The FBI has recently warned that ransomware attacks are on the rise.
Over the last year, ransomware incidents have dramatically increased among businesses and consumers alike. Earlier in May, it was reported that even the U.S. House of Representatives had been a victim.
So what exactly is it?
Ransomware is a type of malware that accesses your files, locks and encrypts them and then forces victims to pay a ransom to get those files back. Users typically become victims when they click on an attachment or link that appears legitimate, such as an invoice or electronic fax, but which actually contains the ransomware code. Think of it as the “digital kidnapping” of your most valuable data – from personal photos and memories to client information, financial records and intellectual property. Consumers, hospitals, school districts, state and local governments, law enforcement agencies, small businesses and large businesses are all potential ransomware targets.
“As cybercriminals become more cunning and sophisticated, we must become more vigilant about basic digital hygiene and protecting our data and devices – including smartphones and tablets. There are simple things everyone can do like keeping all software updated, turning on two-factor authentication, backing up data in the cloud or other removable media and making strong passwords,” said Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA).
Email and social posts and even texts remain the primary ways cybercriminals are infiltrating computer networks. Therefore, NCSA strongly urges all Internet users to be very cautious about clicking on any sort of link or attachment that looks suspicious.
Cybersecurity is about resisting and preventing attacks and also being able to recover as quickly as possible after a cyber incident. In the case of ransomware, having a back up that can restore an impacted system is a primary defense as well as a pathway to resuming normal operations as soon as possible.
We can help protect ourselves against ransomware and other malicious attacks by following these STOP. THINK. CONNECT. tips:
Keep all machines clean. Immediately update all software on every Internet-connected device. All critical software including PCs and mobile operating systems, security software and other frequently used software and apps should be running the most current versions.
Get two steps ahead and protect core accounts such as email, financial services and social networks with two-factor authentication (also known as two-step verification or multi-factor authentication). Two-step authentication requires a second step, such as a text message to a phone or the swipe of a finger to be used in addition to a password to log on to an account. Visit stopthinkconnect.org/2stepsahead to learn more and view a list of the websites that offer two-factor authentication.
Back it up: Make sure you have a recent and securely stored back up of all critical data.
Make better passwords: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.
When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
To learn more about ransomware and malware and how to protect yourself, visit:
- National Cyber Security Alliance: staysafeonline.org
- Microsoft Malware Protection Center
- FBI Ransomware Brochure
- Symantec: Ransomware Do’s and Don’t’s