Pay us or forget your DATA forever!

Hectic Monday….

On a typical hectic Monday afternoon, Joe who works for a reputed Organisation was doing his routine task of replying to customer emails, and was shocked after he clicked on a link in a customer’s email. Dramatically, as it may sound, within a jiffy, his computer flashed a note, “To get your data back, pay us $300 via Bitcoins to an address (or account number) – xyz7879wyayrou723nYt7253“. Moreover there is a ticking clock (or a timer) showing the time remaining to pay (in Hours, Minutes, Seconds) along with a threatening message that if you cannot pay, then say good bye to your data forever…phew!

Something similar happened with a small scale floral business owner Joanna who clicked a link on her email and received an identical message that Joe saw on his computer.

What just happened to Joe & Joanna was a Ransomeware attack… It had gripped hundreds of people, which led to some scaremongering across the Digital world.

What is a Ransomeware?

Have you heard about Ransomeware viz., WannaCry, Petya/NoPetya, etc.? It is one of the older and consistent attack vectors where Fraudsters drop a malicious payload on your system (via email or forcing you to click and install something) thereby taking advantage of the existing vulnerabilities in your computer (typically Operating System (OS), Apps) and then encrypting your data or files and denying access to your very own data on your very own computer… The encryption is so strong that it’s a very complex process to recover your data to decrypt it back i.e., in the original state.

Trends show that a lot of people fall for this attack trap and end up paying the Ransom. However very few of them get back their data and most of them loose it despite paying the ransom amount..Double bluff!

How do i avoid becoming a victim like Joe or Joanna?

1. Patching or Keeping your Computer software updated – In the above scenario both Joe and Joanna had an outdated system i.e., it was never updated with latest software releases from the OS vendor. It may not be Joe’s direct responsibility to keep his system updated as he was working for a reputed organisation and it should have been managed by his Organisation’s IT support team. However Joanna who runs her own small scale business should have been aware about it.
2. Not clicking on suspicious Email links – Avoid clicking on suspicious links from untrusted sources.
3. Take a backup of your data – This is especially for Organisations who have data backup systems. For personal users i would recommend weekly/monthly back on an external hard drive.

Would appreciate your feedback on my blogposts if you would like to hear more about CyberSecurity awareness topics…