You get an e-mail from a stranger with an attachment, why not open it? There is a USB-stick on your desk, why not just upload its content? Nothing interesting happens, until you restart your computer. Suddenly, you get a message. You need to pay up before you get your data back. 

Simply put, ransomware encrypts your data, making it inaccessible for the user to see it. Effectively, it’s being kept ransom until the user pays the price. When he or she does, the system will unlock. Another form of ransomware is just exploiting your computer, so it keeps spamming you stuff on your screen. This will only stop once you pay the price.

What can you do against it? If the encryption being used is strong or the file that starts the spamming is deeply hidden in the operating system, really not that much. It’s all about preventing. For example, not opening files from unknown sources. But what if you work for a company that gets thousands of e-mails every day from unknown sources, sending you attachments?

Ransomware gets ‘more intelligent’ by the minute. There are already examples out there that wait for the moment to strike after encrypting your back-up system. This seems like a pretty intense security risk to me.

You probably want to avoid ransomware on your personal computer, but it’s not the greatest risk we’re talking about here. Imagine a hospital getting hit with ransomware. In March 2016, the Hollywood Presbyterian medical Centre in California was actually locked out of its EHR for a week. I think you can imagine the chaos that ensued.

The problem with ransomware is, that is made for the user to pay. So naturally the targets will be the systems that are the ones we really need. Like hospitals. After being hit, the price will be just high enough for it to look acceptable. For a hospital, there may be no other choice than to pay up as fast as possible.

Since ransomware can creep up your system in a about a billion ways, it’s really hard to prevent it. Will just making securer software or train people to be more safe with their tools be the solution? I guess only time will tell. What do you think?

sources used:
https://en.wikipedia.org/wiki/Ransomware
http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/
http://www.computerworld.com/article/3041433/mac-os-x/first-mac-ransomware-had-sights-on-encrypting-backups-too.html
https://tweakers.net/nieuws/116333/meer-dan-helft-nederlanders-heeft-nog-nooit-van-ransomware-gehoord.html
http://www.beckershospitalreview.com/healthcare-information-technology/hospitals-are-hit-with-88-of-all-ransomware-attacks.html

Why Hospitals Are the Perfect Targets for Ransomware

Your alarm wakes you up at the perfect moment in your sleep cycle, your coffee awaits, room temperature is adequate while having breakfast and your car is already pre-heated, so you don’t have to start driving with freezing temperatures inside the car. That is the promise. 

If your technical level is ‘overlord’, you can pretty much program your whole house to your needs, but what if you’re not into all that stuff? Simple devices that connect with almost no configuration required are the solution. You just connect your lightbulb to the internet and you can use your phone to turn it on. You can just connect your baby webcam to the internet, so not only you can watch him or her, but also the rest of the internet. Wait what?

Introducing Shodan. A program that crawls the internet for open ports on IP addresses and uses the vulnerability of the RTS Protocol to generate a live stream of available webcams. Why is this possible? Well, we like cheap stuff, and apparently we don’t really care about the security aspect of our devices. But how weird would it be, if you found out that there was a live stream of your child on the internet? Wouldn’t you pay a little extra to prevent that?

Shodan is only the tip of the iceberg of what could potentially go wrong with connected devices. What about your car, being controlled while you’re driving on the highway? What about your device being hacked and its processing power used in a massive DDoS attack? These are all legit security flaws.

But security is expensive. It is also not always on the consumer’s radar while buying a new device. So why would a company invest in security, if the fight for the lowest price is still going strong? How are you making people aware of the importance, without first putting their lives freely available on the internet.

It’s a question we’ll likely see a lot in near future. Privacy doesn’t seem to bother a lot of consumers, until they’re very much aware of the effects. It shouldn’t be hard to connect your device  in your home network, it also shouldn’t be hard to secure that connection. Is privacy/security of your devices important enough for you to pay a little extra, or do we rather have cheap devices?

Sources used:

http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/

http://www.motoring.com.au/jeep-hack-exposes-car-security-threat-52669/

https://blog.360totalsecurity.com/en/biggest-ddos-attack-powered-150000-hacked-iot-devices/