After a ransomware attack, the hacker will demand payment (ransom), but often times will not unlock the systems or files even if ransom is paid.

Ransomware is a type of malware, but with an extra sting. If infected with this malware, access to your operating system or files will be prevented or limited. The hacker will demand payment (ransom), but often times will not unlock the systems or files even if ransom is paid.

A ransomware attack is nothing new, dating back to the AIDS Trojan in the late 1980s. Because it was the 80s, instead of paying electronically with bitcoin, the victim had to mail money to a post office box.

Payment requirements aren’t the only change, of course. Ransomware attacks have become increasingly sophisticated and common.

Let’s look at how ransomware works.

 

Step 1: Infection

How does a device or system get infected with ransomware? All of the usual malware methods are applicable to ransomware infection:

  • Emails with malicious links or attachments
  • Visiting websites that install malware on your computer
  • Clicking malicious links on a website
  • Malvertising (malicious advertising) links
  • System vulnerabilities
  • Access via stolen credentials
  • Self-propagating ransomware (cryptoworms)

 

Step 2: Execution

Once the ransomware is on your system, the real damage begins. Earlier ransomware was known for blocking system access immediately upon boot up or when your operating system loaded. Recent variants encrypt files on your hard drive, mapped network drives, or unmapped drives, leaving your files inaccessible.

The more vicious versions of a ransomware attack would slowly delete files as the ransom clock ticks.

Why you must stop ransomware attacks before they start.

Advanced ransomware goes as far as detecting backup files and deleting or encrypting them. The latest variants not only take your files hostage but threaten a data dump if you do not pay.

The major takeaway: ransomware is evolving and cybercriminals are going to do whatever it takes to make the victim pay.

WARNING: Nothing is safe. If it’s connected, it’s at risk! 

This includes:

  • Workstations
  • Servers
  • Laptops
  • Smartphones/tablets
  • External hard drives
  • USB removable media
  • SAN/NAS
  • Synced cloud storage

 

What to Do If Your Institution Is Attacked

Take these actions if your institution is affected by ransomware:

  • Disconnect infected devices from the network to prevent the ransomware from spreading to other devices.
  • Turn off any cloud syncing. If your system is hit with ransomware, files that sync with the cloud will be encrypted and those encrypted files will sync with the cloud.
  • Implement your Incident Response Plan, if you have one. (If you don’t, this article explains what an Incident Response Plan should include.)
  • Restore from backups on either a disconnected drive or a connected drive that has not been compromised. Be aware that malware could still exist on your systems even after you contain the ransomware attack and restore your data.
  • If you do not have backups, you could research whether the algorithms or decryption key tables have been released. While this is not always the case, sometimes you can obtain the decryption key without paying the ransom.
  • Contact your legal counsel. They will be able to advise you on steps to take, such as contacting law enforcement and notifying affected parties, if necessary.
  • Contact your insurance company. There may be a provision in your policy that could be impacted or mitigated if protocol is followed.

Interesting Facts About Ransomware

  • Some variants lock your bitcoin wallet! This is the digital equivalent of physically stealing a wallet.
  • Ransomware-as-a-Service (RaaS) is exactly what it sounds like. Anyone can purchase ransomware and use it to extort money from victims of their choosing.

Tips for Fighting Ransomware

Use this short checklist to help protect your institution from ransomware:

  • Use effective malware protection
  • Implement robust patch management procedures
  • Install web content filters
  • Disable macros in Microsoft Office
  • Limit use of user accounts with elevated privileges
  • Training! Training! Training!
  • Back up your data to disconnected media

 

Understanding a ransomware attack and following these best practices will help your institution reduce the risk of getting attacked. And remember that it’s vital to layer controls so that if one control fails, others are in place to help prevent such an attack.

Author

  • Lisa Traina

    Lisa Traina serves as Partner at Traina & Associates, a CapinCrouse company. Lisa uses her more than 30 years of experience to assist organizations in implementing measures to secure data and manage risks efficiently and effectively. Lisa is a nationally recognized speaker and author, sharing her knowledge with thousands of professionals annually to help them leverage emerging technologies and protect against cybersecurity risks. She was named in CPA Practice Advisor magazine’s Most Powerful Women in Accounting list in 2012.

FREE Bonus with Subscription

FREE Bonus with Subscription

 

The Authentically Christian College:  
Strategies for Facilitating Spiritual Formation on Campus

How do we keep a focus on God as a significant part of our schools? There is so much more that can be done other than weekly chapel and classroom devotionals. This book offers: practical concepts, outside of the box ideas, and cost effective strategies. A must have resource for Christian Academia!
 
EXISTING subscribers:
Check our next issue for your download link.

Please check your email for confirmation. Then download link will be sent.

Share This