With criminals growing more tech-savvy by the day, the days of bank heists and back ally holdups are practically a thing of the past. Money is no longer physical currency, but numbers on a computer screen and as time goes on the software tools necessary to break into the databases where this currency is stored are growing stronger.
While banks and other financial institutions have become increasingly on guard against these attackers, cybercriminals are now turning to other ways to secure ill gotten funds. When we think of corporate espionage, we usually think of a former employee looking to “get back” at a company. They may steal crucial company files and hold them for ransom, or else threaten to destroy them. Now this practice is becoming increasingly easy and does not even require the perpetrator to step foot into a company’s building.
Since 2015, cybersecurity researchers have seen a steady increase in cases of a type of malicious application called ransomware. When a computer becomes infected with ransomware, the files on the computer become encrypted. In order to decrypt the files so the owner can access them again, the owner is forced to pay the creator of the virus a sum of money.
In 2015, this malicious software has cost private computer users, companies, and even hospitals, nearly $325 million according to Lavasoft, an industry leader in information security. In one third of ransomware infections studied by Lavasoft they determined that computers became infected through phishing emails.
Phishing emails have been around for a long time, and most people are familiar with them. They are emails that appear to come from a legitimate company like Amazon, Paypal, and so on that ask a user to log in, resulting in a person’s username and password stolen through the fake website. The same technique has been used in the past to get users to download viruses under the impression that they are downloading a game, a fax, or some other file the user would like to have. The same techniques that have been around for ages are now being used to convince users to download ransomware programs on their computer.
For private citizens, simply keeping an eye out for possibly malicious emails and backing up your system files should be sufficient enough. Adblocking has also been suggested and generally should be employed for private users and companies to not only combat ransomware attacks, but a number of different viruses that can load through malicious advertisements. For servers and company machines, a technology consultant should also ensure that there is monitoring of inbound emails and software to detect file changes.
These steps seem simple enough, yet sadly, many people do not take these threats seriously until it happens to them. Do not allow yourself to become another victim of this malicious attack.