5 Thinks You NEED To Know About Ransomware

David Schulz Article, Cybersecurity, Featured, Guest Post

The number one vector is email spear-phishing

Ransomware is a malicious computer infection that causes all your files to be locked up and made inaccessible until a ransom is paid to the extortionist. Combined with Bitcoin, the anonymous digital currency, it’s a game changer in the world of cybercrime, the year’s fastest growing and most vicious threat. Here is what you need to know now, before finding out the hard way:

Ransomware is the crack of cybercrime

Payoff is direct, no 3rd party fence to resell credit card or SS#s. Even stealing PHI (protected health information, the grail of cyberhunts) is a long-game with lots of steps ‘twixt the cup and the lip. Here, ransom is delivered to the troll’s door.

Ransomware is the “killer ap” for villains

Available on the Darknet for about $100 as a shrinkwrap crime with an instruction manual. Don’t know about the Darknet yet? It’s where the Bazaar of Bizarre can be found along with cybercrime dispensing vending machines, accessible only through particular protocols and browsers.

Ransomware Is a HIPAA breach

Yes, Ransomware is a HIPAA breach, and a reportable incident if the files have Protected Health Information (PHI). Even though the data may never have been removed but simply encrypted on site, the Department of Health and Human Services considers having data removed from control and access as a breach. There’s been lots of confusion, so we went directly to Office of Civil Rights, and they were both knowledgeable of the issue and very definitive in their answer.

Infection is user-enabled and exposure can be limited

The number one vector is email spear-phishing; second is visiting a toxic website designed to infect in a drive-by. Now is the time for extreme cyber hygiene: patching and updating software as often as needed, avoiding spurious emails and looking both ways before clicking on a new link. Don’t know “look both ways”? Treating every link as though it was a stoplight and you were a kid: Look at where the link is actually taking you, as well as where it claims to be going. The true path is shown in various places depending on the browser or email reader … look around the browser’s margins or hover over the link; you’ll find it.

Back Ups are more essential than ever

Be sure to keep a set of backups offline: your most recent backups are just as likely to be diseased as the device that made them. Me, I backup at lunch, disconnect the drive at night when turning off (or rebooting for maintenance) the system. Extra bonus points for making a system image, storing it offsite and updating it monthly.

About the Author

David Schulz