Identity Theft and Ransomware

More and more people are working remote and using cloud storage for digital files. While these new ways of working have improved workflow and productivity, they have also opened up new access points for attackers to access and steal data.

Some of the most vulnerable apps for attackers are:

• Third-party app plugins such as doc scanners that are infected with malware
• Remote access apps which take network traffic through unknown servers
• Social media and messaging apps which typically have access to large amounts of personal data

Whether you’re online for work or recreation, you need to be aware of potential threats like ransomware so you do not become the victim of identity theft or lose access to your files.

Ransomware is one of the most highly publicized threats to computer security today. Over $75 billion worth of damage was done in 2019 in the US alone.

What Is Ransomware?

Ransomware is malware that encrypts the victim’s files. It makes your files inaccessible unless you agree to pay the hacker, usually in the untraceable currency of Bitcoin. The attacker claims once payment is made, they will then release the decryption key to unlock the files.

There is also another type of ransomware known as doxware or leakware, but it is not as common.. With doxware, the hacker will threaten the victim with leaking sensitive information online unless you pay the ransom. This sensitive information can include anything from personal or business financial data to compromising photographs.

The ransomware boom of the 2010’s has declined in recent years in favor of cryptojacking malware. Cryptojacking software sits in the background of your system and quietly mines or creates cryptocurrency. This wastes the power of your computer to make money for the hacker. Criminals who gained access to computers to mine cryptocurrency are now slowly falling back to ransomware due to the unreliable market prices of cryptocurrencies. With access to compromised devices, these criminals can use the information on the computer to sell on the dark web.

If you have been a victim of doxware and had your information used for fraudulent activities, you need to dispute these fraudulent entries on your credit report. You can do this by filing an identity theft report with each of the credit bureaus. It would also be a good idea to contact your local police. Once the counterfeit activities are not on your record, you can look in to ways of improving you credit score after identity theft.

Should I Pay Ransomware Ransom?

Paying the ransom does not guarantee you will get your files back. Experts discourage paying the ransom as it just encourages the hackers to continue their illegal activity.

Among users who experienced a ransomware attack:

• 13% lost almost all their data
• 18% lost a few files
• 29% could restore all their data
• 32% lost a significant amount of data
• 50% lost some files

One of the most effective ways of fighting ransomware is not paying the criminals. By withholding payment, you disrupt their ROI or return on investment, rendering the entire attack ineffective.

What Should I Do in the Case of an Attack?

To retain the power to hold out against ransomware attacks, you must invest in proper file storage and, most importantly, system backups. Always make sure you are updating any security patches available.

If you experience a ransomware attack, contact your local police office immediately. While it is true that they may not be able to help, letting them know can help them be on the lookout for additional attacks elsewhere.

Next, check your backups to see if your files are available. There are recovery services out there such as Datto that can help you recover your data. Do a Google search to find experts in your area.

The most important thing, is do NOT pay the ransom. Do NOT call the number they want you to call. Do NOT give them your contact information if they don’t already have it.

If you have been backing up your files and using a local or cloud storage provider, it is easy to recover from a ransomware attack.

How to Avoid Being a Victim

The key to surviving and/or preventing malware attacks is putting in strong security measures and adopting safe internet use. This is especially true on sites where you input your personal information.

You can prevent identity theft through ransomware by adding a few online safety habits and investing in security measures.

Here are a few tips to prevent ransomware:

• .Regularly backup your data and secure those backup files. This will enable you to restore files quickly and immediately begin to recover from identity theft.
• Make sure all inbound emails are scanned and filtered. Any suspicious attachments or content should be flagged and blocked.
• If you receive unsolicited phone calls or emails, don’t share any personal information. Sometimes, attackers pose as IT troubleshooting or as someone from your bank in order to gain intelligence. Always confirm calls from your bank if someone contacts you looking for information.
• Avoid downloading cracked software, apps or patches from compromised or untrustworthy sites. They are often vectors of malware.
• Use a reputable antivirus software and a firewall to protect your devices. Be sure to update them often.
• Avoid clicking links in emails or sites that you don’t trust. Don’t open attachments unless you know they are from a reputable source. Recently, victims have been receiving invites to edit files on Google Drive, mimicking workplace collaboration. Always double check invite links.

Security software alone can’t protect your information since ransomware developers are constantly tweaking their codes and finding ways to bypass antivirus scans and firewalls. Use a combination of all the above tips to keep yourself safe. Back up your data regularly! The better your backups, the less you will lose in case of a ransomware attack!

Now that you have a clearer picture of the risks to your personal information, you can secure your data. In the event of a data breach or identity theft from ransomware, it’s important to contact credit professionals who understand the legalities and can help expedite the recovery process.