Ransomware, which victimizes individuals and businesses alike, is malicious software capable of stealing, and making inaccessible, data and files from computers, smartphones, servers and connected devices, such as smart thermostats, connected toys, voice assistants and other Internet of Things (IoT) gadgets. The criminals who deploy ransomware typically request money in exchange for the return of the stolen files. They keep the dollar amount low enough to tempt most victims into paying the fee. Often, however, victims will pay and not get their data back, or the crooks will keep copies of the data and continue to use it in fraudulent ways. The ransomware software is typically installed through the use of phishing emails, often with pointers to malicious websites, designed as legitimate communications from trusted sources, such as well-known acquaintances and popular brands.
“Criminals do not need to be sophisticated to pull off a ransomware attack,” said Privacy, security and compliance expert Rebecca Herold. “There are more than 150 variants of the malicious software, which can be inexpensively purchased on the dark web. Ransomware suppliers are making annual incomes of over $100,000 selling crimeware as a service (CaaS) software. Those purchasing it are making that much and more themselves.”
To raise awareness about the threat, Herold has created an infographic titled “6 Places Crooks Steal (Then Ransom) Your Data.” “Where there’s an Internet connection, there’s a datanapper,” states the infographic, which walks through the ransomware threat posed by the dark web and the IoT, as well as in homes, workplaces, stores and even doctor’s offices. “Datanappers love the way we live, always connected and happily over-sharing. While you shop, get a check-up, use smart cars, work or stream movies on the couch, the bad guys are right there watching, waiting for you to drop your data, or use lack of security controls to simply walk right in and take your data.”
Herold recommends individuals and business leaders devote 30 minutes during the week of Data Privacy Day to upping their ransomware protections. Here are three simple steps to take in observance of International Data Privacy Day:
Delete unused apps. Games, especially, are often fronts for data collection entities. Get rid of all you haven’t used lately.
Patch your systems. This should be set up to happen automatically. Double check you have all of your devices set to auto install security patches and updates.
Back up your files. If you use a cloud service, double up and use a physical device, too. Make sure it is not attached to your computer except when actually backing up.