Can you imagine a worse fate, digitally? A bad guy has taken control of your PC, Mac, or company network, and the only way to get it back and begin doing work again is to pay him. Except if you do, you may not get it back.
Welcome to the world of ransomware, which many experts today regard as the worst of the dangers on the internet that a typical individual or small business has any reasonable likelihood of encountering.
Ransomware is increasing. Over the past two months the worldwide computing community has been the victim of two big ransomware attacks, dubbed WannaCry and Petya. The number of ransomware attacks jumped from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times, according to Sonicwall, a security provider. More than 400 different types of ransomware exist, according to Intel Security, and this number is also increasing.
Ransomware has been around since 1989. It’s becoming much more common because the bad guys are figuring out more effective ways to monetize it.
Individuals as well as organizations can fall victim of ransomware, with organizations typically getting hit by larger ransom demands. Organizations that have been victims include schools, city councils, and churches. Ransoms paid include $17,000, $8,500, and $2,300. The sum of $300 is common for individuals.
With ransomware attacks no one seems immune, whether users of Microsoft Windows PCs, Macs, Linux, or other platforms. Because acknowledging an attack involves owning up to vulnerabilities or mistakes, it’s believed that only a small fraction of them are reported.
But it’s not all doom and gloom. You can take steps to prevent ransomware attacks, and you can take other steps now to recover later if you’re attacked. None are guaranteed, but they can significantly reduce the risks.
- Practice safe computing. Ransomware is commonly introduced through email attachments, rogue websites that install software on your system without your consent, “dark web” file-sharing services, or breaches in networks. You should never click on an email attachment unless you know the sender, and you should be careful even if you do. If anything seems strange, phone the sender ensure he or she actually sent the attachment. Clicking on such attachments can launch a ransomware program.
- Keep up to date. Older operating systems and programs are more vulnerable to attack. Enable automatic updates if available. With programs that don’t offer this option, periodically check for updates, which can often be done through the Help menu.
- Use good security software. Top consumer security suites include Symantec’s Norton Security and Kapersky Internet Security. Fee-based security suites are typically more robust than free tools, including those that come with operating systems such as Windows or Mac OS. If you connect using public Wi-Fi at places such as coffee shops or airports, use virtual private network (VPN) software such as Hotspot Shield or TunnelBear.
- Use a password manager. Typing in the same password at multiple sites means that if one site is breached, all of the sites you visit, for you, are breached. Instead of using a different password for each site, you can use a password manager. A password management program lets you use one password for it, then it fills in your passwords for sites you visit automatically and behind the scenes. Two recommended password managers are Lastpass and KeePass.
- Dispense with extras if not needed. Two commonly mentioned vulnerabilities are Adobe Flash in your browser and macros in Microsoft Word. Google Chrome automatically turns off Adobe Flash, and you can turn it off manually. You can turn off macros through Microsoft Word’s Trust Center.
- Back up critical files. Data, whether it’s your family photos or your customer database, can be much more valuable than your hardware or software. The often repeated solution is to back up irreplaceable files. Options include using a cloud backup service such as Mozy, a cloud storage service such as Dropbox, an external hard drive, a USB flash drive, a rewritable optical disc, or a backup tape.
If you’ve been hit with a ransomware attack, sometimes the best recovery option is to start afresh. You simply wipe your hard drive clean, reinstall your operating system and programs, and restore your data from your most recent, usable backup. If everything works as planned, all you’ll have lost is time.
The FBI and other government organizations around the world are trying to combat ransomware. In the meantime, you need to be vigilant.