ANN ARBOR – In June, NASCAR Team Circle Sport admitted it paid off ransomware runners after one of its main test computers was infected with Truecrypt malware, a form of ransomware. The NASCAR laptop was quickly isolated, but the ransomware left the team’s crucial test data locked up two days before a big race.
Despite efforts to recover the priceless data, Circle Sport paid the extortionists hundreds of dollars in Bitcoins — the typical form of payment used by cybercriminals — and the encryption key was sent. Bitcoin is a digital, peer-to-peer payment system. Transactions take place directly between users without an intermediary and are virtually anonymous, perfect for online criminals.
Circle Sport is simply one of the latest victims of ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. Hospitals, school districts, state and local government, law enforcement agencies and small and large businesses have all been victims. Home computers are just as vulnerable to ransomware. At stake can be family photos, videos and other data. Cybercriminals, like bank robbers, focus on extorting the most cash possible, making consumers a low-priority ransomware target.
An ever-growing threat
Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyberattacks, particularly against organizations. Worse yet, according to FBI data, if the first three months of this year are any indication, the number will grow even more in 2016 if individuals and organizations don’t prepare for these attacks.
Ransomware attacks are becoming more sophisticated. Several years ago, ransomware was delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cybercriminals turned to spear phishing, an e-mail scam that targets a specific individual, organization or business.
Some cybercriminals aren’t using e-mails at all.
According to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software (software containing glitches not yet fixed by the developer) on end-user computers.”
What to do
So what do individuals and businesses do to protect themselves from ransomware? Use layered protection, says Edward Aube, vice president of managed services for Red Level in Novi, Mich. This includes up-to-date anti-virus and anti-malware protection installed on all components, he says. A strong firewall is also important, but the best protection is education and making sure the user is aware when infected e-mails come through, Aube says.
Even with these measures in place, ransomware can still infect computers, which is why it is important to back up all data regularly.
According to the FBI in a bulletin issued earlier this year, in a ransomware attack, victims — upon seeing an e-mail addressed to them — will open it and may click on an attachment that appears legitimate, such as an invoice or an electronic fax, but actually contains malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.
“If anything does get in, you are at the mercy of the writers of this ransomware,” Aube says. “Paying a ransom doesn’t guarantee a good outcome. There’s no guarantee you’ll get your data back.”
Aube says protecting against ransomware attacks falls into the areas of business continuity and disaster recovery. Creating a good recovery point for data that allows people to restore data to the point where the ransomware got in. Aube’s company, Red Level, offers security and data protection and disaster recovery services.
CloudTech1 of Farmington Hills, Mich., also uses a layered security approach, says CEO Rick Beckers.
“We have cloud-based products that allow us to take data offsite and within minutes after a ransomware attack we can lock down the device involved and make sure the ransomware encryption doesn’t propagate across the computer network,” says Beckers.
Like Aube, Beckers says preventing ransomware from infecting a network is a matter of education and training that should be part of every business human resources manual.
“Rule No. 1,” he says, “is make sure your employees are aware of the dangers of clicking on an unsolicited link in an unexpected e-mail.”
This article, written by MITechNews.Com Editor Mike Brennan, appeared in the September 17 issue of Venture Michigan magazine. To view more cybersecurity articles, click onhttp://www.venturemichiganmag.com/focus/2016/9/17/cyberworld-dangers
