Understanding Ransomware and How You Can Prevent an Attack
In February 2016, cyber attackers installed ransomware in the operating system of Hollywood Presbyterian Hospital in Los Angeles, CA. Staff members found themselves unable to use email and could not use the hospital’s computer system. All of the system data was still intact, they just couldn’t access it. The hackers demanded $17,000 and the hospital had no choice but to pay because the damage to their system and files would be too great to recover.
Although ransomware usually targets individuals, we are now seeing an increase in the amount of these enterprise level attacks. The presence of these organizational threats means that no business is too big or too small to be targeted and everyone is at risk. In addition, these type of ransomware attacks are expected to spread to India and the Middle East in the near future.
What Is Ransomware and How Does It Work?
Ransomware is a type of malware, or malicious software, that encrypts the data or information on a computer system. Typical ransomware does not delete the data, it just encrypts it so that the user can’t access it. To regain access, you will need the decryption key for which you must pay a ransom to the cyber criminal.
In most cases, the attacker sends out a spam email to an organization’s staff with an infected link. In addition to email, ransomware can be delivered through infected links on websites or even in compromised software. When someone clicks on an infected link, it provides the hacker access while the software attempts to compromise as much of the system as possible. After it has infected as much of the system as it has gained access to, it then begins to encrypt the data.
The hackers’ next step is to demand a ransom, typically in bitcoins so that it remains anonymous and cannot be traced. In the case of Hollywood Presbyterian Hospital, the ransom demand was 40 bitcoins, worth $17,000US. Since the hospitals’ data was critical and its communications were paralyzed, they had no choice but to pay the ransom.
What You Should Do If You Are the Victim of Ransomware
Don’t panic. Report the attack to your information security team as soon as possible. If you don’t have a dedicated security team, disconnect your system from the network and go through your critical files and directories to determine how many have been encrypted. After you have found the files that have been affected, try changing the file extension back to the original. Some fake ransomware simply change the file names without actually encrypting them. There are also some commercial ransomware decryption keys available on the market. Unfortunately, if you don’t have your critical files backed up and the ransomware is real, you will have to pay the ransom.
It is also important to report the event to law enforcement or to cyber security resources. The more information they have, the better they can handle cases in the future. Sites such as NoMoreRansom have been able to build decryption keys based on the information they receive from victims.
What You Should Do to Prevent a Ransomware Attack
While you can’t completely prevent a ransomware attack, there are some precautions you can take to protect your system.
Backup, backup, backup. The only reason ransomware is so successful is because most people do not regularly back up their files. If an individual or organization has a comprehensive backup protocol, then the threat of ransomware becomes an empty one. Be aware that using a backup connected to your internal system is ineffective as ransomware can reach that as well. It is a good idea to use a cloud based, external storage for backing up critical files. Another option is to invest in an external hard drive. Be sure to perform a daily back up of your important files and remember to keep the hard drive detached.
Another preventative measure you can take is to keep your systems updated and update antivirus software, patches and desktop applications.
Stay away from spam emails and warn staff not to click on unknown links in emails or on suspicious websites.
Finally, have the numbers of your IT team handy in case of an emergency.