Latest Hacker Tricks: Ransomware

Good afternoon! If you’re reading this message, it means you’ve opened an email attachment that was delivered under the subject line: “Young lonely HOT WOMEN in your area want to meet YOU!!!” First, shame on you. Second, your computer is now permanently locked!

Well, don’t fret! You can have all of your precious documents, photos, and video files back! For just the low, low price of $5,000, we will deliver your private key, which will unlock your files with no further obligation on your part! But act fast! This offer ends in three days, at which time we’ll render all of your files completely inaccessible, including all of those webcam videos which we’re SURE you won’t want emailed to the members of your congregation.   

The Dreaded Ransomware

This type of notification is what is commonly referred to as “ransomware.” It’s becoming an extremely common and sophisticated cyber extortion racket wherein criminals hack into your computer or mobile device and hold your information hostage using a form of malware. In some cases, like the Sony email hack, proprietary information is stolen and leaked, but mainly, the culprits simply lock down your data. It’s a nasty business, compounded by the fact that you’ll never be sure your information actually will be unlocked even if you do fork over the money. Worst of all, these thieves will have absolutely no respect for the progress you’ve made on “Far Cry 4,” and in three days, it’ll be gone. Yes, they’re that ruthless.

How Ransomware Works

Unless you’ve been hit over the head since reading the previous paragraph, you’ll recall we told you that ransomware is a form of malware that infects your computer, rendering it unusable until you yield to the attacker’s demands.

Emails

One of the ways the ransomware becomes installed in your computer in the first place is through untrustworthy emails, but the vehicles for ransomware are becoming increasingly difficult to spot.

First, the emails aren’t necessarily of the “FROM THE OFFICE OF THE PRIME MINISTER OF BENIN: VERY URGENT” or “Hey, saw your cute Facebook pic!” variety. They’re designed to closely resemble the email marketing efforts of businesses you know and/or have accounts with. They won’t necessarily have attachments; they’ll use links in the email body. Click on the link, and—presto! Pain and despair.

Advertising Links

Personal emails aren’t the only tools that hackers use. Recently, several major news sites, including the New York Times, the BBC, and MSN, were the unwitting distributors of malware through an advertiser whose domain was corrupted. Everyone who clicked on that ad on these news sites was infected. Even the mighty Apple—essentially thought to be largely impervious to viruses—has the bug. A strain called KeRangers spread to approximately 6,500 users through Apple’s BitTorrent app, Transmission; the first to successfully infiltrate iOS, ever. Apple users responded with shock and trepidation, and then resumed their 24/7 routine of waiting for the release of the iPhone 7.

So, what can you, a responsible business owner and/or computer-using person, do to shield yourself against a vicious ransomware attack? Launch a browser update? Install more antivirus software? Move to the remotest corner of Uzbekistan, and post all Tweets via carrier pigeon?

Protecting Yourself from Ransomware

Because hackers’ criminal innovation is stampeding forward almost unchecked, it is extremely difficult for antivirus protection providers to keep up with the latest in cyber-creep tech. However, you can take a few measures that will definitely help. They might not keep you from becoming a target, but they can help rescue you if you do.

Back up those files. Ideally, use an external hard drive that you keep offline. Having an automated backup is good, too, but give yourself some extra security. It is critically important that you have one back up that isn’t connected because if it is, the ransomware can find that and encrypt it, too. Some versions of ransomware only bother with your C: drive and forgo everything else, but is that a chance you really want to take? You might already have your files floating around in the Cloud, but if you become a ransomware victim, those files—which mirror the files on your drive—are going to go down with the ship.

Don’t open unfamiliar or suspicious-looking emails. Duh.

Don’t pay the ransom if you can help it. We realize that there might be a massive volume of files that you really, really need. If you’re a photographer or a designer, in particular, you’ll have tons of software and client files. However, if you pay once, they’ll just go after you again. If it is at all possible to salvage the tattered remains of your life and career if the jerks make good on their threats, then do it.

Yes, ransomware is hideous and obnoxious, but it doesn’t have to ruin your life. Hackers depend upon users never backing up their files or updating their security settings. Taking those simple precautions will earn you the tremendous satisfaction of giving your hackers the finger.