by Jonathan Horvath
Recently, it seems like every day a company makes the news because their data has been hacked, and all their customers’ information has been stolen. More recently though, another online threat has been making its rounds on the news shows, targeting not just major corporations, but the average internet user: it’s called ransomware.
Ransomware is a piece of malicious software-or malware-that installs itself onto your computer, but instead of scouring your machine for valuable personal information to sell, it does just the opposite. Ransomware encrypts all of your files, pictures and data so that no one can see it, not even you. The software then displays a message telling you that your data is being held for ransom, and if you don’t pay by the deadline, your data will be gone forever.
These attacks are on the rise, and they’re not just targeting private citizens. In the past year, hospitals, school districts and even police departments have fallen prey to ransomware attacks. Even more frightening is the fact that these attacks don’t take much technical know-how to execute. Readymade kits are available to purchase online. But the real reason behind ransomware’s popularity is that it capitalizes on the most universal security flaw in existence: we hapless humans behind the keyboard. In most cases, ransomware infections occur because someone clicked on a link to the malicious software and
voluntarily installed it on their system.
Sounds impossible, doesn’t it? How could someone be that careless? It’s easier than you may think. Malicious links are subtle and clever, and it takes vigilance to avoid becoming a statistic. Below are a few guidelines. If you see any of these, you should think twice before clicking:
– Unsolicited email, allegedly from a friend, saying “check out this link!” or “open this attachment!” If you weren’t expecting an attachment, it’s best to give your friend a call to ensure it really came from them. Recently, I’ve seen a slew of emails with an “unpaid invoice” attached with a threat that it will be transferred to a collection agency if it isn’t addressed immediately. Don’t take the bait! Call before you click.
– Pop-up windows saying your computer has a virus, out-of-date software, or “performance issues.” These can be legitimate, but unless you’re actually using the piece of software or browser plug-in at the time, proceed with caution. A good rule of thumb is, if you didn’t go looking for it, don’t click on it! If you do click on it, don’t give the person on the other end remote access to your computer. That’s why you have us!
– Emails appearing to be from a legitimate company asking for your login or password. Apple, Facebook, Google, or Microsoft will
never email or call you asking for your personal information. Neither will your bank or credit card company. If you’re told otherwise, go to the company’s website and contact their customer service team. Make sure you double check the URL so you know you’re talking with the real deal.
The Bottom Line
: don’t click on unexpected attachments, don’t give out your passwords, and don’t call phone numbers that pop up on your screen claiming that they’ve detected something wrong, and don’t give anyone access to your machine remotely unless you went looking for them. Practice these basic principles of safe computing, and you’ve made yourself a much more difficult mark for hackers.
Even the most diligent web surfer can slip up once in a while. If you do find yourself the victim of a ransomware attack, there are only three options: pay the ransom; erase your machine, destroy your data and start from scratch; or restore from an uninfected backup. The latter option is obviously the best choice, but in order restore from a clean backup,
you need a backup! Backups can feel like the digital equivalent of going to the gym: inconvenient, a little painful, and while you know you’ll see benefits down the road, really hard to prioritize in the present. But if you are the victim of a ransomware attack or any number of common computer misfortunes, a current backup can mean the difference between minor inconvenience and major tragedy. Here’s where to start.
Create a Time Machine backup:
Apple makes it very easy to make regular backups with OS X’s Time Machine feature. Simply plug an external hard drive into a USB port on your Mac, and you’ll be asked if you’d like to use the drive for a Time Machine backup. Say yes, and you’re done. Time Machine will make a full backup of your data, and will make hourly backups of any changes thereafter, whenever the drive’s connected. It will also automatically prune old backups to save space. If remembering to plug in an external drive to your notebook is a hassle, consider purchasing an Apple Time Capsule. It’s an internet router with a hard drive inside, and it makes Time Machine backups as long as you’re in WiFi range, no cables required.
Consider an offsite backup:
Hackers know that a Time Machine backup could thwart their plans, so some ransomware attacks attempt to lock your Time Machine backup as well. A solution to this is an additional offsite backup. In the olden days, data would be copied to magnetic tapes and then physically driven to an offsite location, where they’d be safe from fire, flood, power surges, or any other major calamity that could cause widespread damage. We’ve come a long way since then. Now the simplest way to create an offsite backup is to purchase a backup plan from a company like CrashPlan, Carbonite, or IDrive. These companies charge a fee to keep an encrypted copy of your data on their servers, where it’s insulated from attacks on your local network, and they automatically keep it up to date.
Nothing makes us happier here at My MacDaddy than ensuring your data is safe. With these precautions in place, you minimize the chance of identity theft or data loss, and if anything does happen, we can get you back up and running in hours rather than weeks. As always, if you have any questions, you know where to find us!