It was just another boring workday at the municipal offices.
Maybe this employee hadn’t even had his second cup of coffee. Still groggy, he opened an email that seemed mundane. He clicked a link.
And just like that, the town of Lake City Florida was disabled.
Employees were locked out of their email accounts. All town computers seized up. Town websites and services went offline for weeks.
Police and Fire departments were not affected because they operated on different servers. But another Florida town hadn’t been so lucky.
Just a few weeks earlier, Riviera Beach Florida systems were also taken for ransom.
In that case, it was a police employee who clicked on a malicious link, and disabled the town’s systems. City officials worked overtime to hand-write checks to pay employees. Police dug out old paper traffic tickets. And city water testing had to be done manually.
The hackers encrypted all files stored on the computers and demanded a ransom to decrypt them again.
Both cities ended up paying the ransom in Bitcoin costing between $460,000 and $600,000 in order to regain access to crucial data.
It’s easy to forget, but as so much of our lives has moved online so quickly, we’re more vulnerable than ever to the new age criminals.
For example, we have comprehensive home alarm systems. Yet we leave the front door to our digital lives wide open.
This sort of thing doesn’t just happen to larger targets like cities and companies either– everyone is at risk.
These towns fell victim to a classic phishing scam. That’s when hackers either get the victim to click a link that installs malicious software on a device, or send a victim to a malicious website to trick them into handing over personal information like login credentials.
But there are some easy, cheap, and usually free, ways to secure your digital life against threats like this.
1. Don’t click on sketchy links!
Whenever you receive an email or instant message, be vigilant… even if the email appears to come from a trusted contact. Often malware infects an account and then attempts to spread itself to the person’s address book through email and skype.
Be particularly careful if the message asks you to log in somewhere. A common scam is to create a fake website that looks identical to a vendor’s page, but has a login form that sends your password to the hacker.
So don’t click on the link in the message and instead visit the vendor’s website directly in your browser.
And be careful with attachments– especially if the file name ends with .exe or if it is a compressed zip archive that contains .exe files. Unlike other documents these are executable files that can install malware.
2. Never use untrusted USB devices
Some hackers leave infected USB sticks or hard drives in public spaces. If you curiously plug it into your computer, malware can be installed on your computer without you clicking anything.
3. Keep your software up to date
New security vulnerabilities that allow malware to infect your computer are discovered on a daily basis and software updates patch these security threats.
It’s particularly important to always keep your operating system (Windows, macOS, Linux…) and web browsers up to date, because security vulnerabilities in these products can offer hackers a way to install malware without any interaction on your part.
You also need to make sure you install these updates as soon as they are released, because hackers take advantage of people who don’t update their systems right away and exploit the newly discovered vulnerabilities within days after an update is released.
4. Use cloud backup
If you do fall victim to a malware or ransomware attack, a backup is your best chance of recovering your files.
Paying a ransom isn’t always a guarantee that you will be able to restore your files. A lot of ransomware demand a payment, but don’t actually offer a way to decrypt the files after the payment is made.
A traditional backup to an external hard drive is also not a guarantee that you will be able to recover your files, because some ransomware actually looks for backups and encrypts them too.
You can prevent this by unplugging your backup from your computer and only connecting it when you make a backup. But if your backup strategy depends on regular, manual actions you will likely not perform them frequently enough and your backups will be out of date.
These services automatically and regularly encrypt your files in your computer, then upload all your encrypted files to the cloud and store multiple versions of them for recovery.
If you are ever hit by ransomware, then you can easily restore all your files without paying the hackers.
It’s important to note that cloud storage services (Dropbox, Google Drive, Onedrive, …) are not the same as a cloud backup services.
Most cloud storage services don’t store multiple versions of files or keep deleted files. So if ransomware encrypts your files on a cloud storage services you still won’t be able to recover them.
These are some easy things that could have saved these towns, and the taxpayers, a lot of money.
But there are many more ways to protect against these and other threats.
For example, creating a strong, unique password, and using two-factor authentication can prevent even the most sophisticated hackers from breaking into your online bank, credit card, or social media accounts.