Imagine you are a financial advisor waking up glowing with confidence because you passed an SEC cybersecurity exam. Then you go to your car and find it won’t start. A hacker has taken control of your ignition system. He demands ransom before you can get going.
Sound far-fetched? Not as much as you might think.
Many household items are now computerized and connected to the web, and hackers are taking advantage of the “Internet of Things” to disrupt the everyday lives of consumers and organizations in exchange for payoffs.
Exacerbating the problem is the fact that the manufacturers of cars, toasters, TVs, etc. don’t have their guard up.
“These things are being built without security in mind,” said Bill Wright, head of Symantec’s Norton Cybersecurity Institute program. “It is much harder to bolt on security afterwards than to build it in at the beginning.”
Wright spoke at a Federal Trade Commission seminar Wednesday, warning attendees about the emerging threat of hackers to web-attached things from toys to laptops.
“Ransomware is the most profitable malware in history,” said FTC Chairwoman Edith Ramirez at the gathering. Ransomware attacks quadrupled in the last year to over 4,000 per day, she said.
It’s the profitability driving the surge in ransomware, not technology.
With such software, hackers can get hundreds of dollars from individuals and up to $30,000 from corporations, which affords them money to hire highly skilled techies to write the computer code—and to hire them globally.
“We’re not dealing with hackers in a basement,” said Craig Williams, security outreach manager at Cisco.
The safeguards offered for consumers largely hew to conventional wisdom: Only go to websites you are sure you can trust. Only open emails from those you know. Never click on attachments from a seemingly appealing but unfamiliar sender. And religiously install all the software patches sent to you ASAP.
In addition, a good way to protect yourself and your business from ransomware attacks is to lose the belief that web-connected everything is the greatest thing since toasted bread.
“If devices don’t need to talk to each other, why allow it?” asked Chad Wilson, director of information security at Children’s National Medical Center in Washington, D.C.
Also, regularly back up your files on a flash drive or the cloud.
Helpful? Yes. Absolutely helpful? No.
Several experts at the FTC conference said ransomware hackers are increasingly targeting backups, and you could click on a trusted website, such as that of your favorite restaurant, only to find out the hard way that hackers have hidden malware on it that will infect your network of computers, cell phones and televisions.
Should you ever give in to the blackmailers to get your car or computer started?
The Federal Bureau of Investigation is against paying ransom, but Will Bales, a supervisory special agent at the FBI’s Cyber Division, said the agency is very sympathetic to people who want to get their internet-addicted lives back.
But about 25 percent of the time the ransom is paid, the hackers don’t fulfill their end of the bargain, even if they intended to, said Serge Jorgensen, a founder of the Sylint Group, a cybersecurity consultant.
Sometimes the hackers can’t unencrypt files they encrypted to steal them from victims, or the encryption was faulty in the first place. Or the seized software with personal information and codes could have been encrypted numerous times.