Ransomware has been all over the news recently. First it shut down an important pipeline on the East Coast of the US and then meat processing plants. Criminals have been hitting these high-profile targets because they often lead to huge paydays. Big companies often have some sort of insurance which cover payment of ransoms. But that doesn’t mean the criminals won’t come after a small company or an individual.
First, let me refer back to a post from 2013 entitled Cryptolocker Strikes, The Price Has Gone Up. This particular attack cost the victim around $800 and a lot of stress and time. The current price may be higher or lower, but there are a number of things you can do to make the likelihood of an infection lower and ways to protect your data should you get infected.
Russian Keyboard Trick
Recently I learned of an interesting “trick” for protecting yourself and I did take this precaution myself. In short, the suggestion is to install a Cyrillic keyboard on Windows. Doing so causes no harm and it could prevent an attack because most criminals won’t attack their homeland (Russia and neighboring countries). I’ll refer you to Try This One Weird Trick Russian Hackers Hate from security expert Brian Krebs. Does it work? Read Will Installing a Russian Keyboard Save You From Ransomware? for another expert’s opinion.
Now let’s talk about some of the tried and true methods for protecting yourself. One of the best methods is to have a security suite installed. It should cover things like viruses, malware, firewall and many now have a ransomware component. I’ve been a long-time user of the ZoneAlarm Extreme Security Suite. It covers all the of the items listed above and much more. While it has warned me of a potential threat a few times, I’ve yet to be infected in more than 15 years of usage.
In dealing with friends and clients, I am constantly shaking my head at how they manage their passwords. Even worse is they still use passwords easy for them to remember on almost every site. Folks, this is a sure way to get yourself hacked and/or infected! If you can remember a password, it isn’t a good one. I’ve been using Rofoform for longer than I can possibly remember. It stores hundreds of passwords for me and they are completely random. There is even a password generator that creates crazy passwords for you. While this may sound complex, it truly is seamless to have complex passwords and easy logins. Download it for free and give it a try!
Turn on Two Factor Authentication (2FA)
Most of you have likely experienced 2FA in action. You try to login, but you have to wait to receive a code via email or text to complete the login. It isn’t fun and can slow down the process. But this extra hassle also makes it much harder for the bad guys to login and do bad things. So turn it on where possible and use it!
Many users have little to no backup plan. If you don’t have one, please get one. In order to protect yourself from ransomware, you need to backup to either an external drive that gets disconnected from the computer or you need to backup to a cloud service. This way if you computer gets infected, it doesn’t also infect your backup. Look to WD My Passport Portable Hard Drives Perfect for Backup for information on a large external drive that can help you with this. Go ahead and get yourself the WD Passport Portable 4TB drive.
I’ve talked to a few folks after their security has been compromised. Somewhere in the story they mention an email and something they clicked on. They knew it didn’t look right but they clicked anyways.
If you get an email with attachments, take time to inspect it. Do you know the sender? Be extra cautious clicking on anything attached. In cases where you know the sender, were you expecting them to send you something? This can be another red flag that should cause you to think twice before opening. Would it truly hurt to send them a text or a return email and ask if they meant to send you something? Better safe than sorry.
Look at the actual file name of the attachment. It isn’t uncommon for rogue attachments to have a goofy file name. Before clicking, try to verify the veracity of the file. If it is truly something important, a little time will likely make that obvious to you.
Bad Email Example
As I was writing this post, a great example of a scammy email came in. It did get automatically marked as spam, but I do check my spam folder regularly to see if anything good got marked incorrectly. Look at the graphic and then we’ll discuss the red flags.
First, it came as a reply to one of our newsletter emails that many of you receive. Getting responses isn’t abnormal. But this was a reply to one that was sent nearly two months earlier. That was the first red flag. I’ve blurred out the email address, but it was a legitimate subscriber.
As we look at the body of the email, it says the contract has been updated. I knew there was no contract so this was a dead giveaway that it was something I wouldn’t click. If there truly was a contact, I think the sender and I would have had some previous discussions about it.
Next was a link to a long and somewhat fishy looking address. I’ve blurred the end of the URL so none of you actually try to visit the URL. Below that is a password which implies I’m downloading a zip file that is password protected. More likely that download link will deliver something to infect my computer with a virus, malware or ransomware. It may even make my email send out spammy messages like this.
I can’t stress enough that if anything at all looks weird, do not click! If I had any thought it was legit, I could reach out to the sender in a separate email and ask if they had intentionally sent me a contract.
Be Smart and Alert
The bad guys really want to take advantage of you because it is big business. Should you choose to dismiss the idea of protecting yourself, the chances of being attacked will be much higher. Be smart and protect yourself. Take care of what you click. While it may be a hassle to do this now, it could save you from disaster and big dollars down the road!