Software Holds Data Ransom 

By TIR Staff 

The use of ransomware, a malware that gets into a device (computer, smartphone, tablet, etc.) and encrypts data locking the user out until they pay a ransom, is on the rise.

According to a February article at Forbes.com, a report by SonicWall, a cyber security firm, estimates attacks in 2016 at 638 million–more than 167 times the number in 2015. Last fall, the FBI urged victims to report the incidents citing new variants emerging regularly.

This image from Quarterdeck Technology hammers home the idea that losing your data is not the sole purview of computer attacks and users should back up their data on mobile or removable media.

“In addition to holding data hostage, it can lead to possible identity theft,” says EJ Liggieri wth Quarterdeck Technologies, a St. Pete Beach-based IT and telecom consulting firm. He also says the statistics are woefully underestimated because people are hesitant to report it.

“So you don’t know how bad the damage really is,” says Liggieri, “it’s definitely a lot of money.” Like $1 billion in 2016 as estimated by ZDNet.com, a 24/7 technology news site.

As with any hostage situation, a key question is do you pay? ”But what happens if it’s your kids’ pictures since they were three? How devastating would you be if you had ripped up all the old ones and just had them digitally? You might pay it,” he adds. Payments are demanded via anonymous currency accounts like bitcoin, and paying the ransom is no guarantee the data will be restored.

Ransomware and other malware is spread via phishing attacks, browsing the Internet and installing unsafe applications.  Liggieri says, “90 percent of computer problems are caused by clicking on links in email.” It starts when someone receives an email with a request to click on a link to get something: a file, photos, a special deal. It can be from someone you know which might not make you suspicious, but they could have been hacked. He suggests running the mouse over the link which pulls up the address so you can see where they are trying to get you to go. If you don’t recognize it, don’t go there.

Senders should also put specifics in the subject line or in the email so the recipient has a level of confidence that it is safe. “Click here to download the photos,” is very general and should trigger a flag. “Click here to download the photos from the chamber event on Tuesday,” should give the recipient more confidence that it is a valid email.

For periodic newsletters, be suspicious if they came out on a different day than normal or the formatting looks different.

“If you are on a network that’s public, like a guest Wi-Fi where you don’t have to login, it’s wide open so anybody can go on and tap into your device and see if you’ve got antivirus, anti- malware and firewall protection. If you don’t, there are a lot of tools out there that can be used to break into devices,” says Liggieri.

This graphic representation of the effects of ransomware is an FBI image. They encourage anyone who is attacked to report it immediately to the Internet Crime Complaint Center. Image courtesy of Quarterdeck Technologies.

“Make sure you have firewall, antivirus and anti- malware software installed,”he adds. A suite with all three should be adequate  for most people. Also, make sure to check for and download updates to the operating system and other programs. Also, make sure to check for and download updates to the operating system and other programs. Those updates have patches created specifically to counter the most recent cyber threats.  Those updates have patches created specifically to counter the most recent cyber threats.

Users also should back up their data to mobile or removable media. When a system is hacked, it will infiltrate anything that is attached to it. And don’t look to the cloud for help. Data stored on remote servers accessed from the internet are designed to replicate files each time the data changes. When data is hacked, it changes and it will be replicated in the cloud storage. Also keep in mind data can be lost during floods, hurricanes and other natural disasters too.

If you are hacked Liggieri suggests doing the following:

  • Immediately disconnect from wifi and the internet to limit the attack to one device if possible.
  • Wipe or reset your system to factory defaults.
  • Reinstall applications and data from offline copy of backup.
  • Seek professional help for further advice and assistance.

And report the crime to the Internet Crime Complaint Center, at www.IC3.gov.