Home + Mobile

The U.S. electrical grid is in “imminent danger” from cyberattacks according to a report from the U.S. Energy Department released earlier this year. Such an attack would put much of the infrastructure that we rely on for public safety and basic services in jeopardy—electricity, water, healthcare, and communications systems, among others.

Just last week, an email was sent to energy and industrial firms by the DHS and FBI warning of hacking groups targeting critical infrastructure in the “energy, nuclear, water, aviation, and critical manufacturing sectors.”

Great power, great responsibilty

While the networked technology behind this infrastructure empowers our society, it also exposes us to new risks. Most people are aware of the cyber threats facing our personal mobile devices, home computers, and smart appliances. But the risks to public safety on a larger scale are less well known. Commitment to securing this brave new world is critical if we are to avoid serious public safety problems.

Cyberattacks targeting our critical infrastructure reveal our shared responsibility in securing the networks we depend on each and every day in our connected world. 

Ransomware attacks—when cybercriminals hack a computer, encrypt the files and hold them hostage—pose a particularly dangerous threat for public infrastructure.  It is estimated that ransomware has resulted in billions of dollars of losses in the last year alone, according to our June 2017 Quarterly Threat Trend Report.

Already this year, we’ve seen several major ransomware attacks on government entities, including counties, cities and multiple police departments leading to major disruptions in services like emergency response times, video surveillance and emergency radio transmissions.

In June, an infamous cyberattack dubbed NotPetya hit Europe, affecting workplaces and public domains. This attack mirrored its predecessor named Petya (a type of ransomware), except this new incarnation used “EternalBlue to target Windows systems—the same exploit behind the infamous WannaCry attack.” It also differed from other popular ransomware attacks by denying user access and attacking low-level structures on the disk. This Petya-based attack targeted employees at one of the world’s largest advertising agencies, as well as oil companies, shipping companies and banks. A new ransomware attack that emerged this week named Bad Rabbit also appears to be linked to the NotPetya attack.

As advanced threats such as ransomware continue to evolve in sophistication, they present a more imminent threat to the systems and services we rely on for public safety. Cyberattacks targeting our critical infrastructure reveal our shared responsibility in securing the networks we depend on each and every day in our connected world. 

Get tips on becoming a more proactive and prepared citizen with our “One Wrong Click” infographic.

Over the last year, a handful of cyberattacks have made news headlines and affected families. High-tech toy maker Spiral Toys was the victim of a particularly cunning hacking scheme. The maker of CloudPets stuffed animals reportedly exposed more than two million private voice recordings and the login credentials of 800,000 accounts. While these “smart toys” are part of a wave of internet-connected devices providing fun and memorable experiences, they are also exposing millions of users to cyber threats. These toys may appear harmless on the surface, but their vulnerability to attack should be kept top-of-mind by any parent.

Educate your family

One of the best ways to ensure your children maintain a safe online presence is to start the conversation around the potential risks they face in our increasingly connected world early on.

When it comes to online safety, the U.S. Department of Homeland Security recommends looking for “teachable moments” that arise naturally during day-to-day computer use. For example, if you get a phishing message, show it to your kids so they can identify similar messages in the future and recognize they are not always what they seem.

BBC reported that “children aged five to 16 spend an average of six and a half hours a day in front of a screen compared with around three hours in 1995, according to market research firm Childwise.” With the amount of time kids and teens spend in front of a computer screen daily, and with hacking and cybercriminals becoming more advanced and sophisticated, it’s more important than ever to teach kids how to be cyber savvy.

One of the best ways to ensure your children maintain a safe online presence is to start the conversation around the potential risks they face in our increasingly connected world early on.

Tips for your cyber savvy kids

In addition to using tools like Webroot’s Parental Controls, CISO Gary Hayslip summarizes a few safety tips:

• Don’t give out financial account numbers, Social Security numbers, or other personal identity information unless you know exactly who’s receiving it.
• Remember to also protect other people’s information as you would your own.
• Never send personal or confidential information via email or instant messages as these can be easily intercepted.

Find more tips to keep your family safe online, wherever they connect.

“I use a Mac, so I don’t need to worry about malware, phishing, or viruses.” Many Mac users turn a blind eye to cybersecurity threats, often noting that most scams and attacks occur on PCs.

However, within the last few years, there has been a noted uptick in spyware (a type of software that gathers information about a person or organization without their knowledge), adware (software that automatically displays or downloads advertising material), and potentially unwanted applications (PUAs) on Macs and iOS devices.

While Macs are known to have strong security features, they are by no means bullet proof. In a recent interview with CSO Magazine, Webroot Vice President of Engineering David Dufour noted, “Many of these incidents are occurring through exploits in third-party solutions from Adobe, Oracle’s Java and others, providing a mechanism for delivering malicious software and malware.” Even the most internet-savvy users should be sure to install antivirus software on their Mac products.

Security tips for safe browsing on a Mac

Traditionally, because the Windows operating system is more widely used around the world, it is also more highly targeted by cybercriminals. However, Apple devices running macOS are still vulnerable to security threats, and protecting them should be a priority for anyone who owns them. Check out the following security recommendations to help ensure safety wherever you connect with your Mac, in addition to having an up-to-date antivirus installed:

1. Try using a VPN
   VPN stands for “virtual private network” and is a technology that adds an extra level of privacy and security while online, particularly when using public WiFi networks, which are often less secure. This recent Refinery29 article illustrates the benefits of VPNs for your work and personal life.
2. Secure your browser
   You may be tempted to ignore messages about updating your browsers, but the minute an update is available, you should download and install it. This is good advice for all software being run on any devices—desktop, laptop, or mobile.
3. Secure backup
   Be sure to regularly backup your computer and iOS devices so you can easily retrieve your data in case you get locked out of your device.
4. Use a strong login password
   Use a unique combination of numbers and letters to password-protect your Mac. This is good advice in general for all of the passwords you create. For an added security step, check out the Webroot Password Manager tool to make it easier to manage and organize your passwords.

Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

A phishing attack is a tactic cybercriminals use to bait victims with fake emails that appear to come from reputable sources. The attackers’ goal is to lure the user into opening an attachment, clicking on a malicious link, or responding with private information. These phony emails have become alarmingly realistic and sophisticated. A scam may come in the form of a banking inquiry, an email from a seemingly official government agency, or even a well-known brand with whom you’ve done business—maybe you even pay them a monthly subscription fee.

If you do take the bait, you’ll likely be directed to a malicious website, where you’ll be prompted to enter your account login details, a credit card number, or worse yet, your social security number. The end goal of these phishing attacks is solely to steal your private information.

According to the Webroot Quarterly Threat Trends Report, the first half of 2017 saw an average of more  46,000 new phishing sites being launched every single day, making it the number-one cause of cybersecurity breaches. As hackers devise new phishing tactics, traditional methods of detecting them quickly become outdated.

One of the most popular tricks criminals use to avoid detection is the short-lived attack. The Quarterly Threat Trends Report also revealed that these attacks, where a phishing site is live on the internet for as short as 4 to 8 hours, are seeing a continued rise. Short-lived attacks are so hard to catch because traditional anti-phishing techniques like black-lists are often 3-5 days behind, meaning the sites have already been taken down by the time they appear on the list.

You’re probably already aware of the primary phishing-avoidance tip: do not click on suspicious links or unknown emails. But, as the state of phishing becomes even more advanced, how can you best spot and avoid an attack?

Lesser-known phishing giveaways

Webroot recommends keeping an eye out for the following:

1. Requests for confidential information via email or instant message
2. Emails using scare tactics or urgent requests to respond.
3. Lack of a personal message or greeting. Legitimate emails from banks and credit card companies will often include a personalized greeting or even a partial account number or user name.
4. Misspelled words or grammatical mistakes. Call the company if you have suspicions about an email you’ve received.
5. Directions to visit websites with misspelled URLs, or use of , which precede the normal domain (something like phishingsite.webroot.com).

Stay ahead of cybercriminals

If an email in your inbox does seem suspicious, here are a few things you can do:

1. Contact the service or brand directly via another communication channel (i.e., look up their customer support phone number or email address), and ask them to verify whether the content of the email is legitimate.
2. Avoid providing any personally identifiable information (PII) electronically, unless you are extremely confident the email is from the stated source.
3. If you do click a link from an email, verify the site’s security before submitting any information. Make sure the site’s URL begins with “https” and that there’s a closed lock icon near the address bar. Also, be sure to check for the site’s security certificate.

With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.

Webroot: For starters, how do you describe ransomware? What exactly is being ransomed?

Tyler Moffit: To put it simply, your files are stolen. Basically, any files that you would need on the computer, whether those are pictures, office documents, movies, even save files for video games, will be encrypted with a password that you need to get them back. If you pay the ransom, you get the password (at least, in theory. There’s no guarantee.)

How does the average home user get infected with ransomware?

“Malspam” campaigns are definitely the most popular. You get an email that looks like it’s from the local post office, saying you missed a package and need to open the attachment for tracking. This attachment contains malware that delivers the ransomware, infecting your computer. It is also possible to become infected with ransomware without clicking anything when you visit malicious websites. Advertisements on legitimate websites are the biggest target. Remote desktop protocol (RDP) is another huge attack vector that is gaining traction as well. While controlling desktops remotely is very convenient, it’s important to make sure your passwords are secure.

How is the data ? Is the ransomed data actually taken or transmitted?

When you mistakenly download and execute the ransomware, it encrypts your files with a password, then sends that password securely back to the attacker’s server. You will then receive a ransom demand telling you how to pay to get the password to unlock your files. This is a really efficient way to prevent you from accessing your files without having to send gigabytes of information back to their servers. In very simple terms, the files are scrambled using a complex algorithm so that they are unreadable by any human or computer unless the encryption key is provided.

What types of files do ransomware attacks usually target?

Most ransomware is specifically engineered to go after any type of file that is valuable or useful to people. Around 200 file extensions have been known to be targeted. Essentially, any file that you’ve saved or open regularly would be at risk.

How does the attacker release the encrypted files?

The attacker provides a decryption utility via the webpage where you make the payment. Once you receive the decryption key, all you have to do is input that key into the tool and it will decrypt and release the files allowing you to access them again. Keep in mind, however, that the criminal who encrypted your files is under no obligation to give them back to you. Even if you pay up, you may not get your files back.

Tips for protecting your devices:

• Use reliable antivirus software.
• Keep all your computers up-to-date. Having antivirus on your computer is a great step towards staying safe online; however, it doesn’t stop there. Keeping your Windows PCs and/or Mac operating systems up-to-date is equally important.
• Backup your data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.

Remember, being an informed and aware internet user is one of the best defenses against cyberattacks. Stay tuned in to the Webroot blog and follow us on your favorite social media sites to stay in-the-know on all things cybersecurity.

Internet users in the U.S. have seen internet privacy protections diminish significantly in the post-9/11 era. In just March of this year, Congress swiftly (and quietly) did away with federal privacy regulations that prevented internet service providers from selling their customers’ browsing histories without consent.

In recent years, products intended to deliver conveniences directly to our doorsteps have begun to present tacit privacy intrusions into the modern home. Always-on smart speakers from online retailers make it easier than ever to order products, but they also enable those companies to listen to our every word. Those same companies are monitoring our behaviors across the web.

“Google knows quite a lot about all of us,” said cybersecurity expert Bruce Schneier in a recent interview with the Harvard Gazette. “No one ever lies to a search engine. I used to say that Google knows more about me than my wife does, but that doesn’t go far enough. Google knows me even better, because Google has perfect memory in a way that people don’t.”

Giant corporations aren’t the only ones intruding into our daily lives to collect our personal data for financial gain—cybercriminals are intent on doing the same. Crimes such as identity theft and extortion can be carried out with stealthy malware, such as remote access tools (RATs) used to spy on users via laptop webcams.

We asked people in downtown Denver, CO what they are doing to protect their privacy. Their answers were rather bleak:

While public awareness of this ominous trend has mounted somewhat since 2013, when revelations of America’s government surveillance surfaced via the Snowden leaks, virtually nothing has been done to reverse it. Faced with this constant barrage of privacy invasion, pulling the plugs and disconnecting entirely may seem like the only way out—but rejecting “the way things are” is a pill most people are unlikely to swallow.

Until there’s a major shift in our society’s attitudes (and public policies) toward internet privacy, the duty falls on individual users to safeguard their own private data, identities, and other sensitive information. Follow and share the tips below to take back control over your privacy.

Tips for protecting your online privacy

• Configure your web browser to delete cookies after closing. You can also take control of other advanced privacy features in your web browser to have greater control of what you’re sharing with websites you visit.
• Cover your webcam with tape, a sticker, or something else that can block the camera lens and also be easily removed when you need to use it. (Webroot SecureAnywhere® solutions protect against webcam spying and other potentially unwanted applications.)
• Don’t share sensitive information on social media. Check your privacy settings on sites like Facebook and Twitter and make sure only your trusted followers can see your complete profile. For instance, do your Facebook friends really need to know your real birthday? Deliberately sharing a fake birthday on social media can be a crafty way to enhance your privacy.
• Lock your screens. All of them. Losing a device like your laptop or smartphone could spell disaster if they were to end up in the wrong hands. Strong, uncommon PINs and passwords can lock down your devices from would-be thieves.
• Use fake answers for password security questions. Honest answers to security questions can often be found with just a little online digging. Why can’t your mother’s maiden name be “7O7F1@!3kgBj”? This brings us to our next tip…
• Use a password manager app to generate and store strong, unique passwords for all of your accounts. (A password manager can also safely store those fake security answers mentioned above.)
• Use security software to monitor and protect your digital devices from threats like malware, spyware, and phishing attacks, which can steal your private data.

For more videos related to cybersecurity and staying safe online, subscribe to our YouTube channel.

From streaming entertainment to social media to our online bank accounts and software, we are inundated every day with the need to create and remember new passwords. In fact, one study revealed that Americans have an average of 130 online accounts registered to a single email address. And what are the chances that those 130 passwords are each unique and difficult to crack? Slim to none.

You’ve probably heard about the infamous Yahoo breach that came to light last year, in which hackers stole the credentials and other sensitive information of more than 1 billion users. For people who used their Yahoo password for other sites, those accounts were also compromised.

Unfortunately, many people admit their passwords are less secure than they should be. See for yourself:

So how, exactly, can we all be expected to create and remember an average of 130 unique passwords?

The best solution available today, offering both convenience and security, is a password manager.

What exactly is a password manager?

It is a type of application that can address all the above issues. Password managers come in the form of lightweight plugins for web browsers such as Google Chrome or Mozilla Firefox and can automatically fill in your credentials after saving them in an encrypted database.

The major benefit of using a password manager is that you only need to remember a single master password. This allows you to easily use unique, strong passwords chosen for each of your online accounts. Just remember one strong password and the manager will take care of the rest.

Avoid these common password security risks:

• Typing passwords to login each time can be dangerous in itself. Malicious keyloggers designed to secretly monitor keystrokes can record your passwords as you type them. (You can eliminate these with good antivirus software.)
• Remembering multiple passwords, especially if you have carefully picked a password that is complicated. Most people tend to use the same or similar passwords for different accounts, which means that if one password is exposed, criminals can log into all those accounts.
• Storing passwords in a document or writing them down, which creates a very high risk of being affected by a breach or simply losing the information.

For more videos related to cybersecurity and staying safe online, subscribe to our YouTube channel.

UPDATE: The Webroot Password Manager upgrade is here—now powered by LastPass, the most trusted password manager! Get access to quality-of-life features including the password vault, access on ALL devices, auto-fill and save, emergency access, and more.

Current users, learn how to switch to LastPass here: https://wbrt.io/577b2 

New users, learn how to set up your LastPass account here: https://wbrt.io/snbmz 

Have you ever been out with friends, had a little too much to drink, and left your credit card in a bar? Or maybe you thought you’d stowed your child’s social security card safely away in your desk drawer, but now you can’t find it. It may seem like losing these items is just an inconvenience, but the reality is that simple slip-ups like these can spell disaster for you and your family.

According to NBC News, more than 15 million Americans were victims of identity theft last year alone, up 16 percent from 2015. And stolen credit or social security cards are just a couple of the ways identity thieves can invade your personal life, dealing major blows to your finances and even your reputation.

Unfortunately, the culprits behind identity theft can be anyone from family, friends, and neighbors to sophisticated cybercriminals.

“Most cybercriminals use automated tools to steal thousands, if not millions, of IDs at a time. Ensuring you have unique passwords for financial sites, avoiding public Wi-Fi in hotels and airports, and keeping backups of all your data are all important steps toward protecting yourself from identity theft. Finally, having a current, layered antivirus solution that not only protects against malicious files like ransomware, but also prevents phishing attacks and protects online browsing can close the loop on cybercriminals trying to do your and your family harm.”

-David Dufour, Senior Director of Engineering, Webroot

We recently took to the streets of Denver to get a feel for how average Americans are staying safe from identity theft. Their responses were not so surprising.

How to protect yourself from identity theft

With these types of malicious acts making the news more frequently than ever, why are people not taking more precautions with their identity? That’s not something we can answer, but we can give you a few tips on how to be safer with your identity:

• Don’t send or receive private data over unsecured Wi-Fi networks or in public spaces.
• Keep personal data encrypted when stored on devices.
• Safely store (or destroy) physical documents that contain your private information, from credit cards to mail.
• Freeze your credit. It sounds scary, but it isn’t. Freezing your score makes it harder for a criminal to open a new credit card account or take out a loan in your name. The FCC provides details on their website.
• Know your credit score. There are many free services that help you keep track of your credit score, and make sure nothing phishy is going on.
• Make sure all your devices are installed with up-to-date cybersecurity that protects you from all knows threats in real-time.

If you’re looking for more ways to protect yourself from identity theft, the federal government has a few more tips.

What if I’ve been a victim of identity theft?

The Federal Trade Commission has a useful one-stop-shop to help you repair the damage and recover from identity theft. The task may seem daunting, but at the end of the day, your identity is yours—and it should stay yours.

Update: World Password Day will officially be observed on May 3, 2018. While the the rules for creating tough-to-crack passwords remain true, additional layers of password security such as two-factor authentication and password manager tools are giving users even stronger security for their online accounts. Follow the advice below and have some fun crafting strong passwords to keep you safe online in 2018.

We’ve heard the same advice over and over when it comes to passwords—make it strong. But how many of us actually follow this advice? Would you believe that some of the most popular passwords are still “password”, “123456”, “qwerty”, and “abc123”? For World Password Day, we’ve want to offer a few tips to make sure your passwords are up to snuff.

Tips for securing passwords

1. Create a strong password that uses numbers, caps, and special characters
2. Use unique passwords for each account
3. Enable two-factor authentication
4. Set up a secure password manager

You’re probably thinking “it’s hard to remember multiple strong passwords.” To help you out, here’s how you can choose something easy to remember, but hard to crack.

1. Start with your favorite song, movie, or book. Use the first letter of each word. So, if your jam is “Guardians of the Galaxy Vol. 2”, that would make it “Gotgv2”.
2. You could then increase the complexity by changing out any vowels with numbers. That makes it “G0tgv2”.
3. Now add a special character, such as “!” or “$”. Your password would now be “G0tgv2!”.
4. Turn it into a passphrase for good measure. Something like  “G0t7gv2! is my jam!”.
5. Make sure it’s at least 16 letters long. This one is, but you may need to add another number or symbol to make the password long enough.

If this is still too much to remember, you can use the first letter of one of your favorite phrases from a song, movie, or book until you reach 12 or so characters, mix up capitalization, then add in a few special characters.

Otherwise, go with option 4 from my original list: get yourself a password manager. There are a number of free and low-cost password manager applications out there, which will generate and store secure passwords for all of your accounts. Many Webroot subscribers already have one, depending on their Webroot subscription type.

Note: If you do use this option, you will still need a strong password for the password management program itself.

Mobile reminder

If you don’t have a password on your mobile phone or tablet, you should reread part about following security advice. Most smartphones offer the option of a 4-digit PIN or a pattern. When creating your PIN, be sure to use a unique string of numbers, and one that isn’t easy to guess (e.g. don’t use your birthday.)

Join Webroot and hundreds of other organizations worldwide on May 4th to take the pledge to build stronger password habits.

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. But you can avoid such attacks by being patient, checking email addresses, and being cautious of sketchy-sounding subject lines.

7 dangerous subject lines to avoid

Cybercriminals initiate their attacks through hyperlinks or attachments within emails. Most of these attacks use urgency or take advantage of user trust and curiosity to entice victims to click. Here are examples of subject lines to be cautious of.

1. Remember me? It’s Tim Timmerson from Sunnytown High! Criminals use social engineering tactics to find out the names of the people close to you. They may also hack a friend or relative’s email account and use their contact lists as ammo. Next, they research and impersonate someone you know, or used to know, through chats and emails. Not quite sure about a message you received? Hover your mouse over the sender address (without clicking) to see who the real sender is.
2. Online Banking Alert: Your Account will be Deactivated. Imagine the sense of urgency this type of subject line might create. In your panicked rush to find out what’s going on with your account, you might not look too closely at the sender and the URL they want you to visit. At the end of March, a Bank of America email scam just like this was successfully making the rounds. Initially, the email looked completely legitimate and explained politely that a routine server upgrade had locked the recipient out of their account. At this point, when clicking the link to update their account details, an unsuspecting victim would be handing their login credentials and banking information over to cybercriminals.
3. USPS: Failed Package Delivery. Be wary of emails saying you missed a package, especially if they have Microsoft Word documents attached. These attacks use the attachments to execute ransomware payloads through macros. Senior Threat Research Analyst Tyler Moffitt walks us through what it’s like to get hit with a ransomware payload from a USPS phishing email.
4. United States District Court: Subpoena in a civil case. Another common phishing attack imitates government entities and may try to tell you that you’re being subpoenaed. The details and court date are, of course, in the attachment, which will deliver malware.
5. CAMPUS SECURITY NOTIFICATION: Phishing attacks have been targeting college students and imitating official university emails. Last month, officials at The University of North Carolina learned of an attack on their students that included a notification email stating there was a security situation. The emails were coming from a non-uncg.edu address and instructed users to “follow protocols outlined in the hyperlink”. Afterward, the attacker would ask victims to reset their password and collect their sensitive information.
6. Ready for your beach vacay? Vacation scams offer great deals or even free airfare if you book RIGHT NOW. These scams are usually accompanied by overpriced hotel fees, hidden costs, timeshare pitches that usually don’t pan out, and even the theft of your credit card information. Check the legitimacy of offers by hovering over links to see the full domain, copy and pasting links into a notepad to take a closer look, and by researching the organization.
7. Update your direct deposit to receive your tax refund. The IRS warns of last minute email phishing scams that take advantage of everyone’s desire for hard-earned refunds and no doubt, their banking credentials.

Read between the lines

• Enable an email spam filter
• Hover over links before you click
• Keep your cybersecurity software up to date
• Disable macros to avoid ransomware payloads
• Ignore unsolicited emails and attachments
• Be on the lookout for the top 5 tax season scams
• Educate yourself on social engineering attacks
• Check the Federal Trade Commission’s scam alerts

Help us create awareness in the community around scams and phishing attacks with dangerous subject lines. From here on, education should be top of mind as our community begins to adopt safer online habits. Share this blog with your friends and family or get in on the #CyberSmart conversation by sharing a Tweet.

Don’t wait for a system failure, ransomware attack, or for your laptop to be stolen before you start thinking about backing up your data.

Why back up?

According to a 2016 study by Acronis, 1 in 3 people have suffered data loss and are willing to pay up to $500 or more to recover lost files. Your data and important files are undoubtedly worth a lot to you, but—realistically speaking—just how much are you willing (or even able) to shell out?

With the increase in ransomware and sophisticated attacks, you can’t afford NOT to back up your files and sensitive data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.

In an effort to help the community be more cyber aware, WorldBackupDay.com celebrates on March 31st not only as a day for backing up your personal data, but a day for preserving our increasingly digital heritage for future generations.

How to effectively back files up to prevent data loss:

• Choose a secure backup solution. Whether it’s a cloud-based service or an external hard drive, do your research and choose what’s right for you.
• Implement a backup schedule that covers your preferred data through your cloud solution or external drive.
• Set reminders to ensure that your backups are running regularly and that they haven’t encountered any errors.

I’ve backed up my data. Now what? How do I avoid a ransomware attack?

“Throughout 2016 and likely into 2017, the Office document macro infection into encrypting ransomware was quite common. By disabling macros completely in the trust center (free and easy to do) you will completely remove this attack vector from posing a threat to you or your organization.” –Tyler Moffitt, Senior Threat Research Analyst

• Disable macros
• Keep your device and all programs, plugins, add-ons, and patches up to date
• Use a secure browser with an ad blocking plugin
• Disable autorun in Windows

Take the Pledge

Hop on the World Backup Day bandwagon. Share a Tweet to help keep yourself, your friends, and your family protected from ransomware attacks, stolen devices, and system failure.

It’s easy. Repeat after me.

“I solemnly swear to backup my important documents and precious memories on March 31^st.”

Ransomware authors are pivoting their attacks from individuals to government entities and health care institutions, causing a threat to public safety. Traditionally, crypto ransomware targeted individuals and encrypted their personal data and files as a form of extortion for hundreds of dollars. Ransomware has evolved to target businesses and government agencies for much larger financial gains.

The cost of ransomware

There are countless news stories of hospitals and other institutions being shut down by ransomware. We have been seeing an increase in attacks on government entities, including counties and police departments.

A small Ohio town experienced a ransomware attack earlier this year that shut down county government offices and 911 dispatch. This slowed their emergency response but luckily they were still able to respond to emergency 911 calls.

The financial costs to these organizations are also a concern and they’ve been steadily increasing as crypto ransomware continues to evolve.

The FBI estimated that cybercriminals would collect over $1 billion in ransoms during 2016.

In reality, the actual losses suffered by organizations are much higher due to the disruption of productivity and when government entities and police departments are increasingly being targeted, public safety becomes an issue.

An issue of public safety

Ransomware attacks targeting hospitals are increasing, crippling critical infrastructure and exposing or hindering Electronic Health Records (EHR). When these records are impacted, it causes patient care to be hindered or halted. As more organizations implement connected medical devices and allow employees to bring their own devices to work, access points for unauthorized users are left open.

A 2016 study by Peak 10 found that only 47% of current healthcare organizations have implemented advanced malware protection and only 57% have implemented an encrypted network.

Earlier this year, an attack on police CCTV cameras in Washington D.C. crippled the city’s surveillance system and forced major citywide reinstallation. Although this attack was an extortion effort, it makes you wonder how similar attacks will be used to cripple government emergency response and how cyberattack methods are evolving.

Once ransomware hits a police department’s system, the damage can be catastrophic if mitigation methods aren’t in place. Attacks cripple dispatch systems and patrol car computers, slow police response time, expose records, and create an unsafe environment for officers in inmate holding areas.

What the government is doing about it

Ransomware and other cyberattacks on government operations are a real issue of public safety and steps need to be taken to improve response time to such attacks. The FBI recommends taking prevention and continuity measures to lessen the risk from ransomware attacks.

• Back up your data locally or in the cloud
• Secure backups and keep them on scheduled updates
• Do not open attachments in unsolicited emails
• Keep your operating system, software, and firmware up-to-date
• Ensure antivirus and antimalware solutions are set to automatically scan and update
• Report internet crimes to the Internet Crime Complaint Center (IC3)

Ransomware presents a real, imminent threat to the public and to our government. Share this article to help spread ransomware awareness in your community.