Why own something when you can rent it?
Ransomware is one of the most challenging security issues on the internet. Hacking has become one of the biggest forms of cybercrimes.
Today hackers use software flaws, bypassed passwords and other techniques (like phishing) to gain access to your devices. Malicious software, or ransomware, can allow criminals to hold your data hostage, steal information that can be used in identity theft or to commit fraud.
We look at how to protect yourself against cyber-attacks and keep you safe from online fraudsters.
What is ransomware?
Malware is a broad term for the types of nasty software that cybercriminals and fraudsters use in email attachments and on infected websites. And ransomware is a particularly malicious sub-genre of malware, which encrypts all the data on your computer and demands payment in cryptocurrency for its return.
It’s a ruthless money-making scheme – if you don’t pay the ransom, the data is deleted, which can lead to a significant loss.
The first ransomware came on to the scene in 1989, when infected floppy discs were distributed at an international Aids conference. While it was rare until the recent rise of Bitcoin, today it is a massive criminal enterprise as hackers become increasingly sophisticated and, most of all, opportunistic.
A recent example: Criminals have used heightened publicity around Covid-19 in SA and the UK to commit fraud. People receive fraudulent texts on their phones, claiming they have violated lockdown laws and are asked to click a link to provide financial and sensitive information.
This is an example of phishing and your device could be inflected with malware.
How can you protect against ransomware and cyber-attacks?
While ransomware usually targets larger companies, individuals and smaller businesses (SME/SMBs) are also at risk. ‘Prevention is better than cure’ is a saying that applies to your defence strategies.
Here are some tips that may help you protect against you against an attack on your personal, home or mobile devices.
Keep your anti-virus up to date
Computer viruses are almost always invisible – you may not even know that you have one until it’s too late. Which is why you should always install a personal firewall product and an anti-virus protection product for your devices (including mobile devices).
The firewall sits between your computer and the internet like a ‘security guard’ – it restricts what can enter and leave your computer.
Often hackers try to access or infect a computer by connecting to your computer while you’re browsing the internet. The best way to protect your computer against unauthorised connections from the web is to install a personal firewall. There are several on the market, some of which are free.
At first, the firewall may ask you what you want to allow in or out your computer. However, it soon learns to make these decisions independently, based on the decisions you make early on. The most important point is never to allow anyone else to connect to your computer.
Make regular back ups
It goes without saying that backing up your dataregularly should become an ingrained habit – if you have stored your information (email, images, important documents) on site, off site and in the cloud, then you won’t have to pay fraudsters a ‘ransom’ to get it back.
Sophisticated attackers will sometimes seek out back-up systems, then encrypt or lock these too. If you back up to an external hard drive or discrete device, you should keep these offline when you’re not copying over files – don’t leave it connected directly to a desktop or laptop where ransomware criminals can reach it.
Never open or respond to spam
Most ransomware is spread through fake email messages or links (also called ‘phishing’). Phishing is when fraudsters send thousands of emails in the hope that they will ensnare a victim.
Keep in mind, that spam may seem authentic.. However, there are often clues to alert you to a possible scam or fraud. For example, the fraudster may use a generic or no greeting in the salutation. Another ‘red flag’ is if they ask you to log into a site from a link in the email or request account or password details.
Often they will scare you by pretending there is a security issue that needs your ‘urgent’ attention.
It’s important to take time to read an email that is unexpected or suspicious. Fraudsters are counting on you being far too busy or worried so that you don’t think clearly and will do as they request.
Software updates help protect your data
Make sure you update your operating software and apps as soon as a new version becomes available. Operating systems and apps all have bugs or security vulnerabilities that hackers can exploit. In fact, the very reason new updates are deployed is to fix or ‘patch’ these security holes. In fact, most malicious threats are caused by security flaws that remain unrepaired because of an out-of-date operating system.
Keep in mind, you should only download updates from trusted parties (eg, Apple App Store or Google Play etc).
Secure your Wi-Fi network against intrusion
With Wi-Fi being the most pervasive method for connecting to the internet, many criminals use it as a vector for fraud.
If you have Wi-Fi at home, you should take some precautions against intrusion. At a minimum, you should change the name of your Wi-Fi network because this makes it more difficult for cyber criminals to identify what type of router you have. Don’t change it to your name or address as this makes it more recognisable and may leave you vulnerable to identity theft.
Furthermore, you should ensure you have a strong password to secure your Wi-Fi router. Many users make the mistake of keeping the manufacturer’s default password, which can be easily hacked if the criminal understands the particular manufacturer’s vulnerabilities.
Your friends and family may not like the length or complexity of your password, but it will keep you and them more secure.
Sign off, shut down, disconnect
As an added precaution, you could turn off the Wi-Fi on your phone or tablet when you don’t need it. Power off the router when you are not at home or if you are going away for a holiday or business trip to increase your cyber security.
The best password is an undetectable one
You should create and update any passwords that you use on the web at least every three months or so.
While single sign-on (offered by Facebook, Google etc) may be convenient, it does make you more vulnerable to fraud online. All a hacker needs to do is hack one password to gain access to any linked account.
Here are 5 practical ways to manage your passwords:
- Create different and strong passwords for every account
- Make your password at least 15 characters long; use upper and lower case letters and include numbers and symbols
- Never use information that can easily be found online (eg, your date of birth)
- Enable second-factor authentication for as many online accounts as possible
- Don’t store passwords on your computer, phone or tablet. Use a password manager (LastPass, 1Password, Dashlane etc)
Don’t plug in third-party USB sticks unless you trust the source
A USB stick or flash drive, which is used for data storage, can potentially infect your computer with ransomware. Hackers may infect a USB stick with a virus that, when run, will give them access to information to your computer or network (including logins, passwords etc). Many IT departments at companies don’t allow or block the use of USB device for this reason.
Due to their portable nature, USB drives are often lost or stolen – if you have used a flash drive to store and transport company or personal information, this can fall into the hands of fraudsters.
Sometimes cybercriminals use flash drives in social engineering fraud. For example, they may leave an infected USB unattended in an office hallway or public bathroom – if someone finds it and runs it on their computer out of curiosity or hoping to identify its owner, the criminal can gain access to your computer and network.
If you think that your personal computer or device has been hacked, keep one word in mind: Disconnect. You should immediately disconnect from the internet – including any shared network, Wi-Fi, hotspots and Bluetooth. As a possible remedy, you could download and install a virus scanner.
For more information on cybersecurity, visit Know Fraud.
Investec’s cyber security strategy
Investec has a dedicated team of cybersecurity experts that stay up to date with the latest events across the world to ensure our systems stay safe from attacks. We believe in a people-centric strategy, combining people, processes and progressive technology to stay one step ahead of online criminals.
Sources: Investec.com (Investec Know Fraud), Kapersky.com, Heimdalsecurity.com, Internetsecuritycentral.com, CsoOnline.com, ZNnet.com and Wired.com