When Data is Held for Ransom?

Blocking access to confidential data in return for ransom is a common form of cyberattack. It costs millions in loss to small and medium businesses in the U.S every year.

The FBI estimates that there are 4,000 ransomware attacks launched every day. Every 40 seconds attack is launched.

Let’s take a look at the perils of ransomware attacks on both the business and the government.

What is Ransom?

Ransom or Ransomware is a computer malware. It is a special kind of cryptoviral extortion attack that injects malware into your device to block access to your data until you’re willing to pay the attacker, thereby holding your data for ransom.

In the UK, ransomware attacks were the most financially damaging, costing victims £21,000 each on average.

Cryptoviral extortion follows a three-round protocol carried out between the attacker and the victim.

[attacker→victim] The attacker generates a key pair and places the corresponding public key in the malware then releases it

[victim→attacker] The malware generates a random symmetric key and encrypts the victim's data with it. It uses the public key in the malware to encrypt the symmetric key, also known as hybrid encryption. It results in a small asymmetric ciphertext as well as the symmetric ciphertext of the victim's data. It zeroes the symmetric key and the original plaintext data to prevent recovery.

The next step is to demand a ransom. The victim must send the asymmetric ciphertext and e-money to the attacker.

[attacker→victim] The attacker receives the payment, deciphers the asymmetric ciphertext with the attacker's private key, and sends the symmetric key to the victim. The victim deciphers the encrypted data with the needed symmetric key thereby completing the cryptovirology attack.

How does Ransomware work?

  • The weak security and lack of knowledge about virus infection are two major reasons for the ransomware attacks.  It enters your network in a variety of ways. Downloading an attachment or clicking a link via email is the most common form of ransomware infection.
  • The download then launches the ransomware program that attacks your system. Other forms of entry include social engineering and download of malicious software. It can also be spread through chat messages or removable USB drives.
  • The malware encrypts your data, adds an extension to your files and makes them inaccessible. Although in some cases the data can be retrieved safely using the anti-virus, most of the time, the data can only be accessed by paying the ransom.
  • If you aren’t willing to pay the ransom, the only option you have is to format your system or network and restore it to the earliest setting.

Most businesses end up paying the ransom in fear of losing essential data, including confidential information.

When did ransomware appear?

The first known malware extortion attack the AIDS Trojan written by Joseph Popp emerged in 1989. Because of the design failure, the victim need not pay the extortionist at all. The malware hid the files on the hard drive and encrypted their names. It displayed a message claiming that the user's license to use a certain piece of software had expired and was asked to pay US$189 to "PC Cyborg Corporation" in order to obtain a repair tool.

Ransomware Statistics

  1. The WanaCrypt0r incident in May is estimated to have infected over 200,000 systems in 70 countries in just a few days.
  2. More than 97% of phishing emails sent in 2016 contained ransomware,
  3. Pundits estimate that the payout to ransomware pirates for 2017 eclipsed $3 billion.
  4. 60% of small business have been hit by ransomware
  5. Causing massive disruption, 63% said their system was shut down for more than a day.
  6. According to an IBM X-Force’s Ransomware report, 70 % or business who were infected paid the ransom
  7. Computer Weekly reports that 40% of spam now contains ransomware
  8. Only 4% of organizations feel “very confident” in their ability to stop ransomware.
  9. Downtime costs US businesses $700 billion in revenue in 2016
  10. CBROnline states that 28% of companies lost files because they did not pay the ransom.

What should an organization do when it discovers its systems are locked?

These are the essential steps that an organization must take to prevent ransomware attacks.

a. Backup your data

This is the first step to secure your data, always backup company data in an independent server. However, it comes with many risks. Although organizations routinely create a copy of their data in real-time or close to real-time, this cannot protect you from the chances of a ransomware attack. In some cases, real-time copying of data will copy the malware onto the copied server. When the ransomware kicks in, it can encrypt both the copy and the live system.

Necessary steps should be taken while copying the data. If anything seems suspicious, a proper diagnosis and treatment are required before transferring the data to another server.

b. Seek Computer Experts Help

The organization should contact knowledgeable counsel and a computer forensic team. They can begin an investigation to determine whether the data can be decrypted without paying the ransom. More urgent, however, will be to try to fence the encrypted computers off from the rest of the environment if the ransomware has not encrypted everything.

Your immediate concern should be responding to the ransomware incident. However, also be mindful of potential legal risks.

c. Notify Insurance Company

Many insurance agencies offer ransomware coverage to organizations. These policies often identify panel counsel and forensic investigators. Policies may allow organizations to hire their own, subject to approval by the carrier, or may require the use of panel vendors.

It is also important to keep in mind that panel insurance counsel should not advise an insured on the scope of insurance coverage. If there is ever a dispute with the insurance company over whether coverage applies—and there often is—then the organization will need to retain its own counsel.

d. Propagate Security Information

The next step is to make your employees aware of cyberattacks and possible security measures. The employees end up accessing illegal websites or downloading spam attachments from emails. These can prove to be counter-intuitive to office security.

New Iowa Cybersecurity Legislation

The state of Iowa has proposed a new law that could soon change the cybersecurity measures implemented by the businesses. It will offer the organizations an extra incentive to maintain and improve their cybersecurity program.

Senate File 2073 would amend Iowa’s existing data breach notification statute to provide an affirmative defense to any claim or action alleging that a person’s failure to implement reasonable security measures resulted in a breach of security.

When the law rolls out, organizations will have a great reason to develop a cybersecurity program that protects personally identifiable information, financial assets, and trade secret information. Developing a program will not only provide security benefits, but also a potential defense to lawsuits.

 

Searchable Design is a premier IT Company in Des Moines specializing in cybersecurity to ensure that your computer system and digital infrastructure are safe and up to date. Get in touch with us to enjoy the best cybersecurity in Des Moines.

Comments are closed