By Reid Goldsborough
is a type of malware or malicious software that prevents you or your
organization from being able to fully use your computer system until you
pay the attackers a ransom.
In February, a hospital in Los
Angeles made headlines for giving in to the ransom demand of hackers who
used encryption to cripple its internal computer network, including
electronic patient records, for three weeks, causing it to lose patients
and money. After the hackers initially demanded $3.4 million, the
hospital paid them $17,000.
In explaining his decision, Allen
Stefanek, president of Hollywood Presbyterian Medical Center, said, "The
quickest and most efficient way to restore our systems and
administrative functions was to pay the ransom." The money was
transferred through Bitcoin, a cryptocurrency that permits anonymity.
as well as organizations can fall victim to ransomware, with
organizations typically getting hit by larger ransom demands.
Organizations hit recently include schools, city councils, and
To help reduce the risk of a ransomware attack or recover from it afterward, follow these steps:
- Use good security software. Top consumer security suites include Symantec's Norton Security.
Fee-based security suites typically are more robust than free tools,
including those that come bundled with operating systems such as Windows
or Mac OS. If you connect using public Wi-Fi at places such as coffee
shops or airports, use virtual private network software such as Hotspot Shield.
safe computing. Ransomware commonly is introduced through breaches in
an organization's network, rogue websites that install software on your
system without your consent, email attachments, or "dark web"
file-sharing services. Good security software can prevent many attacks.
But if you do dumb things, you still can be vulnerable.
click on email attachments unless you know the sender, and be careful
even if you do. Clicking on such attachments might launch the infected
ransomware program or load an infected Microsoft Word or other data
file. "Phishing" occurs when a bad guy sends out emails or texts that
purport to come from a trusted source, such as your bank or the IRS. If
you have suspicions, you can call the company or agency and ask whether
such email was sent. Never click on a link in an email message asking
you to verify personal or financial information via the web. Despite
warnings about phishing, people and organizations still become victim.
When phishing tests are conducted within organizations, about 5 percent
of employees click on a malicious link no matter how much training they
get to prevent this, according to CrowdStrike Chief Technology Officer
Dmitri Alperovitchl, speaking at the RSA Conference on information
security in March.
- Be wary of using "dark web" file-sharing software in which illegal copies of software, movies, and music are shared.
up-to-date. Older programs and operating systems are more vulnerable to
attack. With whatever security software and operating system you're
using, enable automatic updates or manually update regularly. With
programs that don't offer the option of automatic updating, periodically
check for updates, which can usually be done through the Help menu.
up critical files. Data, whether it's your customer database or your
family photos, can be more valuable than hardware or software. The
often-repeated solution is to back up important files. Options include
using a cloud backup service such as Mozy, a cloud storage service such as Dropbox, a USB flash drive, a rewritable optical disc, an external hard drive, and a backup tape.