TOP 10 Vital Strategies for Healthcare (or ANY) Organizations to Prevent Ransomware Attacks

Change Healthcare, a major U.S. healthcare company, reportedly paid $22 million to the BlackCat ransomware group after a cyberattack disrupted services nationwide. However, the cybercriminal who facilitated the attack claims they were cheated out of their share of the ransom, leaving sensitive data intact.

ransomware

According to researchers, a hacker forum post suggested that UnitedHealth Group paid $22 million to regain access to data and systems encrypted by the “Blackcat” ransomware gang. While neither UnitedHealth nor the hackers have commented on the alleged payment, a cryptocurrency tracing firm partly supported the claim.

It’s common for large companies hit by ransomware attacks to pay hackers to restore control, especially after significant disruptions. The forum post, implicated a Blackcat partner in the intrusion into UnitedHealth and included a link showing the transfer of about 350 bitcoins, valued at around $23 million, between digital wallets.

The attack has caused financial strain for medical providers, leading to challenges such as delaying treatments and struggling to cover expenses. Lawmakers and industry leaders are pressuring the government for relief measures, including accelerated payments for Medicare providers.

Despite these efforts, the shutdown of Change Healthcare’s operations has left providers without vital insurance approvals and payments, exacerbating financial pressures. UnitedHealth Group, which owns Change Healthcare, has not provided a timeline for restoring operations, and the attack highlights the vulnerability of patient data in interconnected healthcare systems.

While some operational challenges have been addressed, the prolonged shutdown has left providers grappling with unpaid claims and uncertainty about the future.

The hospital industry has called for emergency funding, criticizing United’s response and government initiatives like loan programs as insufficient. Providers, such as therapists and cancer centers, are facing financial strain and uncertainty as they seek alternative payment clearinghouses and struggle to cover expenses.

Lawmakers are advocating for additional support to ensure providers can continue offering comprehensive care amid the ongoing disruption.

In an era of increasing cyber threats, healthcare organizations are particularly vulnerable to ransomware attacks due to the sensitive nature of patient data and the criticality of uninterrupted services. Ransomware attacks can disrupt operations, compromise patient confidentiality, and result in significant financial losses. However, with proactive measures and robust cybersecurity practices, healthcare organizations can strengthen their defenses against ransomware threats. Here are ten essential tips for preventing ransomware attacks:

1. Implement Comprehensive Security Awareness Training: Educate all staff members about the risks associated with ransomware attacks and the importance of cybersecurity best practices. Regular training sessions should cover topics such as identifying phishing emails, avoiding suspicious links and attachments, and reporting potential security incidents promptly.

2. Keep Software and Systems Up to Date: Regularly update all software, operating systems, and firmware to patch known vulnerabilities. Outdated software and systems are often exploited by cybercriminals to gain unauthorized access to healthcare networks. Implement automated patch management systems to ensure timely updates across all devices and endpoints.

3. Deploy Next-Generation Antivirus Solutions: Traditional antivirus software may not offer sufficient protection against evolving ransomware threats. Invest in next-generation antivirus solutions that utilize advanced threat detection techniques, such as behavior analysis, machine learning, and endpoint detection and response (EDR) capabilities. These solutions can detect and mitigate ransomware attacks in real-time.

4. Implement Least Privilege Access Controls: Restrict user privileges to the minimum level necessary for performing job functions. Limiting access rights reduces the likelihood of ransomware spreading laterally across the network in the event of a breach. Implement strong authentication mechanisms, such as multi-factor authentication (MFA), to prevent unauthorized access to sensitive data and systems.

5. Enable Network Segmentation: Segment the network into distinct zones or segments to contain the spread of ransomware in the event of a breach. Implement strict access controls and firewall rules to regulate traffic between network segments. Isolate critical systems and sensitive data to minimize the impact of ransomware attacks on essential healthcare services.

6. Regularly Back Up Data: Maintain regular backups of critical data and systems to facilitate timely recovery in the event of a ransomware attack. Backups should be stored securely offline or in a separate, isolated network environment to prevent them from being compromised by ransomware. Test backup and recovery procedures regularly to ensure their effectiveness.

7. Conduct Regular Vulnerability Assessments and Penetration Testing: Identify and remediate security vulnerabilities proactively through regular vulnerability assessments and penetration testing. Assess the security posture of networks, systems, and applications to identify weaknesses that could be exploited by ransomware attackers. Address identified vulnerabilities promptly to reduce the risk of exploitation.

8. Develop and Test an Incident Response Plan: Establish a comprehensive incident response plan that outlines procedures for responding to ransomware attacks and other security incidents. Define roles and responsibilities, escalation procedures, and communication protocols to ensure a coordinated response. Conduct tabletop exercises and simulated drills to test the effectiveness of the incident response plan.

9. Monitor Network Activity and Anomalies: Implement robust monitoring tools and security information and event management (SIEM) solutions to monitor network activity and detect anomalous behavior indicative of ransomware activity. Configure alerting mechanisms to notify security teams of potential security incidents in real-time. Investigate and respond to alerts promptly to mitigate threats effectively.

10. Foster a Culture of Cybersecurity Awareness and Vigilance: Cultivate a culture of cybersecurity awareness and vigilance among employees, encouraging them to remain vigilant against potential threats and report any suspicious activities promptly. Promote open communication channels for reporting security incidents and provide incentives for proactive security behavior.

By adopting these ten essential strategies, healthcare organizations can enhance their resilience to ransomware attacks and safeguard patient data, critical systems, and essential healthcare services. Proactive cybersecurity measures, combined with comprehensive training, regular updates, and robust incident response capabilities, are key to mitigating the risk of ransomware threats in the healthcare OR ANY sector.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Know When and How to Stop Ransomware Attacks

Ransomware attacks are on the rise and small businesses are on the menu.  The 2023 State of Ransomware report from Malwarebytes Labs finds that the United States saw 1,462 attacks between July 1, 2022, and June 31, 2023. This accounted for 43% of all ransomware attacks around the world, with these attacks doubling in frequency between January and June 2023, compared with the previous 6-month period.

While the Vacant Land Scam and Business Email Compromise may be — and should be — top of mind for most small-business owners and employees, ransomware must also be on the threat radar. School districts were among the top ransomware targets in August 2023, in part because criminals have shifted their focus away from large corporations with strong protections and toward public and private organizations with heavy third-party dependencies and softer cyber security.

When Are You Most Vulnerable to Ransomware Attacks?

Note that the question is not, “Who is most vulnerable,” because criminals are actively looking for the softest targets available. It does not matter what you do or in what sector. If you have user data or online systems that are critical to the operation of your organization, ransomware hackers have their eyes on you. You are particularly vulnerable if criminals believe you will pay their ransom to get your systems back online quickly, or if they believe you will not contact law enforcement out of a fear of reputational harm. Couple one or both of those realities with a lot of external vendors, off-the-shelf software and poor password protections and you can expect hackers to come after you.

Ransomware attacks begin with a hacker gaining enough access to your systems to install software. There are a few methods criminals use to achieve this:

  1. Zero-Day Exploits: These attacks target vulnerabilities in software or communications between devices that allow criminals to install a ransomware package. Any time you change software vendors or hosting services, install new software or update software, you are potentially vulnerable to attack. Cheap thumb drives may also come with malware, making new drives a threat the first time you use them.
  2. Phishing: Criminals will use a variety of phishing techniques to attempt to steal login credentials. These can include emails directing employees to sites that download malware, phony client emails or pretexting attacks where criminals claim to be a coworker or supervisor. You are most vulnerable when new employees gain access to your systems, which makes it essential to include cyber security education during every employee’s first day on the job.
  3. Code Injections: Criminals may attempt to load malicious code via vulnerabilities on your website or during communications between your devices and a third party. You are most vulnerable if you do not keep up with security updates and patches, and if you do not employ encrypted communications with all third parties.

Determined hackers may also use less-sophisticated methods to gain access to your systems if they know where to look. Credential Stuffing, where hackers attempt to use passwords stolen in other online breaches; Credential Spray,  which involves matching known usernames with a variety of common passwords, and Brute Force, where criminals use automated systems to flood a site with username and password combinations, are among the techniques hackers may attempt.

Ransomware Attacks Are Rarely Immediate

One key aspect of ransomware attacks has changed: hackers seldom install their malware right away. Instead, hackers will loiter in your compromised systems for a period of time. They may attempt to gain access to other systems, or they may make small changes to see if you are paying attention. In some cases, hackers will wait until a period when you are particularly vulnerable, such as the start of a new school year or an active business cycle, so that their attack causes the greatest disruption possible.

The period between criminal access and ransomware deployment is your opportunity to stop the attack, but this will only happen if you are vigilant and have the right monitoring systems in place.

  • Review login data. Keep track of any new devices that log on to your network. If a login looks unusual, reach out directly to the user to see if they logged in from a new device or location.
  • Look for unusual data-transfer activity. Ransomware packages must be deployed and installed on at least one device in your organization. Hackers may also exfiltrate significant amounts of your data before they launch a ransomware attack if they plan to blackmail you by posting it on the Dark Web, or if they plan to sell it to other hackers. These data transfers leave a digital trail that you may be able to spot. Large volumes of data moving at an unusual time or to an unexpected location should be a red flag that triggers immediate response.
  • Scan for software installs or changes to critical system files. Hackers may upload a small, innocuous file or make a small update to a core system file before they deploy malware. This is a test designed to see if your systems can detect their activity.

You can stop ransomware attempts in their tracks if you have the right monitors in place, and if someone is watching them. Your systems should be set up to send automatic alerts when they detect anything unusual, and you should have protocols in place to follow up on these alerts.

How to Mitigate and Respond to Ransomware Attacks

Sophos reports the average ransomware payment in 2023 as $1.54 million. The mean recovery cost was $1.6 million if the ransom was not paid. Every employee and organizational leader should be aware of these numbers. The days of swatting away hackers with a few thousand dollars in Bitcoin are over. Ransomware is a big-money business for criminals, which is why attacks continue to rise.

There are a few things you can do before and during a ransomware attack to protect your data, your systems and your business:

  1. Make two-factor authentication mandatory. This stops all but the most determined ransomware hackers.
  2. Train employees to never share login codes. Under no circumstances should a two-factor code be shared with anyone. From their first moments at work, employees need to understand that cyber security is part of their job and failure to follow protocols comes with consequences.
  3. Create backups of your data and your systems on a regular basis. These should be stored on devices that are not connected to your networks, and you should plan to keep backups for 120 days. In the event of a ransomware attack, you can use these backups to restore a clean version of your systems and lock the criminals out.
  4. Contact law enforcement. Criminals rely on compliant victims. You may believe that paying the ransom and moving on is the best course of action, but this is precisely what hackers want. By reporting the attack, you achieve two goals: First, you may be able to recover some or all of the stolen funds in the event that you must pay a ransom. Second, you raise awareness of criminal activity that law enforcement can use to stop future attacks and identify criminals. Be aware that ransomware attacks remain a very high priority for state and Federal law-enforcement agencies. If you have been discouraged from reporting cyber crimes by lax response in the past, you will be pleasantly surprised by the support you receive following a ransomware attack.

As always, the best protection is prevention, and the key to prevention is cyber security employee training alongside strong cyber security practices and protocols. Protect Now can help your small business prevent and mitigate attacks. To learn more, contact us online or call us at 1-800-658-8311.

Feds Take Down Ransomware Gang, Aid Victims

In a sign of its aggressive new posture against cyber criminals, the United States government infiltrated and compromised the Hive ransomware gang, blocking hundreds of millions in ransomware payments and seizing control of the gang’s website. No arrests were announced, but authorities in Germany and The Netherlands were able to seize the ransomware gang’s servers.

Hacking the Ransomware Hackers

Ransomware attacks are among the most costly for businesses and organizations. These attacks typically begin with criminals using stolen passwords found on the Dark Web or acquired through phishing attacks. Once ransomware hackers have access to online systems, they encrypt all of an organization’s data and lock it behind a password. They then demand a ransom in cybercurrency, such as Bitcoin, in exchange for a key that will unlock the encrypted data.

To shut down Hive, U.S. investigators infiltrated the gang’s network. They learned about planned attacks, including a Texas school district and a Louisiana hospital, then stole the ransomware decryption keys and gave them to the targets. When the ransomware attacks began, organizations were able to immediately restore their systems with the encryption keys, saving millions in ransomware payments.

The operation represents a significant shift in how Federal authorities approach cyber gangs. In the past, U.S. authorities attempted to recover ransoms after payment, with limited success. The move against Hive ransomware represents a significant escalation in response, known to be part of the Biden Administration’s draft cyber security plan,  that sees law enforcement partner with victims ahead of an attack to prevent damage and financial loss.

Ransomware Risks Remain

While Hive was one of the better-known ransomware gangs. there are many more carrying out these attacks who will not be deterred by a single U.S. government success. A Verizon report on cyber crime in 2022 found that ransomware attacks rose by 13%, a larger increase than the past 5 years combined. Criminals can now buy ransomware online, in late 2022 a Microsoft study found criminals using it to steal data and wipe systems clean, removing all traces of their activity, without making a ransom demand.

Regardless of the nature of the attack, ransomware victims tend to have a few things in common:

  • They operate critical infrastructure used by the public.
  • They appear to have budgets that support multimillion-dollar ransom requests.
  • Their cyber defenses have vulnerabilities ripe for exploitation.

Verizon reported that 20% of data breaches resulted from social engineering. Public-facing organizations face greater risks for intrusions and compromise due to the nature of their work, which makes cyber security awareness training essential.

Aggressive action from the Federal Government against cyber criminals is a positive development, but businesses and organizations cannot rely on it to ensure security. Employee training, strong cyber defenses and advance warnings from Dark Web monitoring still provide the best protection against intrusions and fraud. Protect Now provides support for small- and medium-sized business that work extensively with the public. Contact us online or call us at 1-800-658-8311 to improve your cyber security.

Ransomware Group Posts Sensitive Police Files to Dark Web

A ransomware group known as Vice Society has taken credit for an attack on California’s Bay Area Rapid Transit (BART) police that saw unredacted police reports published on the Dark Web. A review by NBC News found six documents that included information on endangered children, including names and birthdates. Anyone named in a BART police report may be impacted by the leak, which included more than 120,000 documents.

The Dark Web Threat from Ransomware

Risks from ransomware have changed over the last several years. These were once regarded as nuisance attacks on unwary, underprepared victims, who would have their systems and data held for a cryptocurrency “ransom” that would provide a de-encryption key. Threats to post data on the Dark Web were typically an intimidation tactic aimed at victims who refused to pay the criminals.

Hackers have since evolved their tactics and methodology. Ahead of a ransomware attack, it is now common for hackers to create a duplicate of the target’s data and systems. This allows them to ask for two ransoms: One to unencrypt systems, and a second to keep data off the Dark Web. This allows criminals to make twice as much money as they would from a straightforward ransomware attack. Paying the ransom is no guarantee of protection; criminals will post it online if they believe they can monetize it. Certain types of data, including credit card numbers, Social Security numbers and passwords, will almost certainly be sold by hackers.

The Dark Web Threat Against BART

Reporting on the recent BART hack suggests that only part of the police department’s system was compromised. This is similar to another attack against The Guardian, which saw criminals exfiltrate personal information, including passport data and bank accounts. Those data, which have not yet been published online, were acquired as part of a wide-ranging attack against the media stemming from a phishing attack.

In BART’s case, investigators suggested that criminals published the police reports to the Dark Web as punishment for failing to pay the ransom. The risk remains for The Guardian; once criminals have sensitive data, they are likely to try and make money through future extortion attempts or simply by selling it.

This exposes one of the hidden threats that criminals exploit: Less-secure systems connected to highly secure systems. BART revealed that criminals only breached the system that held police reports, while The Guardian faced a wide-ranging attack that succeeded in exfiltrating a subset of personnel data.

Both cases could point to systems that are partially but not fully secured. In many organizations, there are dedicated systems for functions such as document storage or HR. Access to these systems may have robust front-end protection but lack defenses against intrusions from someone who has breached those defenses. In other cases, access to data-use and retrieval systems may be secure, but the data are held in a less-secure environment.

These situations arise when organizations rely on older systems or third-party solutions, which is often necessary. Any integration between systems generates potential cyber risk. Sensitive data are coveted by cyber criminals, who will find any way to access the records themselves, with or without access to systems normally used for data retrieval.

Dark Web Monitoring Reveals Breaches

Regular Dark Web monitoring is the best protection against breaches and ransomware attacks. In some cases, Dark Web chatter can alert an organization to a pending attack. Dark Web monitoring can also reveal a breach, if regular review discovers new or unexpected data circulating or offered for sale.

Every organization that collects and stores sensitive data, which include any non-public records about employees, clients or business operations, should know what is already on the Dark Web and have alerts in case new data are found. Protect Now provides affordable Dark Web monitoring as part of our cyber security suite built for SMBs in the real estate, legal and financial sectors. We also offer Virtual CISO services that can help organizations integrate and secure legacy and third-party systems, as well as cyber security training to prevent phishing attacks. To learn more, contact us online or call us at 1-800-658-8311.

Florida City Pays Hackers $600,000 after Scam

Riviera Beach, a city in Florida, has agreed to pay a $600,000 ransom to hackers who attacked its network.

This week, the City Council voted to pay the demands after coming up with no other option to meet the demands of the hackers. It seems that the hackers got access to the system when a staff member clicked on a link in an email, which uploaded malware to the network. The malware disabled the city’s email system, direct deposit payroll system and 911 dispatch system.

According to Rose Anne Brown, the city’s spokesperson, they had been working with independent security consultants who recommended that they pay the ransom. The payment is being covered by the city’s insurance. Brown said that they are relying on the advice of the consultants, even though the stance of the FBI is to not pay off the hackers.

There are many businesses and government agencies that have been hit in the US and across the world in recent years. The city of Baltimore, for instance, was asked to pay $76,000 in ransom just last month, but that city refused to pay. Atlanta and Newark were also hit with demands.

Just last year, the US government accused a programmer from North Korea of creating and attacking banks, governments, hospitals, and factories with a malware attack known as “WannaCry.” This malware affected entities in over 150 countries and the loses totaled more than $81 million.

The FBI hasn’t commented on the attack in Riviera Beach, but it did say that almost 1,500 ransomware attacks were reported in 2018, and the victims paid about $3.6 million to the hackers.

Hackers often target areas of computer systems that are vulnerable, and any organization should consistently check its systems for flaws. Additionally, it’s important to train staff about how hackers lure victims by using emails. You must teach them, for instance, not to click on any email links or open emails that look suspicious. It is also imperative that the system and its data, and even individual computers, are backed up regularly.

Most of these attacks come from foreign entities, which make them difficult to track and prosecute. Many victims just end up paying the hacker because the data is precious to them. They also might work with some type of negotiator to bring the ransom down. In almost all cases, the attackers will do what they say and allow the victims to access their data, but not all of them do. So, realize that if you are going to pay that you still might not get access to the data. Ransomware simply should not happen to your network. If all your hardware and software is up to date and you have all the necessary components and software that your specific network requires based on its size and the data you house then your defenses become a tougher target. Additionally, proper security awareness training will prevent the criminals from bypassing all those security controls and keep your network secure as it needs to be.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Researchers Say Office of Personnel Management Hack Leads to Ransomware

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

Now, those who have become victims of this attack have found themselves being the target of ransomware.

Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

Who was Really Behind This Hack?

Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ransomware a $2.5 Million Service

One bitcoin = $590.

11DIf you’re sucked into a ransomware scam, you’ll likely be charged at least one bitcoin for the cyber key to unlock your computer’s files—that are being held hostage by hackers.

A report from Check Point Software Technologies and IntSights has discovered a gigantic ransomware-as-a-service (RaaS) ring, raking in $2.5 million yearly. Eight new scam campaigns are launched every day, with dozens of campaigns already in action, tricking people into allowing the ransomware software (namely Cerber) to take control of their computer.

Just in July, it is believed that victims were cleaned out of $200,000. Ransomware specialists have become quite sophisticated, having developed what is called bitcoin mixing: This prevents ransomware profits from being traced. Their technique bypasses even the blockchain, which is a database that records every Bitcoin transaction.

The crooks so not pool all of their profits into one “wallet,” but rather, they mix things up, splintering the profits into thousands of different wallets, creating a jumble that makes it impossible to track individual transactions or their origins.

Cerber is being sent out with automated tools that attack the unsuspecting in large masses; no longer is this ransomware software the weapon of only the highly skilled master hacker. In fact, the software can even be rented for malicious use, and a high level of tech savvy isn’t even required.

All a thief need do is get on the Dark Web and pay a hacker to commit the crime. Of course, the hacker will have to get a nice chunk of the pie. Though several other countries are getting hit harder with Cerber, the U.S. is in the fourth spot for the most targeted country.

Not surprisingly, the phishing e-mail is the scam of choice for ransomware specialists, with malicious attachments that recipients are tricked into opening—which then download the infection. The other way that Cerber takes control of computers is via the exploit kit-based campaign.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Another Successful Ransomware Attack

Ransomware thieves sure know how to pick their victims—institutions that store loads of highly critical data that they need on a daily basis, that without—even just 24 hours without—can have crippling effects. This form of cybercrime is growing by leaps and bounds.

11DRecently a ransomware attacker struck the network of the University of Calgary. An article at arstechnica.com says that the institution’s IT experts have made some headway in isolating the ransomware infection and making some restoration progress.

Why not just pay the thief and get the “key” back to the scrambled data? Because there is never any guarantee that these thieves will provide the cyber key after they are paid the ransom. And even when they do provide this key, there’s no guarantee it will release all of the hijacked data, but only some of it.

“Ransomware attacks and the payment of ransoms are becoming increasingly common around the world,” says a statement out of the arstechnica.com report. Decrypting the scrambled data “is time-consuming and must be performed with care,” continues the report. “A great deal of work is still required by IT to ensure all affected systems are operational again,” and this process requires patience.

The University of Calgary is a research institution that absolutely cannot afford to lose its data, points out the university’s vice president, Linda Dalgetty, in an article from The Globe. She explains, “We are conducting world class research daily and we don’t know what we don’t know in terms of who’s been impacted and the last thing we want to do is lose someone’s life’s work.”

Ransomware crimes have become so commonplace that some thieves have set up call centers for victims who don’t know how to navigate their data hostage situations, such as how to pay in bitcoins—the highly preferred payment methods by the criminals.

Often, the thief imposes a deadline for the payment, and if it’s not met by that deadline, the payment escalates.

This is actually really stupid. Meaning, if the last thing anyone wants to do is lose someone’s life’s work, then BACK IT UP. That’s “Data 101”.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Your ransomware profile: passwords, profiles and protection

If your computer password contains the name of your dog, your favorite vacation spot, and an easy-to-remember numerical sequence, then you are breaking some basic rules of password safety. Even though “BusterBermuda789” might seem impenetrable to you, this is a password security experts say is vulnerable.

ransomwareHere are five things to know about passwords:

  • A long, strong password goes a long way in helping prevent hacking.
  • Every account should have a different password.
  • A hacker’s password-cracking software can easily expose any password composed of an actual word or proper name, or keyboard sequences. (i.e. Mike123)
  • Passwords should be a jumbled mix of upper and lower case letters, numbers and characters.
  • A password manager tool will make all of this easy for you. Here is one of password manager tool that can help you get started creating stronger passwords.

Need to Know: Four data protection tips

  1. Look out for suspicious emails: Hackers send out phishing emails to trick recipients into clicking a link or attachment that downloads a virus. Or, the link may take them to a website that tricks them into typing out login information. Fraudulent e-mails that look as if they could be from your bank, employer, medical plan carrier, the IRS, UPS, etc. But these will typically ask you do things the IRS and your bank would not. It’s unlikely that your bank lost your account information, and now needs it urgently. Also ignore any email claiming you won a prize, or inherited money. Make sure not to click on any attachments in an email. Attachments are a common way that cybercriminals spread ransomware.
  2. Use 2FA when available. Always choose 2FA – two-factor authentication – option whenever it’s available. Two-factor authentication is when a login attempt to an account prompts a text known as a One-Time Password (OTP) or voice-call to your phone with a unique numerical code that you can enter in a login field. Sign up for it if your account offers it. Yes, hackers have been known to lure users into texting them that special code. Always be suspect of any requests for your OTP.
  3. Protect online profiles. Many hackers get personal information from social media and then use those data pieces to figure out user names and your answers to security questions on your various accounts. Think about it: Do you really need to post the names of all your kids and pets, your wedding anniversary date (which you then might use in a password combination) and tell everyone where you work? It might be time to consider more carefully what you make public. And always make sure your settings are kept private, not public.
  4. Web and Wi-Fi safety. Consider multiple email addresses – not just multiple passwords – to distinguish from business and social contacts. Avoid Wi-Fi at hotels, coffee shops, etc. These are prevalent and convenient, yes, but extremely vulnerable. Never conduct financial transactions on public Wi-Fi. Use a VPN to secure Wi-Fi in remote locations. Your home network should use WPA-2 and not WEP connection. Ignore pop-ups.

A new level of awareness is needed as computer users navigate their professional and personal lives, and realize they are vulnerable – and their data is at risk – every time they log on to a system. Keep simple tips like this close by in order to avoid ransomware and other cyber threats.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.

Your Ransomware Response: Prepare for the Worst

A ransomware attack is when your computer gets locked down or your files become inaccessible, and you are informed that in order to regain use of your computer or to receive a cyber key to unlock your files, you must pay a ransom. Typically, cybercriminals request you pay them in bitcoins.

binaryThe attack begins when you’re lured, by a cybercriminal, into clicking a malicious link that downloads malware, such as CDT-Locker. Hackers are skilled at getting potential victims to click on these links, such as a phony e-mail, apparently from a company you do business with, luring you into clicking on a link or opening its attachment.

And if you find your computer is being held hostage:

  • Report it to law enforcement, although it’s unlikely they can provide help. It’s just good to have it recorded.
  • Disconnect your computer from its network to prevent the infection from spreading to other shared networks.
  • You need to remove the ransomware from your computer. Remember, removal of the ransomware won’t restore access to your files; they will still be encrypted. To remove ransomware from your computer, follow the steps provided here.
  • If you already had your data backed up offline, there’s no need to even consider paying the ransom. Still, you will want to remove the ransomware and make sure your backup solution was working.
  • But what if very important files were not backed up? Prepare to pay in bitcoins. The first step is to find out what the experts say about making payments in bitcoin.
  • The crook will be essentially impossible to trace. You’ll be required to make the payment over the Tor network (anonymous browsing).
  • Finally, don’t be shocked if the crook actually provides you the decryption key—essentially a password; ransomware thieves often follow through to maintain being taken seriously. Otherwise, nobody would ever pay them. But it would not be unprecedented to not receive the key. It’s a gamble.
  • The best course of action is to prevent a ransomware attack, and that means looking for all the clues to malware and phishing scams. Don’t let threatening e-mails, saying you owe back taxes or bank fees, jolt you into hastily clicking a suspicious link or attachment. If you regularly back up your data online and to an external drive, then you’ll never feel you must pay the ransom.

Robert is a security analyst, author and media personality who specializes in personal security and identity theft and appears regularly on Good Morning America, ABC News and The TODAY Show.