Select Page

I heard from a student wanting to know more about a relatively new type of threat known as crypto ransomware. In short, it works like this: a malicious program infects your computer and encrypts your personal data with a secret key, making it inaccessible to you. You are then presented with a demand for payment (usually in Bitcoin) to unlock those files.

As is usually the case, the concern is less about “how does it work” and more about “how do I prevent it from happening to me”.

Yesterday, I opined that it may be helpful to think of cybersecurity as a public health issue so today I’d like to build off of that analogy. Think of these threats like the flu. Every year, there’s a different strain. Medical experts have to predict what the most prevalent strain will be in order to formulate a flu vaccine and depending on how correct those predictions are, the vaccine may or may not keep you from getting sick. However, there are some basic steps that you can always follow, both to keep yourself from getting sick as well as to prevent spreading the disease to others.

So this year’s cyberflu is crypto ransomware. How do you avoid getting sick?

We’ll go through three basic steps in broad strokes, and then I’ll go into more detail over the course of the week. But we can break this down to:

  • Prevention
  • Risk Reduction
  • Damage Containment

We can start with the preventative steps. Like getting the flu shot every year, running up-to-date antimalware software is a good idea. So is installing security updates for not only your operating system but the software that you use.

Next step are risk reduction measures – think about this as the computer-equivalent of washing your hands regularly. Here, we’re talking about avoiding suspicious attachments and taking care when downloading files from the Internet.

  • How to Avoid getting a Computer Virus or Worm – Windows-centric but the basic advice applies to everyone.
  • For everyone not using Windows, you’ll have access to a fairly robust app store and getting programs this way tends to be much safer than just downloading from a website.

Finally, we move to containment. Contagious diseases like the flu have an incubation period where you are infectious but you don’t know you’re sick yet. Same with malware – by the time you know the malware is there, it’s usually been there for a while.

A big part of the solution here involves changing the way you interact with and share data with others. For example, instead of emailing Office documents (which can carry malware) as attachments, use Google Docs or Office Web Apps instead. Keep your accounts for communication and social media services as safe as possible with strong passwords.

This is probably the toughest part because, like transitioning yourself over to sneezing into your arm rather than your hand, it involves changing deeply ingrained behavior.

As I said above, we’ll go into more detail in the coming days but hopefully this will give you some ideas of how to get started.

Days Gone Bye

Around this time last year, I suggested the use of a password manager. That recommendation still holds, though it is worth repeating that “security is a process, not a product”. In other words, getting your passwords into a password manager is a great first step but regularly going in and changing those passwords is just as important. Passwords are breached all the time and not all breaches get reported. Good password managers like LastPass will let you know if your passwords are getting stale and they’ll also warn you if you’re using the same password across multiple sites.

Full disclosure: I mention LastPass because I use it myself. DashLane and 1Password are also well-regarded and KeePass is a great free and open source solution, albeit with fewer frills.

And Another Thing…

This one’s already way too long.