The viral attacks, which grew in number last year, are expected to become even more frequent in 2016, according to the New Jersey Cybersecurity and Communications Integration Cell (“NJCCIC”), which tracks online threats throughout the state. Individuals, businesses, government agencies, and private institutions are all vulnerable to the paralyzing virus typically launched through an infected email.
“Ransomware is fast becoming a major cybersecurity threat, as sophisticated hackers go for big payoffs by ‘kidnapping’ and holding for ransom the private, sensitive files belonging to large organizations by tricking individual members of those organizations into giving them access to it,” said Acting Attorney General Robert Lougy.
Employees at large institutions like government agencies, law enforcement bureaus, corporations, and healthcare organizations, are being bombarded with virus-carrying emails disguised as messages from their supervisors or other trusted authority figures. Even the savviest web users often don’t think twice about clicking on an unfamiliar link when the directive comes from their supervisor.
Individuals using home computers are also not immune from attack. Cyber criminals are targeting the servers of organizations with large memberships, like alumni associations and religious groups to send spoofed emails to members, hoping to infect their home computers.
Once granted access to an individual computer, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Victims often are unaware they’ve been infected until they are unable to access their data or begin receiving online demands for money, usually in the form of Bitcoin or other untraceable virtual currency.
Hospitals eager to regain access to the patient electronic health records, parents anxious to keep their children’s social security numbers from identity thieves, and grandmothers desperate to retrieve priceless family photos are all faced with the same dilemma: pay up or risk losing valuable files forever.
“We’re calling attention to the growing threat of ransomware so consumers can take precautions to protect themselves and their employers from these insidious viruses,” said Steve Lee, Acting Director of the New Jersey Division of Consumer Affairs. “As cyber criminals grow more sophisticated in their attacks, consumers must become more vigilant in avoiding them.”
Tips to Avoid Ransomware:
Beware of free games, toolbars and other software. Before you download software, make sure the software is from a trusted source.
Never click on links in suspicious emails or pop up advertisements. Even if the source looks legitimate – like an email from your bank – play it safe by opening a new tab to go directly to the website.
Be particularly skeptical of emails with attachments that appear to be from trusted brands you regularly interact with when they arrive unexpectedly.
Be just as safety-conscious on your smartphone as you are on your PC or office computer.
Regularly back-up your important files, including those priceless family photos, and store the data offline for safekeeping.
Make sure your home computers have current anti-virus, anti-spyware, and anti-malware software.
Since ransomware can also attack from a website, make sure that vulnerable plugins like Flash and Java require your permission to run.
Use ad-blocking extensions in browsers to prevent “drive-by” infections from ads containing malicious code.
Use web and email protection to block access to malicious websites and scan all emails, attachments, and downloads and configure email servers to proactively block emails containing suspicious attachments such as .exe, .vbs, and .scr.
Unfortunately, the proliferation and sophistication of ransomware attacks make it difficult for even the most careful web-users to keep themselves safe. And once victimized, there’s not much that victims can do to find the criminals behind the attacks because they’re launched from anonymous internet routers that are difficult, if not impossible, to trace. But there are steps they can take to avoid having to pay the ransom.
If You Suspect You’ve Been Hit:
Disconnect from networks immediately if an infection is suspected and do not reconnect until the computer or device has been thoroughly scanned and cleaned.
Alert the appropriate information security contact within your organization if unusual activity is seen on networks, computers, or mobile devices.
If you or your organization is the victim of a ransomware infection, or would like to learn more about cybersecurity information sharing, threat analysis, and incident reporting, visit the NJCCIC website, or contact a Cyber Liaison Officer at email@example.com.
Consumers who believe they have been cheated or scammed by a business, or suspect any other form of consumer abuse, can file a complaint with the State Division of Consumer Affairs by visiting its website or by calling 1-800-242-5846 (toll free within New Jersey) or 973-504-6200.