Cursed hacker, increasingly sneaky, equipped, capable and omnipresent. This is confirmed by the signals of recent days, with the almost global attack on the servers of many companies accompanied by the now permanent trickle of pitfalls that also (and above all) affect individual citizens, the least equipped to fight and react. What to do? Good advice has been dispensed since time immemorial, but it is worth updating it, in the following breviary, taking into account the latest developments in the struggle between good and bad in information technology.
What's happening again
In truth, nothing new under the sun (or shadow, in this case) of widespread computing. What is happening these days does not represent a real novelty either in terms of the intensity of the phenomenon or in terms of the methods of the attacks. In the viewfinder are, as has been the case for more than twenty years, i enterprise servers who have not updated their systems (those of virtualization, in the case of the latest attacks) with periodic and mandatory security interventions (patches). This translates into a very clear message even for less professional users and for individual citizens dealing with their PC, e-mail, applications and above all with the increasingly precious digitized archives that we keep at home or in the clouds.
Ransomware, the mighty King of viruses
The last frontier of attacks is that of ransomware, the virus software that enters our computer system (the company server but also a single PC), steals data for fraudulent use (credit card, personal documents) and/or encrypts the data with an unlocking key possessed only by the hacker who asks us for a ransom, typically in the form of a payment in bitcoin with a procedure that makes it really difficult to find the recipient of the sums that are extorted from us.
It is an attack that often acts in parallel and in collaboration with the one, already known and widespread for some time, which is carried out with the so-called phishing: an e-mail message invites us to click on a site that appears legitimate but instead activates the installing malicious software. The same can happen with simply opening a hacker-packed web page to do the exact same thing. The countermoves? Absolutely consequent to this scenario.
Always update the PC but also the software
However, always update as often as possible: the PC operating system (it is absolutely advisable to keep the automatic update function) but also all the software it is equipped with, on which intrusion and manipulation attempts are increasingly concentrated. Particularly dangerous is the practice of maintaining old versions of operating systems: in the case of Microsoft's operating system, all versions prior to Windows 7, however now considered insecure, are to be absolutely avoided. If we don't already have Windows 11, even Windows 10 is just fine for now, if we keep it constantly updated.
Application software, if purchased and configured correctly, in most cases has an automatic update procedure, or in any case with an invitation to proceed that appears in a banner. But security is never fully guaranteed. The operating system and applications can in fact be the target of the growing category of "zero day" threats, the new vulnerabilities still not ascertained by experts and therefore unknown to most people: there is even a zero day black market on the dark web (the air of undergrowth of the Internet). Having said that, there are plenty of companies, and not just individual citizens who are inevitably less equipped with skills, who are exposing themselves to frankly unjustifiable risks. Exactly what happened in recent days with the attack through an American virtualization software widely used by businesses, many of which had not implemented a security patch released even a year ago, thus exposing themselves to the attack. Do adults make mistakes too? Small consolation. We try in our small way to do better.
The email trap: don't open that door
E-mail remains the first defendant, the main means of attack by pirates. We try to interpret well, and above all to make practicable, the thousands of recommendations that are given to us every day on this front. The simple opening of an email rarely exposes us to a direct risk, but if we suspect that it is a trap and that email does not appear essential to us, it is better to delete it directly without opening it. If we open it, we carefully avoid clicking on any link without having carefully verified the authenticity of the sender and the content. How?
Step number one: if we have even a vague suspicion, we contact the sender by telephone and verify. In any case we try to check the link on which we are invited to click not trusting what appears in evidence but extracting an authentic address, which in some cases we can highlight simply by hovering the mouse over it. Otherwise you can try to view it correctly by clicking on it with the right mouse button and choosing the "copy url" option to then paste the content into any text processing program, even the simple Windows Notepad. If the "authentic" sender name does not correspond to a known address, or is in any case different from what we expect, we are definitely at risk and must check carefully.
Be careful where (and how) you click
How do we verify the link of the suspicious email or even a website that is offered to us or that we find through a search? Before clicking on a link contained in the e-mail message, or while navigating smoothly from one site to another while doing a search, we can check if a link is malicious (this applies both to the one contained in the e-mail received and to the URL of the site concerned) using one of the certified online procedures available on the Web. A good example is the verification site URLVoid. A waste of time? Not at all. An indispensable investment in the minimum security of our increasingly irrepressible digital world.
Only backup really makes us safe
Meticulous and obsessively cautious? We must and can limit the risk, but not cancel it. If we fall into a trap we avoid at least the most dramatic consequences. There is only one solution which, moreover, also protects us from the hypothesis of a sudden failure of our computer, or even more serious of our storage device, hard disk or pendrive. A reserve copy of our IT material, to be updated at least once a week, is to be considered an absolute obligation. We can choose the cloud solution, perhaps free like the "basic" one offered directly by Microsoft for example, if we don't need much space for our precious data. Or we can choose (perhaps because we don't trust the "cloud") a solution on our own, with a NAS (storage devices also serving a small home network, which is also worthy of much attention) or even with a simple external hard disk, which has the advantage of being able to be connected to the PC and activated only when needed to normally be kept safely away from everything.
Experts debate which is the best, safest and most effective solution. A good cloud, managed by a primary operator, should be considered safe overall: the manager will take care of keeping our data by ensuring the necessary backups in case of failures or problems on his side. If, on the other hand, we choose the do-it-yourself solution, with our own storage device, it is highly advisable not to make a single copy but a double copy, on two devices to be kept separately. Which objectively complicates things a bit.
Do not pay, you risk other damages
But if we are not cautious enough or downright unlucky, and still fall into the hands of hackers and their extortion attempts, how should we behave? Know that especially in the case of small professionals or individual citizens, the cases of returning the stolen goods with the unlocking of the encrypted software after the payment of the requested ransom are very rare. Most of the time you pay and are left without data, which perhaps, if of particular value, are resold on the dark web. The big omelette is done. By paying, we have clearly demonstrated to the hacker that the stolen data is valuable to us, perhaps to others as well. At that point we just have to dutifully report what happened, as soon as possible, to the competent authorities.