Ransomware, computer attacks are preventable
LITTLE CURRENT – Ransomware is the number one PC issue of the modern day, says Expositor production manager Dave Patterson, but there are many actions that both individuals and businesses can take to help safeguard themselves against such threats.
Mr. Patterson has been involved in the tech industry since 1989 and has worked with governments around the world as an internet security analyst. There, he assessed sensitive networks for vulnerabilities through penetration testing.
He has delivered presentations on computer security to professional and public audiences, including a free 2016 seminar on internet safety held at the Little Current-Howland Recreation Centre.
“The most important thing is to keep your computer up to date. Keep your Windows updated 100 percent,” said Mr. Patterson, offering some wisdom to Expositor readers to help keep them safe on the web.
Ransomware attacks have evolved in the last 15 years and sometimes pretend to be law enforcement agencies claiming to have found illegal content on their machine, such as child pornography. They promise to unlock the computer if a user pays a $50 ransom.
These are common in part because they demand small payments and it seems easy to pay in exchange for making the problem go away. But it’s rarely that simple.
“The problem is that nine times out of 10, the computer is never unlocked because the hackers never had the ability to do that in the first place. The number one rule is never pay a ransom,” said Mr. Patterson.
In addition to keeping one’s computer up to date, he recommended anti-malware software such as Bitdefender, as well as a backup program like Malwarebytes.
“In the industry, we refer to it as onion protection—multiple layers of skin to get through before you get to the core. That’s how you should always approach security,” he said.
Making regular, secure backups of data is crucial. Mr. Patterson said everyone should make three copies of their important data; those backups should be apart from the computer and, ideally, stored offsite or with a virtual cloud storage company that has servers in Canada.
“The first thing these viruses will do when they encrypt your files is shut off your virus scanners. Then they try to take out your backups,” said Mr. Patterson. “With triple redundancy, if something happens then you’ll probably be able to recover your systems in a couple of hours.”
Even with fully up-to-date systems, computers are still vulnerable through “phishing” (pronounced ‘fishing,’ another topic on which Mr. Patterson is an expert). This involves sending fraudulent emails disguised as real ones.
The emails often request personal information from a user and are designed in a way that tricks them into thinking the site is legitimate.
Phishing emails can also contain harmful attachments that, when opened, will install malware such as a ransomware attack on one’s system.
“Never open an email with an attachment that you weren’t expecting. If you weren’t waiting to receive an attachment from someone, don’t open it,” said Mr. Patterson.
He also suggested using an email provider’s web platform (gmail.com, for instance), rather than a computer-based email program. Their web systems often block potentially harmful emails, but if a user chooses to open an attachment containing a virus, there is nothing to stop that program from taking over the computer.
Mr. Patterson also urged people not to illegally download anything through torrents or ‘free’ sites and not to install custom software or ‘jailbreak’ their phones.
“Things in the app store are all tested. When you go outside that or start downloading things illegally, you’re rolling the dice every time,” he said.
Businesses are attractive targets for which hackers demand a greater payout. Employers should regularly inform their staff of safety risks and internet security best practices.
“Train, train, train, train. You can do little refreshers; it doesn’t have to be longer than a 10-minute thing every once in a while,” he said, adding that online education companies like lynda.com have many courses offering cybersecurity training.
Hiring a qualified IT professional for a business can cost $80,000 per year, but more affordable consulting services exist.
“There’s tons of options and it’s always a good idea to outsource your IT security to an expert. Just be careful who you choose, to make sure they can give you the attention you require,” he said.
While Mac-based systems are more secure than PC environments, a computer is only as safe as its user.
Once a problem like ransomware takes over a computer, it’s too late unless someone has taken preventative measures beforehand. The chances of recovering one’s data are slim and even if they can be recovered, it can cost tens of thousands of dollars.
Taking advance precautions and staying informed on digital threats can greatly increase the chances of surviving a ransomware incident relatively unscathed—or avoid it altogether.
