Be Aware of Ransomware

Ransomware is a form of malware designed to hold a victim’s files and device hostage until they’ve paid the demanded ransom. We’re here to help you learn more about this cybercrime so that your information stays protected.

MORE ABOUT RANSOMWARE

Malicious cybercriminals trick consumers and businesses to click on a link or download an attachment, which then holds their personal or business data hostage. Once clicked, the ransomware attacker will then demand ransom in exchange for unlocking your files or device. It begins with an email that may not look suspicious at first glance and may even claim to be from someone close to you like a family member, friend, customer or business vendor. The message will trick you by asking you to click on a suspicious link or download an attachment.

Although paying the ransom may seem like an easy solution, there’s no guarantee that you’ll get your information back or your device unlocked. If you’re a victim of ransomware, you should immediately contact law enforcement. The Federal Trade Commission and law enforcement does NOT recommend you pay the ransom and states that “… it’s up to you to determine whether the risks and costs of paying are worth the possibility of getting your files back. However, paying the ransom may not guarantee you get your data back.”

TIPS AND ADVICE FROM THE FEDERAL TRADE COMMISSION

1. Scam emails with links and attachments: The latest available statistic from the FTC, approximately 91% of ransomware is downloaded through phishing e-mails. Be aware of suspicious emails which ask you to click links or download attachments. These can put your data and network at risk. Here are a few tips that will help you recognize a phishing email:

   • Phishing emails may look like they’re coming from a company you know or trust.

   • Phishing emails often tell a story that trick you into clicking a link or opening an attachment.

   • Take a minute to ask yourself if you have an account with the company or person who contacted you. If not, it may be a phishing email. If you do, contact the company using a phone number or website to verify the email is legitimate.

2. System vulnerabilities: Be aware of any potential Operating System or software vulnerabilities which can be taken advantage of by hackers by making sure your device and software is up to date and you use anti-virus software which is also up to date.

3. Suspicious websites: Be aware of any suspicious websites. Many browsers have built-in security scanners which will warn you if you visit an infected webpage or download a malicious file from a site. However, if it does not and a site is already infected with ransomware, it will automatically download malicious software onto your computer when you open the website.

4. Suspicious online advertisements: Enable your pop-up blocker if available. Online advertisements which contain malicious code will run unwanted programs, if you click on them, causing harm to a device or compromise data stored on the device. These could show up on a website you know and trust which could be a sign your device has been compromised.

WHAT TO DO IF YOU’VE FALLEN VICTIM TO RANSOMWARE

1. Limit the damage: Immediately disconnect your infected computers or devices from your network. If your data has been stolen, we recommend you take steps to protect you or your company’s information and notify anyone who may be affected. Make it a good habit to constantly back up your files.

2. Contact the authorities: If you’ve fallen victim to ransomware, we recommend that you report the attack right away to your local FBI office. If your personal information has been compromised, consider whether you need to take steps to mitigate the risk of identity theft. Click here to learn more.

3. Notify customers: If you are a business owner and your customers’ data or personal information was compromised, make sure you notify the affected individuals as they could be at risk of identity theft. Click here to learn more.

STAY SAFE AND SECURE AS A BUSINESS OWNER

1. Have a plan for your business: How will your business stay up and running after a ransomware attack? Put this plan in writing and share it with your leadership team.

2. Regularly back up your data: We recommend that you regularly save important files to a drive or server that’s not connected to your network. This will add an extra layer of caution. It’s good practice to make data backup part of your routine business operations.

3. Keep your security up to date: Always install the latest software updates. Look for additional means of protection (e.g. email authentication) and intrusion prevention software, and set them to update automatically on your computer. You may have to do this manually on mobile devices.

4. Alert your employees: Teach your employees how to avoid phishing scams. We recommend sharing some of the common ways computers and devices become infected so that your employees know what to look for. Be sure to include tips for spotting and protecting against ransomware in orientations and trainings.

5. Business owners can learn more here.

SHOULD YOU PAY THE RANSOM IF YOU GET ATTACKED?

Law enforcement doesn’t recommend paying the ransom if you fall victim. Ultimately, the decision is up to you to determine whether the risks and costs are worth the possibility of getting your data back. You can learn more ways to stay safe and secure by visiting our Information Security and Fraud Hub.

VISIT HUB

Nothing contained in this material is intended to constitute legal, tax, securities or investment advice, nor an opinion that it is appropriate for readers. The information that is contained in this material is general nature. Readers should seek professional advice for their respective situations.

SPOTLIGHTED FREE ASB FINANCIAL EDUCATION COURSE:
Identity Protection

Learn how to protect your identity and the steps to take if your personal information is stolen.

Take Course >