Yesterday USA Today ran a report, “Cybercrooks hold PC data captive.”
This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.
This latest report discusses how small businesses and individuals are being targeted.
“With ransomware, however, online crooks implant malicious computer code on websites in hopes of breaking into the PCs of consumers and remotely encrypting a victim’s files and photographs. The thieves demand a ransom through an online-payment service such as PayPal or e-gold. According to security firm Websense, one recent victim was the tech administrator at a company in the Northeast. His PC was infected by malicious code, which scrambled company files. An e-mailed ransom note demanded $200 for the digital keys to unlock the files. The victim did not pay because he doubted his data would be returned even if he paid, says Dan Hubbard, vice president of security and research at Websense. Most of the stolen files were recovered from a backup disk, Hubbard says.”
Indeed, smart admin! He:
1) Had a backup
2) Realized extortionists are crooks you don’t want to trust to follow through on their word
A few lessons:
* Make backups often
* Keep sensitive and mission critical data encrypted on devices accessing the Internet
* Use firewalls on personal computers connecting to the Internet
* Try not to visit untrusted websites
Tags: awareness and training, corporate governance, cybercrime, data backup, encryption, Information Security, IT compliance, malware, privacy, ransomware