The Solution to Ransomware is Digital Sovereignty
Posted June 09, 2021
“Thinking about the end of the current system is taboo. To understand the great transformation to the Information Age, you must transcend conventional thinking and conventional information sources.”
-The Sovereign Individual
In 75 BCE, Julius Caesar was held hostage by Aegean pirates for ransom.
In 1532, Francisco Pizarro was paid a massive ransom in the form of gold (approximately $2 billion worth) in the trial of Atahualpa.
In 1874, Charley Ross, the first recorded kidnapping in the U.S., was held for ransom.
Fast-forward to 2021, a new type of ransom is hitting the headlines. First, it was Colonial Pipeline (its billing department, at least, come to find out). Then, JBS, a meatpacking plant.
To some, the solution seems obvious: ban cryptocurrencies.
Cryptocurrencies, they say, make ransomware possible. In fact, according to them, it’s the only real use-case for crypto.
So, of course, banning them is the obvious choice.
As we know, the use-cases of crypto extend well beyond petty ransomware. The projects we’ve looked at so far in these digital leaves could make the Internet faster, more secure, and reshape our economies in ways that could eventually wrench us loose from Crony Inc.
Furthermore, long term, any ban would prove fruitless and only serve to benefit other more crypto-friendly countries.
(Cough cough El Salvador.)
Consider that Nigeria’s recent Twitter ban can’t even keep Nigerians from accessing the website. Less than 24 hours after the ban was announced, many Nigerians had already found workarounds. (All they need is a cheap or free VPN.)
While they might give people a false sense of security, and absolve personal responsibility, bans won’t protect people from those who don’t care about the laws. (And online, those threats are nonlocal.)
And ransomware, though a pain, is the least of our worries.
The really dangerous hackers aren’t using ransomware. They go after the big payloads… the centralized honeypots. And they find more and more malefic ways to screw over their victims.
In 2013, cybercriminals hacked Target and escaped with the private information of 40 million customers.
In 2017, Equifax lost the records of almost 150 million customers.
Last year, it was revealed that the SolarWinds hack gained a foothold into the servers of over 150 agencies and organizations.
These attacks are just the ones we know about. Ransomware has nothing to do with them.
While the knee-jerk response might be to pull out the banhammer, the real focus should be on beefing up our security, emphasizing personal responsibility, owning our own data, and building an Internet that makes such attacks largely moot. (Or at least not systemic.)
How to Protect Yourself
That said, you’re probably vulnerable to a slew of hacks. But there are many things you can do right now to protect yourself.
First of all, if you’re using Microsoft, consider checking to see if they still use keyloggers to record your typing, voice, handwriting, and everything else you do on your computer. And then turn it off.
Not only is it wildly invasive, but it also makes you more vulnerable to hackers. (If Microsoft gets hacked… or an employee goes rogue… they have everything on you.)
Ransomware uses methods of encryption designed to be unbreakable. They are the same methods we use every day for secure communication, online shopping, and keeping your identity and private information safe from ne’er-do-wells. It’s not typically the encryption that’s the problem.
The biggest problem is you.
A cyber truism: “The most serious security holes are human, not algorithmic.”
Ensuring that your password is long enough, hard to guess, and not easy to access (as in, not sitting in a file in your Gmail) is a great first step.
But you also have to be on guard.
Hackers now use a variety of social engineering techniques—such as spoofing an email that looks like it's an urgent email from your boss—to try and get you to install something you shouldn't or to download files you think are attachments but aren't.
Here’s an example of an email I received not long ago, claiming that Jack Davis bought a $523 laptop from my Ebay account. (The goal is to get me to call the number, then, presumably, get my credit card information.)
Ransomware usually infects your computer by way of:
→ A malicious link in an email message
→ Infected websites (visiting obscure porn sites and downloading “illegal” files is how many people get infected)
→ Fake apps
→ Malicious ads, or Malvertising
→ Exploited plugins
Remember, above all else, this: UPB.
Update, protect, and back up.
UPDATE: All malware, ransomware included, exploits older or unpatched software. Updating your operating system, browser, apps, and plugins is the easiest way to prevent attacks.
PROTECT: Two-factor authentication, password managers, and reputable screen and clean software.
BACK-UP: Always back up the files you need onto an external hard drive or flash drive. Use a password manager and commit to memory your master password. Most operating systems have an auto-backup feature, too. (Most, but not all, ransomware can be bypassed by running your computer in safe mode and then restoring it to an earlier date… if you backed it up, that is.)
Other useful tips:
→ Toggle your email provider’s anti-spam settings to filter out all the potentially harmful incoming messages. Raising the bar beyond the default protection is an important countermeasure for ransom Trojans.
→ Define specific file extension restrictions in your email system. Make sure that attachments with the following extensions are blacklisted: .js, .vbs, .docm, .hta, .exe, .cmd, .scr, and .bat. Treat ZIP archives in received messages with extreme caution.
→ Use an effective antimalware suite. There are security tools that identify ransomware-specific behavior and block the infection before it can do any harm.
Ransomware attacks are going to get worse before they get better.
If you’re interested in learning more on the DarkSide hack specifically… and what to do if YOU get infected… check out this article by Heimdal Security.
Managing editor, Laissez Faire Today