What if you couldn’t open your personal or work files and someone unknown to you was demanding payment (ransom) in order to restore access to them? If this sounds like something from a sci-fi movie that could not affect you —think again.
Commonly termed “ransomware attacks,” these incidents affect businesses and individuals alike. And, for the hundreds of thousands of victims of a recent spate of global campaigns, referred to in the news as “WannaCry” and “Petya,” it was not a theoretical possibility, it was a disruptive reality.
What can you do?
Given the profitable nature of these types of attacks, their occurrence is predicted to rise. In fact, ransomware became a billion-dollar criminal industry in 2016. Protecting your information from ransomware (in particular) and malicious software (in general) involves a thoughtful blend of proactive measures (to prevent occurrence) and reactive measures (to reduce impact) should you become its next victim. Below are some ideas to help you.
Before anything bad happens…
Keep current with your patches and security updates.
It’s critical to ensure that your system’s patches are up-to-date. Think of patches as booster shots working to vaccinate your system against the latest bugs—your immunities are only as good as the latest update. In the world of computers, the bad guys create harmful software to take advantage of weaknesses. When software vendors learn about weaknesses, they create patches to cure them. If you don’t inoculate (patch) your systems, the bad guys will exploit these weaknesses for nefarious purposes, such as stealing your personal information, launching attacks against other systems from your computer, and, in the case of ransomware, holding your information hostage until a fee is paid.
Protect your devices.
Hand-in-hand with patching is making sure you have protective software installed on your systems specifically designed to identify and stop harmful software from installing itself. Within the Judiciary, Symantec Endpoint Protection provides this protection and is available for free—even on your home computer! Just as with your operating system (like Microsoft Windows and Apple iOS) and application software (like MSWord and Adobe), be sure that software used to protect your systems is routinely patched and updated to ensure your defenses keep pace with emerging threats.
Be cautious when clicking.
Ransomware can spread through well-coordinated campaigns using the same kinds of techniques used in phishing. For example, a user will receive a seemingly credible email, which urges its recipient to click on links and attached files. Be careful, and never click on anything you receive that you weren’t expecting.
If you’re unsure about the attachment, but know the sender, give them a call—do not use email to confirm validity. If the sender is a business you know, type in their website address and locate a phone number for them to inquire about an email’s legitimacy. Most businesses will not ask for anything sensitive via an unsolicited email, so approach any solicitation like this with extreme caution. When you do receive a “phishy” email, do not click and do alert your local helpdesk.
Back it up.
As ransomware can only affect information it can reach, such as anything stored locally on your computer’s hard drive, the best protection for your data is to back it up (e.g., to an external hard drive or thumb drive), and store the back-up offline (e.g., do not leave it plugged into your computer as malware can hop from your computer into your back-up media). At work, storing information to your network drives will ensure that it is safely backed-up as an integral part of your court’s routine processes.
And in the aftermath of an attack…
Perform a System Restore.
The sure-fire cure for a ransomware attack is to restore lost information from your backup. For those slightly more savvy technically, consider setting up system restore points in conjunction with faithfully backing-up your data. This provides an extra safety net by enabling you to return your system—including all of its settings and information—to a date in the past before the infection occurred! Note: if you are a Mac user—no worries! Simply use the built-in Time Machine feature, which automatically backs-up your information to an external hard drive and facilitates its restoration.
Don’t pay the ransom!
There are four big reasons why you should never pay the ransom:
· Paying up is no guarantee that your data will even be released!
· Paying the ransom incentivizes criminals to invest in this malicious activity—do not reward their efforts!
· Because you paid the ransom once, you are an ideal target for another attack. Pay now and pay later!
· Help may be available for you. Some variants of ransomware have been cracked—even hackers occasionally make mistakes coding their attacks!
Lastly, be sure to bookmark the No More Ransom! website, which shares decryption tools for those variants of ransomware that have been cracked.
Who should I tell?
In the event that you are affected by a ransomware attack, be sure to report it to the FBI’s Internet Crime Complaint Center (IC3). Additionally, if your judiciary computer is attacked, immediately disconnect it from the network and call your local IT help desk.
If you have any additional questions about protecting yourself from ransomware, contact your Circuit IT Security Officer, local IT staff, or ITSO for more information.
Business Insider: The massive global cyberattack affecting 200,000 victims will cause more chaos on Monday
Symantec: WannaCry Ransomware
US-CERT: Multiple Petya Ransomware Infections Reported
CSO: Ransomware took in $1 billion in 2016--improved defenses may not be enough to stem the tide
Security Tip: Don’t be Part of the Equation
Security Tip: Patch Perfect—Stay in Tune
Security Tip: Phishing: Don’t Get Hooked!
In fact, some researchers believe that the failure of WannaCry to reliably free victims’ data may have had a positive effect—with trust broken, future victims have even less confidence in the criminals’ assurance that payment will liberate their data. This may result in lower financial yields in future campaigns and, hopefully, to decreased use of ransomware over time.