Ransomeware: The Threat That Won't Go Away

The information contained in this article is not intended as legal advice and may no longer be accurate due to changes in the law. Consult NHMA's legal services or your municipal attorney.

The concept of ransomware is not new, and it’s picking up speed like a hurricane. According to the FBI, ransomware made a whopping $27 million dollars in just two months in late 2013.  Even though law enforcement took down CrypoLockers infrastructure last year, ransomware is back, stronger than ever, and has brought along its new friends, CryptoWall and Critroni. Recently, the new and improved CryptoWall 3.0 version was spotted by security researchers, and the malware has even more opportunity to work its way in to your municipal network or computer.

How Can You Help Prevent a Disaster in Your Municipality?

Even with every prevention method in place, there is no guarantee that you will not get a ransomware virus. The virus is typically contracted through an infected website, an advertisement, a link within an email, or something similar. It is usually contracted by an un-expecting negligent user. Because users are the ones that typically contract the virus, it is recommended that you include user education as one of your preventive methods.

5 Tips to Educate Employees!

• Do not use unprotected computers: When you are accessing sensitive/municipal data, make sure you are on a secure device. You need the protection that is provided by the municipality’s secured network. A personal computer may not be protected or—even worse—may already be infected.
• Be cautious of suspicious emails and links: Opening these emails or clicking on links in them can compromise your computer without you ever knowing it. A popular email scam is the UPS and FedEx copycat scam emails. Do not click on these email links; a safer solution is to go directly to the company’s website to research your shipment tracking
• Don’t plug in personal devices without the approval from your IT administrator: USBs, MP3 players, and smartphones may already be infected. Even a brand new iPod or USB flash drive could be infected with a nasty virus. These devices can be compromised with code waiting to launch as soon as you plug them into a computer. Talk to your IT administrator about your devices and let them make the call.
• Don’t install unauthorized programs on your work computer: Malicious applications often pose as legitimate programs like games, tools, or even antivirus software. They aim to fool you into infecting your computer or network. If you like an application and think it will be useful, contact your IT administrator to look into it for you.
• Scams to steal confidential information: Don’t respond to emails requesting confidential information; bad guys are successful because they are convincing. Keep on guard and report any suspicious activity to IT.

5 Tips for Your IT Administrator

• Keep regular backups of your important files. If you can, store your back-ups offline, for example in a safe-deposit box, where they can’t be affected in the event of an attack on your active files. Your backups will be rendered useless if they are scrambled by CryptoLocker along with the primary copies of the files.
• Use an anti-virus, and keep it up-to-date.  Many of the current victims of CryptoLocker were already infected with malware that they could have removed some time ago, thus preventing not only the CryptoLocker attack, but also any of the damage done by that earlier malware.
• Keep your operating system and all software (ex. Java) up-to-date with patches. This lessens the chance of malware sneaking onto your computer unnoticed through security holes. The CryptoLocker authors didn’t need to use fancy intrusion techniques in their malware because they used other malware, which had already broken in, to open the door for them.
• Review the access control settings on any network shares you have, whether at home or at work. Don’t grant yourself or anyone else with access to files that you only need to read. Don’t grant yourself any access at all to files that you don’t need to see—that stops malware seeing and stealing them, too.
• Don’t give administrative privileges to your user accounts. Privileged accounts can “reach out” muchfurther and more destructively both on your own hard disk and across the network. Malware that runs as administrator can do much more damage, and be much harder to get rid of, than malware running as a regular user.

When you contact your IT administrator to make sure these methods are in place now, it is also strongly suggested that you request a test of your current back-up solution. This test should also include a report with the results. You may be surprised to know that 40% of companies are unable to recover data from tape due to unreliable or faulty media. This is why you should be testing your back-up and recovery process to ensure it is working and can actually be implemented when you need it. If you do get this type of virus, using your backup solution may be the only way to get your files back without paying the ransom.

Remember, these steps cannot 100% prevent a ransomware virus. But if you do contract the virus, you know you will be able to restore to back-up, not pay the ransom, and continue with business as usual. As a leader of a town, city, or police or fire department, you will not have to say we were caught unprepared, and had to pay the ransom.

Tim Howard is President and CEO of RMON Networks located in Plaistow and Laconia, NH. To download an employee information security training toolkit, please visit www.RMONNetworks.com/usertraining.