Ransomware is a very real threat. Its rapid growth is being driven by the low risk to attackers and good financial returns. We all need to stay ahead of the game. Let’s start now and be safe not sorry!
How to protect yourself
Recovering files from ransomware is impossible without the attacker’s approval, so you need to avoid data loss in the first place. The best thing you can do is practice good “digital hygiene”:
- Don’t fall prey to social engineering or phishing, which is where an attacker attempts to have you reveal sensitive information to them. If you receive a suspicious email from your grandma or work colleagues, ask yourself whether it’s unusual before you click. If you’re not sure, contact the sender via a different medium, such as giving them a phone call, to cross-check
- Don’t install any software, plugins or extensions unless you know they’re from a reputable source. If in doubt, ask and only rely on trusted download sources. And certainly don’t be tempted to pick up USB sticks found on your pathway
- Update your software (comprising your operating system, web browser and other installed software) regularly to ensure you are always running the latest versions
- Backup! Important documents need to be treated like valued possessions. Grab a hand full of USB keys and rotate your backups daily or weekly, and don’t leave USB keys plugged in (current malware strains can scan removable USB disks). Having multiple copies means the adversarial effort on holding you for ransom is pretty much worthless.
Do you have a Google account?
Did you know that you can check a recent activity log for your account?
It will show you from what browsers and devices you’ve accessed it, when and from what IP. If there’s something that you don’t recognize there or an old session from a friend’s computer, you can choose to terminate it.
Same option is available for many other online accounts, such as Facebook, Yahoo or Dropbox. Access it to monitor where your accounts have been used and end any sessions that you don’t recognize.
If you also activate two-factor authentication, your accounts will be more secure against intruders.
You probably wondered at least once how many types of malware (malicious software) are there and how they differ from one another.
Here’s a super quick overview:
Adware – delivers bad ads and can infect your computer with additional malware.
Bots – malicious code engineered to perform specific tasks. They can be both harmless and malicious. More on bad bots in Daily Security Tip #97 (coming your way soon).
Bug – cyber security bugs (flaw in software) open up security holes in computer systems that cyber criminals can take advantage of. In this context, bugs can allow attackers to gain access to a system and do irreparable damage.
Ransomware – a type of malware that encrypts the victim’s data and demands a ransom in order to provide the decryption key. More info on how to protect yourself against it here.
Rootkit – a type of malicious software (but not always) which gives the attackers privileged access to a computer. A rootkit is activated before the operating system boots up, so antivirus can’t detect it.
Spyware – a type of malware that will spy on your activity (browsing habits, keystrokes, financial data, etc.) and send the information to servers controlled by cyber criminals.
Trojan Horse – malware that’s able to disguise itself as a normal file, to trick victims into downloading and installing more malware on their devices.
Virus – a form of malware that can copy itself so it can spread to other computers. Viruses attach themselves to other computer programs and execute malicious commands when the victim uses those compromised programs. Thus, viruses rely on the victim’s activity to spread.
Worm – a type of malware that exploits security holes in operating systems. Worms use the infected system’s resources and self-replicate. They spread independently, without requiring the victim to do anything.
Benjamin Franklin used to say that in this world nothing is certain, except death and taxes. If he were alive today, he would most likely add social scams to the list.
Three common tricks you may come across in the digital world:
– Shocking news or fake celebrity news – Remember the saying “Curiosity killed the cat”? Cyber criminals will use anything that’s hot right then in the media, in order to capture your attention.
– Free stuff. Free mobile phones, free trips, free flight tickets, free beauty products. Always works!
– Urgency. Click here now, the discount is only available today, download this now or never, etc.
In “The Art of War”, Sun Tzu said that you should fully know your enemy and know yourself.
Translating this into secureteeh world plan of attack:
- Do an information assessment list. What type of data do you have stored on your devices? (It can be photos, work documents, but also passwords or account login credentials).
- What online accounts do you have? Which do you use more often?
- After you made the list, evaluate how valuable is the data that you keep on them. What would happen if you wouldn’t have access to them anymore or that information was lost, deleted or leaked online?
- How do you keep the most sensitive information safe? What security measures did you take in order to prevent something to happen to your data?
- What about shared files and devices? Who else has access to that data?
- What backup solutions do you have in place?
You can run, you can hide, but you’ll never be 100% protected against cyber attacks.
Don’t fall for marketing tricks. No matter how much a security product will claim to make your system bulletproof, be warned: that there’s always a fine print written at the bottom. No system is impenetrable.
Of course, this doesn’t mean you shouldn’t take all the necessary measures against cyber criminals. It’s just that you shouldn’t rely completely on them.
Try a multi-layered security approach, onion-style.
If one layer falls, you’ll always have another one set up in place, that will protect you.