It sounds almost like science fiction, even in this cyber age: A thief hacks into your computer and encrypts your files, meaning, scrambles the information so you can’t make sense of any of it. He demands you pay him a big fat payment to “unlock” the encryption or to give you the “key,” which is contained on the thief’s remote server.
You are being held ransom. The FBI’s Internet Crime Complaint Center has sent out a warning to both the common Internet user and business people about this ransomware, says an article on arstechnica.com.
And if you think this is one helluva dirty trick, it can be worse: The thief gets your payment, but you don’t get the cyber key.
The article says that the biggest ransomware threat is the CryptoWall. The FBI’s IC3 has received reports from 992 victims of this ransomware, but it’s estimated that there are many more victims who have not notified the IC3 (would you or your friends necessarily know to do this?) and instead just paid the ransom—or didn’t, resigning to never being able to access their files again.
In addition to the ransom cost, there are also the costs associated with cleaning up the mess, and the fallout especially hits businesses, because they suffer lost productivity and having to pay IT services.
The arstechnica.com article quotes Stu Sjouwerman, CEO of KnowBe4, a security training company: “CryptoWall 3.0 is the most advanced crypto-ransom malware at the moment.”
According to the IC3, there are $18 million in losses associated with CryptoWall, but remember, that’s only what has been reported. Many businesses do not notify the FBI of breaches: the ransom payment as well as the heavy cost of impaired productivity.
How does an individual or business avoid getting sucked into this trap? The FBI offers the following recommendations:
- Back up all of your data on a regular basis.
- Protect all of your devices with antivirus software and a firewall—from reputable companies.
- Keep your security software updated.
- Clicking on a malicious website could download ransomware; therefore, you should enable pop-up blockers that will prevent these dangerous clicks.
- Do not visit suspicious websites.
- Avoid clicking on links inside e-mails.
- Protect your WiFi connection. A criminal can insert a virus on your device while on unencrypted WiFi. Use a VPN, a virtual private network encrypts your data over free WiFi.
- Avoid opening attachments that come from strangers or people for whom it would be out of character for them to send you an attachment or who’d have absolutely no reason to. This includes the IRS, UPS, Microsoft, Walmart, etc.
- CryptoWall can still make its way into your device if you’ve clicked on a malicious ad that’s on a legitimate website, says the arstechnica.com article. Here is where an updated antivirus software program would come into play to detect the malware.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.