OpsLens

Trends in Ransomware: Cybercrime is on the Rise

“A recent survey of IT providers revealed that payment did not unlock the files of their clients in about 25% of the cases…”

It would be comforting to know that our emergency services were secure from cyberattack, but it would also be naïve. A game-changer in the cybercrime business has been ransomware. Simply defined, ransomware is a category of malicious software (“malware”) that encrypts or locks data and holds it hostage until the user pays a ransom to unlock it.

Ransomware attacks are increasing at an alarming rate—a fact that all too many businesses have learned the hard way. Cyber-criminals have become emboldened in the age of anonymous crypto-currency such as Bitcoin. On March 7, I attended the Brandon Chamber of Commerce’s Synergy Luncheon, where the guest speaker was FBI Special Agent AJ Gilman. Special Agent Gilman has been working in cybersecurity for the past 18 years. He stated that he expects that ransomware attacks will continue to rise in 2017.

Recent evidence states that the network infrastructures of our police departments and hospitals are ill-prepared for these attacks. A few recent examples in the last year include:

  • March 2016: Ransomware-encrypted medical data was spread across three hospitals in Southern California. Hackers demanded $17,000 for the encryption key. The LA Times article stated that they did not pay the ransom, but some operations were disrupted due to computer downtime during the attack.
  • August 2016: A computer server at the Susan M. Hughes Surgery Center in New Jersey and Philadelphia was attacked and had ransomware installed.
  • January 2017: Police in Cockrell Hill, TX, admitted to losing 8 years’ worth of evidence in a ransomware attack. Also, as outlined in this article by my good friend and colleague Stephen Owsinski, 70% of the surveillance camera DVRs for the Washington, D.C. Metro PD were also infected with ransomware.
  • February, 2017: Roxana (IL) Police Department suffered a ransomware attack that shut down their computers for over a week.

Prosecuting cyber-criminals is difficult, if not impossible. This is not a crime that is being committed by teenagers getting their kicks in their parents’ basements. This is being committed by citizens of other countries, multi-national corporations, and—per Agent Gilman—at least a few members of the Chinese military. Even if the confidentiality provided by cyber-currency wasn’t a factor, jurisdictional boundaries and diplomatic roadblocks would still severely limit the ability of our law enforcement to bring the perpetrators to justice.

What Can Be Done

Think of ransomware as a business model. Protect your network so you don’t have to pay the ransom. Not only does it further fund and encourage the criminals, it does nothing to clear the malware from your server and desktops. This could cause a recurrence of the attack a few weeks or months down the road. In addition, there are no guarantees that those who hold your data hostage are going to release the data after you pay. A recent survey of IT providers revealed that payment did not unlock the files of their clients in about 25% of the cases.

The best way to beat these cyber-criminals is to build our networks so that the ransom will never have to be paid. A holistic approach that combines these seven best practices can help you defend against ransomware:

  1. Education: All your employees must know what the threats are, how they are delivered, and how to best prevent getting infected. The most secure networks can be bypassed by one click on the wrong email or by inserting a USB that was found lying around your office.
  2. Firewall: A hardware firewall that is properly configured can block threats from entering and isolate threats from spreading across the network.
  3. Spam Filter: 92% of malware, including ransomware, is delivered via phishing emails. Phishing emails are mass emails sent out disguised as a popular company or group with hopes that someone, anyone, will click on them. Spear phishing emails specifically target your organization and may appear to come from someone within your company. Either of these types of emails will usually try to get you to click on a hyperlink or attachment.
  4. Security Patches: Software security patches must be completed immediately. In many cases, these patches are designed to defend against vulnerabilities that have been discovered on your server or desktop software. Failing to patch leaves these vulnerabilities open for hackers to exploit. Also, make sure that any computers that are using unsupported software (such as Windows XP) are removed from your network.
  5. Antivirus and Anti-Malware: Having one of these but not the other is never sufficient. In both cases, a version that updates itself regularly (usually daily) and automates the scans is necessary. For business usage, a quick scan should be completed every 4 hours and a full scan every 24 hours.
  6. Policies and Procedures: A policy on cybersecurity should minimize personal usage on work computers and limit personal devices from being connected to the office network. This is to ensure that only devices that are fully up to date with patches and your security software are connected to your network.
  7. Backup: Having an on-site backup only is insufficient. Copying infected files to your backup device only guarantees that the infection remains on the network. A cloud-based backup system that is capable of fast recovery can be expensive but is well worth the price. Additionally, many companies offer virtualization of your server. In the case of a ransomware attack, you could run your office from a virtual backup of your files until you can get the server restored and cleaned of any malware.

 

Defending against cybercrime can seem expensive, but failing to do so could be even more costly. Ransom payments could be funding the enemies of our country or criminal enterprises around the world. It is tempting to pay when faced with the loss of your data and extended downtime, but a little investment in your network and your employees could go a long way toward defending against these attacks.

David Thornton is an OpsLens Contributor and retired law enforcement officer.

To contact or book OpsLens contributors on your program or utilize our staff for your story, contact [email protected].