In 2018, the city of Atlanta was hit by a ransomware attack that crippled them for days. Officials said that they did not pay the ransom, but have not stated how they recovered the data. Also in 2018, a hospital was hit. They paid $55,000 to get their data back.
More recently 22 municipalities have been hit in 2019. Now Henry county south of Atlanta has been hit and as I write this they are unable to conduct business.
For those of you who don’t know what ransomware is, it’s when a malicious program is run on a computer that encrypts all of the data on that machine. Not the operating system or programs that run on it, but all documents, videos, music, etc. The data is still there, but no one is able to access it. But it goes much further than that. It also encrypts all of the data on the network that it’s attached to. That can cripple an entire municipality or business. The bad guys then contact the victims and demand ransom (usually in bitcoin to stay anonymous) before they will release the key that will decrypt the data.
Sometimes, like in the case of Atlanta, this malicious program which is usually referred to as “malware” was the product of a “brute force attack”, meaning that the bad guys targeted weak passwords to get into the network. But in most cases the malware is run freely by someone using a computer, either at a business or a home user. Yes it happens to home users too. They probably opened an attachment in an email. Sometimes that’s all it takes.
The point I’m eventually getting to is there are a couple of ways to avoid getting ransomware, or any type of malware for that matter. And no, I’m not talking about virus protection. Virus protection software is like the police. They show up after your house has been broken into, they’re not sitting outside in the driveway waiting. One way is to not open any attachments unless you are 100% sure that it came from a trusted source. The other way, which is a little more complicated for the non techie, is to not run windows as an administrator. Have an administrator account, but your normal account should be a ‘user”. That way you won’t be able to install anything without the administrator password. Now this won’t stop you from installing malware, if you’re bound and determined to enter the password and install the malware nothing will stop you, but running as a user will stop the malware from installing by itself. If you’re not sure how to do this, you can search online, there are plenty of places where you can learn how to do this. This is one.
But even doing both of those might not stop malware. Bad guys are getting smarter and trickier, finding all kinds of ways to get someone to install their ransomware. There’s also the fact that the hard drive on your computer is going to die if you use it long enough. That can be just as bad as ransomware. It happened to me about a year ago (the hard drive fail, not the ransomware). What is the best protection? Backup, backup, backup. This is what I do: I use a service which backs up all my data into the cloud (encrypted so no one can see it) and also to an external hard drive that sits in the floor. I use Crash Plan, but there are many others that do just as good of a job, just search “online backup”. That way I have three copies of everything. Doesn’t matter if my hard drive fails, or Boris and Natasha somehow tricks me I simply install a new drive or wipe the old one and recover my data from the backup. Even some disaster like a house burning down wouldn’t cause me to lose data because a copy is on Crash plan’s servers. For those of you that don’t want to pay for a service, you could simply use windows backup and two external hard drives (or thumb drive if you don’t have a lot of data) and keep one off site somewhere. Do this regularly depending on your usage and how often you generate data.
(There is a third way. That is to not use windows. I personally run Linux most of the time, but Apple’s OSX would be just as good. No, they’re not invincible to malware, it’s just that Apple has 12% of the market,and Linux has less than 2%. If you’re going to go fishing, you pick the pond with the most fish.)
I hope Henry County has backups.
Folks, we have control over our digital assets, please take time to set up a separate administrator account and install and use a backup. You’ll thank me one day.