“I got infected with a virus that I hadn’t heard of” – Real Life story on a case of Ransomware and Extortion
Last night I got infected with a virus that I had never heard of at first. It was called Ransomware, and I had never heard of it before so I was pretty freaked out. After researching I found out my situation seemed worse than the average ransomware attack.
I had received a word document with my name, address, and phone number popped up saying that I had downloaded child pornography and I must pay Rs50,000 to avoid serious consequences.
I have never downloaded child pornography and I was shocked and violated that my personal information was used in this attack.
As I was looking at it, a dialogue box appeared in the middle of the screen with a person talking to me by name that was definitely a live person making unique posts and auto-generated posts. He made the same demands as the word document while I frantically googled what to do on another device as he could see anything I did on screen even telling me as I opened Malwarebytes that it would do nothing.
I powered down the computer by holding the power button, waited about 30 seconds, then turned it back on in safe mode with networking to run multiple antivirus software.
I also went to the government portals I knew about to report it because I saw it in an article while researching and was still very freaked out by the situation.
This real life case is a perfect example of how easy it is for anyone to fall victim to Malware attacks like Ransomware. To avoid this happening to you, we’ve listed the top 10 ways which will help you reduce the risk of malware attacks in your system and mobile devices.
TOP 10 Protection Tips
- Install anti-virus and anti-spyware software.
Anti-virus and anti-spyware programs scan computer files to identify and remove malware. Be sure to:
- Keep your security tools updated.
- Immediately remove detected malware.
- Audit your files for missing data, errors, and unauthorized additions.
- Use secure authentication methods.
The following best practices help keep accounts safe:
- Require strong passwords with at least eight characters, including an uppercase letter, a lowercase letter, a number and a symbol in each password.
- Enable multi-factor authentication, such as a PIN or security questions in addition to a password.
- Use biometric tools like fingerprints, voiceprints, facial recognition and iris scans.
- Never save passwords on a computer or network. Use a secure password manager if needed.
- Use administrator accounts only when necessary.
Malware often has the same privileges as the active user. Non-administrator accounts are usually blocked from accessing the most sensitive parts of a computer or network system. Therefore:
- Avoid using administrative privileges to browse the web or check email.
- Log in as an administrator only to perform administrative tasks, such as to make configuration changes.
- Install software using administrator credentials only after you have validated that the software is legitimate and secure.
- Keep software updated.
No software package is completely safe against malware. However, software vendors regularly provide patches and updates to close whatever new vulnerabilities show up. As a best practice, validate and install all new software patches:
- Regularly update your operating systems, software tools, browsers and plug-ins.
- Implement routine maintenance to ensure all software is current and check for signs of malware in log reports.
- Control access to systems.
There are multiple ways to regulate your networks to protect against data breaches:
- Install or implement a firewall.
- Never use unfamiliar remote drives or media that was used on a publicly accessible device.
- Close unused ports and disable unused protocols.
- Remove inactive user accounts.
- Carefully read all licensing agreements before installing software.
- Grant minimum access to users
Grant users in your organization the minimum access to system capabilities, services and data they need to complete their work.
- Limit application privileges.
A hacker only needs an open door to infiltrate your business. Limit the number of possible entryways by restricting application privileges on your devices. Allow only the application features and functions that are necessary to get work done.
- Implement email security and spam protection.
Email is an essential business communication tool, but it is also a common malware channel. To reduce the risk of infection:
- Scan all incoming email messages, including attachments, for malware.
- Set spam filters to reduce unwanted emails.
- Limit user access to only company-approved links, messages and email addresses.
- Monitor for suspicious activity.
Monitor all your accounts for suspicious activity. When monitoring, always look out for the following:
- Logging all incoming and outgoing traffic
- Investigating unusual actions promptly
- Educate yourself
At the end of the day, people are the best line of defence. By continuously educating yourself, you can reduce the risk of falling or phishing and other tactics that accidentally let malware into your network.