Web Design Solutions that Empower Your Brand Tel: 941.870.5343

By Jay Daniel of Intechgrate Systems

Recently, two successful ransomware attacks crippled the daily operations of the world’s largest meat processor (JBS) and one of the largest US fuel pipelines (Colonial Pipeline) until the ransom was paid. This article is intended to help you gain familiarity with the threat, offer recommendations as to how the risk can be reduced, and how to respond if you or someone you know should become a victim.

image male hacker

What is Crypto Ransomware?

Ransomware is malware (malicious software, or a “virus”) designed by criminals to deny an organization’s users access to the files on their computer or network. Crypto ransomware, (or Cryptoware) is a type of malware that effectively damages computer files, making them unreadable. Imagine a computer file as an egg, which is then scrambled. It is useless unless it can be unscrambled back to its original egg form.

Ransomware is most often spread through unsolicited emails which include embedded links or file attachments. These messages are disguised as legitimate business email and may appear to be from someone the user knows personally or communicates with regularly. This delivery method is referred to as “Phishing”.

If the user mistakenly concludes the message is legitimate, he or she will open malicious attachments or click embedded links to the criminal’s website where the malware is downloaded and installed without the user’s knowledge. This is known as “Drive-by downloading”.

Once active, Cryptoware will scan the local computer’s disk drive, any attached USB drive, and any network files which user account has permission to access. Every file that can be modified by that user’s account will be encrypted.

Once the encryption stage has completed a notice is presented to the user demanding a ransom payment for the decryption key. The key is a long alphanumeric code that is required to undo the damage and return the files to their original form.

The notice states the user’s systems have been locked or encrypted. It goes on to say that unless a ransom is paid, access will not be restored. The ransom demanded varies greatly but is frequently $200 to $400; ransom payments are demanded through use of a virtual currency, such as Bitcoin.

Unprepared organizations can be put in a position where paying the ransom is the easiest and least expensive way to regain access to their files. Presumably, this was the case for both JBS and Colonial Pipeline.

What are steps I can take to reduce the risk?

Users and administrators are wise to take the following preventive measures to protect their computer networks from ransomware infection:

  • Employ a data backup and recovery plan for all critical information. Monitor backup logs and test recovery operations to limit data loss and to have confidence in the recovery process. Note that network-connected backups can also be damaged by ransomware. Onsite backup storage must be complimented Backup storage should be offsite storage (such as cloud storage), away from the organization’s network for best protection.

 

  • Keep your operating system and software up to date with the latest patches. Unpatched or outdated applications, operating systems and firmware are the targets of most successful attacks. Ensuring these are patched with the latest updates reduces the number of exploitable entry points available to an attacker.

 

  • Maintain a commercial grade ‘single solution’ anti-virus software rather than mixing various ‘free’ anti-virus software or personal subscriptions. Perform automatic, scheduled scans of all computers daily.

 

  • Operate a commercial grade firewall device which can scan software downloaded from the internet against an updated list of know threats. This is called “Gateway Anti-Virus”.

 

  • Restrict users’ permissions to install and run software applications and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.

 

  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine.

 

  • Implement a web content filter to prevent users from accessing sites known to distribute malware. This security layer can be provided by the firewall or by security software agents.

 

  • Invest in “Phishing Simulation” and other forms of employee training to help your staff recognize threats with accuracy.

 

  • Consider a Cyber Liability Insurance policy to assist with expenses and recovery costs in the event a ransomeware attack occurs.

 

What can I do if I become a victim?

If you or someone you know should receive a ransom notification on your PC, take the following actions to help prevent the spread of the ransomware to other devices and shared network file folders.

  • Stay calm and do not click any links presented by the malware.

 

  • Immediately unplug Ethernet cables and disable Wi-Fi or other network adapters.

 

  • If using a computer or laptop, shut the computer down as soon as possible.

 

  • If using a mobile device such as a smart phone or tablet, put the device in Airplane Mode turn off Wi-Fi and Bluetooth.

 

  • Disconnect external storage devices such as USB drives, memory sticks, as well as any digital cameras, phones or other gadget which has memory storage.
  • Contact a professional IT provider to assess how much damage occurred and assist with cleanup and data recovery.

 

Summary

The authors of ransomware aim to instill fear and panic into their victims. Paying the ransom should only be considered as a last resort as there is no guarantee the criminals will deliver on their promise and restore the data. By following the recommendations in this article, you will build a better defense and create options for efficient recovery should you ever become a victim.

By Jay Daniel of Intechgrate Systems

Share This