INDIANAPOLIS (WTHR) — At Big Guy Signs in Indianapolis, the printer is usually humming.
"We do a lot of signs, interior, exterior and vehicle wraps. I tell everybody from a desk top sign to a billboard sign and everything in between," said owner Asher Collins.
About the only thing that could put the brakes on this business is a cyber-attack.
"Just opening the email hit me," said Collins. "It put a big silver screen across the front that said 'server ransomware, your computers have been taken hostage.'"
Asher Collins, Big Guy SignsCollins said the ransomware downloaded onto his office server and shut down every computer that was connected and turned on. One computer that was turned off was not impacted. The cyber-attack encrypted 30 years of files. Collins did not pay the ransom that cyber thieves were demanding. Instead, he spent countless hours working on a backup computer set up off-site.
"Technically, I've been shut down without my server or my files for two weeks," said Collins.
Helping businesses combat cyber-attacks is what Mat Gangwer does at Rook Security in Indianapolis.
"There have been a number of notable attacks," said Mat Gangwer who is the chief technology officer at Indianapolis-based Rook Security.
Mat Gangwer, Rook SecurityGangwer says hackers continue to send mass emails hoping to draw you in.
"As a consumer, paying real close attention to even the language that's in the email. Often there will be a lot of typos. Incorrect grammar," said Gangwer. "Anytime someone asks for your password via an email message, it should send off a red-flag."
Rook Security provided Eyewitness News tips to prevent becoming a cyber-attack victim.
Tip 1 – Don't open suspicious links or attachments.
"In most email systems, you can actually hover over links. It'll actually expand them and show where it's going to take you," said Gangwer.
Tip 2 – Monitor your statements.
If hackers get into a site that you use, they could get your credit card information.
"What attackers will often do is called washing cards. They'll run really small transactions through on all the cards just to see if they work, if there's money on them," said Gangwer.
If you don't notice those small transactions on your statement, attackers will make bigger transactions."
Tip 3 – Use a passphrase instead of a password. Rook Security said many people still use the word "password" for their password.
"It's still really common for 123456 to be used which is surprising nowadays," said Gangwer.
"Pick something that you're passionate about that you'll remember like a hobby. Then mix those phrases together and before you know it, you'll come up with a long, secure password that's easy for you to remember," said Gangwer.
"I wouldn't use information that's easily found on social media. So, birthdates for yourself or family members are usually not good advice because they're easily found," said Gangwer.
"You definitely want a unique password per site or per service that you use. Use a password manager. Something like a 'LastPass' or '1Password' You only need one password to get into that service and it securely stores your passwords for everything else," said Gangwer.
Tip 4 – Validate email sender information. "What attackers can do is spoof where those messages are coming from. The 'reply to' is often how they do that. So, the email might look like it's coming from your friend or maybe a co-worker, when you actually hit reply, in that email, it will send to someone else," said Gangwer.
"It's a small trick they use to get unsuspecting victims to pass off HR data or finance data because it looks like it's coming from a real person. It's used in wire fraud a lot. The attackers are trying to impersonate executives in a company, like a CFO or CEO. They ask for a large sum of money to a wire transfer from this account. Since it looks like it's coming from an executive in the company, some people will fall for that," said Gangwer.
"If the email sounds too good to be true, it likely is. In most email systems, you can actually hover over links. It'll actually expand them where it's going to take you. That's critical because you can mask URL. I can hover over PayPal and take them to the hacker's server. It might look like PayPal, but it's not PayPal," said Gangwer.
Tip 5 – Use the two factor verification. Rook Security says companies like Google, Microsoft, PayPal and Twitter offers an option that combines your username and password with an additional security key delivered to your smartphone. That way, hackers would need to have that secret info plus access to your phone.
If ransomware takes over your computer, Rook Security has this advice.
- First, disconnect your Infected Device. Disconnect it from the internet and any of your other devices. This helps prevent the infection from spreading to other computers, phones, etc
- Delete and Reinstall your Operating System. If you have recent backups of your data, you can delete everything on your computer or phone and reinstall your operating system to make a fresh start. This is why continually backing up your data is so important. If you've ensured that all your most important files are safely backed up, you can rest easy knowing that if a cybercriminal does delete your data, you still have a copy that can be restored.
- Contact Law Enforcement. Although the police or FBI may not be able to recover your stolen data, you should still report that the crime took place. By giving the authorities as much information as possible, you might be able to help apprehend the criminal responsible and prevent attacks on others.
- Pay the Ransom. This isn't a good option, but it is an option. Keep in mind, though, that by paying the ransom, you're essentially taking the cybercriminal at their word that they'll give back access to your files. Furthermore, paying these types of ransoms emboldens attackers and perpetuates this type of criminal behavior.
When it comes to ransomware, there are some variants that you can recover from. But in most cases, if the ransomware has taken over your device, recovery is not possible and starting from scratch or your most recent backup is the best possible option.
Back at Big Guy Signs, Asher is now asking his regular customers to be specific in their email requests.
"In the subject line, put 'per this job' or 'per this property', so I know it's safe to open," said Collins.
That way he can keep the printer humming and his business open.
