Stop Paying Ransomware and Increasing the Payoff for Cyber Pirates

For the love of all things Internet, just stop it. Stop being so damned naive and dumb about cybersecurity and paying off ransoms. Just frigging stop it!

I just posted a blog entry on this a few months ago.

Ransomware payments solve diddly squat. Sure, the cyber pirate hacker may release your computer after you fork over thousands of dollars, but guess what. HE/SHE IS STILL INSIDE YOUR COMPUTER! What is to stop this hacker from just locking up your system again tomorrow? Nothing, nada, because you were too dumb and lazy to find a cybersecurity expert.

Cybersecurity and business cyberbullying is hard enough without compounding a crime with a bad decision and rolling out the red carpet for another pirate to say, hey, this idiot paid Hacker 14's ransom, he'll probably pay mine, too.

According to Lloyds of London, cybercrime costs businesses $400 billion a year. $100 billion of that is in the U.S. and the victim count is upwards of 556 million. It is expected that the global cost of cybercrime will net $2 trillion by 2019. Two trillion. At this rate, every gang banger is going to learn how to code. It's a better return than the drug trade.

Why? Because companies don't want to spend money on IT, and by the time they do, the hacker has been in their system for years. (See Sony.) How sad is it that even our educational institutions are set up for failure when it comes to this stuff. Case in point, the University of Calgary. Instead of paying ransomware, maybe the curriculum needs to include and force its administration to attend Cybersecurity and Information Technology courses. Oh wait, it does have a Business Technology Management course.

Look, I don't mean to be mean about this, but seriously, when the hell are businesses and organizations going to take this shit seriously? For every dollar you don't spend on IT, for everything you don't know about basic cybersecurity, updating software/apps, or just basic common sense, you put everyone who is connected to you through the Internet at risk.

Sure, companies don't really want to admit their mistake, but saying nothing and hoping it will go away just means all your employees, suppliers, family members, customers, and golf buddies just had their identities stolen and sold to the black market. Then to add icing to the hacker's cake, you just willingly gave him $20,000 top up the money he will earn from selling the credit cards and social security numbers because instead of finding a security expert, you chose to pay ransom instead.

Please, just stop it.

 

  

Hacking Is Life

It's happened to everyone at some point on the web. Even to those seasoned and technically-savvy veterans of the Internet.

It is guaranteed to happen to those who surf the Net without a parachute and in complete and total ignorance.

You've been hacked.

It's a good chance everyone who has ever owned a Twitter or Facebook account has been hacked at some point. How? When you don't pay attention to what you are clicking. Some of those too-good-to-be-true or sexy salacious stories come with a hacksaw. You usually know when one of your buddies tells you they've just received some weird message from your account.

How do you get out of a social hack? Change your password. Log out. Log back in with the new password. Use a complicated password, like: iReallywantTogoto1henew5tarwarsMovi7 or something half that long.

You really do need a unique password for every account. Don't use the same one across the board or something simple, like benandsandy if those are your kids' names.

Even if your computer is Fort Knoxed, you can still get hacked. Your information is as secure as the IT from the companies you deal with. If Amazon decides to save money on IT and put it into a new launch instead, unless they have a blackhacker on staff, all their information is put at risk if their IT is not as tip top as they can pay for.

Need an example, besides Sony (which isn't just about movies but also your Playstation)? Here are some biggies:

Netflix
Go Daddy, Dropbox, Nissan, Mastercard, Visa, Reuters... in 2012
Facebook, Microsoft, NBC, Twitter... in 2013
Target, Michaels, AT&T, US and Canadian governments, Home Depot, Apple iCloud... in 2014
Anthem, IRS, JP Morgan Chase, British Airways... most recent

There is no getting around it. The Dark Web, where all of this information gets sold as hackers make money on your behalf, is bigger than the Internet you are currently using.

You can't hide. Even if you decide to put a moratorium on Internet travel, you can't control what other companies do when you shop in person, or how secure your cable company's records are. You can only use best practices and be diligent: strong and unique passwords (so what if you have to write them down in a book), don't do banking from a public wifi (coffee shops, airports), make sure your computer is fully upgraded and not too old for upgrades (I don't use my Windows XP laptop online anymore), have a really good and fully updated antivirus program.

Leaked AshleyMadison Emails Suggest Execs Hacked Competitors

Leaked AshleyMadison Emails Suggest Execs Hacked Competitors — Krebs on Security

Okay, we all know hacking is a serious breach and is truly a criminal act. It happens way too often, it seems, as companies continue to cut costs on their Internet security, thus putting their employees and customers at risk for identity theft.

Still, in the case of AshleyMadison, it's hard to muster any sympathy, since the site encourages breaking marital laws. Pity the families who were unaware of a cheating spouse, unless both spouses had accounts, then we can expect their kids to be equal cads when they grow up.

As unsympathetic as these customers may be, this is something that can happen to anyone on any popular website. Imagine if Facebook and Amazon did not keep their security up to date (and face it, theirs is better than our U.S. and Canadian government securities, whose websites have been hacked). Although we don't post dick pics on Amazon (let's hope not) and we hopefully don't put our entire families at risk for fraud, extortion, or worse as these profiles flood the dark web.

Now to learn the company may have hacked its competitor sites? Geez, Louise.

In the meantime, the memes say it all about how the rest of the world feels about AshleyMadison users.

Cybersecurity Is A Start Against Business Cyberbullying

Project Blitzkrieg

When is the last time you updated Windows, Mac, your software, antivirus, checked your firewall, did a Disk Cleanup, or cleaned out your Internet history? At the bare minimum, these are your basic tasks to securing your system.

Leaving all of these items unchecked means your computer is at risk for outside hackers, your performance will suffer, and your laptop and desktop may ultimately shut down when it collects too much cache.

If you are still running on Windows XP (which Microsoft no longer updates as of early this year), you have now put your entire network at risk. Merry Christmas, you just invited hackers into your company and clients' computer systems.

If your company has not updated its computers, system, or security since they were purchased in 2010, you have just put all your suppliers and their suppliers at risk.

You can no longer afford to drive the Internet without up-to-date insurance. If you do, it's like leaving the doors to your house and your car wide open as you head out for a Hawaii vacation. Your not understanding technology isn't an excuse. Find or hire someone who does.

The stakes are high. We've seen many examples of late, including Target, Winners/TJ Maxx, and Home Depot. They put all their customers at risk for identity fraud and financial hacks.

While in the back of our minds, we might expect that something could happen with retailers whose investment in computer systems is so far down the line of priorities, it may not exist. Where we are surprised is when it happens to a digital savvy firm, one that produces digital content and products that we view our digital content on. This is why the Sony attack is huge. If it can happen to that organization, it can happen to any of us.