The most reported ransomware strain of 2021 so far – accounting for around 71% of the total – is not a headline grabbing, multi-million-dollar ransom threat targeting a large enterprise, but a file-encrypting virus called DJVU or STOP ransomware that targets home users and has more than 290 variations.
It’s important to keep things in perspective and to remember that just because a threat is common that doesn’t make it more dangerous. For example, sophisticated, manually orchestrated ransomware attacks targeting organizations – such as the recent Darkside ransomware attack against Colonial Pipeline or the REvil attack on Kayesa – may be far fewer in number, but they are significantly more disruptive and expensive than their consumer-focused counterparts.
Further, the number of times a particular threat is reported doesn’t necessarily mean there will be many victims.
For instance, many DJVU/STOP attacks arrive via pirated games downloaded from online “cracking” forums, and the proportion of individuals actively hunting for cracked versions of software programs is likely to be fairly small.
However, the fact remains that consumers are a target for ransomware – and for many other cyberthreats. Risk awareness and preventative action are as important for individuals and their families as they are for businesses. Moreover, when it comes to cyberthreats, what you need to do to stay safe from one type of threat can protect you from another too.
The first priority is to understand what the risks are and how vulnerable you, your family and your home devices might be.
New research from Sophos Home reveals that 91% of consumers in the U.S. are concerned about online security threats affecting their households, and they worry most about viruses and malware (60%), identity theft (55%), and financial fraud (48%.)
However, the survey also shows that while 45% are concerned about ransomware threats, only 49% could correctly identify what ransomware actually is. To reduce vulnerability, it is vital that people accurately understand the kind of risks they could face in their everyday digital lives.
The second priority is taking steps to protect yourself from such risks.
For instance, DJVU/STOP ransomware – and many other consumer-focused malware, including so-called “information stealers” – spread disguised as cracked versions of popular software applications.
Gamers browsing for “free” versions of games or gaming-modifications (“mods”) can be particularly vulnerable to such approaches. Young people make up a significant proportion of the gaming community, yet the Sophos Home research found that only half (50%) of parents have added parental controls on devices that their children use, and only 46% regularly run malware scans on household devices – the kind of things that would protect young people from installing pirated software that is in fact disguised malware.
The following list of 10 basic cybersecurity practices are a good place to start:
- Set strong, unique passwords for every account and every device – for every member of the family; and don’t forget about securing the home Wi-Fi network too
- Install a security solution on all devices
- Keep software up to date. If you can, set devices to update automatically so you don’t have to remember
- Keep young people’s connected devices secure with appropriate parental controls and content filters – and talk to them about online risks and how to stay safe
- Only install legitimate software applications from official online stores, such as the App Store and the Google Play Store
- If an incoming email, SMS or IM message looks suspicious for any reason (the language, request etc.) do not open the attachment or click on any link
- Never change or override security settings on your computer or smartphone on the say-so of a message you receive from someone you don’t know
- Turn on 2FA (two-factor authentication, also known as two-step verification) if you can on any online services that support it
- Get in the habit of making backups, even at home. Keep at least one backup offline (e.g., unplugged if it’s a USB drive, or logged out if it’s a cloud service,) so that if you do get hit by ransomware, the crooks can’t scramble your backup at the same time as your live data
- The golden rule when it comes to data privacy online: if in doubt, don’t give it out
Further insights from the Sophos Home survey are available in the full report, The State of Consumer Home Cybersecurity 2021.
More tips can be found in the following Sophos security tips articles: