The growing threat of ransomware
By Rodney Caudle
Ransomware attacks were virtually unheard of a few years ago. But they skyrocketed in 2016, netting cyber extortionists more than a billion dollars, according to the FBI.
When a victim opens an infected attachment, clicks a malicious link in an email, or visits a website that exploits a software vulnerability on the user’s computer, ransomware strikes. Recent variants of ransomware block access to resources by encrypting the data on the system and demand payment (usually in the form of bitcoins) in return for a decryption key that is supposed to unlock the files. Encryption of all data on a hard drive and attached resources such as network shares and cloud storage may begin as quickly as a few seconds. Or, the ransomware may wait for several days and appear only after the encrypted files have rolled over into an organization’s backup system.
Your agency is on the ransomware radar
Because of the profit potential, ransomware will become epidemic in 2017, with ransom amounts likely to jump higher and hackers’ methodologies becoming ever savvier. Although municipal government departments are no more or less susceptible to attack than other organizations, cyber extortionists do test social engineering techniques on certain industries, such as police departments, and attack others in the same industry when they find success with a few.
Prepare for battle
A ransomware attack can force municipal government leaders into vexing debates over whether or not to pay the cyber-extortionists. Rather than having to decide on a course of action in the stressful moments after an assault, the better approach is to prepare in advance. Consider, for example:
Know your organization’s stand on paying a ransom. Some organizations will get their data back if they choose to pay the ransom, but it’s not a guarantee. Recovered data may be damaged or incomplete. Evaluate the economics of paying or not paying and create a policy in advance of the attack.
If your agency decides its policy is to pay, consider stockpiling bitcoins so payment can be made quickly, saving precious time during which your agency might otherwise be unable to operate. If your agency decides it won’t bend to a ransomer’s demand, discuss with your security team what you should do to protect your files from ransomware as much as possible.
Back up your data daily. Consider paying extra for a cloud provider to maintain versions of your files so that, if a ransomware encryption is copied to your cloud files in a daily backup, you’ll still have access to earlier, unencrypted versions of your data. If you use hard drive backups, maintain an overwriting cycle longer than one week, the typical threshold for ransomware that doesn’t appear until it has had time to encrypt backup files.
Install next-generation antivirus software that monitors the behavior of the application instead of matching the application to a strict signature. No antivirus software is failproof. However, next-gen products could, for example, detect that it isn’t normal to open a spreadsheet and have it launch a desktop file that reaches out to a website in another country. Traditional antivirus software is not equipped to detect and block such activity.
It’s very likely ransomware will rear its garish head in your agency this year. Decide in advance how you can best protect your data and how you’ll respond when the monster emerges.
Rodney Caudle is director of information security at NIC Inc., a provider of digital government and secure payment processing solutions for over 5,500 local, state and federal agencies across the U.S. Caudle has more than 20 years of experience in information security.