Cyber Basics: Computers Held Hostage

 

Imagine surfing the web and stumbling upon a pop-up ad declaring you the lucky winner of a prize. To claim your prize, all you have to do is click the link. You think to yourself, “Wow, I finally won something!” You proceed to click the link, only to be confronted with a terrible reality…

You begin to panic. You were just expecting to win money, but now you can no longer access any of your files or even navigate away from the window. All you can do is stare at a new message asking for money while trying to figure out what is happening to your computer, and what you are supposed to do next.

 

Hello Ransomware

After clicking on the ad, your computer became infected with a malicious software called ransomware.

Ransomware is a type of malware designed to prevent access to data until a ransom payment is received. According to the Institute for Critical Infrastructure Technology (ICIT) Ransomware Report, there are two main types of ransomware: locker and crypto. Locker ransomware denies access to the computer itself while the files on the computer remain unharmed. Crypto ransomware allows access to the computer but encrypts the data and files on the device.

The most common way for hackers to introduce ransomware into networks and/or computers is through phishing attacks. These typically come from emails containing an infected attachment or link, which the unknowing user clicks on, giving hackers access to the network and device. Once the user sees encrypted files or is locked out of the system, the hacker usually gives them a time frame and an monetary amount they must pay in order to obtain a decryption key.

Hackers typically request payment in Bitcoin, a digital currency that is difficult to trace. Ransomware has been known to target a range of devices, from private computers to multi-million dollar corporations. No one is completely safe from this growing threat.

A Growing Threat 

The FBI’s Internet Crime Complaint Center (IC3) received almost 2,500 ransomware complaints in 2015, which collectively cost companies over $1.6 million. This number, however, reflects only the number of complaints that were made to the IC3. It is estimated that there were many incidents that were not reported, thus making the total amount paid due to ransomware substantially higher. According to Infoblox, Americans actually paid closer to $24 million in 2015 from ransomware hacks. The numbers from 2016 are even more staggering. In the first quarter of 2016 alone, victims of ransomware in the United States have already paid out $209 million. Infoblox’s recently-released DNS Threat Index reported a 35-fold increase in ransomware domains from the final quarter of 2015. Clearly, 2016 will be much worse for ransomware than 2015.

To Pay or Not To Pay?

In the event you fall victim to a ransomware attack, the first thing you should do is determine the exact tool being used to encrypt your data. ID Ransomware is a website that can can detect over 100 different types of ransomware, and help determine what is holding your files hostage. If you are able to determine the source of encryption, then you are able to search online to see if there is a public decryption key that will allow you to decrypt the files yourself. If you cannot determine the source of encryption, next see if your files have been backed up recently so you can potentially lose just a copy of your data, but avoid paying the ransom altogether. Should these backups be insufficient, you must then decide whether or not to pay the hacker. This is not an easy choice to make, as both options are lined with difficulties.

Paying the ransom is typically the cheapest and the fastest way to solve the problem, though there is no guarantee that it will work. Unfortunately, hackers have the upper hand in these situations. Masked by virtual anonymity, they also operate confidently on the assumption that their victims, particularly large public organizations, will remain quiet and not report the attack for fear of public humiliation. What’s more, even if the hackers honor their agreement and unlock the encrypted data, there is always the chance that the original ransomware is left hidden in the system, able to lie dormant and access other files to be held for ransom in the future.

Even with these risks, sometimes there is no other option than to take the gamble and pay the ransom. Hollywood Presbyterian Medical Center faced this difficult decision in February. The hospital staff was unable to communicate with each other, making typical day to day operations nearly impossible. The hospital was forced to revert to pen and paper for its record-keeping during the attack. The facility ultimately paid the ransom of 40 Bitcoin, or roughly $17,000. In this particular case, hospital executives had not only money to consider, but the well-being of their patients.

How to Prevent Ransomware Attacks

The FBI offers preventative measures that organizations should take to protect themselves from cyber criminals. As ransomware is becoming an even more prominent threat, it is important for companies to ensure their employees are aware of and regularly practice these measures. Some of the most important measures include:

  1. Limiting access to privileged information to essential personnel only
  2. Implementing restriction policies on software to prevent infected links from opening
  3. Ensuring that antivirus and anti-malware solutions update automatically, and consistently conducting regular security scans
  4. Backing up data regularly and in a secure fashion is the most critical protective measure to take. It is vital that the data is backed up on devices isolated from the networks that they are backing up (so as to prevent spread of any malware onto the backup), and that their integrity is verified regularly.

Organizations can implement these measures themselves, or retain the services of outside cybersecurity experts to help. No one is safe from ransomware, but organizations can take preemptive steps to significantly decrease their risk of falling victim to an attack.