Saturday, January 29, 2005
You may not have heard of this kind of extortion
Normally you'd protect your data with a secret code ("encrypt" it) in order to keep it confidential. Only someone with the decryption key will be able to read the encrypted files.
Bad guys can use the same technology to kidnap your data and hold it for ransom. Once they get access to your machine, instead of destroying your files they might encrypt them and demand money in exchange for the decryption key.
It's happening now. There's at least one virus which encrypts your data and gives you an email address in Russia to contact about getting the decryption key.
"So what?", you might ask. Your antivirus and backup procedures will protect you just as they would against any other virus. But there's a related threat that almost nobody talks about.
Only the decryption program, with the right key, can read an encrypted file. What if you have important data in a proprietary file format? Then only the program that created the file can retrieve your data. What if the program vendor revokes your license? What if they go out of business and the program stops running? What if you're paying for the software license by the year and the vendor decides to triple the renewal price?
If you put vital data into a program with a secret file format you're letting the program vendor have control over access to your data.
Maybe your backup procedures should include exporting vital data to standard formats like ASCII, RTF, CSV and so on.
|
Bad guys can use the same technology to kidnap your data and hold it for ransom. Once they get access to your machine, instead of destroying your files they might encrypt them and demand money in exchange for the decryption key.
It's happening now. There's at least one virus which encrypts your data and gives you an email address in Russia to contact about getting the decryption key.
"So what?", you might ask. Your antivirus and backup procedures will protect you just as they would against any other virus. But there's a related threat that almost nobody talks about.
Only the decryption program, with the right key, can read an encrypted file. What if you have important data in a proprietary file format? Then only the program that created the file can retrieve your data. What if the program vendor revokes your license? What if they go out of business and the program stops running? What if you're paying for the software license by the year and the vendor decides to triple the renewal price?
If you put vital data into a program with a secret file format you're letting the program vendor have control over access to your data.
Maybe your backup procedures should include exporting vital data to standard formats like ASCII, RTF, CSV and so on.
# posted by Frederick @ 10:03 PM Email to a friend:
Haloscan: they provide trackback