#CyberAware about Ransomware

Oct 7, 2016

ransomware

Imagine your local government's files and documents held for ransom. The risk is greater than you think, with the number of cyber-attacks by ransomware increasing rapidly.

Ransomware, including Cryptolocker and its variants, is malicious software that encrypts files on a computer as well as files on the network that the user has access to. Once the files are encrypted, the only way to open them again is with the encryption key. Victims must pay a ransom, usually in a virtual currency such as Bitcoin, to the attacker to obtain the key to their locked files.

How does it happen

Some common ways that an attacker can introduce ransomware into a victim's system are embedded email links or email attachments, or websites with hidden malicious software.

The expensive headache doesn't end with the ransom. Victims lose day-to-day productivity and need additional IT services to repair the compromised system and attempt to restore any lost files. And there is no guarantee hackers haven't viewed sensitive and confidential information.

What you can do to reduce the risks

You can reduce the risk your government will fall prey to ransomware by taking these steps.

  • Keep your computers' software security products up-to-date and enabled. They should include anti-virus and anti-malware programs.
  • Always apply the latest software security patches promptly.
  • Train all computer-users on good cyber-security habits. Regularly remind them not to open suspiciously titled email or click on unsolicited web links or attachments in email messages.
  • Install controls that limit a user's ability to install and run unauthorized software.

To minimize the impact of ransomware:

  • Limit users' access to only those resources they need to perform their jobs
  • Make it clear what users should do if they do accidentally click on a link, or if they notice unusual activities like changes to file name extensions.
  • Have a plan: minutes count if you want to reduce the damage of ransomware and prevent its spread to other files or systems on the network.

The most important action you can take: Back up your data

One of the best defenses against ransomware is having regularly updated backups. If attacked, you may lose changes made since your last backup, but being able to restore a workstation or your entire system to an earlier snapshot significantly reduces your risk.

Remember that ransomware will encrypt files on drives that are mapped, including network or cloud-based file storage, even external drives such as a USB flash drive, if you assign a drive letter to the backup location. Consider copying your data to some sort of removable media and then disconnecting it from the system.

Test your backup program regularly. It is very common to assume a backup is working fine – but things can and do go wrong. You don't want to discover a problem in your backup file after the ransom note arrives.