Ransomware, which victimizes individuals, businesses, and all other organizations alike, is malicious software capable of stealing, and making inaccessible, data and files from computers, smartphones, servers and connected devices, such as smart thermostats, connected toys, voice assistants and other Internet of Things (IoT) gadgets. Such data provides deep insights into the lives of the associated individuals (the data subjects), which often results in significant privacy breaches, and resulting privacy harms.
The criminals who deploy ransomware typically request money in exchange for the return of accessibility to the stolen files. They keep the dollar amount low enough to tempt most victims into paying the fee; individuals typically are required to pay less than small businesses, who in turn are required to pay less than larger businesses.
Often, however, victims will pay and not get access to their data back, or the crooks will keep copies of the data, after returning access, and continue to use the data in fraudulent ways. The ransomware software is typically installed through the use of social engineering ploys, such as phishing emails, often with pointers to malicious websites, designed as legitimate communications from trusted sources, such as well-known acquaintances and popular brands. Ransomware is also increasingly being planted through unpatched systems, and by exploiting security vulnerabilities in systems and applications.
Cyber criminals do not need to be sophisticated to pull off a ransomware attack. There are more than 150 variants of the malicious software, which can be inexpensively purchased on the dark web. Ransomware suppliers are making annual incomes of over $100,000 selling crimeware as a service (CaaS) software. Those purchasing it are making that much and more themselves.
As the infographic indicates, “Where there’s an Internet connection, there’s a datanapper.” The infographic walks through the ransomware threat posed by the dark web and the IoT, as well as in homes, workplaces, stores and even doctor’s offices. As stated within the infographic, “Datanappers love the way we live, always connected and happily over-sharing. While you shop, get a check-up, use smart cars, work or stream movies on the couch, the bad guys are right there watching, waiting for you to drop your data, or use lack of security controls to simply walk right in and take your data.”
Individuals, business leaders, and all other types of organization leaders need to devote at least 30 minutes to improving their ransomware protections to protect their personal data, preserve privacy, and maintain access to their other data. Usually the best way to deal with ransomware crooks is to not pay the ransom, and instead restore the stolen data from your recent backups. Here are four simple steps to take:
Delete unused apps. Games, especially, are often fronts for data collection entities. Even if you don’t use an app that you have on your device, it could be exfiltrating data from your smartphones, tablets, and other computing devices. Get rid of all apps you haven’t used lately to dramatically reduce the amount of data, a large portion of which is personal data, being sucked out of your computing devices without your knowledge.
Patch your systems. You should set this up to happen automatically. Double check to make sure you have all of your devices set to auto install security patches and updates. This will plug many of the holes through which cyber criminals load ransomware.
Back up your files often. If you use a cloud backup service, double up and use a physical device, too. This will ensure you have access to your data and code to more quickly restore your computing devices if you do get his with ransomware. Make sure your local backup storage media is not attached to your computer, except when actually making your backups.
Keep aware. Make sure you stay up-to-date with the most recent ransomware scams. And keep your employees updated also. Everyone who uses a computing device needs to know about ransomware; how to prevent being a victim, and what to do if they do get hit by ransomware. I provide free monthly Privacy Professor Tips that you can sign up for to help with staying aware and up-to-date on the latest scams.
I recently visited the folks at CW Iowa Live morning show to discuss ransomware. You can see more tips and facts I provided by watching the video from that visit.
I look forward to covering the wide range of privacy issues that must be addressed by every business, and every individual, in the coming months within this blog feature!