Watch out for CryptoWall. This malware leads the pack of fast-moving ransomware that, according to Trend Micro, is the chief cyber threat to businesses.
In fact, CryptoWall was very lucrative for hackers, raking in $18 million in a little more than 12 months. This tells us that businesses are giving in and paying the bitcoin ransom.
How does ransomware work?
- It may all start with an e-mail with a subject line that lures the user into opening the e-mail.
- Inside the e-mail is a message and a link. The message tricks the user into believing they need to click the link. The message could be made to look like it came from the user's boss at work, company SEO or HR department; FedEx; their bank or medical insurance carrier; or some sweepstakes winnings.
- Clicking the link downloads a virus.
- The virus encrypts computer files (scrambles them up so that the user can't make sense of them).
- But no problem: Just pay the ransom and you'll get the "key" to unlock your files!
- This is a real mighty problem if you don't have all your data recently backed up.
Steps to Take if You're Held Hostage
- Retain all communication from the hacker.
- Inform the hacker you'll pay, but that you need some time to get the money.
- But that's not what you're actually going to do.
- Report the extortion attempt to the police. At best, this will be on the record; the cops won't or can't do much.
- Delete all the infected files.
- With your backup system, download clean versions.
- Hopefully, all of your other files were already backed up (USB drive, cloud service).
It shouldn't reach this point to begin with. There are ways to tell if your computer is infected with any virus (e.g., runs awfully slow, programs open and close on their own), but how about an ounce of prevention is worth a pound of cure?
- Use security software including a firewall; keep everything updated.
- Never use public Wi-Fi (it's unsecure) unless you have a virtual private network installed to scramble your activity.
- Use the most up-to-date versions of your operating system and browser.
- Regularly back up all your data.
- Never open attachments or links inside e-mails.
- If you're an employer, implement a rigorous training program for employees to recognize social engineering attempts from hackers.
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.
Top of Page keyboard_arrow_right