It pays to pay attention to cyber security and prevent unwarranted threats such as ransomware, writes Hanna Sheikh Mokhtar
IF there’s trouble in cyberspace, just report to Cyber999. Run by the Malaysia Computer Emergency Response Team, better known as MyCERT, from the office of CyberSecurity Malaysia, it provides a point of reference for the internet community in Malaysia to deal with computer security incidents.
MyCERT also provides assistance in handling incidents such as intrusion, identity theft, malware infection, cyber harassment/ bullying, all sorts of computer security-related incidents as well as the latest growing threat - ransomware attacks.
WHAT IS RANSOMWARE?
Ransomware is a type of malicious software (malware) that is designed to hold the victim’s computer to ransom, either by restricting access to the computer by locking the desktop or by encrypting the user’s files until a sum of money is paid.
According to Dr Amiruddin Abdul Wahab, CEO of CyberSecurity Malaysia, ransomware puts a computer out of action by disabling a number of tools and programs in the registry. The ransomware can also disable the keyboard and mouse, leaving only the number pad active.
The ransomware then displays a warning message, typically claiming to be from an arm of the law enforcement. The warning message also typically states that the user has been found accessing illegal content and that a fine must be paid to unlock the computer.
Chee Choon Hong, director of Asia Consumer Business, Norton By Symantec revealed that there has been a 35 per cent increase in Crypto-ransomware attacks in 2015. With a total of 5,069 attacks, an average of 14 attacks every day, it puts Malaysia in 12th place regionally, and 47th place globally in terms of ransomware attacks.
TYPES OF RANSOMWARE
There are basically two types of ransomware - Locker and Crypto. Lockers emerged in 2012 and requires victims to pay a “fine”, whereas Crypto, which appeared in 2014, asks the victims to pay a “fee”.
There are many ways ransomware can be spread, including through malvertising. These are malicious advertisements that are placed at websites with a high visitor volume. Once the computer user clicks on any of the advertisements, the malware begins to infiltrate the computer system and/ or network to lock or encrypt its data.
Other malware can also be passed via compromised computers and systems. Some ransomware are less discreet and uses brute-forcing to obtain the victim’s login credentials for software used on servers.
There are also Android ransomware that can spread to all contacts on a device’s address book using SMS messages as well as through untrusted third party apps.
NEW TARGETS
Since January 2015, more and more consumers have been targeted. Dr Amiruddin said that 57 per cent of all infections between January 2015 and April 2016 were consumers, while organisations made up the balance 47 per cent. On the reason for this turn of event, Dr Amiruddin said: “Consumers are often less likely to have robust security in place. This inadvertently increases the possibility of them falling victim to ransomware.”
Where cyber-criminals often used to target businesses, they now attack personal consumer desktops, mobile phones, phablets and tablets, as well as IoT devices and wearables. The connected world we live in today makes it so much easier for cyber-criminals to operate and find unsuspecting victims.
PROTECTING OURSELVES AS CONSUMERS
Consumers often make the mistake of not paying enough attention to possible threats from criminals. As one of the world’s largest cyber intelligence networks, Chee said that Symantec is seeing more threats, and is therefore committed to protecting more customers from the next generation of attacks.
“Always stay vigilant and be security savvy. Never take your online security for granted and pay particular attention to the passwords you use. Make them as complex and unique as possible,” Chee advises consumers.
He said that if an offer sounds too good to be true on social media sites, it just might be that it’s not true. So before clicking on any link, he advises users to hover their mouse over the link to see its destination.
Consumers should be wary when storing or sharing credit card information on retailer, commerce, or social networking websites. If the information that the website has requested does not make sense, then it is probably a fake site.
To those into online shopping, they should always monitor their financial accounts for unusual activity. Report immediately if there is a charge that wasn’t made.
As consumers share and store more confidential information through their mobile devices, it becomes imperative for them to add more security to protect their data. Enhanced security is also useful to protect against theft or loss of their devices.
Chee says that Symantec has the Norton Mobile Security that helps protect mobile devices with an easy-to-use web-based service.
SAFETY TIPS
Concerned with the trend of attacks on consumers, Symantec advises netizens to do the following.
• Use strong passwords. Many computer users are guilty of using simple and predictable passwords as they are easy to remember. A strong password of at least eight characters inclusive of numbers and symbols is recommended.
• Think before you click. Offers that are too good to be true are often just that. So don’t fall for these offers as they will most likely be malware or worse, ransomware.
• Protect yourself. Make sure you invest in good antivirus software and that it is up-to-date.
• Be wary of scareware tactics. Some will email victims claiming they have not paid their monthly bills. If they do not act upon the email, they will have to face the law. Victims are then asked to click on the link to find out more or to provide their details. This is all a scam.
• Safeguard your personal data. Do not provide your personal data on the Internet to any untrusted third party. Once these criminals have your personal data, they can use it to cause more harm.