The global rampage that ransomware WannaCrypt, or Wanna Decryptor, is currently on is by no means a new form of extortion. It is a relatively new method of attack, for sure, having been spawned around 2005, but the basic approach is the age old crime of kidnapping for a ransom, hence the name.
The first known case of a ransomware attack was actually recorded in 1989, and was called the AIDS Trojan. As you can imagine, it wasn’t very successful because the Internet itself was primarily used by scientists and researchers, and not many people had computers in the first place. But in the mid 2000s, ransomware made a major comeback, first appearing in Russia and other parts of Eastern Europe, and then gradually making its way to the rest of Europe and the United States, money obviously being the main motivation.
Essentially, ransomware is a type of malware or malicious software that locks up your data or your device (it could be a PC or even a smartphone) and demands that you pay a certain sum of money by a given date, failing which your data could be deleted forever. As with any kidnapping case, there is obviously no guarantee that you will get access after you pay. In most cases, says security company Symantec, victims never gain access.
How Does Ransomware Work?
Today’s ransomware is far more advanced than what it was ten years ago. Payment is generally demanded as Bitcoin to ensure the anonymity of the attacker, and rather than just locking or freezing up your device, the malware encrypts the data and files residing in it, following which the attackers demand that a ransom be paid to access a “key” that will decrypt the data and files.
For it to work, however, your system must be first be infected with the malware in question. This “payload” is either delivered through a network that is compromised, or because the user is somehow tempted or forced to click on malicious link, which action then proceeds to download the malware and infect the system, gaining all sorts of admin privileges and access to private information.
How Do Ransomware Attackers Pick Targets?
For the most part, attackers will look for weaknesses and flaws in security systems, but they can also hack into servers of large companies to get email addresses as targets for their phishing-based attacks.
Remember those Yahoo hacks that were exposed recently? That data is often sold on the Dark Web, the part of the web where search engines fear to go, and practically everything is anonymized and untraceable.
So, a hacker with ransomware on his or her mind can easily get a list of email addresses to target, or they simply look for networks with weak firewalls and other security protocols that can be hacked into and infected.
That means your home is at risk. Even if you don’t have a fully automated smart home at this point, all of us have connected devices that we use at home – from smart light bulbs to laptops to smart TVs and other “always connected” gadgets, most of us are already exposing ourselves to a high level of risk.
Fortunately, there are things you can do to protect yourself to a great degree.
How To Avoid a Ransomware Attack
There are essentially two ways in which you can avoid being targeted by ransomware attackers.
The first is obvious: never click on suspicious email and web links, and never download anything from an email that you don’t trust. This method of attack is extremely common, and is referred to as phishing. Phishing also involves collecting your personal or sensitive information on a web page, but phishing within the ransomware context is basically meant to ‘bait’ you into clicking a link or downloading the malicious software.
The second is not so obvious because it doesn’t necessarily involve direct action from the user. If your system is on a network where other systems have been compromised, it’s possible that your system is the next target. There are also solutions to address that, which we’ve covered in a subsequent section below.
Enhancing Your Security IQ
The first thing all Internet users need to do – right now, not next month or next year – is to educate themselves on cybersecurity happenings. I’m not talking about taking a course or anything, just being more aware by reading about what’s going on around us every day.
Ransomware attacks and phishing attacks are on the rise, and the Internet of Things in smart homes – the myriad connected devices we’ve piled up in our homes – only serves to increase the ‘surface area’ for an attacker to target.
Our exposed areas are getting larger, and attackers are getting smarter – a potentially explosive combination.
And that’s what we’re seeing with the WannaCrypt ransomware attacks that started last Friday. Networks are not secure enough, systems are old, and security simply doesn’t get the priority that it needs to. And the cost of that lackadaisical approach to security is what 200,000 victims are paying for this week.
What Can We Do, and Are We Doing Enough to Protect Ourselves Online?
Why do we spend thousands of dollars protecting our homes from burglars and thieves, and then suddenly become misers when it comes to online security? You can’t just install a couple of anti-virus packages on your PC and laptop and be done with it. There’s more a lot more that you need to do.
For example, why not sign up for a top tier VPN service such as IPVanish, so you’re completely anonymous when online, your data is encrypted and not even your Internet Service Provider can log your web activities? Essentially, it makes you virtually invisible when you’re browsing the web for any purpose. Learn more here.
Or invest in a premium anti-malware software for your systems, such as Kaspersky, or Symantec Norton or BitDefender.
If you want even more robust protection that companies typically have, then a home firewall device like CUJO is what you should be looking at. Such a service can alert you of phishing attacks and potentially harmful software, secure your home’s WiFi and even protect your kids when they’re online. Learn more here.
No one is 100% safe, and no solution is 100% fool-proof. But it would be foolish not to do everything we can to protect ourselves on the web. The Internet is a wonderful resource that allows us to accomplish much, much more than ever before, but it is also fraught with dangers that lurk around every corner.
Being smart about online safety and online privacy is not an option anymore. It’s a question of “when are you going to take some action?” We’ve given you the information and linked you to the right resources. Now, it’s your move.