Ransomware has become a significant cyber threat to our Nation, claiming victims such as local governments, hospital networks, and most recently K-12 schools. While ransomware incidents are prevalent among government entities and critical infrastructure organizations, individuals are still very much at risk. Malicious actors can target anyone with a device connected to the internet or important data stored on their network. In some cases, personal attacks may be more detrimental considering home users don’t typically have a backup strategy in place.
To help prevent and mitigate ransomware attacks, the Cybersecurity and Infrastructure Security Agency (CISA) released information and resources for organizations and individuals.
What is ransomware?
Ransomware is a type of malicious software, or malware, designed to infect computers and encrypt files until a sum of money or other form of ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible devices.
Malicious cyber actors commonly distribute ransomware through phishing emails or “drive-by downloads”. Phishing emails are messages that appear to be from a legitimate organization or a contact familiar to the victim which can entice the user to click on a corrupt link or open an infected attachment. A “drive-by download” is a program that automatically downloads from the internet without the user’s consent and often without their knowledge. It is possible the corrupt code may run after download, without user interaction. After the code has run, the computer becomes infected with ransomware.
Why should you care?
Consequences of a ransomware attack can be severe and there is no guarantee a user will recover the files, even after paying the ransom. On a personal level, an infection can result in financial damage or disclosure of sensitive information. On an organizational level, ransomware can cause business disruptions, financial damage from a payout or costly investigations, and reputational damage causing loss of current or potential customers.
Additionally, the goal of ransomware is not always to get money but potentially to serve as a distraction for other malicious purposes. These distractions could be hiding a traditional attack against the network, covering traces of an earlier attack, providing cover while data is stolen from the network, or even limiting or destroying productivity of the system while the IT team is busy dealing with a very visible ransomware infection.
CISA Ransomware Resources
CISA developed a series of resources to help spread awareness about ransomware attacks, protective measures, and response tactics.
CISA’s new Ransomware webpage has the necessary resources to help individuals and organizations protect, detect, respond to, and recover from a ransomware attack. This webpage includes alerts, fact sheets, trainings, and more.
Additional ransomware resources:
- Ransomware Guide – Prevention Best Practices and Response Checklist: a customer centered, one-stop resource with best practices and ways to prevent, protect and respond to a ransomware attack
- CISA INSIGHTS – Ransomware Outbreak: provides background information on specific cyber threats and the vulnerabilities they exploit, as well as a ready-made set of mitigation activities
- US-CERT Alerts – Protecting Against Ransomware: security tips from the National Cyber Awareness System to protect yourself against ransomware
- Ransomware Alert – Healthcare and Public Health Sector: tactics, techniques, and procedures used by cybercriminals against targets in the Healthcare and Public Health (HPH) Sector to infect systems with ransomware
- Ransomware Reference Materials for K-12: information about increased cyber-attacks on K-12 schools and remote learning and best practices to avoid becoming a victim of ransomware
- K-12 Remote Learning Fact Sheet: resource for non-technical educational professionals, and includes general cybersecurity best practices, video-conferencing best practices, and a list of available resources
- SchoolSafety.gov: provides schools and districts with actionable recommendations to create a safe and supportive learning environment where students can thrive and grow
Victims of ransomware should report it immediately to CISA at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.