Ransomware- Think Before You Click
Amy Fennell • December 27, 2017
By: Patricia B. McMurray, JD, Samuel L. Felker, JD, CIPP/US and Gina G. Greenwood, JD, CIPP/US Baker, Donelson, Bearman, Caldwell & Berkowitz, PC
Over the past year, no information security concern has demanded more media and corporate attention than ransomware. The evolution of this threat from an ineffective nuisance to a sophisticated business model generating hundreds of millions of dollars for hackers has been impressive to say the least, and the number and frequency of attacks are on the rise. Petya, Bad Rabbit, Wanna Cry, Crytolocker and other ransomware cybersecurity attack have infiltrated many company's IT systems.
WHAT IS RANSOMWARE?
Ransomware is a category of malware or malicious software that disables the functionality of a computer in some way. After infecting a computer, the ransomware program displays a screen message that demands payment, usually in bitcoin (or other cryptocurrency) in order to avoid traceability. Sometimes the scammers add pressure by including a countdown clock and threatening to destroy data unless payment is made by the deadline. Ransomware has evolved over time, using various techniques to disable a computer, but the most recent iteration either locks the computer display, disallowing any access to programs or actually encrypts and/or removes files. The malware, in effect, holds the computer captive and demands a monetary ransom as an extortion. The hackers promise to provide the "key" to unlock the computer and restore functionality once payment is made. Ransomware generally infects IT systems in a similar manner as other types of malware. Commonly, the user clicks on an infected popup advertisement or on an infected link within an email and is directed to an infected website. To provide perspective about the scope of this problem, PhishMe recently reported that a staggering 93 percent of phishing emails were infected with ransomware in Q1 of 2016. With a simple click on a link or by opening an attachment, malware can enter the network, quickly infecting files and encrypting data.
If that isn't scary enough, ransomware hacking techniques are becoming more sophisticated and dangerous. According to Bill Dean, digital forensics expert and Senior Manager for LBMC Information Security, ransomware attacks often involve encrypting with an "unbreakable" code the entire system – including local user created files, local system backups (volume shadow copies), network shares to which the infected user account has modify rights (often causing major devastation) and any locally attached USB drives. In addition, an undocumented "feature" of most current ransomware variants is that cloud-based storage is also at risk. Cloud storage solutions often synchronize the local user files to the Cloud provider. Dean warns that if the ransomware encrypts the local files that are to be synchronized, and there are not multiple versions in the cloud, the cloud-synchronized files will also be encrypted.
WHAT IS THE FUTURE OF RANSOMWARE?
By performing a detailed analysis of ransomware samples, Dean and his colleagues have determined that these attacks are currently geographically focused on certain countries. Additionally, due to the price tolerance (and likelihood of payment) of different countries, the amount of ransom fee demanded will actually vary based on the location of the machine that is infected, with most ransomware attacks commanding relatively small amounts in ransom to encourage quick, no-fuss payment. Attackers also target the file types most likely to glean payment. According to Dean, ransomware is getting highly sophisticated with the ability to avoid detection and lie in wait, attack later, and extract and remove data – causing true data theft scenarios.
HOW TO DEFEND AGAINST RANSOMWARE ATTACKS
There are currently no "silver bullets" to prevent ransomware infections. With the elusive methods of constant changing of attack signatures, conventional controls – such as anti-virus software – are not enough. However, there are preventative measures that can be taken by organizations to build resilience against ransomware attacks. The FTC recommends:
Train and Educate Staff. Implement education and awareness programs to train employees to exercise caution online and avoid phishing attacks.
Use Good Cyber Hygiene. Practice good security by implementing basic cyber hygiene principles:
o Assess the computers and devices connected to networks to identify proactively the scope of potential exposure to malware.
o Identify technical measures that can mitigate risk, including endpoint security products, email authentication, intrusion prevention software and web browser protection.
o Implement procedures to keep security current.
o Update and patch third-party software to eliminate known vulnerabilities.
Create Backups. Back up your data early and often. Well-prepared organizations with reliable backup systems may be able to restore systems from those backups with minimal data loss or business interruption.
o Identify business-critical data in advance and establish regular and routine backups.
o Keep backups disconnected from your primary network so that you can rely on the backup in the event of an attack.
Plan Ahead. Prepare for an attack. Develop and test incident response and business continuity plans. We recommend your response plan detail attorneys, IT and forensic vendors and experienced law enforcement agents and their 24/7 cell phone numbers - and incorporate vendors approved by your cyber insurance policy.
Additionally, in the unfortunate event of a ransomware attack, we recommend that businesses formally assess the damage after an attack by conducting a forensic examination; however, companies should not allow the IT system / logs to be wiped clean or otherwise be modified. Your business will need to preserve the firewall, network and server logs as evidence of what happened. This is critical to be able to prove whether there was or was not a breach that requires reporting to consumers, the media and state/federal government. Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
For the detailed steps your organization can take to prepare for a ransomware attack, see Ransomware: What to Do When Your Files Are Held Hostage, developed by analysts at LBMC Information Security.
If you suspect you have been hacked or victimized by cybercriminals, you should immediately contact qualified counsel to assist in your investigation, resolution and in any required reporting to state or federal agencies such as the Consumer Protection Section of the Louisiana Attorney General, if the breach of the security of the computer systems includes personal data ( see LA R.S. 51:3071 et seq ).
NAR’s latest consumer guide, “10 Tips for Unpacking Smartly After a Move,” was developed to help ease the burden buyers may feel when surrounded by boxes. For your clients on the cusp of a move, the guide suggests establishing a priority unpacking order, wiping down each room before unpacking, discarding boxes quickly, having garbage and donation bags at the ready, and more. Share the new guide along with the companion guide “10 Tips for Packing Smartly for a Move.” As a reminder, all guides in this series are available for download—in both English and Spanish—on facts.realtor . Please allow up to two weeks for the Spanish version of the latest resource to be translated and uploaded. For ease of reference, below is a list of the most recent guides: NEW: 10 Tips For Unpacking Smartly After A Move UPDATED : Multiple Listing Services Overcoming Roadblocks to a Sale or Purchase How Solar Impacts a Real Estate Transaction Navigating Interest Rate Shifts Thank you for your continued engagement with the “Consumer Guide” series and for sharing the resources with prospective clients to ensure they have the information they need to find success in their home buying or selling journey. Remember that these guides are for informational purposes only and are not meant to enact or change any existing NAR policy. Check out the next consumer guide on identifying homebuying wants vs. needs.
Thinking about buying a home? Discover how homeownership can help build wealth, increase financial stability, and create lasting value.
From the Louisiana Department of Insurance: During a press conference today with Governor Jeff Landry, Insurance Commissioner Tim Temple announced that registration for the next round of the Louisiana Fortify Homes Program (LFHP) will open at 8 a.m. on Monday, June 1, and will include 3,000 grants. The registration period for this lottery will be open for three weeks, closing at 5 p.m. on Friday, June 19. During the press conference, Gov. Landry signed HB 1187 by Rep. Paul Sawyer, which will allow Louisiana Citizens Property Insurance Corporation to transfer $50 million in additional Katrina bond assessment funds to the LFHP. Combined with the $30 million in funding the program will receive through taxes and fees on insurance entities, the LFHP will receive a total of $80 million this year. “By lowering overall losses, we can reduce insurance and reinsurance costs, draw more insurers into the market, motivate existing companies to write additional policies and lower insurance premiums,” said Commissioner Temple. “That is exactly what the Louisiana Fortify Homes Program is designed to do.” The list of coastal parishes that are eligible to participate is expanding to include Acadia, Jefferson Davis and Lafayette parishes. Additionally, homeowners who live in the portions of Ascension, Calcasieu, Iberia, Livingston, St. Martin, St. Tammany, Tangipahoa and Vermilion parishes that were previously not included in the program will now be eligible to participate. A map showing the full list of eligible parishes is available on FortifyHomes.La.Gov . “Louisiana is the fastest growing state in the country for Fortified roofs, and that growth is not by accident—it is the result of strong support from Governor Landry and legislators like Chairman Talbot, Chairman Firment and Representative Sawyer, targeted program design, and a clear recognition that strengthening homes is one of the most effective ways to reduce insurance losses,” said Commissioner Temple. “At the end of the day, this program is about more than just roofs. It is about protecting families, it is about strengthening communities, and it is about putting Louisiana in a stronger position—both physically and economically—to face the challenges ahead.” To participate in the lottery, homeowners must register during the June registration period. Homeowners who registered for a previous round but were not selected must register again to participate. People who register on the last day of the registration period have the same chance of being selected as those who register on the first day, so there is no need to rush to register as soon as the period opens. When registering, homeowners will need to upload their homestead exemption, insurance policy declarations page that includes wind coverage, and flood insurance declarations page if the residence is in a flood zone. Homeowners who need assistance obtaining a copy of their homestead exemption should contact their parish tax assessor. Homeowners can contact their homeowners and flood insurance companies or agents for a copy of their policy declarations page. Homeowners are required to create a profile in the LFHP system before registering for the lottery and may do so by visiting the LFHP website and clicking the Login button. Homeowners who previously created a profile may use the same one for this and future rounds. Once the lottery registration period closes, the LFHP will randomly select 3,000 participants and send email notifications to registrants about whether they were selected to participate. These selection notices will be sent via email beginning on Monday, June 22. There are several program requirements that homeowners should be aware of before registering. Those interested in the program are encouraged to review eligibility information and frequently asked questions at FortifyHomes.La.Gov to determine whether their home meets the requirements for the program. If selected to participate in the grant program, homeowners will be financially responsible for having the home evaluated by a FORTIFIED-certified Evaluator as well as costs for the roof upgrade including permits, inspections and construction costs beyond the amount of the grant The LFHP provides grants of up to $10,000 for homeowners to upgrade their roofs to standards set by the Insurance Institute for Business & Home Safety. The program helps Louisiana homeowners strengthen their roofs to better withstand hurricane-force winds.
