Many users are grappling with these questions as a new form of malicious software, known as ransomware, takes hold. In fact, over a three month period, the Administrative Office’s Security Operations Center (SOC) confirmed 38 cases of ransomware on judiciary networks. Our experience mirrors what is happening elsewhere in other industries, such as healthcare, law enforcement, and education.
How does it work?
Like other malicious software, ransomware uses many different methods to get a foothold into your computer. For example, an unpatched application, such as a browser or Adobe Flash reader (often used to run online presentations), could provide the software an unprotected path onto your machine. Or, simply clicking on a link contained in an email or surfing to a legitimate website that has been compromised by a hacker can result in an infection. And, once installed, the ransomware uses powerful encryption to render data unusable. In order to restore the data to its original form, the hacker demands the victim pay a fee—or lose their data permanently. Not only is this scheme widespread, it is proving highly lucrative as cyber-extortionists made off with $209 million dollars in the first three months of 2016 alone.
To pay or not to pay?
While some businesses and individuals have successfully recovered their data after paying the ransom, this remedy is ill-advised. Think about it—cyber criminals have broken into your computer. By construction, this hostile act calls into question their moral compass. Hence, the only thing you can be sure of if you pay the ransom is that the criminals will be that much richer. There is no guarantee that the criminals will restore access to your data or refrain from making a copy or modifying it for unauthorized purposes.
Worse still, paying their demands may flag you as someone who has been successfully exploited in the past and, therefore, may be an easy target for future attacks. To break a potentially vicious cycle, you should be prepared to lose the ransomed data, unless…
Your backups can save the day!
The best way to reduce the impact of data lost as a result of ransomware is to have a current backup. If you can restore the information from a backup, then it does not matter if the lost data remains lost—you have a copy of it and can get back to work as soon as the copy is loaded! You will not have to pay the ransom and you will have lost little to no information.
The data you save to network drives is likely automatically backed up for you each evening by your local IT staff. On the other hand, information you may save to your local hard drive (whether it is a judiciary provided or personally owned computer) will be your responsibility to back up to removable media (such as a thumb drive), another device, or the cloud.
Best Idea: Take steps to avoid being a victim
An ounce of prevention is worth a pound of bitcoins (the currency often used to pay the ransom). Tools, such as Symantec Endpoint Protection (SEP), can help reduce the occurrence of ransomware infections. SEP is available at no cost to court units—and even to judiciary employees to use on their personal computers. Ask your local IT staff how to get it.
Additionally, if you do not need administrative access to your workstation to run court applications, ask that it be removed—or its use limited to only those circumstances in which it is required. Lots of malicious software (including forms of ransomware) require these privileges to install and run, so removing unnecessary privileges gives you another layer of protection.
Lastly, if you are a part of your court IT staff, check to see if web-based threat protection technologies, such as Websense, are running and configured to prevent access to your network by known malicious sites. Given the threat, it’s especially important to use all available defenses to keep our information safe.