Why is the internet so fascinated by ransomware? Is it because ransomware is attacking our precious data? Is it simply a threat that the average person can understand and therefore makes it newsworthy and headline rich? Is it because ransomware is so profitable and morphing into a mature business model? Or is it just a fascination with so-called evil genius? After all, everybody loves to hate a good super villain…until they come to visit YOU.
Here is the shortlist of things you should know about this topic if you’d like to get up to speed quickly:
- Attackers will hold anything hostage they can encrypt or threaten to delete, including pictures, documents, spreadsheets, entire websites and databases or anything else they can get their red hands on.
- In many cases, paying the ransom will get you your data back. But there is no guarantee and little honor among thieves.
- There have been some cases where databases are fully deleted, yet the bad guys claim if you pay the ransom they will restore your data (and they don’t). In other cases of fake ransomware, they have falsely claimed that your files are encrypted, but they are not. This is a form of social engineering combined with ransomware, or what some would call, “SYNERGY!”
- Once you pay the ransom and get your data back, you still have a mess to clean up. They are still in your system and you must fully eradicate the attacker from your environment. Easier said than done.
- Some mature ransomware operations have technical support available, so if you are having trouble paying the ransom you can call for assistance and the call center will walk you through it. Yes, it’s true.
- There are cloud ransomware solutions out there so if an attacker doesn’t want to go through the trouble of building their own solution, they can buy ransomware as a service. Krebs blogged about it recently and the commercial they posted on YouTube is quite persuasive! (Yes, I just blogged about a blog.)
- If you work for an organization that deals with protected health information (PHI) and HIPAA, the U.S. Department of Health and Human Services (HHS) removed some ambiguity regarding whether or not ransomware is considered to be a breach: “When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.” Read all about it.
Some cyber security practitioners and thought leaders got together recently to talk about the 7 most dangerous new attack techniques, and of course ransomware was on the list. Ed Skoudis asked, “How much would you pay to turn on your heat?” Many of us, other than me of course, have internet connected thermostats that could potentially be held hostage in this way. This is a theoretical scenario today, but the thought of this one gives me the chills (pun intended).
Another noteworthy gem from Ed is regarding what to do if you find yourself held hostage by a digital ransom that for some reason or another you have no choice but to pay. He made a point to remind us that it is a negotiation. So, don’t assume they know who you are or who you work for in the event that they encrypted your data. Assume they don’t know anything about you or the data and try to convince them you are simply an individual that wants to restore those precious shopping lists and pictures of your grandchildren, even if you did just lose access to your entire customer database <ouch>. If they don’t know you work for a fortune 100 company, don’t volunteer that information. You may be able to convince them you are a grandparent with a fixed income and they *might* even accept a lower ransom. In New York we haggle for a better price on just about everything. Why shouldn’t we do the same for our stolen data?
In conclusion…don’t get ransomware in the first place if you can avoid it. It might be intriguing, but some things are better off observed from afar.
Thanks for reading and don’t forget to subscribe.