Guest post: What is Ransomware and how can I protect my system?

You may have seen this cyber threat in recent news with organisations being hit by a new wave of computer hacking that takes data and files for ransom. So what is ransomware? In simple terms this type of cyber hacking comes in the form of a virus designed to hold your files and data to ransom in turn for a sum of money. This type of virus like many others sees potential security vulnerabilities in your system and exploits them. This type of threat may trick you into installing the virus through software downloads or sending malicious links / files via email which when deployed, then proceeds to encrypt various data on a machine or even an entire hard drive. A warning will then popup on screen which will threaten the user to pay up to receive the decryption key otherwise after a specific period, their data will be deleted.

A computer virus that blackmails you

This type of computer virus has been more frequent in the past few years. The most well-known example in recent weeks saw the UK’s National Health Service get hit by the ransomware virus known as WannaCry but this was not an isolated incident, as organisations globally were attacked in a short space of time, which calls for everyone to be extra vigilant especially when downloading from unknown sources. For the most part, these ransomware viruses are hidden behind popular apps, which increase the chance of you clicking through to download. It’s not just PCs that have been affected by this cyber attack, hackers have become sophisticated in their techniques and warnings about mobile app downloads have been highlighted.

So how does ransomware work?

Like many cyber attacks, ransomware often comes from emails or conspicuous software updates. In these emails you’ll find a link or an attachment to open, be warned, as the damage starts in being opened. The ransomware soon gets to work encrypting your files and then locks the computer down, with a fee to retrieve everything.

How can I avoid a ransomware attack?

The message for anyone concerned about cyber attacks is to avoid opening anything suspicious or unexpected. Some emails can look very convincing, some often concealing the real sender, so be extra careful when clicking on links and attachments especially from sources that you do not know.

My system has been attacked is there anything I can do to avoid paying the ransom?

If you’ve been unlucky enough to open an email with the ransomware virus and you’ve proceeded to click a link or download an attachment, there may be some things you can do to retrieve your files before handing over any cash to the perpetrators. Firstly check your backups. This is especially important to companies as large amounts of data can fall quickly at the hands of the hackers with the potential of never being able to retrieve it. If your backup is recent and relevant, this can then be recovered. You may experience some downtime and a minor amount of data loss but this backup could be crucial in restoring as much of your original data as possible before the attack.

Another thing to remember is avoid paying the hackers. When you’re in panic mode and fears about your cyber security are running high, it may seem an easy option to pay them and get back the access to your system. This could potentially open you up to future threats as paying the hackers offers them an olive branch for future blackmailing. In some cases, all paying the hackers has done is let them know that you are willing to pay them to gain access back to your data and then they just increase their demands and just get as much as they can out of you.

So, can I decrypt my encrypted files?

It is strongly advised to see a professional expert in this field because attempting this yourself is a tricky procedure and if anything goes wrong, it could completely lock you out of your data for good.

How can I protect my system and data?

Back up

One of the first and most important things in preventing data loss in any circumstance is backing everything up. This should also be on a separate system and happen on a regular basis. A good location is onto an external hard drive that isn’t connected to the internet.

Be suspicious of emails, unfamiliar websites and mobile apps

This is another important prevention method that is communicated regularly. For ransomware to work, you need to download it, so be wary of any attachment or links in emails that you look suspicious and where you do not know the sender. For mobile, avoid downloading apps that haven’t be verified by an official store and be sure to read any reviews before installing on your phone.

Use decent and usually paid anti-virus software

This handy piece of software is a great prevention method when protecting your computer against a range of threats. Most antivirus programs are able to detect ransomware before downloading them and give you warnings about malicious websites before you start exploring them. Be warned though, a lot of ransomware can go undetected by free anti-virus software, it is worth investing in a decent anti-virus program that could save your business big-time in the long-run.

Install recommended updates on your computer

We all know the drill and that pesky message telling us to install the latest updates, well this is an important and easy way to keep your system updated with the latest security patches. It’s advisable to download them when they are available and for larger companies, this should be an important part of your system management to protect company data.

Now Apple gets it too – the importance of owning your own health data

The importance of owning your personal data on your terms is of critical importance to us here at digi.me.

And health data is front and centre of that, which is why we have just launched a living lab in Iceland, allowing citizens there to download an electronic version of their health record. Exciting stuff and a world first – but mainly incredibly useful for all sorts of reasons.

Holding your own data so you can do more with it guides everything we do, so we were delighted that Apple is apparently working along the same lines as us.

According to this report: “CNBC has learned that a secretive team within Apple’s growing health unit has been in talks with developers, hospitals and other industry groups about bringing clinical data, such as detailed lab results and allergy lists, to the iPhone, according to a half-dozen people familiar with the team. And from there, users could choose to share it with third parties, like hospitals and health developers.”

As with digi.me, the applications for work like this are legion, ranging from simply having all your health data at your fingertips whenever you need it, to speeding up information sharing between different medical organisations and cutting out major time and frustrations for referrals.

The health service is ripe for reform, and health data is at the centre of that. So any work done in this arena is a boost to all, with the potential for truly universal benefits.

 

Demonstrating digi.me consent access at the BNP Paribas international hackathon in Paris

Digi.me was delighted to attend BNP Paribas’s International Hackathon Weekend, which took place in ten cities around the globe simultaneously.

IMG_0192

We were part of Paris event, where challenges included finding solutions to common banking problems, and chose to try and solve the problem of authenticating documentation on demand

IMG_0195

Our solution told the story of Jean, who is trying to buy a new car in a hurry but has yet to sort out any financing.

hack1

No problem! Normally that would take ages, but in our scenario his bank, BNP, is working with digi.me, which streams in all his data sources. Now he is in control of his online life and can share his data with any party he wants

hack2

So Jean requests a quote from his BNP mobile banking app. BNP will need to see some of his personal data, so the app triggers a consent certificate to Jean’s digi.me account, stating what is being shared and why, and whether it is GDPR compliant. The data is then retrieved from Jean’s library, passed to BNP and run through their pricing engine. So far, so good.

hack3

Eligibility is checked and an offer sent in real time – but – small problem – it is conditional on seeing Jean’s ID. To meet this challenge, we provided a functionality for Jean to upload a picture of his passport to his Document Vault, where the data is automatically read, stored and shared with the bank, as well as authenticated.

The loan approval document is sent and Jean receives confirmation on his phone.

No more waiting for days or even minutes. Simply real time

Simple, scalable and secure. It’s proven. Welcome to the world of sharing. Welcome to digi.me

Digi.me allowing Icelandic citizens to download their own health data in world first

Digi.me’s unique personal data technology has allowed Iceland to become the first country in the world to make a digital copy of their health data available to its citizens.

The digi.me app is powering this innovative and collaborative living lab project, with the aim of giving users greater insight and control over their health and treatment, through having instant access to their own information which is stored in a secure, private library on their devices.

Open to every Icelander, this new initiative follows an Open Notes study with more than 13m participants in the US that showed simply giving access to health data leads to healthier living and reduced healthcare spending, through empowering patients and building stronger relationships with medical professionals.

Data including prescriptions and medications, vaccinations, allergies and medical admissions will be available to citizens who take part in the living lab instantly, and the project has the full support of the country’s Directorate of Health (DoH), which worked with local companies to develop an API to integrate with digi.me

A DoH spokesman said: “We hope that helping our citizens take more control over their health will have positive benefits for both them and our healthcare system as a whole.”

The living lab, which is a test bed prior to roll-out to other countries, is run by digi.me’s partner Dattaca Labs. Iceland was chosen because it is an exceptionally privacy-aware, tech-savvy and forward-looking nation, and the living lab environment will be used to further develop the digi.me app, as well as promote Iceland as an ideal incubator environment for businesses looking to test new products.

Julian Ranger, Founder and Executive Chairman of digi.me, said: “This is a significant moment for us at digi.me, but more importantly for individuals who will now be in control of their data and can gain more benefits from it.

The personal data ecosystem that results also benefits businesses, Government and society as a whole, and Iceland will lead the way in showing these benefits to a watching world wanting a privacy-enabled solution that allows us all to do more with personal data.”

Financial data will soon also be available for those in the living lab to download, thanks to major Icelandic banks also seeing the value of unlocking the power of personal data, with wearables data also coming imminently.

Digi.me has been making headlines for its personal data tool, which under a new release due shortly will allow additional data streams to be added, and shared with businesses for personalised rewards and services under a bespoke Consent Access process. It last year completed a Series A raise, where investors included Swiss Re and Omidyar Network.

Dattaca Labs is working with government and local Icelandic businesses and multi-nationals to create innovative services across a wide range of industries, including healthcare, finance and telecommunications. Its goal is to attract a wide range of companies and entrepreneurs to Iceland to develop innovative solutions in the health tech, fin tech and IoT spaces.

Fixing the personal data privacy paradox by sharing more

Right now, you’re leaking data about yourself with every move you make online – and businesses, desperate to make themselves relevant, grab this from behind your back.

But what data they get is often out of date or just plain wrong, resulting in them wasting your time with poorly-targeted ads. Irritating for you, and no good to them either.

But you can’t do anything about this because you don’t own the data, even though you created it.

So what are your options? A traditional privacy seesaw suggests you share more and have less privacy, or lock down your data and don’t share it.

This set-up doesn’t work for individuals who can’t maximise use of their personal data and doesn’t help businesses who want to provide tailored services either.

Yet it doesn’t have to be this way – and when we change the perspective and put you, the individual, at the centre of your data – well, then things start to get really interesting…

How interesting? Well, using digi.me means you can share more of your personal data while increasing your privacy.

Our app lets you gather all your data together privately.

We also enable you to share it – with businesses in return for value which may be a service, for convenience or reward.

This is called the Internet of Me – where you are at the centre of your digital life, owning and controlling your data.

And it’s the only thing that makes sense. After all, who else would you trust with all the data about you?

So how does this change the privacy see-saw we talked about? Because you’re in charge of your information and where it goes.

So a bank can now ask you for information to assess your creditworthiness directly, for example. Today they can’t do this; they are reliant on 3rd party aggregators who often don’t have a full or even correct picture.

With digi.me, the bank can ask for your data, you can agree and your digi.me app will pass that data to the bank for the specific and sole purpose of calculating your creditworthiness – a contractual commitment enforced by the digi.me Consent Certificate you agree to. This allows you to share more data than today, but more privately and with you in control.

However, it can be even better than this specific example.

How? Well the bank received your data to calculate your creditworthiness, but in that scenario the bank has to store your data, protect it from being used incorrectly or being hacked – all costing the bank resources and money.

Yet all they really want is to know your creditworthiness score – your data is just a step on the route to that score.

Now that you own the data yourself why not bring the processing to the data, rather than the data to the processing? You can download a bank app and the app can look at your data, analyse it and ONLY send the creditworthiness score to the bank – your data never leaves your device.

So you have shared detailed financial data with the app but it has remained 100 per cent private to you – sharing more with greater privacy.

My favourite new example is an app to keep you healthy built on the digi.me platform for major health businesses.

This gives you health advice whilst processing your health and wearables data locally, not sharing anything with any 3rd party.

No data leaves your device, and yet you win by being healthier and the business wins by reducing healthcare costs and health insurance claims. 100 per cent private and a true win-win for both the individual and the business.

So you now own all your personal data and businesses get the 100 per cent accurate, rich and deep data that they can use to build tailored experiences.

Enabled by digi.me, this is the Internet of Me and it is here today.

NHS cyber attack shows perils of not holding our own personal data

The global cyber attack that hit huge corporations worldwide and paralysed much of the UK’s National Health Service showed one thing above all – how easily centralised siloes of data can be rendered obselete.

The Wanna Decryptor ransomware attack, which is believed to have affected more than 200,000 systems in over 100 countries, making it the biggest in history, locked computers and systems before holding files hostage until a ransom was paid.

This had a massive impact on hospital trusts across the UK, which were unable to access patient data for treatment, meaning they were forced to send patients away and cancel appointments.

This was far from an attack aimed at the NHS, as some initially feared – but it did show its vulnerabilities – and not just in using older Microsoft computers that hadn’t been patched to cover known security issues.

Rather, it emphasised the loss of control that we all have over our personal data, when instead of having a copy ourselves, it is held in giant siloes controlled by others. And, which may or not be significant in this case, tend to prove to be very attractive honeypot targets for hackers because of the wealth of data they contain.

If we each had a copy of our own health data, the impact on the NHS would have been minimised dramatically. Anyone turning up for treatment or an appointment could have shown the relevant diagnostic and prescription history from within their digi.me app, presumably enabling further action to go ahead instead of mass cancellations.

And this is not just talk of a brave new world – it’s on the cusp of reality, with both a new version of our app and an exciting project demoing just this experience due to be announced within weeks.

The world will never be free of those who want to disrupt, harm and make money through nefarious means. But if we have control over our own data, through the principles of the Internet of Me, we take away a great deal of their power – certainly in their capacity to bring chaos to our lives.

Search everywhere, find anything with digi.me

We’ve all had those moments where you KNOW you saved or shared that perfect recipe, article, item, life hack etc – but can’t for the life of you remember when or where.

Enter digi.me to the rescue – not only does our app gather all your data in one place, our clever universal search means you can look through everything at once, instead of one platform at a time.

You can put as wide or narrow a filter on as needed – watch our video below to see how!

You can find more videos about the app, the digi.me team and our vision on our YouTube channel.

Personal data – the fuel of the future?

Is Data really the world’s most valuable resource, the oil of its day?

That’s the scenario being posited as the lead story on the front page of The Economist – and what this titan of financial publishing and thought says, others listen to.

Of course, here at digi.me we have long been big believers in the power of data to transform and innovate, for individuals, businesses, society and even governments.

But we also know we’re riding the front of a wave, to some degree waiting for the world to catch up with us about the importance of both protecting and owning the elements that make up your very own, very personal digital footprint.

Thankfully, the importance of personal data is an issue that is pushing itself more and more to the forefront of discussion and awareness with every passing month. Incoming EU legislation, the GDPR, which has a great focus on individual power over personal data, will also force more conversations and visibility ahead of its implementation in a year’s time.

But the main Economist article and associated briefing is a great primer for those hoping to get up to speed on this important issue, straddling as it does the middle line between data’s power and the issues misuse of it can cause.

For example, it is clear that: “Data are to this century what oil was to the last one: a driver of growth and change. Flows of data have created new infrastructure, new businesses, new monopolies, new politics and—crucially—new economics.

“Digital information is unlike any previous resource; it is extracted, refined, valued, bought and sold in different ways. It changes the rules for markets and it demands new approaches from regulators.

“Many a battle will be fought over who should own, and benefit from, data.”

But it also adds: “There is cause for concern. Internet companies’ control of data gives them enormous power. Old ways of thinking about competition, devised in the era of oil, look outdated in what has come to be called the “data economy”. A new approach is needed.”

Its clarity, too, on what has fuelled this new approach: “What has changed? Smartphones and the internet have made data abundant, ubiquitous and far more valuable.” adds to its authority – this is a well-researched article, and all the more enjoyable for that.

It is a wide-ranging and very thorough piece, looking at all elements of the data economy (not just personal) and in particular what should be done with the Amazons, Googles and Ubers who own, or have access, to huge swathes of it.

Specifically looking at the personal data economy, it speaks of consumers and online giants being “locked in an awkward embrace…but…also showing symptoms of what is called “learned helplessness”: terms and conditions for services are often impenetrable and users have no choice than to accept them (smartphone apps quit immediately if one does not tap on “I agree”).”

It adds: “For their part, online firms have become dependent on the drug of free data: they have no interest in fundamentally changing the deal with their users. Paying for data and building expensive systems to track contributions would make data refiners much less profitable.”

Once again, we couldn’t agree more with this analysis of the current state of data trading – but we are confident that the Internet of Me, and the data revolution that platforms such as digi.me which operate under its principles will bring, are a full and proper solution to these issues. And moreover, a solution that is set to take the world by storm.

Digi.me named as finalist in the Citi Tech for Integrity Challenge

Digi.me is delighted to have been chosen as a finalist in the Citi Tech for Integrity Challenge, which is searching for innovative and workable solutions to key problems in the financial and governmental sectors.

Our bid, showcasing digi.me as a product that can help deal with challenges as diverse as corporate governance, anti-money laundering and identity validation, has now passed through two rounds and been shortlisted for a demo day in Dublin later this month.

Here, we will showcase a demo version showing multiple streams of data being uploaded to the app, with innovations addressing the specific ‘pain points’ being shared in presentation format.

These include using technology to analyse and identify patterns of fraudulent health insurance claims, and leveraging emerging technologies such as blockchain to create digital identities for the large population of people, such as refugees, who do not have legal identity papers.

Julian Ranger, digi.me Founder and Executive chairman, said: “Digi.me has always been a platform that will benefit both individual users and those that need to access consented data, and we know there are multiple and important use cases for it in society at large, over and above enabling the global population to take ownership of their own data.

“In these instances, it can enable much higher effectiveness and efficiency in distribution of services to people in distress. Respect of privacy between individuals and organisations is of utmost importance. With digi.me, users’ privacy is of the highest priority.”

At the demo day, digi.me will demonstrate how our product can be used to:

  • enable governments to efficiently and effectively identify refugees who have had to flee their home countries without identification papers. Their digi.me account is effectively an audit trail of their online life and therefore a way to identify both them and their circumstances, as well as reducing costs and waiting times for immigration departments.

  • enable insurance companies to reduce insurance fraud, with a knock-on effect of reducing insurance premiums for consumers

  • enable governments and NGOs to identify the correct individual recipient of any offered support, using their digi.me account to validate who they are and audit what was received. This method could be used for goods, vouchers or financial support whether beneficiaries are present or not.

Digi.me, which has focused largely to date on social media content, is undergoing a major update in the next few weeks which will see the ability to add financial and health data, with more categories of data becoming available over the next months. This update also sees the first public release of digi.me’s Consent Access capability which allows third parties to build apps requesting individual’s to share their data – five such apps are already in production.

The demo will be shown to judges including Colin Moreland, Citi’s Treasury and Trade Solutions Country Head, David Burrows, MD, Microsoft’s Intl Organizations, Ken Moore, Head of Mastercard Labs, and Yolande Piazza, Citi’s CEO of Consumer Fintech.