Scam of the day – April 8, 2015 – Tewksbury Police Department pays ransom to retrieve files

The Tewksbury, Massachusetts Police Department became the latest in a long list of police departments that became a victim of ransomware, the malware that, generally through phishing, manages to become downloaded on to the department’s computers that locks and encrypts the victim’s files making them unusable.  In this particular case, the Tewksbury Police Department’s arrest and incident records were locked and a message appeared that read, “Your personal files are encrypted.  File decryption costs – $500.”  The particular type of ransomware used in this case has been called KEYHolder and despite the efforts of federal and state law enforcement agencies as well as two computer security companies, the data could not be retrieved.  Ultimately, the Tewksbury Police Department paid the five hundred dollar ransom electronically in bitcoins as demanded, making it pretty much impossible to trace.

In recent years, particularly since the development of CryptoLocker, one of the early ransomware malware programs, ransoming of computer data has brought criminals as much as 28 million dollars in ransom payments.  Many government agencies and police departments have been targeted along with the computers of ordinary citizens.  No one is safe.  The Colinsville, Alabama Police Department became a victim of ransomware last summer, refused to pay the ransom and lost their infected database of mugshots.  The Durham, New Hampshire Police Department also refused to pay a ransomware, but wisely had backed up its information so it lost nothing of value.  Other police departments, companies, government agencies and individuals have not been so fortunate, however and have either paid the ransom or lost their data in many instances.  Depending on the sophistication of the malware used, sometimes the ransomware can be defeated, but often it cannot.

TIPS

Certainly you want to always keep your anti-virus and anti-malware software up to date on all of your electronic devices, however, you can never be fully confident that this will keep you safe because the latest viruses and malware are always at least a month ahead of the software security updates created to deal with these issues.  Since generally the ransomware is downloaded on to the victim’s computer by clicking on a link in an email, it is critical that you not click on links in emails unless you are absolutely sure that the link is legitimate.  Finally, it is very important to back up all of your data independently every day so that even in a worst case scenario, you will not need to give into the demands of extortionists.

Scam of the day – November 5, 2013 – Email hacking

Two close friends of mine had their email accounts hacked this week and they are not alone by any means.  Email hacking is a common occurrence and it can represent a serious security threat or a benign inconvenience, however, in either event, it is important to act promptly to remedy the situation. Sometimes your email is hacked and used as part of a botnet, which is a zombie network of computers used by scammers to send out spam.  Other times, however, when you are hacked, malware is installed on your computer without your becoming aware of it. One particularly troublesome type of malware is keystroke logging malware that can steal all of the information from your computer and make you a victim of identity theft.  Often you only become aware that you have been hacked when someone on your email list informs you that that you have received an email that appears to have been sent by you, but is strange and arouses suspicion.

TIPS

Here are some tips for what to do if you have been hacked.  For more detailed information, check out my book “50 Ways to Protect Your Identity in a Digital Age.”  You can order it by clicking on the link on the right hand side of this page.

1.  Change your password on your email account.  If you use the same password for other accounts, you should change those as well.

2.  Change your security question.  I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”

3.  Report the hacking to your email provider.

4.  Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you.

5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program.  This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.

6.  Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.

7.  Get a free copy of your credit report.  You can get your free credit reports from www.annualcreditreport.com.  Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.

8.  Consider putting a credit freeze on your credit report.  You can find information about credit freezes on my blog www.scamicide.com.