Are you familiar with the typical ransom movie? The bad guy steals a kid or a wife and demands money in exchange for their safe return. Requests often come in the form of magazine clippings. Perhaps you're more familiar with the ever-classic bank hold-up; the bad guy wants money in exchange for the safety of hostages who happen to still actually go into a bank. Times are changing. Ransom doesn't work the way it used to. You can't see the bad guy headed toward you from the window.
So, what is ransomware? It's genius really. A ransomware attack is administered through social engineering. You are enticed to open an email, click a link, or click a pop-up. When you do, you are the lucky winner of a ransomware virus! Now the hacker has control of your device. This can be any device: a tablet, a cell phone, a desktop or laptop. And if you're on a network the landscape for destruction is even greater. An advanced hacker can gain control of your entire network. What happens next depends on the creativity of the hacker. Some simply lock down your system and demand payment to restore it. Others apply more frightening threats, like deleting your data if you don't pay promptly. Others are more maniacal and display embarrassing content on your machine, such as pornography, until you pay. They won't ask for too much money, just enough that you would pay it to avoid the hassle of a proper investigation.
In the great city of Lubbock, Texas, where CoNetrix is headquartered, a local business just experienced their first ransomware assault. The small print shop started noticing suspicious emails over a period of several weeks. One employee eventually opened the contents of a suspicious email. Within seconds, all systems were locked and a ransom message displayed. With all systems locked, business came to a halt, as it would for any company. The notice demanded 10 bitcoin, which is a little over $4000. What would you do? Would you pay the ransom to get back to business? That's what a hospital in Los Angeles, California did. They paid out $17,000 just to regain access to their network. Our local print shop, however, did not pay the ransom and had an IT professional restore their systems to backup.
Now, I wouldn't ever recommend paying the ransoms set out by ransomware. That just lets the hackers off the hook, giving them the opportunity to exploit the next company, or even to exploit you again. But it will cost you work and time to wait for an IT specialist to recover your system. While you wait, notify the FBI as well as an information sharing group, such as FS-ISAC, about the attack. Include details about what the message looked like, who it appeared to come from, and what it did to your system. This will hopefully help others in the future.
Proactively avoid the pains of ransomware by educating employees about social engineering. Make sure they know to not click on things they are not expecting to see. Teach them to not open attachments or links in emails they are not familiar with. To help reduce the time and cost of a successful ransomware attack maintain frequent backups. Having information backed up means you can turn off your machine, wipe the hard drive, and restore to the backup. Then you're back in business.
It's not good for business to have to deal with a ransomware attack. And I bet you can imagine, it wouldn't be fun for your personal systems either! Be suspicious. Be safe.