Overview
Public sector agencies are facing a growing malware threat in their computer networks—ransomware. Since 2015, there has been a 300% increase in this type of attack across all computer networks—from home users to corporate networks. Ransomware targets networks and can lead to temporary or permanent loss of sensitive/classified data. A governmental or non-profit agency that is compromised by this attack will face several repercussions including financial losses due to the expense of recovering systems and files, loss of efficiency due to time spent on fixing the problem, and potential harm to the organization’s reputation.
What is Ransomware?
Ransomware is a form of malware that is specifically targeted to critical data and systems for extortion purposes. The malware is typically spread through email. If a user opens this type of email, they may be tricked into clicking on a link within the email that might falsely promise a resolution to the problem, or to receive some benefit or money; however, the link could be malicious and could lead to additional malware infections. In some cases the ransomware attacks may be more cleverly disguised.
For example, you might receive an e-mail with a harmless looking PDF as an attachment, with the PDF appearing to be safe. But attached to the PDF is a word file that Acrobat Reader automatically opens, and within the word document is a Macro that runs and downloads a ransomware program, Locky. Locky is a form of ransomware that encrypts and renames all important files with an extension of .locky.
Once this encryption process is completed, users will typically see the wallpaper on their computer changed with a notice that their files have been encrypted and are directed to click a link to fix the problem where they will be asked to pay a ransom (generally in untraceable bitcoins) to have their files decrypted. Paying this ransom is no guarantee that the hackers will honor the agreement and actually decrypt the files. Even if the files are decrypted, code may be left on that computer to allow for future attacks which may encrypt the data again.
Ransomware Prevention Tips
Prevention is the most effective defense against ransomware. We recommend the following tips:
- Remind employees to never click any unsolicited links or unsolicited email attachments.
- Implement an awareness and training program to educate users on the threat of ransomware and how it is delivered.
- Instruct employees to never disclose or share passwords with anyone as this is a common tactic for an attacker to gain access to your network and its data.
- Consider conducting a ‘simulated phishing email campaign’ to test the knowledge level of your staff.
- Enable strong spam filters to prevent phishing emails from reaching end users and that help authenticate inbound emails. Consider using technologies such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and Domain Keys Identified Mail (DKIM) to help with email filtering.
- Scan all incoming and outgoing email to detect threats.
- Configure firewalls to block access to known malicious IP addresses.
- Patch operating systems, software, and firmware on all devices.
- Set up anti-virus and anti-malware programs to conduct regular scans automatically.