This is an article I wrote which appeared in the
March 2017 edition of The St. Augustine Beaches News Journal & The Saint Augustine news Journal.
Ransomware is a big threat nearly every tech company is tracking and gearing up defenses against.
The most common way to get infected is through a bogus email that appears to be from a trusted source (like a bank, boss, government program). The email is designed to “look official” and typically include actual logos and correct phone numbers and other information to make the email look like it is actually from the trusted source.
Cybercriminals are getting very good at tricking folks into clicking on links in these email. Once the link is clicked, the website may even look official, but it will install some malware which is typically a very small program that does not do anything right away. It waits, and later begins to communicate with the criminal command and control center. Then it downloads an encryption program that begins encrypting the files on the infected computer and any other computers and backup drives that can be found attached to the computer or on the network. Once it has encrypted the files, a message demanding the ransom is displayed.
Once the demand screen is shown, every file on the computer is encrypted and can’t be opened without paying the ransom. The average ransom in 2015 was $259, and in 2016 increased to $679. The ransom is typically paid in Bitcoin which is a digital currency that makes it extremely hard to trace who receives it. It’s nearly impossible to catch the bad guys by following the money.
How can a person avoid Ransomware?
The standard advice is that your first line of defense is to have a backup of all of your files so you can restore the un-encrypted files. But this is not news, everyone should back up their computers. Sadly few actually do. Additionally, if the Backup drive is connected to your computer, it will most likely be encrypted as well.
The best way to avoid most email borne attacks is to NEVER click on links in ANY email. If you get an email that is from your bank, don’t click the link provided in the email. Instead, open your browser and go to the bank’s website and login. If the email was official, it will also be on your bank’s website. Or better yet, walk into the bank and speak with a customer service person. If you call the bank, do not use the phone numbers provided in the email.
There are some very good companies who are at the forefront of combatting cyber criminals. One such company is OpenDNS. They were bought by Cisco recently, and they provide an incredible service that stops most Ransomware and Malware before it is accessed. This is done by not allowing you to load “known to be bad” websites and content. For the home user, their service is free, for businesses it is cheap, and in both cases extremely effective. Also it is very easy and quick to set up.
Want to know more? Give me a call, I’d be happy to help set up defenses to protect your computers and devices from infection.