Ransomware now represents a credible and ever-present threat to anyone who uses the internet and stores electronic data, both locally and online. This growing digitalized form of extortion and data kidnapping threatens retail businesses, financial institutions, educational organizations, professional firms, home users and even members of the United States Congress. Thus, in an age where nearly everyone and everything is Internet-connected, ransomware should be our shared mutual concern.
Criminals leverage ransomware to infect networks and computers with sophisticated encryption malware, which holds these systems and their data hostage until the user relents and pays the demanded ransom. This type of malicious software is so advanced that technical efforts to crack encryption codes or subvert the criminal’s digital activity often fail. Such renders those affected by these threats, with names like CryptoLocker and CryptoWall, with few options other than paying the ransom or waiting weeks or even months for the needed decryption code to surface.
At a U.S. Senate Judiciary Subcommittee meeting held on May 18th, Senator Lindsey Graham discovered that as many as forty percent of victims pay the required ransom. One notable example was a South Carolina public school system that handed over $8,500 to hackers in February of 2016 to end over a month of debilitating damage from a ransomware infection. While the school, like many industry leaders, are philosophically opposed to meeting any hacker’s demands, ransomware often leaves its victims without any other practical recourse.
Ransomware gains access to and infiltrates network systems via email attachments in most instances. The end user receives what appears to be an innocuous email from hackers parading as a trusted source. However, when the email is opened and the attachment initiated the damaging ransomware is released to wreak havoc on the receiving system. These emails are often linked to phishing scams, which broadcast the malware to a diverse and unsuspecting audience. The hackers merely wait for an end user to take the bait as they reel in their victims.
The U.S. House of Representatives received warnings in early May of ransomware activity emanating from phishing scams, which targeted both elected officials and their staffers. While high profile targets make the news, the Senate Subcommittee determined that home users and small businesses are equally susceptible to this crime. Richard Downing, Deputy Assistant Attorney General with the Department of Justice, noted during the Senate hearing, “The threat of ransomware is staggering,”.
While the U.S. Congress deliberates ways to make this game more dangerous for cyber criminals, the best response for internet users is a strong defensive stance. Preventative measures, such as Unified Threat Management (UTM), high-quality email filtration, and user education remain the best tools to thwart this prevalent digital crime.
“Teaming up with ISI over 16 years ago has proved to be one of the best business decisions I ever made.”