Home Tell a Friend! Contact ICFE Link Exchange Search ICFE Subscribe ICFE About the ICFE
ICFE News Releases ICFE in the News Children and Money Financial Education Personal Financial Counseling with Paul S. Richard, RFC Credit Card Tips Credit File Correction Mending Spending Links and Resources Order Options
 

ICFE
ICFE eNEWS #16-42 - December 1st 2016

Ransomware and Terrorism

By Yan Ross, Director of Special Projects, ICFE

We live in a world of change, with new challenges arising nearly every day. But our responses to the challenges don't have to be built anew, from the ground up, every time we learn of another attack.

"There's nothing new under the sun," is an observation as old as civilization itself. Two manifestations of that comment are terrorism and ransomware.

An act of terrorism of the modern day is usually directed toward an entire system or nation or society, using destructive acts to interfere with the critical functions supporting the lives of the target's population. The specific victims are irrelevant, as the goal is to disrupt the lives of those around them.

Ransomware is similarly utilized to disrupt the life of the individual or organization which depends on the smooth functioning of its information technology to maintain its operations. The specific victim, however, is essential here, as the goal is to extract, or extort, money or other valuable consideration from the affected party.

In the world of identity theft risk management, we may ask what these two phenomena have in common, in order to better understand and respond to the challenges they present.

To prevent or avoid the consequences of an attack of terrorism or ransomware, the defenders must effectively repel every single attempt to perpetrate the crime. The attackers need only overcome the defenses once in any given situation to prevail.

The result is a set of dynamics that places the onus on the legitimate operators of the systems, whether they be physical or cyber-based, to prepare for and institute protocols and take defensive actions which will subdue the attackers.

In this situation, the polar opposites of greed and fear are at work: greed on the part of the ransomware perpetrators, and a healthy fear on the part of the good guys. Note the use of "healthy" in this context: not an irrational fear, but one based on an appreciation of the threat, leading to the adoption of appropriate defensive measures.

What are these "appropriate defensive measures," in the context of identity theft risk management? There is no silver bullet, but here are some of the most important actions and concepts to consider in preparing the right defenses against ransomware attacks.

  • Education to train users to avoid clicking on emails from unknown or untrusted senders, especially those with attachments. Links to websites can also be a vulnerability to installation of ransomware, as well as software with embedded macros that can be hacked to gain access to operating systems. This is the first line of defense against those ransomware applications that require action by the user to gain access to the target files and data.
  • Install and keep antivirus software updated for virus detection and deletion on IT systems. While anti-virus software is by its nature reactive to new threats as they are identified, they do provide a supplementary line of defense in conjunction with other preventive measures.
  • Implement firewalls to block ransomware entry points, as most need direct contact with the command-and-control functions of the target server to encrypt files. Isolating the target files and data sought by ransomware operates an yet another way of guarding against this threat.
  • Install and keep current a robust back-up and recovery system, including regular and frequent back-ups, remote or at least separate on-site storage, and systematic duplication and recovery capability. This has always been good practice, even before the onslaught of ransomware, as other systemic failures can have the same deleterious effect of compromising the availability of data and files.
  • Invest in keeping personal capabilities and IT training and implementation current, whether it's for personal or business purposes, since it's generally the lack of knowledge and failure to keep up to date that results in vulnerability to ransomware attacks.

Ransomers are like other crooks and terrorists: they will tend to attack weaker and more vulnerable targets. When they see a robust defense system in place, they are likely to move on to less prepared targets. The ransomware practice of sending out large numbers of phishing e-mails, hoping for an untrained user to "click" on the link that lets in the ransom program, is a numbers game.

This is the time to prepare against a ransomware attack, and avoid the situation of having to find out whether the ransomers can actually decrypt the files they have disabled – or whether it's just a con game of taking the ransom payment and leaving the victim with an empty bag.

The ICFE's Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info

Yan Ross Bio PhotoYan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.


Paul S Richard PhotoICFE eNEWS is available FREE upon request by visiting our Web site and filling out the contact form, and selecting "Yes" for "Add to Mailing List. Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

About the ICFE:

The Institute of Consumer Financial Education (ICFE) was founded in 1982 by the late Loren Dunton (creator of the Certified Financial Planner (CFP) designation).  The ICFE is dedicated to helping consumers of all ages to improve their spending, increase savings and use credit more wisely. 
The ICFE is an award winning, nonprofit, consumer education organization that has helped millions of people through its education programs and Resources. It publishes the Do-It-Yourself Credit File correction Guide, which is updated annually. The ICFE has distributed over one million Credit/Debit Card Warning Labels and Credit/Debit Card Sleeves world wide.

The ICFE became an official partner with the Department of Defense/Financial Readiness Campaign in June of 2004.The ICFE was an active partner in the California Student Debt Resource Awareness Project (CASDRAP) which resulted in a new web site: (studentdebthelp.org).  CASDRAP disbanded in 2010, shortly after the web site project was completed.  In 2011 the ICFE assumed the single sponsorship of the (studentdebthelp.org) web site and is now responsible for its content and operation.

The ICFE is also an on-line help for consumers who spend too much.  ICFE's spending help was featured in PARADE Magazine in the Intelligence Report section. The money helps and tips are from the ICFE's Money Instruction Book, our course in personal finance.

Visit the ICFE's other web sites at: www.financial-education-icfe.org and studentdebthelp.org.  Both sites helps consumers and students with mending spending, learning about the proper use of credit, budget and expense guidelines, how to set up and implement a spending-plan and also how to access financial education courses and how to teach children about money. Other ICFE services include: Ask Mr. G,  a free eNews, and an online resource center for students, parents and educators, plus financial education learning tools and a book store.

Home ] ICFE News Releases ] ICFE in the News ] Children and Money ] Financial Education ] Resource Center ] Credit Card Tips ][ Credit File Correction ] Mending Spending ] Links and Resources ]  [ Online Store ]

 

Copyright ©  1997 - by Paul S. Richard
and the Institute of Consumer Financial Education, All Rights Reserved.
View our
Privacy Policy Our Terms and Conditions

Institute of Consumer Financial Education
PO Box 34070
San Diego, Ca 92163
Paul S. Richard, Executive Director
Phone 619-239-1401

FAX 619-923-3284

Questions for www.financial-education-icfe.org Click to go to Website Contact Us or 
Website Design Donated by Desgn School Programs

Please Tell An Associate, Friend or Family Member About the ICFE