Follow the ransomer’s demands.
This is what you should do if someone hijacks your computer with malware, FBI agent Joseph Bonavolonta told attendees last month during Cyber Security Summit 2015 in Boston. Bonavolonta, the assistant special agent in charge of the FBI’s CYBER and Counterintelligence Program in its Boston office, startled many of those present when he said about the threat of ransomware that “the easiest thing may be to just pay the ransom.”
Ransomware is a type of malware that when downloaded onto your computer encrypts all of your data, making the computer inaccessible to you. A message appears on your screen telling you that your data has been encrypted, and if you do not pay a ransom — often in bitcoin — within a short period of time, all of your data will be destroyed.
Companies, governments attacked
This is not an idle threat. Code Spaces, a code-hosting and software collaboration company, went out of business last year after hackers destroyed its data. The company had refused to pay a ransom after falling prey to a ransomware attack.
Ransomware has been used against companies, law firms and even police departments. The Durham, New Hampshire Police Department refused to pay a ransom in 2014 and had data destroyed. Fortunately, the department backed up the data and did not lose anything. The Swansea, Massachusetts Police Department did not back up its data and paid the ransom in 2013.
Individuals are targets, too
But it is not just businesses and governments that have been the victims of ransomware. Individual computer users also are frequent targets of this malware bought and sold on the Internet’s version of a black market.
In the 7 years that ransomware has been a problem, the programs have become incredibly sophisticated, which is why Bonavolonta suggested that paying the ransom may be a choice to consider. However, by taking some basic precautions, you can protect yourself from an attack.
How to protect yourself
As with many types of malware, victims often unwittingly download it after clicking on links in phishing emails. In addition, some ransomware is spread through malvertising, which is legitimate-appearing advertisements found on genuine websites that carry ransomware. Click on the ad link, and you’ve just downloaded the ransomware.
So how do you protect yourself from ransomware?
- Your protection starts with a good firewall, good anti-virus software and good anti-malware software. It’s important to note, however, that the latest incarnations of all malware — including ransomware — are always going to be at least 30 days ahead of the security software patches you will be sent to update your security software. That being said, many people still fall victim to older forms of ransomware and other malware because they have failed to update their security software in a timely manner.
- Avoid clicking on links in emails and text messages unless you are confident they are legitimate. This is always good advice.
- Finally, back up your data both in the cloud and offline. Nothing can guarantee that you will not become a victim of ransomware, but by having your data backed up, you won’t have to pay a ransom.
Steve Weisman is a lawyer, a professor at Bentley University in Waltham, Massachusetts, author of “Identity Theft Alert” and editor of the blog scamicide.com.