by Dave Moore, CISSP
10/30/2022
Ransomware: somehow, somewhere, the Internet bad guys trick you into clicking the wrong thing, installing virus-like software that locks you out of all your important files. Suddenly, all your documents, spreadsheets, emails, bank statements and photos become unusable. You have been hacked.
As you read the creepy message that appears on your screen, you realize Internet criminals have kidnapped your files, and are holding them hostage. In order to re-gain control, the message demands you pay a ransom of hundreds or even thousands of dollars. Things are looking grim.
How did this happen? How is someone victimized by ransomware, in the first place? Ransomware has rapidly become one of the Internet’s biggest problems by using proven, time-tested and simple techniques that exploit what is clearly the Internet’s Number One problem: user ignorance.
The answer to “how did this happen” is almost universally the same: poorly trained computer users clicking bad website links and phony email attachments, tricked by professional Internet con artists into installing dangerous software that goes right around normal protections like firewalls and antivirus programs.
Even Apple and Android smartphone users have been hit by ransomware, which usually renders the entire device useless. But how, you may ask, is anyone supposed to know about these things? That’s a very good question. How, indeed?
I certainly don’t see any serious effort by Microsoft, Apple or Dell to teach people how to use their products safely on the Internet. Google has its “Be Internet Awesome” tours, but they are aimed exclusively at school children. Companies like KnowBe4 sell online-only “security awareness training” aimed at corporate employees, but what about everybody else? Effective education of the general public in Internet safety is virtually nonexistent.
Society has not been taught how to avoid online scams. Internet criminals victimize millions of people every day, knowing they do not know how to defend themselves. To quote H.G. Wells, “Civilization is in a race between education and catastrophe.”
So, until the next time I and the non-profit Internet Safety Group Ltd. can present our Internet safety class, check out these free online tests and see if you can beat the ransomware scammers. Since most ransomware attacks start with bogus emails, have a look at these “phishing” tests.
The Phishing IQ Test, from Sonicwall: https://www.sonicwall.com/phishing-iq-test/. The Phishing Test, by Phishing Box: https://www.phishingbox.com/phishing-test. The Jigsaw Phishing Test, by Google: https://phishingquiz.withgoogle.com/. The OpenDNS Phishing Quiz: https://www.opendns.com/phishing-quiz/. Hint: be advised these website addresses should not have periods at the end. Have fun.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com