Imagine losing access to all your wallets and keys on your computer and in a flash losing all of your digital valuables.
If you think it is a wild thing to imagine, think again.
With over 88% organizations in Saudi Arabia and 54% of US organizations reporting Ransomware attacks in 2019 it is never too early to be cautious.
Especially, if you are in the habit of storing wallet keys and account passwords on your computer (or tablet).
In this article, we provide you some tactics that you can use to treat Ransomware attack as an inevitability and prepare for it in advance.
If it sounds morbid, that was the effect we were going for.
What to do to avoid becoming a victim of Ransomware?
The best antidote to Ransomware is to not get one. To avoid being a victim of Ransomware, you have to know how it attacks.
Here are the top ways Ransomware attacks take place:
Phishing through email
This one method accounts for over 60% of Ransomware attacks. Phishing is simply trying to lure victims to click on a link or download an attachment.
The creativity that goes into phishing attempts is quite sinister.
For instance, if you received an email from Coinbase.com and if you have an account with them, it is easy to click on the link without verifying the actual source.
As an example, look at below link:
It is easy to think that this is a genuine link, however, if you hover over the link you will see it will take you to a different website entirely, in this case, we have directed the link to our own website.
Be very careful about clicking any links on emails telling you about any free airdrops or giveaways or security compromises.
Greed and fear are common triggers that scammers use to lure you into clicking links or installing Ransomware.
When we had a problem with the Binance account, we were trying to call the Binance customer support.
The problem is, we were looking for Binance support on google and astonishingly all the top slots were bought by scammers.
If you called any of these numbers they will listen to your problem like professionals and ask you for your ID, password, 2FA, etc.,
This is a dead give away. No genuine company requests this information via phone (or even email).
Hangup at once and go to their official website to find the customer support details.
As much as possible, try to type in the website address. If you do use google, make sure you do not click on paid ads as some of them are bought by scammers sometimes.
Calls & spoofing
Many of my friends who are in the US on visa received a call during 2018 and 2019 threatening that police officers are on their way to their homes to arrest them unless they are ready to cough up $$s.
The callers were so intelligent that they actually spoofed the local sheriff’s number when they called so that at an off chance that you google the number – you will be even more convinced about the threat.
During one such event, I called the Sheriff’s office directly and the lady on the other end said that she was the only one who worked at the Sheriff’s office and they have no guys, and that the Sheriff (or any agency for that matter) will never contact anyone via phone about any legal matters.
Exchanges will never call you to tell you about hacks or security issues. Never give away any passwords or 2FA on the phone.
Shady websites – look for the shield
If you have to access any shady websites, make sure you have a separate device for that other than the one that you use to access your emails and store files.
General rule of thumb is to look for the ‘secure’ key on the browser to make sure that the sites you are visiting are safe to visit.
Take regular offline backups
It is important to have backups either on an offline system or harddrive. To ensure you don’t lose data due to damage to the drive, strive to take 2 backups.
Hardware wallets are a great way to secure your crypto wealth. Do not store wallet keys or passwords to your accounts on your computer.
Redundancy is important but not too much
Have important files, keys and other information on offline devices that are not connected to the internet.
Use anti-virus and anti-malware software
Some anti-virus and anti-malware software warn you every time you try to install something to grant explicit permission.
This helps if some Ransomware tries to silent-install itself.
What to do if you become a victim of Ransomware?
If you do end up becoming the victim of a Ransomware, do not panic and follow the following steps (these steps are assuming you are an individual and not an organization).
Disconnect from internet
Turn off your wifi, unplug your modem and internet connection. Some of the
ransomwares have worms (which is a fancy way of saying they install themselves on all connected devices on the network) and distancing the infected computer from the network is the first step.
Disconnect all devices from the network
Computers, printers, any device that uses the internet from the same network (devices connected via wi-fi is a good place to start).
Wipe the system clean
The best bet when your files get locked is to clean up your harddisk and reinstall the entire system before you start using the device.
Restore the computer using original software
Try to use OEM sources to reinstall your original software onto the wiped system. Do not login to any financial accounts from the computer until you have re-run a security scan using the latest version of antivirus.
Do NOT pay the ransom
Ransom looks like a tempting solution, however if you pay ransom, you run into following issues:
- You may not get the access to the files despite paying the ransom
- You will be encouraging internet terroris*s by paying them
- You might get marked as someone they can bully into paying
It is always better to reach out to respective authorities for help.
Special areas of concern for Crypto folks
Many of the mining software files are flagged by the anti-virus and anti-malware software as suspicious.
You are forced to shut-down the firewall to complete the installation of these mining files.
Do you completely trust the source of these mining software?
As a general rule, we try to use apps for mining that are available on popular platforms like AppStore.
These companies have stringent protocols that the app needs to adhere to before it can be listed on the store.
However, when you download a mining software directly from websites – be sure that there is nothing phishy.
Cryptojacking is a method in which the malware sits silently on your computer and uses your computer (and any other device connected to the same network) to mine cryptocurrencies.
Any device that is connected to the internet is vulnerable to cryptojacking.
Because there are no alerts or ransom demands, it is difficult to detect if you have been a victim of Cryptojacking, this is why having a reliable anti-virus and anti-malware software could help.
Most, if not all, of our funds are in digital form. This is especially true for cryptocurrencies. Unlike the traditional banking system where you can lodge a complaint or tap into insurance, crypto is our own responsibility.
As such, the onus lies on each of us to make sure we are prepared for any potential attacks including Ransomware.
We hope this piece has given you some things to think about your crypto security.
Thank you for reading and sharing this article. We appreciate you.
Stay safe and healthy!
Everything in this article is an opinion, not an advice of any kind. This material has been prepared for general informational purposes only and it is not intended to be relied upon as accounting, tax, investment, legal or other professional advice. Please consult with a professional for specific advice.
We do not endorse or guarantee the accuracy of the information and claims made.
All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.