Over the past few days we have been seeing many users receiving a ransomware demand. This is nothing unusual. However, in the ransomware letter they provide a password that you use as evidence they have some type of control over some of your IT.

And indeed, it is a password you use.

However, do not fall for this ransomware.

The criminals are using old databases of old hacks of some sites. Since most people use the same 1 or 2 passwords for everything, and never change their password, a password used 10 years ago may be the one used in the letter.

Now that you have ignored the ransomware, there are some things to do:

  1. All of your passwords, for your computer, email, and websites and services you visit should have a password of at least 15 characters, and a different password for each one. Change them now.
  2. I can barely remember where I parked the car last night – much less the bazillion passwords I use. No need for you to remember. There are a few ways to attack the problem:
    1. Use a Password Manager. I personally like and use LastPass. It is free, works on all platforms, and it will create and store all of your passwords. It will even copy them to all of your devices.
    2. Create a password protected Excel spreadsheet (or any brand spreadsheet). In column A enter the name of the service or site. Column B the URL for the service or site. Column C the login username. Column D the password. Column E is the date of the last time the password was changed. Save this in a file sharing service such as Google Drive, DropBox, OneDrive, etc. so that you and only you have access to the file. Anytime that you need a recorded password, or need to record a password, open the spreadsheet on any of your devices.