WASHINGTON DC – A report published Thursday looks at how the growing network of Internet-connected household devices – dubbed the Internet of Things – from Samsung refrigerators to Nest thermostats, could make you even more vulnerable to ransomware attacks, what has rapidly become a multimillion dollar business for cyber criminals.
Market forecaster Gartner expects 6.4 billion connected devices will surround us in the home and workplace just this year.
“As more devices are connected to the threat landscape referred to as the Internet of Things, ransomware will have greater power over victims,” reported the Institute for Critical Infrastructure Technology, a Washington, DC-based cybersecurity think tank. That’s right. Prepare to see your smart TV held hostage.
But wait, there’s good news too. The report’s authors point out several ways you can avoid becoming a victim of ransomware. None is guaranteed to work, but at least you’ll know you tried.
Back up your files
With all the cloud services out there and the availability of easy-to-use external hard drives, you have plenty of options for backing up your files.
The catch: This isn’t a guarantee that you’ll be safe from ransom demands. You might get hit right before you need to turn in an important term paper or work project that you didn’t back up yet. Or you might be the victim of ransomware that also seeks out backup copies. (Yep, that exists.)
Don’t panic
If you can stop the screaming in your head for a moment, you may be able to find a solution. Some attacks rely on malicious software that has known fixes, which you can find with some quick online searching.
“Many users pay the ransom without exploring alternative options simply because accepting the lost revenue is easier than applying effort,” the report’s authors wrote.
What’s more, many attackers download their malicious software onto your computer from piracy and porn websites. They’ve gone so far as to create fake alerts claiming to be from the police, saying that if you pay a fine you won’t be arrested for downloading pirated software or files. Shame and fear get people to pay without looking for alternatives.
“It’s more psychological than it is technical,” said James Scott, senior fellow at the Institute for Critical Infrastructure Technology.
The catch: Some ransomware is quite technically advanced. If you don’t have backups and your files are truly irretrievable, you might have to pay if you want them back.
Pay up
When you face the real deal, even the FBI says you should pay.
“The ransomware is that good,” Joseph Bonavolonta, the Boston-based assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program, said at a 2015 cybersecurity event, according to cybersecurity publication Security Ledger.
The average ransom demand is $300, according to the Institute for Critical Infrastructure Technology, but attackers will pick a number based on how much money you might have. Big companies might see demands for millions of dollars, and regular people might only have to pay a tiny amount.
The really big catch: You might not get your files back! Seriously. Cryptolocker, which is ransomware spread by a crime ring before it was taken offline by law enforcement in 2014, extorted $3 million from users but didn’t decrypt the files of everyone who paid, according to the institute’s study.
This really sucks, right? If you’re so unlucky that you’ve followed all these rules, paid a ransom, and still didn’t get your files back, my final tip would be…
Remember all physical objects eventually turn to dust.
This story was published by CNET. To subscribe, click on www.cnet.com
