Unredeemable con artists are deviously hijacking computers and smartphones and demanding ransom be paid or precious personal data deleted. Malicious software is shrewdly installed and documents, financial records, family photos, files and valuable data held for ransom. Often a countdown clock is displayed on the victim’s screen with anywhere from a 3 to 7 day deadline to pay or promised action taken.
IBM Security reports that on average the payments are from $200 to $10,000, with 25% of businesses forced to pay up to $40,000. The FBI released 2016 data detailing ransomware losses of at least $1 billion in the US alone. The cybersecurity firm Symantec estimates there were on average 4,000 attacks per day in 2016. Osterman Research reports that 59% of attacks are conducted by phishing emails luring victims to click on malicious links or attachments.
Cybercriminals have obtained millions of valid emails and personal information from data breaches at major firms like Yahoo, Linked In, Google and many others. Vast numbers of phishing emails are sent out and the criminals just wait for those who take the bait. When a victim agrees to pay, they are directed to an untraceable “dark web” site where helpful and friendly agents provide top-notch “customer service” on how to obtain Bitcoin currency and send the required amount to them.
How to outfox the swindlers:
1) Use software that frequently and automatically scans and uploads your data to an offsite, digital storage service. This is also essential in case of burglary, flood or fire. Some of the top ones you pay for are IDrive and SugarSync, while reliable free choices are Microsoft OneDrive, Google Drive, Apple iCloud and Dropbox.
2) Some of the best free antivirus software includes Avast, AVG and Bitdefender.
3) For extra security regularly back up all your data to a USB drive or external hard drive. Disconnect immediately after you’re done. If an attack happens with the drive still attached, it will be hijacked as well.
4) Criminals exploit vulnerabilities in older software. Be diligent in all security updates. The most common targets are browser plug-ins like Adobe Reader, Flash Player and Java. Numerous quality free security scanners are available. Flexera’s Personal Software Inspector is among the best reviewed:
“Personal Software Inspector is a free computer security solution that identifies vulnerabilities in applications on your private PC. Vulnerable programs can leave your PC open to attacks, against which your antivirus solution may not be effective. Simply put, it scans software on your system and identifies programs in need of security updates to safeguard your PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it safe.”
For Mac users: Apple Menu - System Preferences – Apple Store – “automatically check for updates”.
5) NEVER click on links in unsolicited emails that appear authentic and come from recognizable businesses, your bank or the IRS. Use separate contact info to confirm the legitimacy of the inquiry.
6) Be alert for this common tactic: An unsolicited email asks you to “enable macros” so you can view an attached Microsoft document. More often than not this is a ploy to install malicious code.
7) The cybercriminal encrypts the victim’s files and sends a decryption key to unlock the files when the ransom is paid. The same ransomware codes are used by multiple scammers and some of the codes have been decrypted by cybersecurity volunteers. These decryption keys are available for free and can be used if applicable. The site https://www.nomoreransom.org/ helps you find out what kind of ransomware you have and if a decryption key is available. Law enforcement in 25 countries endorse this site.
8) This No More Ransom site also offers the same general security advice, including one piece omitted by some anti-ransomware sites:
“Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).”
9) Another widely used and helpful site is https://www.bleepingcomputer.com/. Their Welcome Guide states:
“Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers in an atmosphere that is both helpful and welcoming. With over 700,000 registered members asking and answering questions, BleepingComputer.com has become a vibrant and lively community of like-minded people. Now it is your turn to become part of this experience.”
Ransomware victims are aided by experts and fellow members in their online forums. Free decryption tools and codes are offered, many not found in the No More Ransom site. Caution: only use reliable and well-known ransomware help sites. Many of the smaller, one-person sites are actually cybercriminals ready to load even more malware.
10) If no encryption keys are available, many individuals and businesses are forced to pay the ransom due to the importance of their data. The Bleeping Computer site advises before you pay, use “the customer support links provided in your ransom note to try to negotiate better terms. ‘We've found that if you explain that you can't afford what they're asking, these people will negotiate because they just want to get paid and move on,’ (BleepingComputer) says. In fact, the European cybersecurity firm F-Secure reported recently that three out of four criminal gangs they evaluated were willing to negotiate their ransom fees downward, giving victims an average break of nearly 30% in the cases they examined. And all of them were willing to extend payment deadlines as well.”
11) For those who refuse to be victimized:
“If on principle or for economic reasons you choose not to pay, you might want to save your encrypted data; a free decryption key for the ransomware that hit you might become available someday. In that case, (Bleeping Computer) recommends copying your entire hard drive—including all encrypted files and ransom notes—onto an external hard drive. A local computer technician can help you with this process (known as cloning) and also with clearing malware and encrypted files off your computer's infected hard drive so that you can get back to using it. Then periodically check online to see if decryption tools for your strain of ransomware are available yet.”
12) No matter what you decide, immediately file a complaint with the Federal Bureau of Investigation Internet Crimes Complaint Center: https://www.ic3.gov/default.aspx
Andrea Rock, “Cybercrime Gets Personal” Money, March 2017 http://time.com/money/page/ransomware-remove-prevention/