Tech Sense: Ransomware By John Bell
Updated: Jun 24, 2021
I am writing this in May of 2021. As I drive down US 1 here in Beltsville the gasoline prices have all jumped from about $2.40 a gallon to $3.00 and higher per gallon. The source of this increase was not a new middle east oil initiative it was computers infected with a special type of malware called ransomware. The ransomware shutdown a major pipeline carrying gasoline up most of the US east coast. These infected computers control the fluid flowing through the pipes and had to be shut down.
Ransomware attacks have hit the City of Baltimore government, Baltimore County Public School System, the Washington DC police department, and the University of Maryland Medical System among many other nearby organizations. Ransomware criminals love to attack government institutions because many governments are not good at protecting their Information Technology infrastructure and can raise the money to pay the ransoms.
Ransomware is a special kind of malware. It typically sits, hiding on a computer for months looking for other computers on the network to infect. After a period of time the malware triggers and begins to encrypt the files on all of the computers it has found. When the malware has finished encrypting the files it then shows a ransom message explaining what the software has done and asking for payment to get the keys needed to decrypt and restore the software. The payment is normally requested in Bitcoin or other cryptocurrency and sent to the criminals behind the scheme. If the criminals actually do what they promised (they don’t always) then normally an email is sent with the keys and the instructions on restoring the computers. The restoration process may take days and during this time the computers are not usable.
Many city governments across the country have been hit. A few recover quickly because they have established and enforce good IT policies for backing up their systems and having disaster recovery plans. This has caused the ransomware criminals to change their strategies. Now it is common for the ransomware to copy data off the victim network and store it in the Internet. The ransom note threatens to start releasing this data to the public or selling on the dark web if the ransom isn’t paid quickly. This threat means that private data stored on the system will be shared instead of protected. This is what is currently happening to the DC Police department. The criminals are releasing information about police informants and police personnel records to force the police to pay the ransom.
Many companies have started to purchase Cyber Insurance. Cyber Insurance is designed to cover a number of risks to a company’s IT environment, but Ransomware coverage is a popular option. Some policies will cover at least a portion of the ransom and the insurance companies have been known to negotiate lower ransoms with the criminals. This is a controversial practice because if the criminals continue to find the acts profitable then they will continue their attacks. Based on recent news reports, the group that attacked the pipeline was apparently paid 5 million dollars of the 51 million dollar requested ransom to get the information the Colonial Pipeline needed to restore their operations.
Smaller businesses and individuals may count on features of their Antivirus or Backup software to protect against Ransomware. This can prevent data loss but if you don’t want your files shared across the web or sold on the dark web then make certain you have good security policies and enforce them on your network. This includes anti-malware software, making regular backups that are kept offline, and requiring secure passwords to access each system on the network. Until next time, stay safe!