Ransomware update: cybercriminals are attacking organizations, but that doesn’t mean you’re safe
Ransomware isn’t going anywhere. In some respects, it’s getting worse: more well-coordinated, more carefully targeted, and more damaging. That means it’s critical to take precautions, both at home and in the organizations you’re part of.
A quick refresher: ransomware is malicious software that encrypts your files. The criminals hold the decryption key you need to make your files readable again. You can usually get the key only by paying a ransom, typically, through a hard-to-trace cryptocurrency. If the criminals are competent and “honorable” (a big assumption – after all, they’re criminals), you’ll get a key that works. Hopefully.
The total number of ransomware attacks declined in 2018, so some users began to relax. But, since then, we’ve seen a rise in attacks focused on governments, businesses, and other organizations that can be extorted for larger amounts of money. Once cybercriminals identify targets that seem especially vulnerable, they may invest weeks or months of effort to entering their victims’ networks and spreading their ransomware. Then, once they encrypt the files, they demand many thousands of dollars in ransom – far more than the hundreds of dollars associated with earlier attacks.
Home users are still at risk of ransomware
Don’t imagine this means individual home users have nothing to worry about. First, there’s no reason an attacker couldn’t use you as the way into your employer’s, client’s, or school’s network, especially if you work remotely. Second, millions of attacks against home systems still occur every month. Third, if your local government or healthcare provider is targeted with ransomware, you could be hurt seriously. This could mean higher taxes to recover from the attack, or by becoming unable access critical services you need.
Attacks against Baltimore and Atlanta cost their governments over $17 million each to recover from. And in August 2019, an attacker hit 22 local government agencies throughout Texas, demanding $2.5 million in ransom.
Tips to prevent ransomware
The Texas state government’s Department of Information Resources is helping those agencies respond. They’ve offered six sensible tips for keeping it from happening to you. We’ve shared and annotated those tips below. You can use them as an individual. And, as a taxpayer, you might want to ask your local officials how they’re responding, before it’s too late.
“Keep software patches and anti-virus tools up to date.” Yes! Use strong anti-malware software like Sophos Home Premium, which recognizes processes that appear to be maliciously encrypting your files, and halts them immediately.
“Create strong unique passwords that are changed regularly.” Yes, and don’t use the same password everywhere. Consider using a password manager to help keep track of them all.
“Modernize legacy systems and ensure software is as current as possible.” Yes: it’s just not safe to use ancient software like Windows XP that isn’t supported anymore.
“Limit the granting of administrative access.” Agreed. Most ransomware can run without administrator access, but not all. And you can sometimes limit its ability to spread if you operate your computer with an ordinary user account, not an administrator account -- especially if you combine that with other precautions.
“Perform regular, automated backups and keep the backups segregated.” Yes again, to both parts of Texas’s advice. Keep up-to-date backups – and separate them so ransomware can’t encrypt them, too. For example, disconnect an external backup drive after you run your backup, and consider maintaining two separate backups so if the most recent one is infected, you’ll still have its predecessor.