Ransomware: Protecting Ourselves Against Ever-Changing Cyber Attacks

Ransomware. The mere name sounds ominous, and it can have potentially drastic effects.

You might have heard in the news about several health care organizations being hit by this type of malicious computer attack. The worst case to date involved a health care facility in Los Angeles, California, which, after having its computer system held hostage for several days, only regained control of their system by paying a ransom to the hackers behind the attack. This kind of danger is growing across most major industries, but in health care, it’s even more critical, because it puts patients at risk. It makes us wonder: What can we do about it?

What is Ransomware?

The first thing to understand is what ransomware is, and how it is used to take control of – and ransom – computer systems. The earliest ransomware attacks appear to have come out of Russia in the early 2000s. At the start, hackers ransomed computer data for anywhere from $24.00 to $600.00. The financial impact, and the extent of hackers’ reach into our personal information, continues to increase.

While there are many different forms of this type of computer attack, the initial idea is fairly simple: An attacker encrypts a user’s files so it cannot be accessed, and then demands payment for the files to be unencrypted. The decryption process can only take place with the proper key, which only the attacker possesses. If no ransom is paid, the attacker threatens to leave the files encrypted, rendering them useless to their rightful owner. Attackers can bundle together these kinds of attacks, send them to thousands of computer systems, and usually trap many unwary users. A lone attacker can make a pretty penny this way if they keep at it.

How can I protect myself and my company?

While it’s good to know what to do in case of an attack, it’s always better to prevent one. To protect ourselves from ransomware, there are some preventive steps you can take:

• Be wary of suspicious emails: When opening emails, before clicking on any links, ask yourself: Do I know the person that sent this email? Do I know why there is a link in the email and where it will take me? Does the attachment in the email seem legitimate?
• Stay away from non-reputable websites: When navigating to certain websites, always make sure you know what the site is and what you’re looking for there. If something doesn’t seem right to you, don’t take any chances and leave the site without clicking on anything. It could be that the site is filled with computer viruses or other malware.
• Maintain back-ups: If your computer system is compromised, there can often only be one way to restore your computer to the state it was in before the attack: back up your information. Keeping your important data on another hard drive, for example, can allow you to restore your computer to a previous state if need be.
• Keep up-to-date on cybercrime! There are many good websites that are continuously updated with news and resources related to many types computer attacks, including ransomware. Some examples are Krebs on Security and Threatpost.

What should I do if my computer system is compromised?

If you or your business does become a victim of one of these malicious attacks, there are a several ways to respond:

1. Once you realize your computer has been affected, do not click on anything out of the ordinary, and immediately disconnect yourself from the internet.
2. Run any antivirus software you have. Although it’s not guaranteed, it’s very possible that an antivirus program could catch and delete ransomware early on.
3. Finally, it’s a good idea to restore your computer to an earlier, backup version, if possible. This may get rid of the ransomware files that were recently downloaded.
4. If all else fails and unless lives are on the line, do not to pay the ransom. If you do, you will embolden the attacker to continue spreading their illegal software, while giving yourself no guarantee that your computer will be unlocked.
5. Be sure to report the incident to the FBI Cyber Division.

Neal Hopton is an intern with the Information Security department at the University of Vermont Medical Center. He is pursuing his Master’s degree in Information Security and Assurance from Norwich University. He enjoys spending his free time skiing, biking and surfing.