Don’t let ransomware extortion take you down: tips to SoKY from SKYCTC cybersecurity expert
By Meghann Stamps – WNKY TV News
BOWLING GREEN, Ky. – You’ve heard of hackers using ransomware to encrypt victims’ data…or maybe experienced it: being locked out of your own computer unless you pay a ransom to re-access your own data.
Southcentral Kentucky Community & Technical College cyber security instructor and founder of cybersecurity training website McFadden.it Art McFadden says the growing practice of extortion takes ransomware threats to a whole new level.
McFadden explains that extortion is when hackers, “steal the data as well as encrypt it. So, even if you have good backups and believe that you’re safe, you’re not. They now have all of your personal data and they are willing to sell it for a price on the dark web.”
During the 2020 COVID-19 pandemic, extortion cases grew by 78 percent, according to Surfshark VPN. Of course, that means SoKY is not immune.
“Ransomware is the number one cyber threat right now, and in 2023, we are set to break the record of over $30 billion lost worldwide.”
McFadden says extortion is a cyber attack that’s especially horrifying for business owners whose hard drives hold clients’ Social Security numbers or addresses.
“If I were to steal all that information, I’ve got potentially patient records, attorney-client records. I’ve got all sorts of juicy information.”
McFadden says even paying that ransom price never really ensures your info is taken off the web. So, what’s the solution?
“Unfortunately, I’ve been called and asked to assist, in many cases dealing with ransomware. And the best answer is actually prevention.”
In most cases, avoiding falling victim to extortion comes down to using discretion opening email links, according to McFadden.
“The catalyst is a bad email or a bad link. So, the best thing you can do for yourself and your employer is just don’t click on it. Contact somebody, tell them it’s suspicious and always assume it’s going to be a threat.”
McFadden says most computer threats require assistance from an unknowing victim. You can use phishingquiz.withgoogle.com to help learn to spot fake emails. Remember, when in doubt, it’s FAKE.
McFadden also recommends using haveibeenpwned.com to check if any of the sites you use have been known to be compromised. This web site allows you to put in your phone number or email address. If you discover that your phone number or email address was associated with one of those web sites, change that password immediately. Better yet, if it’s a web site or account you no longer use, delete the account.