Ransomware Holds Computers Hostage for a Price and What You Can Do to Avoid It
Almost as bad as the blue screen of death and completely preventable.
The New York Times ran an op-ed piece at the beginning of January about how a woman had to help her mother deal with a computer virus, but this was no ordinary virus that a purge of a hard drive or a computer expert can fix. This is something far worse and, quite frankly, terrifying, particularly if you don't know much about computers.
The threat called "ransomware" inserts itself onto your machine, normally via an infected attachment. It then presents a warning on the screen that all your files are locked and to receive the decryption key, you must send money via BitCoin (yes, BitCoin) to the hackers. The price goes up if you don't pay in an allotted amount of time as demonstrated by a freaking countdown clock on your screen. If you miss the final deadline, your files are lost forever.
Sure, you say, I'll just call my nephew. He's a whiz with those things. Wrong. These hackers are using something called CryptoWall 2.0, which is so ridiculously complicated, even professional computer experts can't decode it. Their advice, according to the story, is to just pay the ransom or lose your files. What?
This highlights a continued problem with computer viruses and malware akin to anti-vaccination people who are now infecting perfectly healthy kids with the measles. Most people just don't take simple precautions that can prevent such problems.
In fact, there are three things you can do immediately to avoid this and other forms of damaging software. They won't stop everything, but they will protect you from most and I bet you aren't doing any of them right now.
Don't open attachments from people or businesses you don't know.
You would think that given the two decades of time e-mail has been available for regular folks they would have figured out a file attached to a strange e-mail should be deleted and NEVER EVER opened. Then again, there are still people falling for the Nigerian prince scams and posting privacy notices on Facebook. Companies don't send you attachments. In fact, if you get an attachment from any e-mail you don't recognize, delete that damn e-mail immediately. Don't wait. Don't think about it. Just stomp it out.
Back up your computer regularly.
Some 15 years ago, the hard drive on one of my former computers crapped out without warning. By the time I got it to an expert, nearly a third of my files -- including photos, business documents and important e-mails -- were wiped out for good only because I didn't have any backup storage. Here's the thing. Cloud storage and back up hard drives are insanely cheap. Google Drive charges like $10 a month for a terabyte of storage, likely more than your computer can hold. Small, portable drives that sit on your desktop cost around $100 or less. There is now literally no excuse for not backing up your computer files.
Had the woman in the NYT story backed up her files, her daughter could have foregone the search for a BitCoin ATM (yes, those are a real thing), wiped out the infected drive and started over with backup storage. She didn't and it cost her cash money.
Change your passwords.
There is a really weird argument I've had with people about passwords that goes something like this.
Me: You should use a password service to store all of them. Then you could use complicated passwords and not have to remember them. Person: Yeah, but what if the hackers got into the password service? Me: So, you're comfortable with a password of Password1 for your bank account but you won't pay a service to encrypt your passwords for you? Person: Pretty much.
This is dumb and dangerous. Hackers aren't idiots. They are sophisticated. It only takes one to figure out your universal password is the name of your first boyfriend plus the birthday of your best friend. Suddenly, boom, your bank accounts are drained and someone just ran up $30,000 in online gambling debts on your credit card, all because you couldn't change your passwords.