This is a fascinating article from the Wall Street Journal (behind a paywall) about a couple that accidentally managed to take over almost all of the surveillance cameras in Washington, D.C. right before Trump’s inauguration. All they did was send out hundreds of thousands of emails with a ransomware attachment disguised as an invoice. The email list they used just happened to include the Washington, D.C. police department. Once the attachment was opened, they were able to take over the computers that controlled the surveillance cameras and post a message demanding a ransom of about $60,000 to return control. Federal agents did not pay the ransom, and they were able to reinstall the operating system on each of the 126 infected computers to regain control three days before the inauguration.
I encourage you to read the article for the interesting details, including how an online pizza order helped crack the case, but there are several lessons we can take away from this:
- Keep the operating system on your computer updated and turn on automatic updates. A lot of ransomware exploits known vulnerabilities on computers that haven’t been updated.
- Don’t trust any attachment or link, especially if you weren’t expecting it or it comes from someone you don’t know. Consider it radioactive until you’ve pro-actively confirmed it’s safe.
- Back up your computer. This could mean saving things to the cloud or even doing a full system backup onto an external hard drive.
- If you do get infected with ransomware, it’s generally recommended not to pay the ransom. There’s no guarantee that they will give you back control of your computer, and if you’ve followed the above tips, you won’t need to pay them a dime.
- Let your advisor know as soon as possible. We can support you in the recovery process and make sure your accounts are still secure.
The most important thing to take away from this is the knowledge that you can protect yourself online. With a little bit of attention, you can make things much harder for bad actors and much easier on yourself.
Ben Watson serves as Principal and Technology Manager at Team Hewins.
Team Hewins, LLC (“Team Hewins”) is an SEC-registered investment adviser; however, such registration does not imply a certain level of skill or training, and no inference to the contrary should be made. We provide this information with the understanding that we are not engaged in rendering legal, accounting, or tax services. We recommend that all investors seek out the services of competent professionals in any of the aforementioned areas.