“We’ve never seen anything like this,” Europol executive director Rob Wainwright told Britain’s ITV television yesterday.
According to Europol, over 200,000 computers in at least 150 countries have so far been infected. That number has undoubtedly risen since the latest report, too. The U.K.’s National Cyber Security Centre reported that new cases of ransomware are possible “at a significant scale.”
“For now,” a Europol spokesman told Bloomberg, “it does not look like the number of infected computers is increasing. We will get a decryption tool eventually, but for the moment, it’s still a live threat and we’re still in disaster recovery mode.”
During the weekend, travelers at a Costa Rican and a German airport reported sights of malware on airport computers. In China, hundreds of thousands of computers were locked down, including those in gas stations, ATMs and universities.
Some might blame bitcoin for this rise of ransomware, but that wouldn’t really hack at the root of the problem. Moreover, it would be a fruitless venture.
The real problem is lack of reliable digital security and overcentralization in the digital age. And, of course, the fantastic beasts unleashed from the CIA and NSA’s digital weapons armories don’t help.
As Microsoft’s President and Chief Legal Officer Brad Smith wrote in a blog post: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”
Truth be told, the world is lucky. This time.
The ransomware, after all, demanded only $300 from its victims.
If you think about it, even with the attacks on the National Health Services, this is a pretty benign way to realize system vulnerabilities. Some penetration-testers charge way more than $300 in BTC for their services. Bug bounties are far more costly, too. These hackers have probably inadvertently saved many institutions, if they learn their lessons, from much larger and WAY more malicious attacks in the future.
Imagine, for example, this had been an attack from some more savvy psycho not motivated by money — but motivated by the desire to watch the world burn.
This hack also revealed something else.
The level of digital security many government organizations hold is hilariously poor…
Nothing good can come from any organization — especially the Russian Interior Ministry and Britain’s National Health Services — using operating systems so obsolete its manufacturer stopped supporting it years ago.
How to protect yourself
Do everything you need to protect yourself — right now.
Here’s how to get started…
Realize nobody is going to protect your data but you. Don’t rely on the centralized authorities to fix a problem of overcentralization. Again and again, their tools will fall short and they will always be playing reactionary catch up.
You have the power.
First, be wary about any links you click or things you download. It’s important to be VERY conservative about what you do online these days. Seriously. (Torrenting websites, gambling websites and porn websites are especially infested with hacks.)
Ensure you have and are using a firewall. Also, get a good antivirus that scans your device regularly. It would be a great idea, too, to get a VPN. And BACK UP your drive. Once you’re caught in a ransomware trap, you can avoid paying up if you’re willing to give up the ensnared data. But if you back up your system regularly, that won’t matter.
Here are more tips, courtesy of Wendy McElroy and Bitcoin News…
1. Avoid the specific companies, devices and operating systems mentioned in Vault 7. Wikileaks has compiled an impressive list of the “companies, products, tools, and terms that are mentioned in the Vault 7: CIA Hacking Tools Revealed publication to date.” The list is here.
2. Some companies, like Mozilla, have vowed to fix the vulnerabilities, and Assange has provided incentive. A headline in the Washington Examiner (March 18) stated, “Wikileaks threatens to reveal tech companies that haven’t responded to help offer against CIA hacks.” But how will you know if the companies actually come through? If you are loyal to an operating system, as I am to Linux, then take further steps.
3. Don’t abandon encryption. It still offers better security than “naked” transmissions.
4. If your iOS and Android devices are compromised, so are your apps because input can be grabbed before encryption. Use open source software whenever possible. Richard Stallman of the GNU Project explained: “Proprietary software tends to have malicious features. The point is, with a proprietary program, when the users don’t have the source code, we can never tell. So you must consider every proprietary program as potential malware.” (Android’s core is open source but closed source has been added on top of it.)
5. Keep strangers physically away from your devices, because some of the compromises revealed seem to require a physical interaction.
6. Update your operating systems to the latest version. The company may have fixed security weaknesses and your current system may not accept security updates. Alternatively, consider switching to an older “dumb” phone.
7. Use an antivirus program. If a backdoor was installed with the company’s cooperation, malware may not be detected, let alone fixed, by security updates.
8. Don’t just turn devices off. One security advisor suggests treating microphones as if they were guns. Always assume they are loaded and unplug them.
Managing editor, Laissez Faire Today
The post The Rise of Ransomware: 11 Ways to Protect Yourself appeared first on Laissez Faire.