If you're plugged in to the Internet, use email or social media, do any kind of online business or shopping transactions, you are vulnerable to a ransomware attack.
By taking measures such as better password protection, recognising questionable emails and separating home and business computer systems, a person can reduce the risk of such an attack, according to cyber experts from the Albuquerque Office of the Federal Bureau of Investigation.
The FBI seminar held last week at the Albuquerque Hispano Chamber of Commerce was attended by about 40 people, many small business operators, who said they were mindful of recent ransomware attacks on the Albuquerque Public Schools and Bernalillo County, as well as heightened threats of cyberattacks from Russia.
"Our business is all online and cybersecurity is one of the largest threats to our business," said Carl Vidal, chief executive officer of Irvie Homes, a short-term and vacation property rental business. "We want to make sure we're taking every precaution we can to be safe, and make sure that our company and our customers are never affected by a data breach."
Although he already has some security measures in place, Vidal said he is alarmed by the Russian incursion into Ukraine.
"State actors, like (Russian President Vladimir) Putin, have the ability to destroy any online business they want and if they chose to do so," he said.
Likewise, John Lewis, program manager at the Hispano Chamber, said the chamber is getting ready to launch an association of minority-owned contractors and "a lot of our membership in the association are working with the federal government, which requires them to make sure that their systems are secure."
An FBI cyber security agent speaking at the event and who asked that his name not be used, told those gathered that ransomware thieves "will take digital information from anything that you have that has a connection to the Internet — that's their way in."
Once the information is stolen, the users are locked out of their computer and instead receive an alert saying that they must pay a ransom to unlock the system, and they are provided directions on what to pay and how to pay it. When victims fail to comply, the cyber thieves often permanently delete the data. They can also use the stolen information to create fake accounts with any number of businesses or organisations that also use the Internet.
Among the ransomware risk reduction tips offered by the FBI are:
— Backup data, including images, but make sure the backups are not online.
— Use a "multi-factor authentication" process, which is an additional step to the single password required to log in to an account. This could involve a number code being sent to a person's cell phone, which then has to be entered into the computer system in order to allow access. Other second- or third-tier precautions might include answering personal questions that only the account holder would know.
— Promptly install all software updates and patches to computers, cell phones or printer operating systems, and anything else connected to the Internet.
— Those who operate a home business should separate their networks so home users and business users work from different routers or servers. This is particularly important in homes where there are children and teens who tend to bounce from one website to another and who are frequent users of multiple social media platforms.
— Do not open suspicious or unknown emails, particularly those containing pdf or other files or links. Be especially vigilant of emails from a sender who may sound familiar but the URL in the address line is a bit off, such as person or business name that is slightly different than usual, or if the URL normally ends in.com, but is suddenly using a different commercial, organisational or network domain.
If you're targeted
The FBI advises people who believe they may have been the victim of a cyber crime, or anyone who gets a ransomware alert demanding money, to not pay the ransom, which only encourages more of such attacks. – Albuquerque Journal, N.M./Tribune News Service