FBI Portland
Portland Media Office
(503) 460-8060
February 6, 2018

FBI Tech Tuesday: Building a Digital Defense Against Ransomware at Home

Welcome to the Oregon FBI’s Tech Tuesday segment. This week, building a digital defense against ransomware attacks at home.

Last week, we talked about the threat ransomware poses to small and medium-sized businesses in Oregon. They are particularly vulnerable because they often don't have the staff or the experience to prepare for or recover from such attacks.

This week, we talk about the dangers that the average person faces from ransomware at home.

The set-up scenario is the same: the fraudster either gets you to click on a bogus link or attachment in your e-mail to download malware onto your system—or he is “seeding” legitimate websites with the malware. Either way, this malicious software takes over your system and locks it. You risk losing access to precious family photos, financial information, and more.

In a twist to this—there is reporting that some Apple devices are getting hijacked in a similar scheme. In this case, the bad guys are using stolen iCloud passwords obtained in one of the many large-scale data breaches. They can access your iCloud account, change your password, and use the “Find my iPhone” service to lock you out if you don't pay the ransom. They may even be able to wipe your system remotely.

Whether locked by ransomware or hijacked by hackers—protecting your data requires a good digital defense.

* Make sure that you regularly make offline back-ups of all of your computers, phones, or other devices. Disconnect them backups—both virtually and physically—from your main systems.

* Use high-quality antivirus and anti-malware software appropriate to your devices and make sure to enable automatic updates on them.

* Make sure your devices have the latest operating software updates and set those updates to load automatically if you can.

* Use two-factor authentication when possible. This means the hacker would need more than just your password and user ID to access your system—he would also need something like a one-time code that is sent directly to your phone.

* If you are attacked and don't have back-ups, look for reputable information being put out by the device manufacturers and industry experts. It is possible that someone has come up with a solution that will help you figure out how to disengage from a particular ransomware strain.

* Finally, the FBI recommends never paying the ransom, as there is no guarantee that the scammer will send you the decryption key. Beyond that, the money you pay may be used to fund organized crime activity or acts of terrorism while encouraging future criminal activity by these cyber thieves.

If you have been victimized by an online scam, be sure to report it to the FBI’s Internet Crime Complaint Center at IC3.gov or call your local FBI office.