An old cybercrime that first surfaced in the late ‘80s, ransomware has re-emerged as a sinister plague.
It can infect school networks—and pretty much everyone else on the planet who has access to a computer and the Internet.
According to the FBI, ransomware victims in the U.S. doled out $209 million in first quarter 2016, compared to $24 million for all of 2015.
Ransomware sites are propagating like mad, reports Infoblox,with a 3,500 percent increase in first quarter 2016 over fourth quarter 2015.
Cybercriminals use these domains to unleash their poisons, including malware, exploit kits (most popular), phishing schemes, DDoS (Distributed Denial of Service) attacks, and data theft. If you’re unlucky enough to land on one of these toxic minefields and you download something, you’ll have a serious problem.
Most ransomware sites are hosted in the U.S., with Portugal, the Netherlands, the United Kingdom, Iceland, and the Russian Federation (collectively) following close behind.
Why the surge in attacks? One big reason is, with the introduction of bitcoin, attackers can remain anonymous when collecting their ransoms. Another lure is that it pays—big time. These “mal-entrepreneurs” can rake in millions.
A Virtual “Stickup”
Here’s how it works: Crooks infiltrate your computer (or your entire network) with malicious software, encrypt your data, and hold it hostage until you pay the ransom they demand. Once you hand over the money (often requested in bitcoin), they send you a code to unlock the encryption.
Who Gets Hit?
No one is immune. Perpetrators strike small and large organizations, as well as individuals.
Prime targets are companies that rely on daily access to critical records, files, and data, as even a brief shutdown could cripple their operations (think schools, hospitals, police and fire stations, etc.). Desperate to get up and running quickly, they’re more inclined to cave—despite government admonitions to resist paying the ransom.
In February 2016, Hollywood Presbyterian Medical Center paid their extortionist 40 bitcoins (about $17,000). Swindlers demanded $10,000 in bitcoin when they attacked South Carolina’s Horry County School District. The Tewksbury, MA Police Department got off for a mere $500.
With limited budgets and thinly staffed IT departments, education has just edged out healthcare as the biggest target for ransomware.
Tips to Avoid Ransomware Attacks
Minimize your risk of becoming another ransomware statistic by implementing these safeguards.
This is the most important thing you can do and will allow you to recover quickly should you get hit, since all or most of your data will be preserved.
- Back up your data daily on the cloud and (for extra security) offline.
- Any local storage appliance or server that’s connected to your system can be infiltrated, too, so be sure to disconnect your backup device when it’s not in use.
- Keep connections closed between servers. If there’s a breach, the malware will be contained to the infected server, preventing system-wide damage.
- Workstations that don’t need access to administrative resources should not have connections to that server—this will minimize damage if one part of your network is breached.
- Phishing tactics are a popular technique for launching attacks. Never click on a suspicious URL or one coming from an unknown sender.
- Beware legitimate-looking emails from banks, credit-card companies, social-media sites, the “IRS,” and other well-known entities; they may actually be phish bait—an attempt to secure your login and other personal info. Note: Apple is the most phished brand in the world.
- Be leery of emailed attachments, especially those from unfamiliar senders.
- Never open an emailed file containing macros—which can be contaminated with malware—unless you know the sender. Better yet, disable macros by default in Microsoft Office.
Malvertising (malicious advertising) seeds malicious code in seemingly legitimate online ads that can pop up even on trusted websites, like The New York Times or YouTube.
What’s creepy is you don’t always have to click on the ad to get infected—malicious “drive-by downloads” can occur simply by loading the web page.
- Remove or disable Adobe Flash and Java in your web browser –– malvertising exploits holes in browsers and software
- Keep software updates and patches up to date
- Use ad blockers to prevent students and staff from clicking on infected ads
- Implement threat detection and alerts
- Turn on your firewall
- Maintain a strict BYOD policy, so mobile devices can’t be used as an entry point for an attack
- Educate students and staff on the importance of good security habits.
- Set up and properly configure your firewall and keep it running 24/7.
- Use reputable anti-virus software and program it to scan all applications/software downloaded from the Internet prior to executing them.
- Keep your security software patched and up to date, along with browsers and other software.
- Block known malicious Tor (The Onion Router) IP addresses.
- Limit your system’s permissions to prevent the installation of malware without the administrator’s login credentials.
- Block executable (.exe) and other files sent over email to prevent students and staff from downloading infected programs. (You can still allow appropriate IT staff to receive attachments.)
Attacked! What to do Next
- Immediately pull the plug and disconnect from the Internet to prevent further infiltration.
- Alert the authorities—the local FBI is your best bet.
- Resist the temptation to pay ransom—it doesn’t guarantee you’ll get your data back and encourages more attacks. With prudent planning, you’ll have a backup in your back pocket.
Have you experienced a ransomware attack? How did you handle it? Any other tips to share? We’d love to hear in the comments section below.