Simple precautions and a bit of skepticism can help protect you and your information
“The harddisks of your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key. …”
This poorly written message spread across thousands of computers in more than 60 countries earlier this year. People who received the alert were given instructions on how to buy this software key. Meanwhile, they couldn’t access anything on their computers: no documents, no photos, and no important files. Essentially, their computer was rendered useless until they ponied up the ransom.
Ransomware attacks like this one—in which criminals demand money before they give back control of a device—were big news this year because they hit the computer networks of large corporations around the world. Ransomware schemes have existed since the 1980s, but today a digital infection can travel faster and farther than before because millions of devices are connected via the internet.
How It Happens
Ransomware basically functions like other types of software attacks, including phishing scams. A phishing email appears to come from someone you know or an institution you recognize (your bank or your health care provider, for example). The message typically includes a link to a website and mentions details or an offer that the sender hopes will grab your attention. For example, you might receive a message telling you to update your health policy information immediately or stating there has been some suspicious activity on your account.
Clicking the provided link takes you to a bogus website that, although it appears to be legitimate, may automatically download malicious software to your device. Or, the site may ask you to download a file. Alternatively, the site may ask you for important information. You may even be told you have a limited time to provide this information.
Once that malicious software is downloaded to your computer, tablet, or phone, the criminal is inside your hardware. The damaging software, called malware, can then take over your device and control its every action. Your computer can be used to attack other computers or be harnessed with other computers to launch a massive attack on a large network in what’s termed a zombie attack.
The malware gives the criminal access to every bit of information you’ve stored on your device. The perpetrator can poke around for account numbers, passwords, and all the other confidential data you maintain. Some malware is able to record every key you type—including passwords and personal communications—and send that record to the criminal.
Steps to Stay Safe.The rules you use to stay safe in the physical world also apply to the digital world. If it sounds too good to be true, it is. If you have any doubt about a message, delete it. Here are some other ways to avoid online scams.
Think first. You may be told you need to click on a link, open an attachment, download a document, or provide information. Don’t do it, even if you are promised lifetime income or a free gift card to your favorite store.
Limit the personal information you provide online. Think twice before sharing something on social media. Set aside one credit card for online shopping or other transactions.
Do not assume. An email message doesn’t necessarily come from someone you know, even if you recognize the name. Banks, insurers, and other institutions will not usually ask you for important information through email. If a message contains a link, do not click it. Check with the organization or person who is listed as the sender to make sure it’s legitimate. The only way you should access your bank or insurer’s website is by typing their online address into your browser.
Use strong passwords. Hackers love obvious passwords like 123456 or a birth date. Make up something you can remember but no one else could guess. Use two-factor authentication if a service provides it. Google, Facebook, and other big online services offer this feature, which uses two forms of identification such as a one-time code sent via text message and a password sent to your email address. And protect your laptop, tablet, or smartphone with a good password, too.
Install antivirus or antimalware software on your devices. Then, keep it updated. Update your operating system as well. Hackers look for soft spots in commercial software, like Windows and iOS. Software companies send updates or patches to fix these weaknesses.
Back up your files. Copy them to a hard drive that is not connected to the internet. You won’t lose your information if struck by a ransomware attack.
Guard your health plan member ID card like you would a credit card. It contains information that a scammer could use to get care or acquire other services in your name. Report a lost card to your insurance company right away.