Digital Dangers: Ransomware

Ransomware is, in effect, a monetized version of malware.  Ransomware is malicious software designed to extort money from its victims.  Ransomware takes control of victim data and threatens to publish or purge pending payment.

The rise and spread of ransomware are of concern globally and locally.  Recent reports of WannaCry, Petya and NotPetya, amongst others, wreaking havoc on international systems are becoming more frequent.

Earlier this year, SchoolManagerJa, a cloud based grade administration tool for local educational institutions, found its data externally encrypted, thereby blocking their access.  The hackers demanded the handsome sum of US$5,000.00 for the release of the data.

Neither SchoolManagerJa nor the 14 schools affected paid the ransom.  In a Gleaner report, SchoolManagerJa owner Michael Dingwall commented, “I can't pay them. Even if I should pay them, it's almost certain they would not unscramble it [the data] because what they did is a crime. All I would be doing if I pay them is contribute to a crime to help them to do this to other people, and, perhaps, to come back and do it to me in the future.”

Many other local cases remain unreported.

Ransomware is disseminated in various ways with phishing and click bait being common ways malware can infect systems and exploit security holes, like outdated and vulnerable operating systems (OS), to launch its destructive capacities.

Hackers often request payment in Bit Coin, a hard to trace crypto-currency.  Security experts advise victims not to pay ransom for data because there is no guarantee of recovery.  Further, each payment provides encouragement to hackers to deploy ever improving ransomware efforts.

There is no foolproof way to shield your system from a ransomware attack, but by following these seven steps, you increase your odds of keeping your data safe.

Tip 1: Schedule and run frequent security checks

Tip 2: Install or update to the latest OS, software and security updates and patches

Tip 3: Update and run anti-virus and anti-malware software frequently

Tip 4: Encrypt and frequently back up sensitive data

Tip 5: Create a unique username and password for every account and change regularly

Tip 6:  Clear cloud based messaging app conversations

Tip 7: Beware of public Wi-Fi; use a VPN, private browser and a firewall for maximum protection

RJR's Tech4Life airs on @RJR94FM every Wednesday at 8:15 am

Digital Dangers - Quizzes and Memes

It all seems so cute and innocent.  A friend posts a list of all the great concerts they attended to their timeline and encourages you to do the same.  Or maybe, you saw a friend post results from a quiz that revealed something new and you consider trying it too.

STOP.

Be very wary of Facebook quizzes and memes!  It’s true, they may seem fun, but they can also be dangerous.  Yes, dangerous!  Think about the information that you share - Pages you like/places you do business. Mom’s name in the About Me section/security question and answer.

These unassuming quizzes may deliberately, or unwittingly, reveal your personal data to third parties like marketers or hackers.  They are not necessarily as harmless as they purport to be.  At worst, they are click bait, designed to lead users to other sites.  At best, they reveal personal information that in the wrong hands, can be extremely damaging.

Spotting the Danger

Let’s start with the third party quizzes that are prolific on Facebook and that FB is actively trying to limit.  Some of these quizzes do ask permission before posting in your name to the platform.  When they did, did you read their privacy policy?  I’d be willing to bet you didn’t.  If they have access to post on your behalf, what else could they post as you?  How would friends know that you didn’t really initiate the post?

Let’s look at the memes.  Unlike the third party apps, memes just appear as a post from a friend with lots of personal information on them and an invitation for you to share as well and “continue the chain”.  But take a closer look; the answers being revealed are often closely related to common security questions or can provide clues for an effective spear phishing attack.

Steering Clear

If you’d like to avoid unnecessary exposure to hacking and targeted marketing, I highly recommend that you stop using Facebook, Twitter or Google to log into third party apps.  Also, take a moment to review, and as necessary revoke, third party app access to your accounts.  I know it’s tedious, but it is recommended that you have a separate username and a strong, long, unique password for every account.  No short cuts (unless of course, you consider a password manager as a short cut, in which case, go right ahead).

Be vigilant in the protection of your privacy.

Tech4Life airs every Wednesday morning at 8:15 AM