I was between 6 and 8 years old, when I learnt the meaning of the word, 'ransom'. It was from a Nollywood movie entitled, 'Ransom'. Maka ndi siri that you can't learn anything from Nollywood. I remember vividly how the child actor in the film was abducted and ransom required of the parents. But, the Nigeria police came through. I learnt again from the church that Jesus died on the cross as a ransom for our sins. This exposure made me knowing that paying a ransom isn't something I would want to do. I cannot come and die for anyone's sins mbok.
But, Kimani (my phone) is threatened. By ransomware. And so is every other laptop, tablet or mobile phone. In May 2017, over 75,000 people in 99 countries have been attacked by WannaCry Ransomware. Telefónica in Spain was affected. In Britain, the National Health Service (NHS) was affected resulting in the cancellation of scheduled operations in 16 hospitals. FedEx, Renault, Deutsche Bahn, Russian Interior Ministry and MegaFon, a Russian telecom were other victims.
|Ransomware Attack Message|
Ransomware which dates back to 1989 is a malware (Malicious Software) that prevents a victim from having access to his or her files, until a ransom is paid. The victim won't have access to any files or apps on their laptops or mobile devices. The device is locked by the attacker and can only be uncrypred if the victim pays the required fee on or before a date decided by the attacker. Payment is made usually through the bitcoin. The fee often times increase if the victim doesn't pay before the deadline. This increases the chances of the victim not having access to his or her files when the payment is eventually made. Not that there is a real guarantee of getting the files back if the payment is made on time. After all, only about 42 percent of the victims who paid got back their files.
Ransomware comes most times when we click pop up ads, especially those linking to porn sites. This is a typical example of a malvertising campaign (Malicious Advertising). One can also get infected in spam email campaigns, or getting redirected to malicious sites, or even through sms. Don't have a panic attack yet. We can get consoled by the fact that ransomware targets are mostly businesses as they're more likely to pay more and fast. About 70 percent of affected business paid, and morethan 50 percent of such businesses paid over ten thousand dollars. This doesn't exempt individuals from being victims, especially because individuals are not well informed about cyber security. While we don't exactly have control over the spread of ransomware, we can take some precautions to avoid being victims. How about you consider the following :
1. Use Antivirus and Firewalls : Keep your anti virus up to date. And use trusted and strong anti virus. Just any anti virus isn't good enough. An anti virus that is not up to date is as good as not having an anti virus. Having an anti virus doesn't exactly prevent ransomwares, but you have to be security conscious.
2. Back Up Regularly : Always back up your files to an external hard drive or an online backup service. This makes you ransomware resistant. You can easily uninstall or restore factory settings and start a new install if you get attacked. This way, you don't lose any file.
3. Enable Pop Up Blocker : It's best you don't allow pop ads. Cos, that's the most used method of sending ransomware. Don't be fast to click on pop up ads, use the 'X' button on pop ups to cancel. It's safer, cos sometimes the buttons on the pop up ads are already reprogrammed, puttingI your device at risk with any button you click.
4. Be Cautious : You definitely can't be cautious enough. But, you have to avoid suspicious sites. And resist the temptation of clicking on links from email address you don't trust.
5. Alert Authorities : The police isn't exactly equipped to handle issues like this. Definitely, not the Nigeria police, but reporting to them can help with data and documentation. I can imagine you asking to what end. I wish I have better answers to that. I wouldn't want to report such issues to the police myself. So, I pray I don't have to.
It is best you don't pay the ransom, cos once a victim, the attackers can still attack you more for further extortion and paying doesn't guarantee that you would recover your file, which I guess is the only reason you are paying.
Photo Credit : HEIMDAL SECURITY