It was an ordinary Tuesday late afternoon for John Doe; catching up with friends and family on Facebook and sifting through his email before dinner. As he was scrolling, he noticed an email from an old acquaintance he hadn’t heard from in a while. Normally, John is hesitant to click on an email that is unfamiliar as he knows it typically is junk, but he hadn’t heard from this person in ages and was curious what the email was about. John clicked on the attachment and that is when the problems began.
When opened, the attachment appeared empty and didn’t include any information. John responded to his friend. While waiting for a reply, he noticed his computer was really slow and then a large pop window appeared on the screen with an ugly picture of a clown and the words, “Your computer files have been encrypted…you must pay the ransom or your files will be deleted.”
What just happened? John was hacked with a malicious file by cybercriminals under the guise that it came from someone he knew. He subsequently paid the ransom to the hackers to get his files back.
Does this happen often? Alarmingly, YES! Cybercriminals are no longer just going after companies, but individuals like you and me, and they are doing it at an alarming rate. These online scams infect your computer in different ways including opening email attachments, clicking on links in emails, or sometimes even visiting a valid website that has been compromised by cybercriminals.
So what can we do to protect ourselves from these attacks?
• Backup all of your files religiously. Use an online backup that does it automatically for you like Backblaze, Crashplan, or Carbonite.
• Ensure that you are doing updates on your computer for both Mac/Windows operating systems and the various software programs that you have installed including Java, Adobe Reader, Flash, etc. This will ensure that any vulnerabilities that have been discovered and pose a threat are eliminated.
• Handle email with caution. Cybercriminals are getting better at disguising their phishing emails.
No matter how authentic the email looks, don’t open attachments or click on links inside unsolicited emails from friends, businesses, the IRS, or your bank. If it seems strange, call that person and verify they really sent you the file or link. Is it inconvenient? Yes, but it’s better than paying money or losing all of your files. It’ll be worth the extra precaution in the long run.
If you have been hit by ransomware, you have some difficult decisions to make. If your files are not backed up, you can either pay the cybercriminals for an encryption key to unlock them, or lose all the files and start over.
If your files are backed up with an online company, you can have someone help you wipe the hard drive and download your backup files. All of this takes time and is extremely inconvenient. It’s better to be cautious and verify the sender before clicking on attachments or links. If you are a victim of an attack, the FBI asks that you file a complaint through their IC3 site at IC3.gov.