GovDefenders Wednesdays: What is Ransomware & Why Is It a Threat?

GovDefenders Wednesdays is written by Van Ristau, DLT Solutions’ Chief Technology Officer. Throughout the month, he’ll explore the world of public sector cybersecurity; introducing concepts, offering opinions, providing resources, and identifying ways to protect your agency. You may also follow Van on Twitter at @VanRistau.

The Ransomware Threat

Neal Stephenson’s most recent novel REAMDE is a 1,000-page technology thriller that I recommend to those of you who enjoy complex novels.  Stephenson develops the plot from the consequences of a hacker in Asia who uses ransomware to encrypt a hard drive containing a list of thousands of stolen credit card records. The hacker promises a decryption key to unlock the hard drive upon payment of a ransom fee. What the poor hacker does not realize is that the Russian mafia had previously purchased the stolen credit card data for a large sum of money and now cannot use it. As you may surmise, mayhem ensues across several continents.

A Real-Life Cautionary Tale or Life Imitating Art

Recently a medical center was hit by a ransomware attack resulting in the encryption of and ransom demand for the center’s medical records. Rather than pay the ransom demand, the medical center is now recreating medical records from source data.  What is most worrisome about this report is that society is moving to digital medical records with staff that may be well trained in the medical arts, but perhaps less so in information security.

How to Recognize Ransomware

Ransomware has been around at a relatively low level since 2009, but has recently become a much more significant threat that generates millions of dollars for the perpetrators. A typical ransomware scam begins when malware is downloaded to a computer from a malicious site or one that has been hijacked for the purpose of distributing ransomware. The ransomware disables some function of the victim’s computer and demands that a fee be paid to restore the system. In some cases the scammer restores the computer, but that doesn’t usually happen. Ransomware is also known to be distributed through phishing - using email with infected attachments or that contain links to malicious websites.

What to Do If You are Infected with Ransomware

If your machine becomes infected with ransomware, security professionals recommend that no ransom be paid to the criminals. Symantec offers a ransomware removal procedure to restore your computer, but if yours is a business computer you should, of course, defer to your IT department specialists.

How You Can Protect Yourself From Ransomware

Good Internet hygiene and endpoint protection tools are your primary defense. Don’t override your malicious website blocking tool and visit sites that are known to be malicious. Don’t click on any web link that you cannot verify to be safe.

Consider using one computer for email and Internet research and keeping your most important files on an isolated computer that is not normally networked. That is what I do; personal computers are inexpensive enough that it is not an unreasonable precaution.

Image courtesy of dot-ie.com