wrote to James Comey, the director of the FBI, to ask how the agency intended to clean up the ransomware problem. Comey responded that they were making progress, but pointed out that making arrests wasn’t easy as “most of the top cybercriminal actors are located outside of the United States.” Still, he went on to assure Wyden that, “The FBI is committed to following the money in investigating all crimes with a financial component; ransomware is no exception.”

4.) Back up and stay safe

While the FBI has its best men on the task of catching these cyber culprits, it’s your responsibility to be as safe as possible until they do. Back your files up. Don’t click on any sketchy-looking links. Buy security that a trusted provider assures you is safe. Ransom is no longer a thing of black-and-white movies; but in the digital age, it’s still our job to protect ourselves.
SOURCES:
Photo Source:  From Barney Oldfield‘s “Race For A Life” 1913 Silent Movie.

http://www.pcworld.com/article/2901672/how-to-prevent-ransomware-what-one-company-learned-the-hard-way.html

Avoiding Scams In The Workplace: Keeping Yourself And The Rest Of Us Safe


Pop quiz: What do the data breaches at Target, Home Depot and Sony all have in common? Give up? They were all caused by employee errors. These, along with about 500 other breaches, are confirming what many security professionals have worried about for years. In the digital age, the weakest link in our information security is us: humans. The most common cause of data breaches around the world is employee error or negligence.

This kind of negligence can take a few forms. It can be an employee responding to a phishing email or downloading a piece of malicious software on a company computer. An employee could fail to adequately secure his login information (by, say, writing it on a sticky note and attaching it to the monitor) or could leave company technology vulnerable to theft.

As with many other complex, human-focused problems, no single solution can address this problem. There are structural and technological changes that can help mitigate the risks posed by employee error. While these changes are developed and implemented, here are three simple steps you can take to help keep your workplace safe from hacks. 

1.) Read something, say something 

Everyone thinks they can detect a scam. It’s a line of thinking called the general attribution error, that what’s true of “most people” can’t possibly be true of us and the people we know. We constantly believe we’re the exception rather than the rule, and our susceptibility to fraud demonstrates this well. Most people consider themselves intelligent, discerning Internet consumers. Yet, a recent Google study found that 45% of users fell victim to a fake login page.

Scammers wouldn’t keep using these tactics if they weren’t working, and even if you are savvy enough to spot 99 phishing attempts in a row, the one you miss is all it takes for another big data breach to happen. If you work at a company with 100 people who are all as adept as you are at catching these emails, every scam attempt works on one person on average. Worse still, some hacking attempts begin by sending out emails from the first victim to people on that person’s contact list. When that happens, one person falling victim to an attack can quickly increase the credibility of subsequent attacks.

The solution to the general attribution error is the power of collective wisdom. If you receive an e-mail that’s clearly an attempt to solicit sensitive information, don’t just delete it and move on. Forward it to your company’s IT representative. Mention it to a colleague. Ensure that everyone knows this scam is circulating at your company.

If you do fall victim to one of these hoaxes, don’t try to cover it up. You might face disciplinary action for opening malicious emails, but you will face disciplinary action if your login credentials are used to expose sensitive information! 

2.) Off the clock? Lock it up! 

The VA breach, one of the biggest data leaks that hit some of the most secure data in the nation, was caused when an employee improperly took confidential information home to continue working. The information was stolen and the integrity of the VA’s servers was compromised. Taking work home with you might be a good way to get ahead, but unless your home can provide the same level of security as your office, it’s just not worth it.

If you must take work outside the office, keep it in a secure place. Ideally, you should place it in a safe or locking file box. Failing that, keep it in a locking briefcase or other lockable container. If you’re working with paper copies, don’t forget to destroy or return them once you’re done.

If you have a standing arrangement with your employer to do some work remotely, there are still a number of steps you can take to keep your work technology safe. If you work on a laptop, invest in a cable lock. This piece of hardware works like a bicycle lock. You loop it around a heavy object and fit the lock into your computer’s power port. Should a dedicated thief rip the lock out of the port, the computer will be rendered inoperable, turning a catastrophe into a hardware replacement.

Also, don’t connect to unsecured wireless networks. Anyone can join these and set up monitoring software on them to steal data in transit. If you work on your home wifi, set up a security protocol. Don’t forget to change the default administrator password on your router. Most manufacturers have a default router password which would enable scammers to access your network. 

3.) Keep it out of the office! 

Most people spend at least some part of their work day browsing the Internet. Modern technology has made work more efficient, so some employees think they can do a little browsing during slow times. The problem is that recreational browsing can expose the office to risks.

Even the most tame hobbies can have risks. Searching for “download sewing templates” could take you to websites dotted with malicious software masquerading as innocuous archives and executables. If your interests run to games or gambling, the Internet can be a very dangerous place for your work computer.

If you’re interested in gaming, you might be tempted to load up a USB drive with a few fun titles. It’s very easy to accidentally save sensitive information to that USB, which becomes a liability. USB drives are the bane of IT security people everywhere, since they’re easy to lose, steal or swap.

If you have downtime at the office, stick to browsing sites you know and trust, or the ones permitted by your IT department. If you feel the need to explore the darker side of the Internet, be sure you do so at home where you can better control the sensitive information on your computer. 

Your Turn- 

One final way to beat the bad guys of the Internet is to work together with other good guys. Share your wisdom – your tips, tricks and experiences in keeping information safe! Let us hear from you: What are you doing to keep your workplace safe?

SOURCES:

https://www.entrepreneur.com/article/273221?utm_source=google-news&utm_medium=syndication&utm_campaign=google-editors-pick&google_editors_picks=true