Category Archives: Ransomware

Ransomware re-do? Back up your files.

Based on early news reports, it’s possible that another widespread ransomware attack is sweeping the globe. It may spread using the same vulnerability that the WannaCry attack used in May, or it may be a new virus. Either way, if organizations don’t patch their software, they’re at risk. It’s crucial to keep operating systems and other software up to date.

If you’re a computer user, what else can you do to avoid losing access to your data because of a ransomware attack? Back up your files! Here’s a lighthearted reminder that backing up your files is serious business.

Link: FTC

Do a winter cleaning through your mobile apps

Take a quick glance over your mobile apps, see what you have installed there.

  • Remove any apps you haven’t been using – they are vulnerabilities for your security and privacy.
  • Revoke permissions for apps that require access to sensitive information – why would a flashlight app request access to read your messages, for example?
  • Keep your apps update – this lowers the chances for malware to take advantage of their vulnerabilities.

And remember to never install apps from anywhere else but the official app store. In Android, there’s a setting that also doesn’t allow apps from third parties to be installed.

New scams era – bigger, better, bolder

Do you remember the scam with the Nigerian prince who claimed to be rich and endangered and asked for your money?

Those scams never disappeared, they just evolved into bigger and more complex scams.

They now take the form of contests on social networks, with airlines that offer free tickets or Apple giving away free iPhones. Or videos and eBooks that claim to help you get rich in no time.

Three basic rules:

  • If it’s too good to be true, it probably is.
  • Nothing in this world is free.
  • Always check from at least three trustworthy sources. “Trustworthy” = official website, official social channel (look for the blue check mark), legit media or by directly contacting the company.

Stop measuring yourself against others

Stop comparing yourself to those around you.

So what if they don’t use two-factor authentication?
So what if they don’t pay for a trustworthy antivirus?
So what if they don’t update all their software or backup their data?

You should know better.

Don’t let them influence you or he measures you take in order to protect your data.

  • Use a strong, unique password for every website. Yes, that means you’ll have to install and use a password manager.
  • Set your smartphone to lock after a short idle time, and set it to require authentication for unlocking. If at all possible, use something stronger than a simple-minded four-digit PIN.
  • Never click links in emails or texts that seem to come from your bank, the IRS, or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.

No reckless clicking

You’ve probably heard about the study that shows how humans became so distracted because of computers and internet, that we are now competing with the attention span of a goldfish (and the goldfish will probably win in a year or two).

I don’t know how researchers ended up with this conclusion or how they measured it (perhaps they made it watch 50 Shades of Grey?), but I do know that it only takes one unfortunate click to end up with a malware infection.

Stuff not to click on:

  • Any short links, that you have no idea where they lead
  • Any emails or attachments that you never requested
  • Any shady Facebook apps (especially those who claim to let you see who visited your profile).

What is Ransomware? | World Economic Forum

Ransomware is a very real threat. Its rapid growth is being driven by the low risk to attackers and good financial returns. We all need to stay ahead of the game. Let’s start now and be safe not sorry!

How to protect yourself

Recovering files from ransomware is impossible without the attacker’s approval, so you need to avoid data loss in the first place. The best thing you can do is practice good “digital hygiene”:

  • Don’t fall prey to social engineering or phishing, which is where an attacker attempts to have you reveal sensitive information to them. If you receive a suspicious email from your grandma or work colleagues, ask yourself whether it’s unusual before you click. If you’re not sure, contact the sender via a different medium, such as giving them a phone call, to cross-check
  • Don’t install any software, plugins or extensions unless you know they’re from a reputable source. If in doubt, ask and only rely on trusted download sources. And certainly don’t be tempted to pick up USB sticks found on your pathway
  • Update your software (comprising your operating system, web browser and other installed software) regularly to ensure you are always running the latest versions
  • Backup! Important documents need to be treated like valued possessions. Grab a hand full of USB keys and rotate your backups daily or weekly, and don’t leave USB keys plugged in (current malware strains can scan removable USB disks). Having multiple copies means the adversarial effort on holding you for ransom is pretty much worthless.

Link: WEF

Top Ten Cybersecurity Tips | The U.S. Small Business Administration


Please read this advisory from sba.gov in order to protect your small business from ransomware. The following tips will also help secure your small business:

  1. Protect against viruses, spyware, and other malicious code
    Make sure each of your business’s computers are equipped with antivirus software and antispyware and update regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
  2. Secure your networks
    Safeguard your Internet connection by using a firewall and encrypting information.  If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
  3. Establish security practices and policies to protect sensitive information
    Establish policies on how employees should handle and protect personally identifiable information and other sensitive data.  Clearly outline the consequences of violating your business’s cybersecurity policies.
  4. Educate employees about cyberthreats and hold them accountable
    Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites.  Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses.  Hold employees accountable to the business’s Internet security policies and procedures.
  5. Require employees to use strong passwords and to change them often
    Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
  6. Employ best practices on payment cards
    Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.

    Are you ready for the shift from magnetic-strip payment cards to safer, more secure chip card technology, also known as “EMV”? October 1st is the deadline set by major U.S. credit card issuers to be in compliance.

  7. Make backup copies of important business data and information
    Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
  8. Control physical access to computers and network components
    Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
  9. Create a mobile device action plan
    Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network.. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
  10. Protect all pages on your public-facing websites, not just the checkout and sign-up pages