What I’ve learned after my Mom got hacked (and her data held for ransom)

So my Mom got hacked, and the hackers demanded ransom to get her precious data (and photos) back. After an odyssey, chronicled here, here are a few things I've learned.

Q. After the hack and ransom, what was the first thing you changed about your own computer security?

I am literally backing up my computer right now — as I type! And while I routinely ignore the little pop-up box informing me that security updates are available for my Mac and Android, now I readily agree to the installation process. The computer security expert I interviewed told me that if his mom had been hacked, he would set her up with the cloud backup service Carbonite. It’s apparently mom-friendly (and will protect your files from getting overwritten with infected versions, unlike services like Dropbox).

Q. If you could tell people to do just one thing to reduce the chances of getting hacked, what would it be?

Resist the urge to open unknown attachments! The hackers will try to scare you with a message disguised as a legitimate invoice or receipt from a well-known brand. Like they will claim to be American Airlines following up on your recent ticket purchase and provide an attached “invoice” for your perusal. Don’t click! Brand name companies will ordinarily never send you an attachment unless it is in response to a direct request from you. Hover your mouse over the link to check the URL. Pick up the phone and call the company in question directly before downloading any kind of attachment.

Q. Were you under the impression that Apple products were safe from this sort of thing?

I was! But it’s not true. The CryptoWall hackers have chosen not to target Macs — so far — but there is no technological barrier preventing them from doing so. And there have been other malware schemes that have successfully targeted Macs. So we Mac users can’t afford to feel safe and smug.

Q. Would you advise other people to pay ransom if they were in this situation? Why or why not?

Ugh. Well, I certainly don’t judge anyone who decides to pay. These are people who face losing years worth of photos and important tax information, or maybe their family business is on the line. It’s a personal decision and generally an anguished one.

Q. When do you think law enforcement will catch up?

The problem isn’t when they will catch up, but whether anything can be done about it if they do. The digital breadcrumb trail usually leads investigators to smaller cities and towns in the former Soviet Union. A lot of the time, perpetrators have bribed local authorities to look the other way. If there is no political will to ensure these hackers end up in jail, there is really not much US authorities can do.

Q. You used bitcoins to pay the ransom. How has this changed your opinion of bitcoins?

Actually it has! Not so much the experience of paying the ransom, but the long chat I had with the guys who run Coin Café (which has a Bitcoin ATM.) They are such persuasive evangelists for this new cyber currency that I found myself won over. I even decided to buy some fraction of a Bitcoin (one Bitcoin actually costs hundreds of dollars) using their ATM on a lark when I was done with the interview. The only problem was the machine didn’t work — it was overstuffed with bills.