When danger lurks behind every file
Thousands of people wake up to messages of ransom from cybercriminals every day. What’s worrying is that hackers don't need to be computer-savvy anymore to launch a ransomware operation, writes Devangshu Dutta
Thousands of people wake up to messages of ransom from cybercriminals every day. What’s worrying is that hackers don't need to be computer-savvy anymore to launch a ransomware operation, writes DEVANGSHU DUTTA
It’s morning. You pick up your cuppa and head for the computer, which was set to download a torrent file of Wonder Woman before you went to sleep. You’re looking forward to watching WW over the weekend on your fancy home theatre system. Everything looks fine. The machine is running and the screensaver is on.
As you move your fingers across the trackpad, the saver disappears and a message scrolls onto the screen.
It says, “Your personal files are encrypted. To decrypt the files you need to download a private key. That key will be destroyed after (specified time). After, nobody [sic] and never [sic] will be able to restore files. To obtain the private key, pay $300 in bitcoin. Click next to select mode of payment.”
That torrent file was infected. You have been hacked and the hacker wants money to release your data. Instead of paying ~250 for a movie ticket, you may end up paying ~20,000 or more, to get the data back.
Every day, thousands of people around the world wake up to similar messages. Ransomware is a popular way for cybercriminals to make a quick buck. Ransomware attacks have generated millions for the perpetrators — the FBI estimates that CryptoWall extorted over $18 million before it was stopped.
It’s easy to set up a ransomware operation. There are literally thousands of data-encryption programmes available. These often come bundled with the operating system on a new computer or smartphone. Most are legitimate and used to protect sensitive data. In addition, there are malicious encryption programmes created by hackers.
There are many ways to infect a computer and thousands of viruses and worms are written for this purpose. A worm can be introduced through email attachments, or torrent downloads. Or, a malicious app might masquerade as a safe programme. Once a worm is injected into a network, it can propagate on its own. So, one unsafe machine in a network can infect others.
The hacker doesn’t need to be computersavvy. Many malicious programmes are available for free on the internet, complete with instruction videos. A “script kiddie” can just copy code to get rolling. The hacker can download a free bitcoin wallet, for the purpose of receiving an untraceable payment. A throwaway email account can be set up somewhere to communicate the private key and any instructions. What’s more, even if the hacker does decrypt your files upon payment, your machine may remain infected and open to future exploitation.
It isn’t just individuals and small businesses that have been affected. In the past six months, ransomware has hit many large businesses and even infrastructure. Power grids, airlines, ports, train services, bank ATMs and automobile factories have been attacked.
The WannaCry worm that hit the Net in May mounted with, at the very least, the collusion of Russian state agencies. The Ukraine has been hit several times over the years in an undeclared “cyberwar” with Russia. For that matter, there are allegations that the WannaCry attack was sponsored by North Korea. So state actors may be in the picture as well. How do you deal with this scourge? Sensible habits help. Don’t download pirated videos, or click on email attachments from unknown sources, or install apps without checking.
Operating systems and anti-malware programs must be kept updated. However, new malware variants are being written constantly and there are no guarantees that ransomware won’t get through.
If you do nothing else, follow this Golden Rule: Backup regularly to at least two different places such as an external hard drive and the cloud. Then, backup some more, just to be safe. others. This imposition has led to violent protests in the past, but it seems governments never learn.
(The first of the anti-Hindi imposition protests date back to 1937 in the Madras Presidency, when it was announced that teaching Hindi would be compulsory in schools.)
Malicious programmes are available for free on the internet, complete with instruction videos
Many, including economist Amartya Sen, believe that though the role of Hindi can be understood, imposing Hindi to enhance unity and integrity in the country is too simplistic an approach. Do you agree?