Finally, Ransom Notes Have Joined the Digital Age
“You pick me clean, you put me in a coffin with a rotten, stinking cat, and now you strip me bollock naked.” – Robert Agar, “The Great Train Robbery,” Sterling Films, 1978
Think how great it’s going to be in 2020 with 50B connected things. Not just your notebook, tablet, smartphone (if they’ll even be necessary then) but your transportation, stuff in your house, things where you dine, drink, visit. It’s the marvelous world of IoT (Internet of Things), IoE (Internet of Everything). Or, on the dark side, its 50B ways guys/gals can muck you up, rip you off. My kids aren’t sys admins, but their smartphones are more powerful than DEC’s old PDP systems and probably IBM’s old 360 systems. We can thank the industry for taking all the techie crap out of our notebooks, iPads, smartphones. Miriam was concerned and said, “It’s all very good … unless something goes wrong.” Hackers, whackers, cyber bad guys/gals love the trust you have in your devices. Back in the early ’90s when New York Times John Markoff covered the antics and hunt/capture of Kevin Mitnick, it was big news … everywhere. And he was only doing it to be a pain in the arse!
Today, the theft of thousands, millions of passwords, PIN numbers and vital personal data from firms like Target, Dominos, Macy’s and cloud companies are so routinely taken that people don’t blink an eye.
Fun, Profit – Hacking used to be a somewhat honorable word involving individuals who could point out weaknesses in your system for you. Today, there are still a few; but for most, it’s all about stealing from someone else. You make it pretty easy for them to have you as their next victim. According to Norton, Kaspersky Labs and the other security software firms, more than 750M folks in 40 countries have experienced some type of cybercrime last year – malware, online card fraud, phishing, email scam. In the U.S., that’s 150+ victims per minute. Depending on whose report you read, that’s at least a $450B tax-free business.
Equal Opportunity – Cybercrime is a global problem. Of course, criminals are naturally attracted to where there is the most money and where the “marks” are easy to pick clean. And it’s global! While no country is immune from attack, cybercriminals obviously focus their activities on the countries with the biggest economies – U.S., China, Germany, Japan. The cyber bad guys/gals love startups, young companies and small firms because they don’t have a reinforced IT infrastructure and seasoned team in place. But they certainly aren’t alone. The folks are equal opportunity attackers using denial-of-service (DDoS) attacks to barrage organizations with traffic until the target agrees to pay a ransom.
“With It” Criminals
They’ve gotten more “with it” since the early versions that told you to go to WalMart, Walgreens and other locations to get them a $300 money order and they’d send you the key to unlock your system. Now they go for Bitcoin and the ransom is higher. Source – pcworld
Gone Digital – When ransomware first appeared, you received instructions to go and obtain a money order and send it somewhere or forever lose everything on your system. Since then cybercriminals have gotten “with it” and moved on to Bitcoin, the digital coin of the realm. While DDoS is enjoying hockey stick growth, hitting both companies and individuals, most security experts don’t recommend paying the ransom because well, jeezz, they’re crooks so why would you think they’d keep their word? Edward Pierce observed, “Oh I’m sure it’ll be a handsome ruin.” We know, you don’t really care what happens to business … unless it’s your business! Wait a minute–you do/should care! Remember, they’re bottom feeders. Of that $450B, $150B +/- is personal losses – identity, personal/friend information, credit card data, bank stuff, etc.
Congratulations – When your device’s screen goes black and then a “your system is locked,” there’s a feeling of fear, frustration, loathing even downright hatred for the individual(s) who picked on you. With 7B + people on the planet, they selected you and without advance preparation … you have a problem. Sure, folks worry about it, just not enough to follow good practices.
Common Sense Practices
- Ignoring software updates – they send ‘em for a reason, you know
- Don’t have/seldom run security software
- Spilling their guts on Twitter, Facebook, etc.
- Are totally uncreative with passwords and sloppy when they change them – hint… 123456 isn’t good, ABCDEF doesn’t work, PASSWORD is dumb as is kids’/wife’s/pets name and you change them less often than underwear
Of course, my kids tell me they’re not worried because they’re like the growing number of people IDC and Gartner say do almost everything on their smartphone. The PC is used for a little bit of school work (and games). Their tablets are only for YouTube videos. But cybercriminals aren’t stupid. They don’t see the 3-4B smartphones out there … they see 3-4B targets! And … there’s an app for that. Source – arstechnica
New Popular Target – With more smartphones on the planet than people, it’s only logical that they would be the next target for cybercriminals. Security and protection apps are available but few devices are properly protected … sorry. Actually, there are a bunch of apps for that and most aren’t as blatant as a ransom note … yet. They can make your phone dial a premium-rate number and they make a few bucks and you probably don’t even notice your phone bill went up. Or, a site prompts you to download their player with permission to send you text messages and BAM!!! your phone bill jumps. That’s why Edward Pierce exclaimed, “I don’t trust you at all.”
As with your PC, there are steps to take to protect yourself from yourself (and them):
- Be selective with the apps you download and don’t grant functionality not absolutely required.
- Unless you absolutely trust a message, email, Facebook links, blow them off.
- Check your cellphone bill for unusual data usage.
- Install mobile security software that blocks malware, add an app that can find/brick your phone just in case.
- Practice good computing … keep your phone software updated.
- If you don’t know your WiFi origination, don’t log on.
- When you’re wireless, use SSL (Secure Socket Layer) encryption – see Wikipedia – and if a website isn’t really secure, pass on buying (that goes for any online purchase).
- Unless you’re lonely, keep your Bluetooth in hidden/non-discoverable mode.
- You have phone screen locking … use it.
Whether it’s your desktop or mobile device, and you do all of this and the ransom note still appears, they might as well add a note on your screen, “Congratulations. You’ve been…
Fear But… — In the back of their mind everyone who is online today is worried about cybercrime (at least a little); but it doesn’t stop them from using their devices for everything/anything and posting breadcrumbs all over for cybercriminals to follow. Or, you can follow sound computing practices for all of your devices. My kids think I’m overly paranoid but I backup … everything (including the cloud)! And as my wife said when we sailed offshore for years, I have backups for my backups. Stuff will happen and always at the worst possible time. 1TB external HDs today are small, rugged and so inexpensive that I rotate my backups on four different drives just in case one dies or gets corrupted.
No Silver Bullet – Simple, straight-forward back-up won’t foil hackers, whackers or cybercriminals but it’s the best way to ensure that the damage they can cause to your workflow will be minimized and it sure will calm your nerves when it happens. Then, if someone takes over any of my devices (or anyone’s in the family), we wipe the device clean and restore it to a pre-infection version. Wouldn’t even have to talk to the slimeball! Wouldn’t even call Markoff up and tell him I really did learn something from the old days. If we had known then how big this wired, wireless communications thing was going to be, we’d probably have agreed with Edward Pierce, “The presence of so much gold in one place naturally aroused the interest of the English criminal elements; but in 1855, there had never been a robbery from a moving railway train.”