Poor “cyber-hygiene” is leaving consumers vulnerable to hackers who seize computer systems and hold them up for ransom, according to a new industry report.
The sloppy Internet practices that make consumers the biggest target for ransomware attackers include opening e-mails and attachments from unknown senders; clicking on banner ads from unknown companies and too-infrequent file backups, according to a report released Thursday by the Institute for Critical Infrastructure Technology.
“Ransomware” is a cyber-attack where hackers gain control of all or part of a computer system’s files and demand a ransom to relinquish control.
The report’s authors referred to ransomware crooks as the 21st century successors to highwaymen who would tell stagecoach riders to pay or suffer the consequences.
The attack can be thwarted if users have copies of the affected files, but most users do not back up their computer systems on a regular basis, according to the report.
James Scott, an ICIT senior fellow, recommended using an external hard drive for a backup, which can be purchased for about $50 and can be set to copy files continuously.
Thumb drives are poor backup devices for an entire computer because they don’t have enough storage, he said. A cloud storage service is also insufficient because a cloud is just someone else’s computer, which can also be hacked, he said.
The study said experts often tell users to never pay the ransom, but it called that advice unrealistic.
“Sometimes no other options exist,” said the authors.
They urged victims to never surrender credit card or financial account information to pay a ransom because the data could be used for further theft.
However, if that is the only way a ransomware criminal will accept payment, the authors said the card or account should be frozen or closed immediately thereafter, the report said.
Bitcoin is the best way to pay a ransom, Scott said, adding that the easiest way to buy bitcoins is to google “bitcoin brokers.”
For businesses, ransomware is a more serious threat than a data breach because a business can easily continue operations after a breach.
“The same cannot be said for an active ransomware attack. Business operations grind to a halt until the system is restored or replaced,” the report said.
Another danger of ransomware, the report claimed, is law enforcement agencies have neither the time nor the resources to track down the culprits.
“More crooks are entering ransomware because the attacks are under-combated and highly profitable,” the authors said.
The average amount ransomware thieves took from their victims last year was $300. The amount may seem small, but with the tens of millions of personal computers in use, the opportunity for making money through this form of thievery is large, the report said.
Smartphones aren’t popular targets for ransomware attackers because they are so inexpensive to replace and so little sensitive data is stored on them that consumers often would rather buy a new one than pay ransom.