Ransomware: how to counteract a cyberattack
“Ransom.” It no longer only means what it once did.
In June 2016, the University of Calgary paid out $20,000 after more than 9,000 staff and faculty emails were encrypted by an unknown hacker. And as recently as November, Carleton University reported that some of their computers had been infected in the same manner.
The culprit? Ransomware — a type of malware that cyberattack experts say is becoming increasingly prevalent.
How does ransomware work?
Ransomware blocks user access to a computer system or its files by encrypting the data and demanding payment in return for the decryption key.
If restoring the computer system or its files from a backup is not an option, victims are forced to pay the ransom using online payment methods that afford the hacker anonymity. If they refuse to pay or they miss their deadline, they may never recover the encrypted data.
And even if the payment is made, there is no guarantee that access will be restored.
‘Ransomware can affect any type of platform’
“There are no boundaries to this phenomenon,” says Michel Robitaille, director of IT Architecture, Security and Planning at Concordia.
“There are many types of ransomware, and they can affect any type of platform. They can be executed locally on your computer’s hard drive, or impact remote files through a network connection or located in the cloud.”
As Robitaille explains, most attacks are done on a random basis and perpetrated by amateur hackers who don’t keep track of the computers they target. This may lead to a situation where the hacker provides the victim with the wrong decryption key.
However, more sophisticated attacks are sometimes orchestrated by organized cybergangs.
The gangs may target individuals, businesses and the critical infrastructure of public institutions such as hospitals and universities.
For example — in November, hackers attacked San Francisco’s transit system over American Thanksgiving, demanding the equivalent of more than $94,000 in Bitcoin.
Ransomware is often spread through email phishing scams, mainly in the form of malware scripts embedded in attachments or links.
It can also be delivered through downloaded files, corrupted USB keys, and vulnerabilities in network services and software. It has even been transmitted through torrent connections.
So what happens when your computer gets infected?
“It might take less than a minute for the ransomware to complete its attack,” says Robitaille.
“Then a pop-up message will typically be displayed on your screen, falsely claiming that your computer has been used for unlawful purposes. Your data will be locked down completely.”
The only way to recover your files is to restore them from a backup and reinstall all of your software, starting with the operating system.
“If this option is unavailable, then you’re left with deciding whether or not to pay the ransom.”
The importance of updates
Luckily, there are precautions that can be taken to avoid this situation.
“People should make sure that their computers and mobile devices operating systems and installed software always use the latest releases and patches,” Robitaille says.
“There’s a reason why software companies such as Apple, Microsoft and Google provide critical patches on a recurring basis. These are designed to fix vulnerabilities in a system and they should be applied at all times.”
Depending on which system is used, users may be able to program their computer so that it will automatically apply updates on a daily or weekly basis. If not done automatically, manual updates should be done at least monthly, according to Robitaille.
You should also keep your software up-to-date — that is, platforms like browsers, Java and Adobe Flash. Many ransomware attacks are propagated by exploiting security gaps in outdated browsers and applications.
Students should also consider downloading Sophos, an anti-virus software provided free of charge by Concordia. Staff must install and keep Sophos up-to-date. Once installed, you should update it daily.
Most importantly, if you receive an unsolicited or suspicious email, do not open or reply to it. Phishing scams often involve messages purporting to be from a trusted personal contact or reputable institution.
When in doubt, display the email header and examine the “from” field to determine whether it has been sent from a trusted source. Suspicious emails should be deleted.
Back up your work!
When it comes to online safety, an ounce of prevention is worth a pound of cure. But even that may fail to avert an attack, and it’s wise to take forward-thinking steps to protect your data.
“The best way to stave off a ransomware attack is to make backups of all your files,” Robitaille advises students. Personal files should be backed up on an external disk drive. For staff, all files must be stored on the central storage infrastructure which is backed up automatically. Staff can request their own file repository though IITS.
“If your files are backed up, then the worst case scenario would be that you have to reinstall all the software on your computer. At least you will be in position to recover your important documents.”
Find out more about how to protect yourself against malware, phishing and other cybercrimes at Concordia.