Ransomware is like the flu. Everybody knows about it, nobody wants it, and many try to prevent it, but it spreads anyways.
Like public health leaders with the flu, cybersecurity experts have warned of the dangers of ransomware for years, fighting desperately to limit its damages because they can’t eradicate it entirely. And many organizations have heeded the calls to stop ransomware through means such as educating employees on proper email processes and locking down their mail systems.
Still, cyber claims statistics from global insurer AIG showed that ransomware was the most common type of breach in 2017, accounting for 26 percent of claims. It only accounted for 16 percent of claims in 2013-2016.
Two recent cases of public IT systems being victimized by ransomware are just the latest examples of a threat that won’t go away, despite widespread prevention attempts. The incidents also illustrate diverging approaches to handling ransomware attacks.
On Oct. 13, attackers infected the IT systems of Onslow Water and Sewer Authority (ONWASA) in Jacksonville, North Carolina, with Ryuk ransomware, according to a BankInfoSecurity article on the responses to ransomware attacks. The subject of an Aug. 30 alert from the U.S. Department of Health and Human Services, Ryuk can make it hard for victims to restore their systems by erasing encryption keys. It is often distributed via phishing attacks.
ONWASA had multiple layers of security in place, including antivirus software and firewalls, but the defenses of the computer systems at its main office were penetrated, officials said. Attackers demanded a ransom, but the utility refused to pay, opting to rebuild its systems instead.
Shortly after ONWASA’s systems were infected by ransomware, officials in the city of West Haven, Connecticut, used virtual currency to pay a ransom after attackers crypto-locked its systems. Officials said that a “critical system” was restored soon after the city paid a one-time fee of $2,000 to unlock its 23 infected servers. The city also hired a consulting firm for incident response services and assistance with remediating and restoring affected systems, BankInfoSecurity reported.
The North Carolina and Connecticut incidents above offer different examples of how to respond to attackers' ransom demands. However, there are some steps you can take now to prepare for—or even prevent—an attack before it happens.
Form a Plan
You should have a response plan in place for a ransomware attack as you would for any major incident, such as a natural disaster. If anything, you may be more likely to experience a ransomware attack than you would some of the other contingencies that you may have prepared responses for already.
In a U.S. government interagency technical guidance document on how to protect your networks from ransomware, federal officials suggest you be ready to take the following steps if your systems are infected:
Isolate infected computers
Power off affected devices
Secure backup data
Contact law enforcement
Collect portions of the ransomed data
Change all passwords
Stop the program from loading
Federal officials also suggest you consider the risks of paying a ransom, including the possibilities that you still may not regain your data or that you could be asked to pay more money. Officials also warn that you could be victimized by attackers in the future.
Train Your Team
Teach employees to never click links in emails unless they completely trust the source. You also may be able to mitigate risks by securing your email traffic through preventative measures such as the following:
Showing employees how to identify suspicious emails
Blocking emails with many recipients or large attachments
Scanning inbound emails for viruses and malware
Keeping employees from accessing private email accounts through enterprise machines
Scanning systems regularly
Utilize the latest malware software to detect malicious software. Don’t limit scans for malware to incoming emails; scan devices as well. Also, keep in mind that threats are constantly emerging and evolving. If you don’t keep up, you could be infected by a virus before you know it exists. So keep your virus definitions up to date.
Back Up Data
Regularly back up all data so that you can restore systems as soon as it is safe to do so. Air gap the backup when it is not actively backing up your data to prevent it from being compromised. Keeping your backup offline makes it harder to corrupt.
Unfortunately, unlike the flu, you can’t fend off ransomware or minimize its effects by taking a shot. Proper planning, thorough education, and comprehensive security are needed to secure your data and prevent breaches. Even then, you may not be immune.