As if the mad rush to “web-ify” everything wasn’t bad enough, McAfee’s security blog now brings us a new, shining moment in Internet history: it is now possible to visit an easy-to-use website to host your own ransomware campaign for the low, low price of free. A group of cybercriminals have put together a service that will provide you with the malware that locks up your victim’s files, as well as the means to collect the ransom via bitcoin through their consolidated platform. The service even includes a dashboard that summarizes your criminal activity: number of computers infected, number of people who paid the ransom, and how much you’ve made so far. It all sounds like something the Onion.com would dream up, but sadly, it’s real. Would-be cyber-extortionists have to pay 20% of their take to the service owners, which could amount to some serious cash. Over the course of the past few years, experts estimated that tens of millions have been made on previous ransomware campaigns. Like any good money-making model, these enterprising individuals hope to amass a fortune on the backs of aspiring cybercriminals.
What this means for you:
As I’ve said in previous blogs, cybercrime is big business now. Though McAfee’s bright light of publicity may help shut down this particular iteration of mass-market ransomware services, you can bet dozens more will follow suit, if they aren’t already up, running, and better hidden. The internet has the ability to magnify anyone’s capabilities by an incredible degree, even more so when someone with savvy and no scruples turns their sights onto the vast, largely naive internet populace. The pitch for this particular service is that “anyone” can set up their own ransomware campaign, and you can bet they’ll do a booming business until the good guys shut them down. On a more reassuring note, this particular platform only provides the means to start and run a ransomware campaign. It would still be up to the would-be extortionists to actually target and distribute the malware to their victims, a task which is surprisingly hard to do in a way that won’t get you caught. However, is it so hard to imagine someone else setting up shop right next door to the ransomware folks, where, for a “small percentage of the take” they would provide those targets? Imagine if these enterprising criminals decided to form pyramid schemes on top of these “business models”. I imagine once attaining that level of vicious cannibalism, the whole thing might collapsed in on itself under the weight of sheer backstabbing and profiteering, but in the meantime, we might drown in a crushing wave of malware. Sadly, there’s no magic bullet, but there are three things you can do to better protect yourself against the coming storm: a good firewall on your perimeter, solid anti-malware on your computer, and an up-to-date offsite backup of your data. Those things plus constant vigilance (and a little paranoia!) will go a long way towards staying safer in these more dangerous times.
Yesterday I posted about the real possibility of cybercriminals and spammers using Facebook’s upcoming “Graph Search” as a means to easily sort out and research potential targets. The Electronic Frontier Foundation, ever on the lookout for our privacy (even when we won’t do it ourselves), has put together an excellent guide on all the settings you should review in Facebook to make sure the data you want to be hidden from the general public stays that way.
What this means for you:
If you’ve ever taken a stroll (or even a dedicated walkthrough) of Facebook’s privacy settings, you probably gave it up for being unnecessary and complicated. Hopefully my previous article made you reconsider the “unnecessary” stance, and now EFF gives you a step-by-step guide to setting the privacy settings to what you want them to be. The only thing better would be having me sitting with you personally to go through each step and doing it for you. I could totally do that if you like, but while I was doing it, I’d be giving you a (possibly boring) lecture on why you should be learning how to do this for yourself, etc. Your privacy and security is important enough that you should understand exactly how Facebook shares your personal information. We are entering a period of time where getting duped by hackers is moving from nuisance to an actual threat on your livelihood and possibly even your personal safety, and the best defense is knowledge and preparedness.