One ransomware attack seems to be behind us but experts warn one or more could be right around the corner, making it more important than ever to protect your information and your wallet.
The WannaCry ransomware attack hit Europe and Asia hardest, with the perpetrators demanding victims pay up in order to get their own information back.
Cyber Scout Chairman and Founder Adam Levin says ransomware is a more modern version of hacking but is one where the criminals have even more leverage.
“Ransomware is basically malware. It gets on your computer and it encrypts the files. Then you have to pay a ransom in order to get those files decrypted,” said Levin, noting that paying the ransom usually does result in you getting your information back.
“Ransomware is the new black. Instead of having to break into a system, get your hands on the data, exfiltrate the data, put it on the black market, hope you can sell it for a certain amount of money depending upon what it is,” said Levin.
“With ransomware, it’s almost instant return. You basically lock up a computer, terrify the computer user and basically say, ‘It’s not longer about what your information is worth to someone else. It’s about how much is your information worth to you.’ Unless you have a backup system in place, you’re in a lot of trouble,” said Levin.
How does ransomware get in a position to take over your files?
“Ransomware can get on your computer in a variety of ways. One, which we’re seeing occur right now worldwide, has to do with a vulnerability in a Microsoft program. Generally, it involves expired but not supported Microsoft systems as well as pirated Microsoft software,” said Levin.
So far, Levin sees little impact on Apple customers, pointing out that they are very unlikely to install Microsoft programming.
However, neglecting to use updated software isn’t the only way ransomware can burrow into your system.
“Another way to get ransomware is if you click on a link or you download an attachment. It could put malware on your computer. All of a sudden there will be a skull on your screen with a tacking clock, counting back from let’s say 90 hours. If you don’t pay a certain amount in Bitcoin, either your files will be deleted or they will be encrypted forever,” said Levin.
Levin says the Bitcoin aspect of the attacks makes it very difficult to track down the perpetrators. Even worse, many of the hackers operate in nations where the governments are OK with that sort of extortion.
But even in the United States, the government is way behind in dealing with this threat.
“If the NSA had notified Microsoft when they found the vulnerability, as opposed to theoretically notifying Microsoft when they learned that hackers were going to release information about tools and vulnerabilities, then we might be better off than we are today,” said Levin.
“When you hear things like the Apple vs. FBI debate and you hear people in government saying, ‘We need a back door to encrypted systems,’ this is a perfect example that when government gets their hands on a back door it is highly unlikely that they will be able to properly protect it,” said Levin.
Levin says there are plenty of steps you can take to reduce your chance of becoming a victim, starting with paying attention to and installing your software updates.
“Don’t think of these things as mosquitoes to be flicked away. There’s a reason why these updates are sent to you. Often times it’s because a vulnerability has been discovered. That vulnerability has been patched, and they’re trying to get you to make sure that what you have on your system is as up to date as possible so you can be best protected,” said Levin.
Levin says if Microsoft customers had installed their patches, they would not have been hit with the WannaCry ransomware. He also says Asia and Europe got hit hardest because people there are far more likely to use expired or pirated software.
Another key to avoid being stuck at the mercy of internet criminals is to back up your information.
“Make sure that the data on your network or the data on your device is backed up. But you can’t just back it up on your device or on your network. You literally have to back it up to an independent system that is not connected 24/7 to your network or your computer or your mobile device,” said Levin.
He says the independent system should only be connected to do the backup work and then disconnected or else that source can be compromised as well.
If you’ve already been targeted, Levin says you really don’t have many options.
“In general, if you get hit with ransomware, the bottom line is either you pay or those files could be encrypted forever or deleted,” said Levin.