Chances are you’re one of the 3 billion-plus people in the world who owns and uses a smartphone or computer, which means you’re probably part of the nearly 50% of the global population with Internet access. All at a click of a button you can reach endless information, unfettered pornography, and communicate with other users all around the world, in real time.
Now imagine one day you’re firing up the computer or opening your phone and instead of that familiar screensaver of your cat (probably), you’re faced with a malware message informing you your data is currently being held hostage, decryption attempts are futile, and to just pay the money if you want the device to live. You and your personal information have just become victims of ransomware.
Ransomware is essentially malware that cybercriminals use to gain access to a user’s device which then locks that device’s files or hard drive. For businesses, it can knock out entire network servers. The victim is presented with a message on their screen instructing them to make a payment in order to receive a decryption key to unlock their files. The malware, using advanced encryption algorithms, infects a system and spreads itself around through various channels like instant messaging, social media networks, or using malicious email attachments and links which initially appear to be received from credible sources, like friends, family, or work.
Ransomware in its infancy began with direct encryption, file-by-file, but only of certain types. The evolution of ransomware saw the birth of Petya, a particularly sinister Trojan that will lock a device’s entire system instead of just the files. This is achieved by corrupting the hard drive’s master boot record (MBR) code, which encrypts the master file table (MFT), thus seizing up the operating system. In this case, the result is not the encryption of the file content itself, but without a properly functioning MBR and MFT, the latter of which contains all of a computer’s file data, the OS cannot run and the financial exploitation begins. All the user will be able to do on their computer is read the screen message demanding payment in exchange for a key; a key that is not even guaranteed to work.
It’s common to hear a person proclaim that their whole life is on their computer or phone. Knowing this, the game to a hacker is how much that data is worth to someone. For a home computer, just like the one your grandmother may use, the price can start at $500. PBS Newshour reported in 2015 the case of Inna Simone, a retiree living in Boston, who was at risk of losing everything from tax returns to photos of her grandchild. She was told if she missed the deadline the ransom doubled to $1000 the following week. Failure to pay at all meant preparing to never see the data again. Money is delivered in the form of Bitcoin, a currency not traceable by law enforcement agencies or the cyber security industry.
By simply using a smartphone, TV, computer, or tablet device a person is automatically at risk of being hacked. Even associated devices, like a Google Glass headset or iWatch, can be vulnerable — not even your FitBit is safe. Thankfully, you can rest assured when it comes to one electronic in your household, despite what Counselor to the President Kellyanne Conway asserts, there is no evidence that Barack Obama is hiding in your microwave with a camera.
To an individual ransomware is devastating, but to businesses, it can be fatal. The stakes are much higher and the ransom is much more severe, ranging from tens to hundreds of thousands of dollars. A hacking means exposure of sensitive client information including credit cards, social security numbers, and home addresses. Last October, The Denver Post reported the Ponemon Institute’s findings that “the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.” Sixty percent of small businesses that are hacked do not recover and are out of business within 6 months.
The World Wide Web has given the global village a new realm of warfare, merciless in its intentions and with far-reaching capabilities. Consequences of hacking are monstrous for the victim(s), involving both financial and psychological distress, but it is possible for the pendulum to swing too far in the other direction. Cyber security panics can cause democratic governments to introduce broad surveillance programs against its own citizens. In the pursuit of prevention, Pandora’s box is opened and cyber security measures begin to eclipse the right to privacy. Bills like the UK’s Investigatory Powers Act 2016, passed into law in November, requires phone companies to store customer’s data for up to 12 months and make any of that information available to police and other government agencies. Advocates of the bill hail it as “world-leading legislation,” while critics have described it is as “a death sentence for investigative journalism” in the UK. The bill has been nicknamed the “snooper’s charter.”
While the average citizen might not be concerned about government overreach in regards to surveillance, especially if they feel they are doing nothing wrong, it does mean that companies now have large caches of personal customer information, including texts, transactions, finances and yes, even your nudes. All we have to hope for now is that the companies holding all our most private details are not hacked. See Yahoo, Target, and Ashley Madison as examples where existing cybersecurity failed to stop breaches.
Cyber security is no longer an issue just for the geek squad. It’s something all electronic and Internet users must care about, especially the nontech-savvy, “how does this thing work” user. Everyone is vulnerable because it doesn’t take geniuses to create and execute malware; as long as there is a Wi-Fi connection and the will to follow the deed through, it can be done.
Protect yourself with current security software, change your passwords regularly and encrypt your sensitive data; businesses can implement policies and training so employees are familiar with the issue, invest in cyber insurance, and the most important of them all: always back that system up.