Blog Layout
Ransomware- Think Before You Click
Amy Fennell • Dec 27, 2017
By: Patricia B. McMurray, JD, Samuel L. Felker, JD, CIPP/US and Gina G. Greenwood, JD, CIPP/US Baker, Donelson, Bearman, Caldwell & Berkowitz, PC
Over the past year, no information security concern has demanded more media and corporate attention than ransomware. The evolution of this threat from an ineffective nuisance to a sophisticated business model generating hundreds of millions of dollars for hackers has been impressive to say the least, and the number and frequency of attacks are on the rise. Petya, Bad Rabbit, Wanna Cry, Crytolocker and other ransomware cybersecurity attack have infiltrated many company's IT systems.
WHAT IS RANSOMWARE?
Ransomware is a category of malware or malicious software that disables the functionality of a computer in some way. After infecting a computer, the ransomware program displays a screen message that demands payment, usually in bitcoin (or other cryptocurrency) in order to avoid traceability. Sometimes the scammers add pressure by including a countdown clock and threatening to destroy data unless payment is made by the deadline. Ransomware has evolved over time, using various techniques to disable a computer, but the most recent iteration either locks the computer display, disallowing any access to programs or actually encrypts and/or removes files. The malware, in effect, holds the computer captive and demands a monetary ransom as an extortion. The hackers promise to provide the "key" to unlock the computer and restore functionality once payment is made. Ransomware generally infects IT systems in a similar manner as other types of malware. Commonly, the user clicks on an infected popup advertisement or on an infected link within an email and is directed to an infected website. To provide perspective about the scope of this problem, PhishMe recently reported that a staggering 93 percent of phishing emails were infected with ransomware in Q1 of 2016. With a simple click on a link or by opening an attachment, malware can enter the network, quickly infecting files and encrypting data.
If that isn't scary enough, ransomware hacking techniques are becoming more sophisticated and dangerous. According to Bill Dean, digital forensics expert and Senior Manager for LBMC Information Security, ransomware attacks often involve encrypting with an "unbreakable" code the entire system – including local user created files, local system backups (volume shadow copies), network shares to which the infected user account has modify rights (often causing major devastation) and any locally attached USB drives. In addition, an undocumented "feature" of most current ransomware variants is that cloud-based storage is also at risk. Cloud storage solutions often synchronize the local user files to the Cloud provider. Dean warns that if the ransomware encrypts the local files that are to be synchronized, and there are not multiple versions in the cloud, the cloud-synchronized files will also be encrypted.
WHAT IS THE FUTURE OF RANSOMWARE?
By performing a detailed analysis of ransomware samples, Dean and his colleagues have determined that these attacks are currently geographically focused on certain countries. Additionally, due to the price tolerance (and likelihood of payment) of different countries, the amount of ransom fee demanded will actually vary based on the location of the machine that is infected, with most ransomware attacks commanding relatively small amounts in ransom to encourage quick, no-fuss payment. Attackers also target the file types most likely to glean payment. According to Dean, ransomware is getting highly sophisticated with the ability to avoid detection and lie in wait, attack later, and extract and remove data – causing true data theft scenarios.
HOW TO DEFEND AGAINST RANSOMWARE ATTACKS
There are currently no "silver bullets" to prevent ransomware infections. With the elusive methods of constant changing of attack signatures, conventional controls – such as anti-virus software – are not enough. However, there are preventative measures that can be taken by organizations to build resilience against ransomware attacks. The FTC recommends:
Train and Educate Staff. Implement education and awareness programs to train employees to exercise caution online and avoid phishing attacks.
Use Good Cyber Hygiene. Practice good security by implementing basic cyber hygiene principles:
o Assess the computers and devices connected to networks to identify proactively the scope of potential exposure to malware.
o Identify technical measures that can mitigate risk, including endpoint security products, email authentication, intrusion prevention software and web browser protection.
o Implement procedures to keep security current.
o Update and patch third-party software to eliminate known vulnerabilities.
Create Backups. Back up your data early and often. Well-prepared organizations with reliable backup systems may be able to restore systems from those backups with minimal data loss or business interruption.
o Identify business-critical data in advance and establish regular and routine backups.
o Keep backups disconnected from your primary network so that you can rely on the backup in the event of an attack.
Plan Ahead. Prepare for an attack. Develop and test incident response and business continuity plans. We recommend your response plan detail attorneys, IT and forensic vendors and experienced law enforcement agents and their 24/7 cell phone numbers - and incorporate vendors approved by your cyber insurance policy.
Additionally, in the unfortunate event of a ransomware attack, we recommend that businesses formally assess the damage after an attack by conducting a forensic examination; however, companies should not allow the IT system / logs to be wiped clean or otherwise be modified. Your business will need to preserve the firewall, network and server logs as evidence of what happened. This is critical to be able to prove whether there was or was not a breach that requires reporting to consumers, the media and state/federal government. Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
Preparing in advance for a ransomware attack is critical to surviving and navigating a ransomware attack. An attack is not always fatal but mismanagement of an attack can be.
For the detailed steps your organization can take to prepare for a ransomware attack, see Ransomware: What to Do When Your Files Are Held Hostage, developed by analysts at LBMC Information Security.
If you suspect you have been hacked or victimized by cybercriminals, you should immediately contact qualified counsel to assist in your investigation, resolution and in any required reporting to state or federal agencies such as the Consumer Protection Section of the Louisiana Attorney General, if the breach of the security of the computer systems includes personal data ( see LA R.S. 51:3071 et seq ).
Selling a home without a REALTOR® can create all sorts of different risks that can cause your property to be misperceived and potentially undervalued. Here are three things you’re risking if you decide to sell your home without the knowledge and skills of a trusted REALTOR®.
NAR President Kevin Sears joined the Real Estate Insiders Unfiltered podcast answering questions about the future of NAR and the recently announced settlement agreement. The podcast can be viewed here .
Last week NAR President Kevin Sears checked in from Wyoming, where he met with REALTORS® from six western states at the Region 11 Conference. Kevin’s attended many member town halls across the country to answer questions about the settlement; keep up with the latest at facts.realtor . You can watch Kevin’s video here to learn about a valuable member service we’re offering at no additional cost, as well as how members can engage with NAR committees. This video is also in the video section of our website. Stay tuned for Kevin’s next update. ADDITIONAL RESOURCES Throughout 2024, NAR is making the popular Accredited Buyer’s Representative (ABR®) designation course, typically $295, available to REALTORS® at no cost. Take the first step toward earning your ABR® designation at become.abr.realtor . NAR members can continue to access the latest information about the settlement on facts.realtor . NAR will also continue to provide updates about the settlement process for non-members – such as clients and consumers – on competition.realtor . Visit ThatsWhoWeR.realtor to view the consumer campaign ads, and to leverage turnkey advertising and social assets to share. The campaign demonstrates the expertise of REALTORS® helping their clients navigate the risks, pitfalls, and complexities of buying or selling a home or property, reinforcing their expertise, commitment and consumer-first approach.
821 Main StreetBaton Rouge, LA 70802
821 Main Street
Baton Rouge, LA 70802