Ransomware: What it is and How to Protect Yourself
Everyone’s heard of viruses – malicious code that infects your computer (or any software, really) and makes life pretty miserable for you for a while.
Ransomware is similar, except the goal is to go in, encrypt all your data, and offer to “give it back to you” if you pay cash.
A Little History of Ransomware
Ransomware is not new. In fact, it’s been around for decades.
The first known ransomware was known as the AIDS Trojan. It was released on 20,000 floppy disks that were handed out to the World Health Organization’s attendees at an AIDS conference in 1989.
There were a handful of big attacks of ransomware over the next 17 years, but then, in 2013 Cryptolocker was released.
Cryptolocker was the first ransomware where people’s files were encrypted and held hostage because the user visited a compromised website or downloaded an email attachment that looked legitimate.
Decryption was nearly impossible because the hackers used sophisticated encryption systems and kept the public key on their own servers. The hackers threatened to delete the key permanently if they didn’t receive payment within 3 days.
Types of Ransomware
Ransomware is generally one of two types:
Crypto-ransomware – this is where your files, folders, and hard drives get encrypted, and to decrypt them, you have to pay.
Locker-ransomware – this is where you just get locked out of your device. This is more common on Android devices than computer operating systems.
So far, at least, targets for ransomware have traditionally been corporations that store people’s personal data like social security numbers, addresses, date of birth, and so on.
Hospitals are a big target because:
They need access to their data immediately and are more likely to just pay to get it over with right away and get back to business.
Hospitals typically use outdated software that is not kept up-to-date with the latest security in place.
Because so many people’s data gets taken hostage, the ransom-takers can ask for a larger “ransom” than they could ask, for example, a single stay-at-home mom for.
Other popular targets include corporations, airports, and banks.
However, ransomware that attacks android phones has affected a lot of average citizens over the past few years. People find themselves locked out of their phone, along with a message to pay $300 or $500 to gain access again.
And ransomware attacks are on the rise. Just because you haven’t been attacked yet doesn’t mean you won’t be attacked sometime in the near future.
So what can you do to protect yourself?
How to Protect Yourself
Make a Backup
The best thing you can do is duplicate your files and data – make a backup of it and store it somewhere else. You can use online storage or you can purchase a backup external drive.
If you have a backup somewhere of all your data and someone comes along and locks you out – you can say “Whatever. I ain’t paying. I have another copy! Screw you”.
Yeah, it’s a pain to set aside time once a week or once a month to backup everything, but if you find yourself a victim of an attack, you’ll be so glad you took the time to do so.
I use the Seagate Backup Plus 5TB Drive. It’s $139.98 on Amazon, but it’s easy to use and is way cheaper than paying a $500 ransom should you get hacked.
If you find yourself a victim of an attack, immediately sequester that device. Disconnect it from the Internet, and disconnect from any other connected devices to keep it from spreading.
Don’t visit suspicious websites, don’t click on links in emails, and don’t download email attachments from people you don’t completely trust.
Keep your software updated.
Yep, it’s a pain to sit there and wait for 30 minutes while your OS updates, but you need to do it anyway. Seriously, do it!
Consider using a VPN.
Especially if you find yourself using unsecured public wi-fi, invest in a VPN. I use Private Internet Access, and it costs me like $30/year and covers 5 devices.
I’m sure you already know this, but it’s amazing how many people fall for the same old tricks even today. If you get an email from Paypal or Microsoft or whoever with a message that saying “We need you to verify your account” (or whatever), don’t click that link. Open a new tab, go to the official website yourself, and ask them what they have to say about it.
And no, you the IRS didn’t find an error on a tax return you submitted 20 years ago and now they owe you $10,000.