May 15, 2017
CONSUMER ALERT: Precautionary Measures to Protect Yourself from Cyberattacks
ATLANTA, GA – Attorney General Chris Carr is urging consumers to take necessary precautions in the wake of an international cyberattack. It is being reported that most of the attacks are coming in the form of “ransomware;” a type of malicious software (malware) designed to block access to a computer system until a sum of money is paid.
“With hackers and identity thieves frequently finding new ways to infiltrate your computer, end-user awareness is critical in preventing the spread of malware,” said Attorney General Chris Carr. “The Office of the Attorney General suggests the following to help curb your chance of falling victim to this type of attack.”
What is Malware?
“Malware” is a broad term that refers to malicious software. Depending on the purpose of the malicious software, it may simply be a nuisance causing your computer or device to repeatedly crash. Malware could also be a type of spyware designed to monitor computer use, steal personal information or commit other types of fraud. Malware can also infect phones, tablets, and other mobile devices.
Ransomware
Ransomware is a subset of malware that infiltrates computer systems or networks and uses tools like encryption to deny access or hold data “hostage” until the victim pays a ransom, frequently demanding payment in Bitcoin. In the typical case, the criminals demand between $500 to $1,000, but some have demanded as much as $30,000. For instance, some hackers will delete the victim’s files if payment isn’t made within a specified period of time, and many newer variants use highly advanced methods of encryption. Ransomware can be incredibly profitable to criminals, many of whom now have the resources to hire professional developers to build increasingly sophisticated malware (Federal Trade Commission).
How do I Report or Avoid Malware/Ransomware?
Dealing with Possible Fraud:
- Contain the attack: Disconnect infected devices from your network to keep ransomware from spreading.
- Restore your computer: If you’ve backed up your files, and removed any malware, you may be able to restore your computer. Follow the instructions from your operating system to re-boot your computer, if possible.
- Contact law enforcement: Report ransomware attacks to the Internet Crime Complaint Center, FBI’s Cyber Division ([email protected] or 855-292-3937) or an FBI field office. Include any contact information (like the criminals’ email address) or payment information (like a Bitcoin wallet number). This may help with investigations.
Install Reputable Security Software: At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Viruses can be planted in emails or attachments to emails, in programs or files that you download, and even in Web sites that you visit. These viruses have the potential to wipe out your computer files. Anti-virus software scans everything that enters your computer, looking for these viruses. Spyware is software that tracks your computer activity, gathering information without your knowledge. Anti-spyware software blocks or removes spyware. You may obtain the anti-virus and anti-spyware software separately or as a package. For lists of security tools from legitimate security vendors, visit staysafeonline.org.
Use a Firewall: A firewall is a virtual barrier between your computer and the Internet. Everything coming into or leaving your computer must go through the firewall, which blocks anything that doesn’t meet specific security criteria. Before purchasing separate firewall hardware or software, check your operating system to see if there is a built-in firewall and whether it is turned on.
Update Operating System and Software Frequently: Computer and software companies frequently update their programs to include protection against new security threats. Simply updating your operating system and software whenever new versions become available gives you an added measure of security. If available, activate automatic security updates so you will be alerted when updates are issued.
Avoid “Free” Security Scans: Be suspicious of an offer of a “free security scan,” especially when faced with an unexpected pop-up, email, or an ad that claims “malicious software” has been found on your computer.
Create and Protect Strong Passwords: Create strong email passwords and protect them with the following tips:
- The longer the password, the tougher it is to crack. Use at least 10 characters.
- Mix letters, numbers, and special characters. Try to be random – don’t use your name, birthdate, or common words.
- Don’t use the same password for different accounts. If it’s stolen from you, it can be used to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password.
- Keep your passwords in a secure place, out of plain sight.
Use a Pop-up Blocker: Don't click on links or open attachments in emails unless you know what they are, even if the emails seem to be from friends or family.
Use the Spam Filter: Utilize your email program’s automatic spam filter, which reduces the number of unwelcome email messages that make it to your inbox. Delete, without opening, any spam or “junk mail” that gets through the filter.
Backup Important Data: No system is completely secure. Copy important files onto a removable disc or an external hard drive, and store it in a safe place. If your computer is compromised, you’ll still have access to your files.
Read more about the indicators associated with the specific WannaCry Ransomware incident here.