Ransomware- Think Before You Click
Amy Fennell • December 27, 2017
By: Patricia B. McMurray, JD, Samuel L. Felker, JD, CIPP/US and Gina G. Greenwood, JD, CIPP/US Baker, Donelson, Bearman, Caldwell & Berkowitz, PC
Over the past year, no information security concern has demanded more media and corporate attention than ransomware. The evolution of this threat from an ineffective nuisance to a sophisticated business model generating hundreds of millions of dollars for hackers has been impressive to say the least, and the number and frequency of attacks are on the rise. Petya, Bad Rabbit, Wanna Cry, Crytolocker and other ransomware cybersecurity attack have infiltrated many company's IT systems.
WHAT IS RANSOMWARE?
Ransomware is a category of malware or malicious software that disables the functionality of a computer in some way. After infecting a computer, the ransomware program displays a screen message that demands payment, usually in bitcoin (or other cryptocurrency) in order to avoid traceability. Sometimes the scammers add pressure by including a countdown clock and threatening to destroy data unless payment is made by the deadline. Ransomware has evolved over time, using various techniques to disable a computer, but the most recent iteration either locks the computer display, disallowing any access to programs or actually encrypts and/or removes files. The malware, in effect, holds the computer captive and demands a monetary ransom as an extortion. The hackers promise to provide the "key" to unlock the computer and restore functionality once payment is made. Ransomware generally infects IT systems in a similar manner as other types of malware. Commonly, the user clicks on an infected popup advertisement or on an infected link within an email and is directed to an infected website. To provide perspective about the scope of this problem, PhishMe recently reported that a staggering 93 percent of phishing emails were infected with ransomware in Q1 of 2016. With a simple click on a link or by opening an attachment, malware can enter the network, quickly infecting files and encrypting data.
If that isn't scary enough, ransomware hacking techniques are becoming more sophisticated and dangerous. According to Bill Dean, digital forensics expert and Senior Manager for LBMC Information Security, ransomware attacks often involve encrypting with an "unbreakable" code the entire system – including local user created files, local system backups (volume shadow copies), network shares to which the infected user account has modify rights (often causing major devastation) and any locally attached USB drives. In addition, an undocumented "feature" of most current ransomware variants is that cloud-based storage is also at risk. Cloud storage solutions often synchronize the local user files to the Cloud provider. Dean warns that if the ransomware encrypts the local files that are to be synchronized, and there are not multiple versions in the cloud, the cloud-synchronized files will also be encrypted.
WHAT IS THE FUTURE OF RANSOMWARE?
By performing a detailed analysis of ransomware samples, Dean and his colleagues have determined that these attacks are currently geographically focused on certain countries. Additionally, due to the price tolerance (and likelihood of payment) of different countries, the amount of ransom fee demanded will actually vary based on the location of the machine that is infected, with most ransomware attacks commanding relatively small amounts in ransom to encourage quick, no-fuss payment. Attackers also target the file types most likely to glean payment. According to Dean, ransomware is getting highly sophisticated with the ability to avoid detection and lie in wait, attack later, and extract and remove data – causing true data theft scenarios.
HOW TO DEFEND AGAINST RANSOMWARE ATTACKS
There are currently no "silver bullets" to prevent ransomware infections. With the elusive methods of constant changing of attack signatures, conventional controls – such as anti-virus software – are not enough. However, there are preventative measures that can be taken by organizations to build resilience against ransomware attacks. The FTC recommends:
Train and Educate Staff. Implement education and awareness programs to train employees to exercise caution online and avoid phishing attacks.
Use Good Cyber Hygiene. Practice good security by implementing basic cyber hygiene principles:
o Assess the computers and devices connected to networks to identify proactively the scope of potential exposure to malware.
o Identify technical measures that can mitigate risk, including endpoint security products, email authentication, intrusion prevention software and web browser protection.
o Implement procedures to keep security current.
o Update and patch third-party software to eliminate known vulnerabilities.
Create Backups. Back up your data early and often. Well-prepared organizations with reliable backup systems may be able to restore systems from those backups with minimal data loss or business interruption.
o Identify business-critical data in advance and establish regular and routine backups.
o Keep backups disconnected from your primary network so that you can rely on the backup in the event of an attack.
Plan Ahead. Prepare for an attack. Develop and test incident response and business continuity plans. We recommend your response plan detail attorneys, IT and forensic vendors and experienced law enforcement agents and their 24/7 cell phone numbers - and incorporate vendors approved by your cyber insurance policy.
Additionally, in the unfortunate event of a ransomware attack, we recommend that businesses formally assess the damage after an attack by conducting a forensic examination; however, companies should not allow the IT system / logs to be wiped clean or otherwise be modified. Your business will need to preserve the firewall, network and server logs as evidence of what happened. This is critical to be able to prove whether there was or was not a breach that requires reporting to consumers, the media and state/federal government. Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
For the detailed steps your organization can take to prepare for a ransomware attack, see Ransomware: What to Do When Your Files Are Held Hostage, developed by analysts at LBMC Information Security.
If you suspect you have been hacked or victimized by cybercriminals, you should immediately contact qualified counsel to assist in your investigation, resolution and in any required reporting to state or federal agencies such as the Consumer Protection Section of the Louisiana Attorney General, if the breach of the security of the computer systems includes personal data ( see LA R.S. 51:3071 et seq ).
Louisiana’s 2026 Regular Session opened this week with several developments that matter directly to REALTORS ®, property managers and housing providers, alongside some broader political shifts worth watching. HB 292: Security Deposit Return Timelines Rep. Delisha Boyd’s HB 292, which addresses procedures for returning residential security deposits, was deferred to next week. This provides additional time for stakeholders to engage with members on practical impacts for lease administration, move out inspections and documentation standards. We’ll continue working to ensure any changes to deposit law are clear, workable and do not expose housing providers to unreasonable liability. Land Use and Development: St. James Parish Decision The Louisiana Supreme Court’s recent St. James Parish decision significantly tightens the standards for overturning local land use decisions, reinforcing that zoning and permitting authority rests with parish and municipal governments as long as their decisions are not arbitrary or capricious. For real estate and development, that means more predictability if projects are aligned with adopted plans and ordinances, but also higher stakes in local elections, planning processes and parish-level negotiations. Governor’s State of the State In his State of the State address, Governor Jeff Landry reiterated his push to phase out the state income tax, expand the LA GATOR and MJ Foster scholarship and workforce programs, and replace vehicle inspection stickers with a QR code system. These programs frame a debate around long-term competitiveness, workforce readiness and household cost of living which are all key drivers of housing demand and migration patterns. Business & Market Trends The business community is focusing the session on insurance, workforce and energy. Commercial and property insurance costs remain a top concern for employers and property owners, and we are monitoring civil justice and insurance reform proposals that could affect market stability and availability. At the same time, Louisiana is seeing more than $100 billion in announced industrial and data center projects, which could reshape local markets, labor conditions and housing needs in multiple regions of the state. Please view the weekly bill tracking report at the link below provided by our lobbying team over at Harris, DeVille and Associates.
Stay ahead of the Louisiana housing market by understanding how legislation impacts listings, inventory, buyer qualification, and long-term real estate growth.
Learn how Louisiana real estate regulations, disclosure laws, and licensing standards help protect homebuyers and create safer, more transparent transactions.
