I notice ransomware is back in the news again.
This time the lure is Microsoft’s newly released Windows 10 operating system and the apparent keenness of the masses to adopt a software program that has only just come out of testing (yeah, I know, it’s better than sticking with XP or Vista but, let’s face it, most early adopters are using the significantly more mature (and still supported) platforms of Windows 7 and 8.1).
The problem here, as far as I see it, is the teething problems surrounding getting the new OS to install. While I myself am holding off, I was asked to upgrade a friend’s machine. To say the process was infuriating would be an understatement – error after error, despite his having received the go ahead to upgrade from Microsoft itself.
Ultimately that led to us downloading an ISO from the Redmond firm and, after much playing with locale and language, it finally worked.
But some people who were struggling to get the program installed took another route – they went with an email that appeared to be an upgrade notification from Microsoft but was in fact a spammed out invitation to CTB-Locker.
Not good, I’m sure you’ll agree, but, hey, you’re not going to be affected are you? After all, you’re quite savvy and there’s no way you’re going to put yourself through the rigmarole of upgrading all your office machines just yet is there?
Fine. That sounds great.
But that doesn’t mean that ransomware only affects people who are harried, naive or in any way reckless.
Just ask the Tewksbury, Massachusetts, police department or the PD in Midlothian, Illinois, both of which handed over the cash when Cryptolocker took their unbacked up data hostage.
Or have a word with the residents of Ilion, a New York village, which was not alone in coughing up $300 and then $500 when two official-looking emails caused havoc across its computer systems, rendering its entire accountancy system inoperable.
Even though such targets are high profile, neither the police, nor the FBI acting on behalf of Ilion, were ever able to identify who was responsible or reclaim the ransoms paid.
So what needs to be done to avoid the threat of ransomware?
Normally I’d take the opportunity right about now to mention the importance of backups, preferably tested and kept offsite, the need to install security software and to keep programs and operating systems updated, and other precautions aside but, on this occasion, I think a quote from the US version of the Guardian says it all really:
Ilion officials have endorsed new security steps and trained staff last year specifically on looking out for suspicious emails. They have been working with the auditors who identified various security gaps. They haven’t had another attack since.
What are you doing to ensure your critical files don’t end up costing you a small fortune, one way or another?