This nightmare has crippled hospitals, businesses and individuals. It is called ransomware, and the FBI reports it is on the rise.
It used to be that trying to fool you into giving up information, so someone could steal your identity was the No. 1 goal of online crooks. Now it is ransomware.
This column is to help your director of family IT keep all your PCs and devices safe.
While the likelihood of someone encrypting your PC is relatively low, it is painless for the perpetrator and could cost you thousands of dollars if you choose to pay the ransom.
A user is tricked into installing a piece of malware on their PC. The malware runs in the background and encrypts your files using a strong encryption algorithm. It then posts a message instructing you to send money via Bitcoin within a short period to get a decryption code. If you do not send money by the deadline, even the crooks claim they cannot decrypt your files.
A hospital in California resorted to paper systems for a week before giving up and paying $17,000 in ransom. A Kansas hospital paid the ransom — only to have some files remain encrypted until it paid more. Some report paying the ransom and never receiving the code to decrypt their files.
Anti-virus and malware detection software often fails to detect ransomware. Most often there is no software available to decrypt the files without paying the ransom. Payments are mostly sent to foreign countries. Finding, yet alone prosecuting, the criminals is not going to happen, experts say.
If you have a backup drive hooked to your PC, it too will be encrypted, as will network drives in a business.
Prevention is done through education. Your home IT person needs to educate all their users to be wary of emails with attachments.
At first malware came in spam emails, but as our email providers improved their spam filtering, ransomware turned to more targeted and fearful emails.
An email might say it is from your bank, or the IRS or the FBI. It will have a message designed to make the reader panicky and not think through opening the attachment. For businesses, it is worth the time for a criminal to identify individuals and their roles, and send them an email citing them by name.
Or a legitimate website can be hacked and malicious code inserted to automatically download ransomware silently to a PC.
The best safeguard here is to make sure all devices are kept up-to-date with the latest security updates.
Mistakes will be made. Ransomware may find itself onto your PC.
An offsite backup service that stores several versions of your files is the best approach. Services like Crashplan and Carbonite give you apps on your PC that automatically back up your files in the background to their online service. Multiple versions of backups are critical. It may backup your encrypted drive. You need a backup version prior to the encrypting.
Of the two, Crashplan seems the more robust. You can protect one computer for $5 a month and a family’s worth for $12.50 a month when paid annually.
For those who like to roll their own, you can subscribe to Amazon’s unlimited cloud storage for $60 a year, and then purchase backup software like Arq for a onetime fee of $50.
Personally, if my laptop were hit by ransomware I wouldn’t be harmed that much. These columns are written in Google Drive, so they exist off my PC in Google’s cloud. My photos are all stored in Google Photos.
Most other important files are copied to Evernote. For $70 a year, it stores my files and other information locally and also syncs them to their servers.
I’d reinstall Windows from a DVD and then download Evernote. Everything else would be online. I’d lose some longer video files perhaps--not a life-changing loss.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.