Download Safe and avoid Ransomware

Nitish ChandanCyber Security

The topic that I’m writing about today is pretty basic yet the reason for most of the incidents that happen online. “Download Safe?”, People often ask me (mock, even at times) that how can you “safely download”. There’s this wide array of posters saying download safe, stay safe. But what, really? The most you’ve got to do is type in what you want on a search engine and just get the file already. APKs for Android Games, EXEs for Windows Software (I know you are probably using IDM), .DMGs for MACs and what not. There are multiple ways we adopt to download content for free, which is otherwise, paid. Well, you do get stuff for free you think, but is it really?

I’m going to briefly focus on ransomware here because it is one of the biggest concern of the modern day corporate. Ransomware is a particular type of contaminant which stays undetected to most of the anti-virus systems in place. It focuses on not letting you use your device and then holding this for ransom. It achieves this either through encrypting your drives or blocking you out of even accessing your device. Our friends at Kaspersky have dealt with ransomware in detail here. And the biggest source of ransomware is non-trusted downloading.

Even if you evade the enclosure of ransomware, there is a whole set of spyware that can sit on your device just through the practice of “unsafe downloading”. Well, most of it has seen major place among us because of the want of free software, music, movies and what not. This makes the Indian internet users very vulnerable to being conned. And with the whole cashless drive coming into the picture, the number of internet and smartphone users are going to rise. Everybody is going to own a smartphone, have a data plan and then be vulnerable at the end because of the lack of awareness. That is one reason why, even if you feel that all of this is pretty basic, you need to closely monitor how you interact with services online and if you are in the safety area, help those who are not.

Is there one single way to Download Safe and avoid Ransomware?

Not really, you know. There can be so many things that add up to that perfect set of things that you need to do, the rules that you need to follow. And that, just in order to escape the boundary of vulnerability. One way of being vulnerable is being demonstrated in the Video here. Yes, this is me!

The video deliberates about the way some hackers fool you into downloading an application and causing you to compromise your security. If you are an Android user, I can pretty much bet on this fact that you’ve encountered this problem on your device more than often. It could have been while you were trying to download that Coldplay song or finding a website to stream the latest Sherlock episode (Well, I know it’s due in 2017). Once you get an apk file for the app that you want, you will definitely not bother reading the permissions it asks for. You go on to installing an app and only later realizing that it wasn’t what you wanted.  Some apps, believe me, are on your smartphone and reading your location, messages, call logs and so much more 24×7. Even if you delete the app after you realize, it could be pretty late because it has already captured all that data it needed.

So, the Play Store is safe then?

No! There are so many talented security researchers in the business who keep monitoring these trends every day. They’ve found many instances of malicious apps being sold on the Play Store as well. The only full proof way that I personally use is the “Why the hell test?”. Strange, right?

Why the hell Test?

Don’t worry, it is not a security standard. Just something that I made up. If I’m trying to download an app to listen to music, “Why the hell should it ask to access my messages?”. This is the decision you take at the time of installing the application and at times when the app asks for access to certain services post install as well. That precisely was the test. If an application fails the test, discard it, do not install!

When the whole Section 66A scrapping was applauded by most of the Internet users in India, it was ironical at some level, frankly. Though freedom of speech is what we contest for throughout the year but our right to privacy, we infringe on our own. Anyhow, through this post, I would urge all the readers to take this safe download approach for applications on your devices and more importantly, if you already know or have become aware through this, spread the word. Don’t share this post if you don’t like it but take its essence and tell the newcomers into this space.