Ransomware: Could Your Data Be Held Hostage?
Cyber-security researchers from the University of Kent have reported a disturbingly high rate of ransomware infections, such as CryptoLocker and CTB Locker, among Internet users. Ransomware, malicious code used to make illegal demands for money, was previously regarded as fairly rare. The new research suggests that one in every 30 malware cases is a ransomware infection, representing a major hazard for today’s Internet user. The researchers also pointed to a lack of basic cyber-security among users, with more than one-quarter of respondents stating that they did not use any security at all when connecting to the Web.
Many ransomware infections rely on fraud; fake antivirus warnings that try to trick users into paid upgrades are one example. Simple extortion is increasingly common, however, with many varieties of malware now using threats to press their victims into handing over their money. One such infection, known as CryptoLocker, blackmails users by encrypting their files. The locked data can’t be accessed until the victim pays for a numerical decryption key.
Users with offline backups can simply restore their files after ensuring that the system has been cleaned. Unfortunately, if users find that they don’t have backups available, or their online backups have been infected as well, they’re placed in the unenviable position of choosing whether to give up their money or lose their data forever.
It’s a high-pressure situation for anyone, exacerbated by the fact that the criminals behind CryptoLocker only give their victims 72 hours to pay the initial ransom — typically around $600. If this isn’t paid before the deadline, they boost the price dramatically. Since payment is often demanded in Bitcoins (a digital currency regarded as harder to trace than conventional payment methods), the actual amount to be paid can vary greatly over a 72-hour period. Thousands of dollars can be added to the to the cost if the victim lets the deadline pass. It’s hardly surprising that in a Kent University survey of 48 ransomware victims, 17 revealed that they had felt compelled to pay the ransom. Victims of ransomware stand little chance of seeing their money again.
Yet there is a brighter aspect to the recent results, which is that relatively minor changes in browsing habits could make a major difference in malware infection rates. If the 28 per cent of Web users who claim not to use any security tools were to bring some basic defences into play, it’s likely that the number of infections by ransomware and other malware could be brought down substantially.
There are various reasons why a user might not employ security tools. Security software is seen by some as prohibitively expensive (in fact, many free utilities offer ample protection). Many users underestimate the threat, considering viruses and malware to be a rare occurrence. Prior to the resurgence of Apple, Macs were regarded as virtually immune to malicious code through a combination of a well-written operating system and their small market share. This is no longer the case today; malicious software for the Mac and other Apple platforms is growing steadily more prolific and virulent.
Most operating systems have a built-in firewall which users can easily enable. Windows users have always had an abundance of security software to choose from; Mac users, once undeserved, now have a strong range of options too. As well as big names like Kaspersky and Norton, there are many good-quality free antivirus solutions available such as Sophos Home Edition. AdAware and Avast Antivirus are available for both Windows and Mac. For Windows users, Microsoft’s own Security Essentials is free to download. Another good free antivirus application aimed specifically at Mac users is Intego VirusBarrier.
As well as desktops and laptops, users shouldn’t neglect security on tablets and smartphones. Mobile devices can be vulnerable to infection, giving criminals access to user IDs and passwords; they can also serve as a vector for malware to infect other devices. You can obtain security software from your phone’s online app store.
Other useful security tools include password managers, which allow long, complex passwords to be generated for each Internet account (email, banking, social media profiles, etc), and then stored in a single password-protected location. Most popular browsers now have a range of extra security measures, including private browsing, browser add-ons and applications to keep users safe while surfing.
Just as important in keeping your computer free of ransomware and its like are good security habits. Take regular backups of your important files and keep them somewhere safe and offline, preferably in more than one location. Most importantly, never give out usernames, passwords or other information that could be used to access your computer; and don’t download software or other files (codecs, music, video clips etc.) unless you know exactly what they are and trust the website. Avoid opening suspicious emails from senders you don’t recognize, as these may contain malware or other exploits.
You should always keep your software updated, not just your antivirus and operating system, but any other software you run on your computer. Unpatched software can leave known security vulnerabilities with open. Clearly, this can create a problem if you’re using an older OS that’s no longer supported, such as Windows XP.
Computer security can seem like an annoyance, but the minimal investment of time required to implement basic security is a small price to pay compared to identity theft, losing your valuable information — or paying criminal hackers thousands of dollars just to recover your own data.