By: Pamela A. Lee, Esquire
If you’ve never heard of ransomware before a few weeks ago, it is likely that the recent cyberattack-using the malware called WannaCry-brought your attention to your vulnerability of a cyberattack. Until now, your focus may have been limited to your vulnerability of catching some mildly annoying virus through the use of your personal home computer.
However, sophisticated cybercriminals are focused on making a lot of money for their “work” – which means attacking businesses, governmental agencies and academic institutions with larger bank rolls as well as everyday individuals using a personal home computer. Accordingly, your vulnerability also includes the vulnerability of your medical providers, schools, banks and law enforcement agencies. If you are a business owner, your vulnerability can include loss of income from production downtime, loss of your proprietary information, and liability exposure for any unauthorized release of confidential information.
Ransomware is malicious software (a/k/a malware) designed to deny you access to all your data on your computer system until you pay the ransom demanded-cybercriminals hold all of your files hostage until you pay a fee, or ransom. Some forms of ransomware may also threaten to publish or delete all of your data until you pay the ransom. Theoretically, once you pay the ransom, you will purportedly be given a “key” to unlock your data. Ransomware can attack personal computers, servers and even mobile devices.
How Is Ransomware Spread?
Ransomware can be spread through:
- Emails embedded with an attachment or a link;
- through social media;
- cold calls purportedly from Microsoft, Dell, HD, etc.;
- through pop-ups such as a fake warning that your computer has a virus or spam advertising; and
- search engine ads that redirect you to a warning page.
How to Avoid Catching Ransomware Malware
Almost needless to say, prevention is key. Don’t click on that suspicious link or document!
If you did not order a package, don’t click on an email purportedly from UPS or FedEx giving you a link to track a package. Don’t click on emails with attachments from people you don’t know. If you see an email or a social media post from a friend that says something like “check this out!” send a separate email to your friend and ask them what they sent to you.
The cybercriminals are getting smarter and more sophisticated: their emails and messages tend to no longer include obvious typos. For example, I get perfectly-worded emails daily purportedly from Charles Schwab telling me to click on a link to view a new message about “my account.” Funny thing is, I don’t have a Charles Schwab account.
If you receive an email from a financial institution-and you actually have an account with it-check the email address the email is being sent from. Is it the usual email address you receive emails from that institution from? If it does not look legitimate, go to that financial institution’s website and log in or give them a call.
In short, do not download and run any executable files from any links and do not open any files sent from an unknown source.
Be vigilant! Make sure you regularly back up your computer, server, and mobile device. If you are attacked, you can erase all the data-including the nasty ransomware-and restore your data from the backup. If you backup to the cloud, close out the application regularly and only open it to sync your data.
Regularly install all updates of your software. Notably, a few months before the WannaCry ransomware hit, Microsoft released a security update which would have prevented most of the havoc wreaked on so many.
Finally, in addition to your anti-virus software, obtain anti-malware from a reputable source. BitDefender, Panda, MalwareBytes and Avast all have reputable anti-malware tools.
Although the initial spread of WannaCry was stopped by a 22-year old cybersecurity analyst from England, cybercriminals are attacking the “kill-switch” fix he instituted to resume the ransomware attacks.
If you are infected with ransomware, you can pay with the hopes that you will obtain access to your data. However, many experts agree that you should not pay the ransom because there is no guarantee that you will get your data back. In particular, there have been reports that victims of WannaCry who paid the ransom are not getting their data back. The key is to reduce your chances of getting hacked to begin with.
The attorneys at the Law Firm of DiOrio & Sereni, LLP are experienced and available to help you. Contact Pamela A. Lee Esquire at 610-565-5700, or send her an e-mail at PLee@dioriosereni.com.