Ransomware, a malicious software designed to block access to a computer system. It encrypts the files and then spreads through your entire network infecting every device. It attacks everything including your local backup devices. The attacks happen quickly. Often spread through phishing emails. ransomware injects a kind of cyber venom. Once released, the toxin paralyzes entire IT infrastructures.
23 Known Attacks to Municipalities this Year
Ransomware attacks are ramping up. Another one was reported in Texas as this blog was being written.
A new strain of ransomware called RobbinHood made its debut last May.
Just before summer, ransomware hit the City of Baltimore. It locked up the city’s government computer servers and cost many millions of dollars to fix.
Last June, Riviera Beach in Florida (population 35,000) actually paid the hackers so that they could get back into their computers.
Texas, for whatever reason, has become the go-to-place for ransomware attacks. The attacks are professional and coordinated. Hackers lock-up and render unusable, the whole computer infrastructure of the town. They immediately issued their demand. “You want to see your town functional again? Do you want any of your data or any of your computers accessible? You want it unlocked? Pay us now!
Ransomware attacks have successfully breached network security systems for a couple of years now. Targets have included cities, towns, and especially businesses, healthcare institutions, and state-run facilities. These become targets because they’re likely to pay. These organizations are not as able to defend themselves adequately. Maybe this will start to change as these types of cyberattacks escalate.
Ransomware Targets State & Government Networks
In a report published in May, Massachusetts-based threat intelligence firm Recorded Future reported at least 169 ransomware incidents. These targeting states and local governments. Why? Because their IT departments tend to be under-resourced. They lack funds. So there’s nobody on the team with the kind of expertise needed to secure their network systems.
A successful break-in has a domino effect. It opens up access to multiple clients, making them all vulnerable to attack. Municipalities lack the readiness to mount prompt incident recovery plans.
According to the FBI Internet Crime Report, an average of 4,000 ransomware episodes occur on a daily basis. In terms of a data breach, ransomware is by far the most widely used software to penetrate network security systems. There are several species of ransomware crawling about the Internet. But there are two basic types that tend to rear their ugly heads more than others.
Cyber pirates can launch a ransomware attack from anywhere.
ENCRYPTORS
These vermin quickly encrypt data onto a system. One flash move opening an email, opening an attachment, or clicking on a URL, and BLAMO! The siege takes place. Without a decryption key, the whole system becomes locked in paralysis. The dreaded Encryptors are more difficult to defeat than other types of ransomware. They capture the whole system through a complex array of algorithms. Once infected, the nasty cyber invader immediately begins to scan all physical and mapped network drives across an entire computer system no matter how big or small that system might be.
SCREEN LOCKERS
You know your PC is infected by this virus when a heart-stopping message pops up. It looks like an alert from a law enforcement agency. Some are more convincing than others. It all depends on who is designing their graphics. Any way, Screen Lockers freeze the screen, thus the name. Everybody is locked out. No one can use the computer. Screen Lockers are used more on personal computers than entire networks.
A screenshot of a typical Screen Locker variety of ransomware.
Encryption ransomware is used on enterprise systems. These large organizations will pay more to unlock critical systems. Enterprise ransomware attacks start with a malevolent email. The unwitting worker sees the email, opens it, and clicks on an attachment or clicks on a URL; and, BOOM! The trap is sprung.
Almost instantly, the ransomware agent is installed. It begins executing its nefarious script. Each line of code instructs the computer to surrender itself. It’s much like the way a kidnapper seizes upon a victim and takes control of it.
Kidnapping is a Good Metaphor
Like a kidnapping, organizations, whether they pay or not, tend to call the FBI. The hopes are to remove the ransomware and investigate the perpetrators. They don’t realize that the federal government and the FBI do not track the attacks nationwide.
AWARENESS & PREVENTION ARE KEY
When it comes to network security and protecting against ransomware attacks, redundancy is key. It is important to set up and test multiple-layer backups. Ransomware protection should be applied to a mix of security tools.
For example, the first line of defense includes email protection gateways. Email security gateways are designed to prevent the transmission of disruptive emails.
Email Security Gateway provides the first line of defense against ransomware attacks.
Using sophisticated, multi-layered detection systems, email security gateway products, such as those offered by Cisco’s Cloud Email Security or Barracuda Essentials, provide robust protection from advanced threats like spear-phishing, zero-day attacks, malware, and your garden-variety spam.
Intrusion Detection Systems, (IDSs) are used to detect ransomware’s command-and-control to alert against a ransomware system calling out to a control server. User training is important.
Multiple Layers of Defense Are the Fundations of a Solid Internet Security Strategy
A healthy and complete Internet security strategy includes multiple layers of defense. That is basic. Having a staff of informed people is the cornerstones of such a plan. Programs of on-going learning need to be scheduled overtime. Employees need to be educated on the various threats to network security.
Ransomware incidences are on the rise. These kinds of attacks have cost billions of dollars in damages. In some cases, ransomware attacks have even threatened lives.
Knowledge is Power
Protection begins with informing yourself and your employees. Stay up-to-date on the latest information. Learn how ransomware attacks occur. Understand how you can protect yourself and your organization from this kind of intruder.
We’ll be exploring this important topic in future blogs. For example, we’ll explain how to protect yourself against ransomware attacks in Office 365. If you’d like us to tackle a specific question dealing with ransomware, please let us know.
In the meantime, be careful and stay alert out there.