GECU Voices brings you guidance and insight from experts within the Credit Union. This article is brought to you by Austin Vaive, Information Security Manager.
If you’ve paid attention to the news recently, the term 'ransomware' should ring a bell. It seems every other week a company is in the news reporting a breach or major outage due to a ransomware attack. But what exactly is ransomware, and what can you do to keep your personal data and devices safe? The answers below will help you steer clear of security issues.
Defining Ransomware
Ransomware in its most basic form is a type of computer virus, or malware, that infects a victim’s computer and encrypts their personal files. The criminal on the other end demands the victim pay a ransom for the safe return of their files.
While it may seem like paying the ransom is a good way to lose both your money and files, in general, the cyber criminals that operate these schemes will stay true to their word. They know if they never upheld their part of the deal, their victims would no longer pay up, so they have an incentive to return the files as promised once they receive payment.
Unfortunately, these criminals are generally located in different countries and demand payment in cryptocurrency, like Bitcoin, making it much more difficult for law enforcement to recover the funds. Ransomware has been on the rise in recent years, as more cyber criminals see it can result in major payouts, especially if a large organization is hit and is desperate enough to pay. Experts expect the global cost of ransomware to hit $20 Billion in 2021, 57 times the amount from 6 years ago.1
Now we are seeing the emergence of a product known as Ransomware as a Service, or RaaS, in which cyber criminals actually use an ‘off the shelf’ product to infect their victims’ technology, reducing the technical complexity of successfully orchestrating an attack. Security experts believe this is the type of ransomware used to successfully take Colonial Pipeline offline earlier this year, which caused a gas shortage as a result.
Protecting Yourself from Ransomware
So what can you do to reduce your risk of exposure to ransomware? For one, ransomware generally enters the victim’s computer via a deliberate action. In short, unless you – or someone else on your network – accidentally opens a malicious email attachment or downloads an executable file from a phishing message, it is unlikely (but not impossible) that you will be infected with ransomware.
The first line of defense is ensuring your “human firewall” is strong! Always use caution when opening an email from an unknown sender and avoid clicking links or downloading attachments if you are not 100% certain where they lead. A large portion of ransomware attacks can be traced back to an individual accidentally clicking on a link or attachment in a phishing email.
Because ransomware relies on you being desperate to recover your precious files, like family photos or important documents, one way to thwart cyber criminals is to keep backups of important devices in a separate place from your main network. Use a reputable cloud storage site or a portable hard drive to back your files up on a regular basis.
Don’t leave the portable drive attached to your main computer for longer than needed. If your device is infected with ransomware while the drive is still attached, it is likely those files will be encrypted as well.
Lastly, ensure your device has the latest security updates and your antivirus software is active. Cyber criminals will generally attack the easiest targets first, so keeping your device up to date and patching any security flaws will reduce your risk of being infected with ransomware or other computer viruses.
General Electric Credit Union (GECU) wants to help keep your money and identity safe. That’s why we dedicate a section of our Money Minutes blog to security.